Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Programs won't open by links


  • Please log in to reply

#1
SuperJess

SuperJess

    Member

  • Member
  • PipPip
  • 42 posts
Hello, I'm not sure if this is from a virus but I am having trouble opening programs. When I click the link on my desktop, or even from my start menu, the processor 'thinks' for a second, then stops and the program does not open. I have to go to the actual application folder to open it. This is my only symptom so far, so I'm not sure what this could be. I thought it couldn't hurt to check for a virus...

I did do a rollback two days ago, which helped at the time but the issue has come back.

Here is my OTL log:

OTL logfile created on: 12/21/2011 7:30:58 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jess\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.87 Gb Total Physical Memory | 4.32 Gb Available Physical Memory | 73.61% Memory free
11.73 Gb Paging File | 10.04 Gb Available in Paging File | 85.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 688.72 Gb Total Space | 501.38 Gb Free Space | 72.80% Space Free | Partition Type: NTFS

Computer Name: JESS-PC | User Name: Jess | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/21 07:30:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jess\Downloads\OTL.exe
PRC - [2011/12/12 23:20:56 | 003,305,760 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Jess\AppData\Local\Akamai\netsession_win.exe
PRC - [2011/08/03 06:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/08/03 02:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/07/04 06:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/07/04 06:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/06/09 12:06:06 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/20 04:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/08/20 18:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/07/21 11:36:02 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2010/01/27 17:01:56 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
PRC - [2009/10/15 04:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/07/13 20:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
PRC - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/08/12 22:49:30 | 000,405,504 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe
PRC - [2008/04/24 17:57:00 | 000,368,640 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe
PRC - [2007/04/02 01:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe


========== Modules (No Company Name) ==========

MOD - [2010/11/20 07:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2010/11/20 07:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2010/07/21 11:36:02 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2010/07/21 11:34:20 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2010/07/21 11:34:00 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2010/07/21 11:33:58 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2010/07/21 11:33:52 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2010/07/21 11:33:50 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2010/07/21 11:33:46 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2010/07/21 11:33:22 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
MOD - [2009/10/15 04:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/04 06:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2011/12/14 14:56:45 | 003,316,000 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011/08/03 06:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/03 02:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/11/18 21:33:51 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/08/20 18:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/04/02 01:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/28 12:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/11/28 12:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/11/28 12:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/11/28 12:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/11/28 12:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/11/28 12:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/05/28 13:25:52 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/27 10:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/04 00:38:32 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2009/10/16 06:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 18:10:10 | 001,478,144 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@eximion.com/KalydoPlayer: C:\Users\Jess\AppData\Roaming\Kalydo\KalydoPlayer\bin\npkalydo.dll (Eximion B.V.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)



Hosts file not found
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe (Dell, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Jess\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [CTZDetec.exe] C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [SoftAuto.exe] C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [winupd] C:\Users\Jess\AppData\Local\Temp:winupd.exe File not found
O4 - HKLM..\RunOnce: [aswAhAScr.dll] C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe ()
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - Startup: C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto....veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3011E44-305E-49BD-9103-3BE2C10D2F0D}: DhcpNameServer = 68.87.71.230 68.87.73.246
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4A824B9-DCB9-40E7-9531-6C21BA1CF126}: DhcpNameServer = 68.87.71.230 68.87.73.246
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/20 23:18:12 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Local\{73B9682A-BAE4-4612-88E0-31652DB41A1D}
[2011/12/20 18:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
[2011/12/20 17:57:55 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Roaming\Origin
[2011/12/20 17:57:50 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Local\Origin
[2011/12/20 17:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2011/12/20 17:57:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2011/12/20 17:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2011/12/20 17:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2011/12/20 17:57:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2011/12/19 18:39:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/12/17 11:08:19 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Roaming\Artifex Mundi
[2011/12/08 21:26:58 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Roaming\SMIGames
[2011/12/07 21:03:47 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Roaming\Trine2
[2011/12/07 20:42:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Frozenbyte
[2011/12/07 20:42:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Frozenbyte
[2011/12/06 22:07:40 | 000,000,000 | ---D | C] -- C:\Users\Jess\Documents\Be a King Golden Empire
[2011/12/02 20:32:21 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Roaming\Blue Tea Games
[2011/11/22 19:49:26 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Local\SKIDROW
[2011/11/22 19:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Catalyst
[2011/11/22 19:31:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\R.G. Catalyst
[2011/11/21 20:37:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BeTrapped!
[2011/11/21 20:28:53 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Local\Oberon Media
[2011/11/21 20:28:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Oberon Media
[2011/11/21 20:28:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Inspector Parker
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/21 07:28:44 | 000,001,980 | ---- | M] () -- C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2011/12/21 07:28:42 | 000,002,603 | ---- | M] () -- C:\Users\Jess\Desktop\Reincarnations 3 - Back to Reality Collectors Edition.lnk
[2011/12/21 07:28:42 | 000,001,798 | ---- | M] () -- C:\Users\Jess\Desktop\Ventrilo.lnk
[2011/12/21 07:28:41 | 000,003,024 | ---- | M] () -- C:\Users\Jess\Desktop\launcher - Shortcut.lnk
[2011/12/21 07:28:41 | 000,002,101 | ---- | M] () -- C:\Users\Jess\Desktop\Overlord2 - Shortcut.lnk
[2011/12/21 07:28:41 | 000,002,071 | ---- | M] () -- C:\Users\Jess\Desktop\Drawn 3- Trail of Shadows CE.lnk
[2011/12/21 07:28:41 | 000,002,021 | ---- | M] () -- C:\Users\Jess\Desktop\Inspector Parker.lnk
[2011/12/21 07:28:41 | 000,001,925 | ---- | M] () -- C:\Users\Jess\Desktop\BeTrapped!.lnk
[2011/12/21 07:28:41 | 000,001,753 | ---- | M] () -- C:\Users\Jess\Desktop\EdenEternal.lnk
[2011/12/21 07:28:41 | 000,001,114 | ---- | M] () -- C:\Users\Jess\Desktop\Atlantica Online.lnk
[2011/12/20 23:14:34 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/12/20 18:13:17 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/20 18:13:17 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/20 18:10:39 | 000,727,374 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/20 18:10:39 | 000,624,606 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/20 18:10:39 | 000,106,724 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/20 18:05:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/20 18:05:42 | 429,219,839 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/20 18:00:52 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/12/20 17:57:47 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2011/12/19 03:21:25 | 000,432,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/18 21:00:52 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/12/12 18:31:56 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/12/07 20:42:54 | 000,002,098 | ---- | M] () -- C:\Users\Public\Desktop\Trine 2.lnk
[2011/11/30 21:00:43 | 000,001,280 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2011/11/29 21:43:38 | 000,000,117 | ---- | M] () -- C:\Users\Jess\webct_upload_applet.properties
[2011/11/28 13:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/28 13:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/11/28 13:01:14 | 000,256,960 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/11/28 12:54:06 | 000,591,192 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/11/28 12:53:58 | 000,304,472 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/11/28 12:52:22 | 000,042,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/11/28 12:52:20 | 000,058,712 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/11/28 12:52:11 | 000,066,904 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/11/28 12:51:53 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/11/22 19:39:27 | 000,002,224 | ---- | M] () -- C:\Users\Public\Desktop\Saints Row. The Third.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/20 21:20:59 | 000,003,024 | ---- | C] () -- C:\Users\Jess\Desktop\launcher - Shortcut.lnk
[2011/12/20 17:57:47 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2011/12/07 20:42:54 | 000,002,098 | ---- | C] () -- C:\Users\Public\Desktop\Trine 2.lnk
[2011/12/02 07:35:19 | 000,001,980 | ---- | C] () -- C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2011/11/30 21:00:43 | 000,001,280 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2011/11/22 19:39:27 | 000,002,224 | ---- | C] () -- C:\Users\Public\Desktop\Saints Row. The Third.lnk
[2011/11/21 20:37:34 | 000,001,925 | ---- | C] () -- C:\Users\Jess\Desktop\BeTrapped!.lnk
[2011/11/21 20:28:48 | 000,002,021 | ---- | C] () -- C:\Users\Jess\Desktop\Inspector Parker.lnk
[2011/08/03 22:00:30 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/08/03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/12/22 20:23:56 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/18 23:05:28 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/11/18 23:05:28 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/11/18 23:05:28 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/08/25 19:34:30 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/08/25 19:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/10/21 19:08:05 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Alawar
[2011/04/15 18:52:24 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\aliasworlds
[2011/06/18 21:57:08 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Anarchy
[2011/12/17 11:08:19 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Artifex Mundi
[2011/06/30 20:38:01 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Awem
[2011/05/27 19:42:21 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Az-Art
[2011/10/23 16:13:24 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Big Fish Games
[2011/11/18 21:20:57 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\BlamGames
[2011/12/02 20:32:21 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Blue Tea Games
[2011/08/26 19:33:32 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Boomzap
[2011/05/17 17:31:34 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Braintonik Games
[2011/10/16 22:12:45 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\BumpkinBrothers
[2011/05/15 20:06:58 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Colibri Games
[2011/03/31 18:51:33 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\CoreFTP
[2011/05/30 07:26:43 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Crown
[2011/11/04 21:16:10 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Daedalic Entertainment
[2011/02/15 20:07:49 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\DAEMON Tools Lite
[2011/11/01 20:47:04 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\DieselPuppet
[2011/06/01 07:52:35 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\DragonsEye Studios
[2011/04/14 20:54:33 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\DreamWoods2ScreenShot
[2011/11/15 21:34:54 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Elephant Games
[2011/05/10 21:27:13 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\EmilyArcher
[2011/10/25 20:42:41 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Enki Games
[2011/04/14 20:50:28 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\FairyTale
[2011/06/25 19:38:05 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Friday's games
[2011/06/04 13:56:28 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Funswitch
[2011/08/11 19:01:50 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Funzai!
[2011/10/05 20:00:33 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\GO Games
[2011/05/21 10:56:44 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Gogii
[2011/06/28 19:37:02 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\HeroCraft
[2011/07/01 19:29:51 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Islands2
[2011/06/14 16:06:41 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\JCP
[2011/09/16 16:44:45 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Kalydo
[2011/05/28 10:30:17 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Lazy Turtle Games
[2010/12/22 20:17:58 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Leadertech
[2011/07/05 20:00:35 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\LestaStudio
[2011/04/07 20:37:33 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\MagicIndie
[2011/06/30 18:44:13 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\MoMB_Full_Eng
[2011/05/02 19:32:45 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\My Games
[2011/01/05 18:06:44 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Mystery of Mortlake Mansion
[2011/06/03 06:56:12 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\NevoSoft
[2011/03/30 21:31:34 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\OpenOffice.org
[2011/12/20 17:58:54 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Origin
[2011/04/18 19:58:40 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Orneon
[2010/12/24 14:33:59 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\PCDr
[2011/09/02 21:57:24 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\PeaceCraft3
[2011/01/13 20:02:50 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Phantasmat_bf_ce1
[2011/05/11 19:10:27 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\playmink
[2011/05/21 11:23:24 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Princess Isabella
[2011/08/20 14:32:21 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\RIFT
[2011/12/08 21:26:58 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\SMIGames
[2011/11/30 18:11:25 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\SoftGrid Client
[2011/05/20 20:05:24 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\thejoyoffarming
[2011/06/04 07:29:14 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\TheKingOfFire
[2011/01/29 19:22:25 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\TP
[2011/05/21 08:55:05 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\TrickySoftware
[2011/12/07 21:03:47 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Trine2
[2011/08/23 19:26:19 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Twilight Games
[2011/11/15 21:34:30 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Urban Legends The Maze Strategy Guide
[2011/12/18 20:55:30 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\uTorrent
[2011/09/16 20:56:00 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Vagrant Hearts
[2011/06/15 20:38:11 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\WendigoStudios
[2011/09/10 18:49:18 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Windows Live Writer
[2011/11/17 20:21:40 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\YoudaGames
[2011/12/12 18:31:56 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2009/07/14 00:08:49 | 000,019,404 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/12/20 18:00:52 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:767A78E5
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:45912F61
@Alternate Data Stream - 182 bytes -> C:\ProgramData\TEMP:1A15E356
@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:58E38390
@Alternate Data Stream - 174 bytes -> C:\ProgramData\TEMP:ECF3C50F
@Alternate Data Stream - 159 bytes -> C:\ProgramData\TEMP:1604D047
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:63210866
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:F3591DDB
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:F53B274A
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:8AED9359
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:68A41423
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:F6A0889A
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:E5BA9ADD
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:35629AE6
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:6EE8565A
@Alternate Data Stream - 136192 bytes -> C:\Users\Jess\AppData\Local\Temp:winupd.exe
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:BFE54417
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:40752783
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:16F4BC64
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:0968E571
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:5C4A588B
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:4F28299B
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:F5FC5DCE
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:B0A727D1
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:A42FABF7
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:4EC7F009
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:2CED8825
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:2C250258
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:2216A431
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:3C0887BF
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:44E16D4A
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:19636FDD
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:BEACE4C8
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:06C34166
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E5B07840
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:C43C957E
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:8D1CA181
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:7EF55396
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:2AE74FF9
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:D36E068F
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:2B9555D8
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:0ACF1AF5
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E894A3ED
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DCA79AB3
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:5511B474
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:18BBD3D5
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:164561C8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:ED0B32CA
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:69FE2EE4
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:14362DF8
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:86E0BFC8
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:16B49C20
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D026A5A4
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:701B92FB
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:6C049F97
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:6423D635
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:5B4686D7
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:02F30776
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:954C27C6
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:00AA4B31
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:40DA0795
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:3D36932D

< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP
It looks like the ZeroAccess rootkit.

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.




Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Do the following:
  • Click on the Start button and then choose Control Panel.
  • Click on the System and Security link.

    Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
  • In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
  • In the Administrative Tools window, double-click on the Computer Management icon.
  • When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.

    After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.

    Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.
Take a screen Shot of the Disk Management Window and attach the screen shot to your reply. Make sure that the column with the partition size is visible.
http://graphicssoft....nscreenshot.htm Save the file as a .jpg or the forum won't allow it.

Ron
  • 0

#3
SuperJess

SuperJess

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Thank you for your quick response, and yfor your assistance. I am running TDSSKiller now after running Combofix. When it was creating its log, I got a BSOD and my system rebooted. Once I have run all the requested programs, I will post the logs.
  • 0

#4
SuperJess

SuperJess

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Ok, so... here's my update. I ran everything until the aswMBR.exe. When I clicked Scan, I instantly got a BSOD which rebooted my computer. I had to leave at that time, so I let it reboot and logged in and then left. Well... whatever it is in there woke up, because I came back to a screen full of error messages and Win 7 Security something or other telling me I had all these errors. I tried closing them all but they all came backl. Also, all my icons were gone except for System Fix, and I had to run iexplore from its folder. However, when running IE, I get browser messages that whevere I am trying to browse to is a dangerous website, and I cannot go there. I had to reboot in safe mode to even get on the internet. Help!

Update: Even when running in safe mode, I am unable to download MBAM. IE closes and the security popups begin again.

The only log available to me is the TDSSKiller log:

18:03:09.0196 5132 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
18:03:09.0461 5132 ============================================================
18:03:09.0461 5132 Current date / time: 2011/12/21 18:03:09.0461
18:03:09.0461 5132 SystemInfo:
18:03:09.0461 5132
18:03:09.0461 5132 OS Version: 6.1.7601 ServicePack: 1.0
18:03:09.0461 5132 Product type: Workstation
18:03:09.0461 5132 ComputerName: JESS-PC
18:03:09.0461 5132 UserName: Jess
18:03:09.0461 5132 Windows directory: C:\Windows
18:03:09.0461 5132 System windows directory: C:\Windows
18:03:09.0461 5132 Running under WOW64
18:03:09.0461 5132 Processor architecture: Intel x64
18:03:09.0461 5132 Number of processors: 4
18:03:09.0461 5132 Page size: 0x1000
18:03:09.0461 5132 Boot type: Normal boot
18:03:09.0461 5132 ============================================================
18:03:10.0927 5132 Initialize success
18:03:20.0708 4372 ============================================================
18:03:20.0708 4372 Scan started
18:03:20.0708 4372 Mode: Manual;
18:03:20.0708 4372 ============================================================
18:03:22.0424 4372 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:03:22.0440 4372 1394ohci - ok
18:03:22.0471 4372 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:03:22.0471 4372 ACPI - ok
18:03:22.0502 4372 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:03:22.0502 4372 AcpiPmi - ok
18:03:22.0534 4372 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:03:22.0549 4372 adp94xx - ok
18:03:22.0565 4372 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:03:22.0565 4372 adpahci - ok
18:03:22.0580 4372 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:03:22.0580 4372 adpu320 - ok
18:03:22.0643 4372 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
18:03:22.0658 4372 AFD - ok
18:03:22.0721 4372 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:03:22.0721 4372 agp440 - ok
18:03:22.0768 4372 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:03:22.0768 4372 aliide - ok
18:03:22.0783 4372 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:03:22.0783 4372 amdide - ok
18:03:22.0814 4372 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:03:22.0830 4372 AmdK8 - ok
18:03:22.0846 4372 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:03:22.0846 4372 AmdPPM - ok
18:03:22.0892 4372 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:03:22.0892 4372 amdsata - ok
18:03:22.0924 4372 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:03:22.0924 4372 amdsbs - ok
18:03:22.0939 4372 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:03:22.0939 4372 amdxata - ok
18:03:22.0986 4372 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:03:23.0002 4372 AppID - ok
18:03:23.0033 4372 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:03:23.0033 4372 arc - ok
18:03:23.0064 4372 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:03:23.0064 4372 arcsas - ok
18:03:23.0095 4372 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
18:03:23.0095 4372 aswFsBlk - ok
18:03:23.0142 4372 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
18:03:23.0142 4372 aswMonFlt - ok
18:03:23.0189 4372 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
18:03:23.0189 4372 aswRdr - ok
18:03:23.0329 4372 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
18:03:23.0329 4372 aswSnx - ok
18:03:23.0376 4372 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
18:03:23.0376 4372 aswSP - ok
18:03:23.0407 4372 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
18:03:23.0407 4372 aswTdi - ok
18:03:23.0423 4372 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:03:23.0423 4372 AsyncMac - ok
18:03:23.0454 4372 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:03:23.0454 4372 atapi - ok
18:03:23.0516 4372 athr (e0fabc10635c670bd7d89fd214a405d7) C:\Windows\system32\DRIVERS\athrx.sys
18:03:23.0548 4372 athr - ok
18:03:23.0563 4372 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:03:23.0563 4372 b06bdrv - ok
18:03:23.0626 4372 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:03:23.0626 4372 b57nd60a - ok
18:03:23.0657 4372 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:03:23.0657 4372 Beep - ok
18:03:23.0672 4372 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:03:23.0672 4372 blbdrive - ok
18:03:23.0719 4372 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:03:23.0719 4372 bowser - ok
18:03:23.0735 4372 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:03:23.0735 4372 BrFiltLo - ok
18:03:23.0750 4372 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:03:23.0750 4372 BrFiltUp - ok
18:03:23.0782 4372 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:03:23.0782 4372 Brserid - ok
18:03:23.0782 4372 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:03:23.0782 4372 BrSerWdm - ok
18:03:23.0797 4372 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:03:23.0797 4372 BrUsbMdm - ok
18:03:23.0797 4372 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:03:23.0813 4372 BrUsbSer - ok
18:03:23.0813 4372 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:03:23.0813 4372 BTHMODEM - ok
18:03:23.0922 4372 catchme - ok
18:03:23.0953 4372 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:03:23.0953 4372 cdfs - ok
18:03:24.0000 4372 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
18:03:24.0000 4372 cdrom - ok
18:03:24.0031 4372 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:03:24.0031 4372 circlass - ok
18:03:24.0078 4372 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:03:24.0078 4372 CLFS - ok
18:03:24.0094 4372 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:03:24.0094 4372 CmBatt - ok
18:03:24.0125 4372 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:03:24.0125 4372 cmdide - ok
18:03:24.0156 4372 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
18:03:24.0156 4372 CNG - ok
18:03:24.0172 4372 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:03:24.0172 4372 Compbatt - ok
18:03:24.0218 4372 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:03:24.0218 4372 CompositeBus - ok
18:03:24.0234 4372 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:03:24.0234 4372 crcdisk - ok
18:03:24.0312 4372 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:03:24.0312 4372 DfsC - ok
18:03:24.0343 4372 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:03:24.0343 4372 discache - ok
18:03:24.0359 4372 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:03:24.0359 4372 Disk - ok
18:03:24.0421 4372 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:03:24.0421 4372 drmkaud - ok
18:03:24.0468 4372 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:03:24.0468 4372 dtsoftbus01 - ok
18:03:24.0530 4372 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:03:24.0530 4372 DXGKrnl - ok
18:03:24.0608 4372 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:03:24.0671 4372 ebdrv - ok
18:03:24.0733 4372 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:03:24.0749 4372 elxstor - ok
18:03:24.0764 4372 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:03:24.0780 4372 ErrDev - ok
18:03:24.0796 4372 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:03:24.0796 4372 exfat - ok
18:03:24.0858 4372 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:03:24.0874 4372 fastfat - ok
18:03:24.0889 4372 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:03:24.0889 4372 fdc - ok
18:03:24.0905 4372 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:03:24.0920 4372 FileInfo - ok
18:03:24.0920 4372 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:03:24.0920 4372 Filetrace - ok
18:03:24.0936 4372 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:03:24.0936 4372 flpydisk - ok
18:03:25.0014 4372 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:03:25.0030 4372 FltMgr - ok
18:03:25.0045 4372 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:03:25.0045 4372 FsDepends - ok
18:03:25.0076 4372 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:03:25.0076 4372 Fs_Rec - ok
18:03:25.0108 4372 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:03:25.0108 4372 fvevol - ok
18:03:25.0139 4372 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:03:25.0139 4372 gagp30kx - ok
18:03:25.0186 4372 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:03:25.0186 4372 hcw85cir - ok
18:03:25.0217 4372 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:03:25.0232 4372 HDAudBus - ok
18:03:25.0248 4372 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
18:03:25.0248 4372 HECIx64 - ok
18:03:25.0279 4372 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:03:25.0279 4372 HidBatt - ok
18:03:25.0279 4372 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:03:25.0279 4372 HidBth - ok
18:03:25.0295 4372 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:03:25.0295 4372 HidIr - ok
18:03:25.0326 4372 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
18:03:25.0326 4372 HidUsb - ok
18:03:25.0357 4372 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:03:25.0357 4372 HpSAMD - ok
18:03:25.0404 4372 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:03:25.0420 4372 HTTP - ok
18:03:25.0451 4372 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:03:25.0451 4372 hwpolicy - ok
18:03:25.0498 4372 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:03:25.0498 4372 i8042prt - ok
18:03:25.0544 4372 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:03:25.0544 4372 iaStorV - ok
18:03:25.0810 4372 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:03:25.0934 4372 igfx - ok
18:03:25.0950 4372 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:03:25.0950 4372 iirsp - ok
18:03:25.0966 4372 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
18:03:25.0966 4372 Impcd - ok
18:03:26.0044 4372 IntcAzAudAddService (e9befd8c6a1db3b544b61647dda35f62) C:\Windows\system32\drivers\RTKVHD64.sys
18:03:26.0059 4372 IntcAzAudAddService - ok
18:03:26.0090 4372 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
18:03:26.0090 4372 IntcDAud - ok
18:03:26.0168 4372 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:03:26.0168 4372 intelide - ok
18:03:26.0200 4372 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:03:26.0200 4372 intelppm - ok
18:03:26.0246 4372 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:03:26.0246 4372 IpFilterDriver - ok
18:03:26.0288 4372 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:03:26.0288 4372 IPMIDRV - ok
18:03:26.0328 4372 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:03:26.0340 4372 IPNAT - ok
18:03:26.0365 4372 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:03:26.0368 4372 IRENUM - ok
18:03:26.0388 4372 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:03:26.0388 4372 isapnp - ok
18:03:26.0423 4372 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:03:26.0433 4372 iScsiPrt - ok
18:03:26.0478 4372 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys
18:03:26.0483 4372 k57nd60a - ok
18:03:26.0528 4372 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
18:03:26.0528 4372 kbdclass - ok
18:03:26.0593 4372 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
18:03:26.0593 4372 kbdhid - ok
18:03:26.0610 4372 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
18:03:26.0628 4372 KSecDD - ok
18:03:26.0660 4372 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
18:03:26.0663 4372 KSecPkg - ok
18:03:26.0673 4372 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:03:26.0673 4372 ksthunk - ok
18:03:26.0738 4372 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:03:26.0738 4372 lltdio - ok
18:03:26.0778 4372 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:03:26.0780 4372 LSI_FC - ok
18:03:26.0800 4372 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:03:26.0800 4372 LSI_SAS - ok
18:03:26.0818 4372 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:03:26.0820 4372 LSI_SAS2 - ok
18:03:26.0835 4372 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:03:26.0838 4372 LSI_SCSI - ok
18:03:26.0878 4372 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:03:26.0880 4372 luafv - ok
18:03:26.0898 4372 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:03:26.0898 4372 megasas - ok
18:03:26.0920 4372 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:03:26.0925 4372 MegaSR - ok
18:03:26.0938 4372 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:03:26.0940 4372 Modem - ok
18:03:26.0960 4372 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:03:26.0960 4372 monitor - ok
18:03:26.0973 4372 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
18:03:26.0975 4372 mouclass - ok
18:03:27.0008 4372 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:03:27.0010 4372 mouhid - ok
18:03:27.0050 4372 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:03:27.0058 4372 mountmgr - ok
18:03:27.0108 4372 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:03:27.0108 4372 mpio - ok
18:03:27.0133 4372 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:03:27.0133 4372 mpsdrv - ok
18:03:27.0149 4372 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:03:27.0149 4372 MRxDAV - ok
18:03:27.0180 4372 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:03:27.0196 4372 mrxsmb - ok
18:03:27.0242 4372 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:03:27.0242 4372 mrxsmb10 - ok
18:03:27.0274 4372 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:03:27.0274 4372 mrxsmb20 - ok
18:03:27.0310 4372 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:03:27.0310 4372 msahci - ok
18:03:27.0388 4372 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:03:27.0388 4372 msdsm - ok
18:03:27.0435 4372 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:03:27.0435 4372 Msfs - ok
18:03:27.0450 4372 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:03:27.0450 4372 mshidkmdf - ok
18:03:27.0466 4372 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:03:27.0466 4372 msisadrv - ok
18:03:27.0513 4372 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:03:27.0528 4372 MSKSSRV - ok
18:03:27.0528 4372 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:03:27.0544 4372 MSPCLOCK - ok
18:03:27.0559 4372 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:03:27.0559 4372 MSPQM - ok
18:03:27.0622 4372 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:03:27.0622 4372 MsRPC - ok
18:03:27.0669 4372 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:03:27.0669 4372 mssmbios - ok
18:03:27.0669 4372 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:03:27.0669 4372 MSTEE - ok
18:03:27.0700 4372 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:03:27.0700 4372 MTConfig - ok
18:03:27.0715 4372 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:03:27.0731 4372 Mup - ok
18:03:27.0778 4372 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:03:27.0793 4372 NativeWifiP - ok
18:03:27.0840 4372 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:03:27.0856 4372 NDIS - ok
18:03:27.0887 4372 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:03:27.0887 4372 NdisCap - ok
18:03:27.0887 4372 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:03:27.0887 4372 NdisTapi - ok
18:03:27.0918 4372 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:03:27.0918 4372 Ndisuio - ok
18:03:27.0949 4372 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:03:27.0949 4372 NdisWan - ok
18:03:27.0965 4372 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:03:27.0965 4372 NDProxy - ok
18:03:27.0981 4372 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:03:27.0981 4372 NetBIOS - ok
18:03:28.0012 4372 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:03:28.0027 4372 NetBT - ok
18:03:28.0074 4372 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:03:28.0074 4372 nfrd960 - ok
18:03:28.0121 4372 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:03:28.0121 4372 Npfs - ok
18:03:28.0137 4372 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:03:28.0137 4372 nsiproxy - ok
18:03:28.0199 4372 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:03:28.0230 4372 Ntfs - ok
18:03:28.0261 4372 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:03:28.0277 4372 Null - ok
18:03:28.0542 4372 nvlddmkm (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:03:28.0605 4372 nvlddmkm - ok
18:03:28.0651 4372 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:03:28.0651 4372 nvraid - ok
18:03:28.0667 4372 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:03:28.0667 4372 nvstor - ok
18:03:28.0714 4372 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:03:28.0714 4372 nv_agp - ok
18:03:28.0761 4372 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:03:28.0761 4372 ohci1394 - ok
18:03:28.0792 4372 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:03:28.0807 4372 Parport - ok
18:03:28.0823 4372 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:03:28.0823 4372 partmgr - ok
18:03:28.0839 4372 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:03:28.0854 4372 pci - ok
18:03:28.0854 4372 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:03:28.0854 4372 pciide - ok
18:03:28.0870 4372 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:03:28.0870 4372 pcmcia - ok
18:03:28.0885 4372 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:03:28.0885 4372 pcw - ok
18:03:28.0917 4372 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:03:28.0917 4372 PEAUTH - ok
18:03:28.0995 4372 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:03:28.0995 4372 PptpMiniport - ok
18:03:29.0010 4372 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:03:29.0010 4372 Processor - ok
18:03:29.0104 4372 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:03:29.0104 4372 Psched - ok
18:03:29.0135 4372 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
18:03:29.0135 4372 PxHlpa64 - ok
18:03:29.0197 4372 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:03:29.0229 4372 ql2300 - ok
18:03:29.0260 4372 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:03:29.0275 4372 ql40xx - ok
18:03:29.0291 4372 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:03:29.0291 4372 QWAVEdrv - ok
18:03:29.0307 4372 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:03:29.0307 4372 RasAcd - ok
18:03:29.0322 4372 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:03:29.0322 4372 RasAgileVpn - ok
18:03:29.0385 4372 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:03:29.0385 4372 Rasl2tp - ok
18:03:29.0416 4372 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:03:29.0416 4372 RasPppoe - ok
18:03:29.0447 4372 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:03:29.0447 4372 RasSstp - ok
18:03:29.0494 4372 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:03:29.0494 4372 rdbss - ok
18:03:29.0525 4372 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:03:29.0525 4372 rdpbus - ok
18:03:29.0541 4372 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:03:29.0541 4372 RDPCDD - ok
18:03:29.0587 4372 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:03:29.0587 4372 RDPENCDD - ok
18:03:29.0587 4372 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:03:29.0587 4372 RDPREFMP - ok
18:03:29.0619 4372 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
18:03:29.0619 4372 RDPWD - ok
18:03:29.0665 4372 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:03:29.0665 4372 rdyboost - ok
18:03:29.0790 4372 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:03:29.0790 4372 rspndr - ok
18:03:29.0837 4372 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:03:29.0837 4372 sbp2port - ok
18:03:29.0868 4372 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:03:29.0868 4372 scfilter - ok
18:03:29.0977 4372 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:03:29.0977 4372 secdrv - ok
18:03:30.0009 4372 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:03:30.0009 4372 Serenum - ok
18:03:30.0024 4372 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:03:30.0024 4372 Serial - ok
18:03:30.0055 4372 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:03:30.0055 4372 sermouse - ok
18:03:30.0102 4372 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:03:30.0102 4372 sffdisk - ok
18:03:30.0133 4372 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:03:30.0133 4372 sffp_mmc - ok
18:03:30.0149 4372 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:03:30.0149 4372 sffp_sd - ok
18:03:30.0165 4372 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:03:30.0180 4372 sfloppy - ok
18:03:30.0211 4372 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
18:03:30.0227 4372 Sftfs - ok
18:03:30.0274 4372 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
18:03:30.0274 4372 Sftplay - ok
18:03:30.0289 4372 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
18:03:30.0289 4372 Sftredir - ok
18:03:30.0305 4372 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
18:03:30.0305 4372 Sftvol - ok
18:03:30.0352 4372 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:03:30.0352 4372 SiSRaid2 - ok
18:03:30.0367 4372 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:03:30.0367 4372 SiSRaid4 - ok
18:03:30.0414 4372 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:03:30.0414 4372 Smb - ok
18:03:30.0461 4372 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:03:30.0461 4372 spldr - ok
18:03:30.0555 4372 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:03:30.0570 4372 srv - ok
18:03:30.0586 4372 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:03:30.0601 4372 srv2 - ok
18:03:30.0617 4372 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:03:30.0617 4372 srvnet - ok
18:03:30.0664 4372 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:03:30.0664 4372 stexstor - ok
18:03:30.0695 4372 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:03:30.0695 4372 swenum - ok
18:03:30.0789 4372 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
18:03:30.0820 4372 Tcpip - ok
18:03:30.0882 4372 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
18:03:30.0882 4372 TCPIP6 - ok
18:03:30.0913 4372 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:03:30.0913 4372 tcpipreg - ok
18:03:30.0945 4372 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:03:30.0945 4372 TDPIPE - ok
18:03:30.0960 4372 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
18:03:30.0976 4372 TDTCP - ok
18:03:31.0038 4372 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:03:31.0038 4372 tdx - ok
18:03:31.0054 4372 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:03:31.0054 4372 TermDD - ok
18:03:31.0132 4372 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:03:31.0132 4372 tssecsrv - ok
18:03:31.0194 4372 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:03:31.0194 4372 TsUsbFlt - ok
18:03:31.0241 4372 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:03:31.0241 4372 tunnel - ok
18:03:31.0272 4372 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:03:31.0272 4372 uagp35 - ok
18:03:31.0319 4372 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:03:31.0319 4372 udfs - ok
18:03:31.0350 4372 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:03:31.0350 4372 uliagpkx - ok
18:03:31.0397 4372 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:03:31.0413 4372 umbus - ok
18:03:31.0428 4372 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:03:31.0428 4372 UmPass - ok
18:03:31.0475 4372 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:03:31.0475 4372 usbccgp - ok
18:03:31.0506 4372 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:03:31.0506 4372 usbcir - ok
18:03:31.0537 4372 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
18:03:31.0537 4372 usbehci - ok
18:03:31.0569 4372 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:03:31.0569 4372 usbhub - ok
18:03:31.0615 4372 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
18:03:31.0615 4372 usbohci - ok
18:03:31.0631 4372 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:03:31.0631 4372 usbprint - ok
18:03:31.0631 4372 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
18:03:31.0631 4372 USBSTOR - ok
18:03:31.0662 4372 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:03:31.0662 4372 usbuhci - ok
18:03:31.0678 4372 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:03:31.0678 4372 vdrvroot - ok
18:03:31.0693 4372 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:03:31.0693 4372 vga - ok
18:03:31.0725 4372 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:03:31.0725 4372 VgaSave - ok
18:03:31.0787 4372 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:03:31.0803 4372 vhdmp - ok
18:03:31.0849 4372 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:03:31.0849 4372 viaide - ok
18:03:31.0865 4372 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:03:31.0865 4372 volmgr - ok
18:03:31.0943 4372 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:03:31.0943 4372 volmgrx - ok
18:03:31.0990 4372 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:03:31.0990 4372 volsnap - ok
18:03:32.0005 4372 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:03:32.0005 4372 vsmraid - ok
18:03:32.0021 4372 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:03:32.0037 4372 vwifibus - ok
18:03:32.0068 4372 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:03:32.0083 4372 vwififlt - ok
18:03:32.0083 4372 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:03:32.0083 4372 WacomPen - ok
18:03:32.0130 4372 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:03:32.0130 4372 WANARP - ok
18:03:32.0146 4372 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:03:32.0146 4372 Wanarpv6 - ok
18:03:32.0177 4372 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:03:32.0177 4372 Wd - ok
18:03:32.0208 4372 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:03:32.0224 4372 Wdf01000 - ok
18:03:32.0271 4372 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:03:32.0286 4372 WfpLwf - ok
18:03:32.0333 4372 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
18:03:32.0333 4372 WimFltr - ok
18:03:32.0349 4372 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:03:32.0349 4372 WIMMount - ok
18:03:32.0458 4372 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:03:32.0458 4372 WmiAcpi - ok
18:03:32.0536 4372 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:03:32.0536 4372 ws2ifsl - ok
18:03:32.0583 4372 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:03:32.0598 4372 WudfPf - ok
18:03:32.0598 4372 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:03:32.0614 4372 WUDFRd - ok
18:03:32.0614 4372 MBR (0x1B8) (ae8fa489bdbabb7f15572f885c9ff9ae) \Device\Harddisk0\DR0
18:03:32.0614 4372 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
18:03:32.0614 4372 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
18:03:32.0629 4372 Boot (0x1200) (f6707153029ea14b6d9f53687d563045) \Device\Harddisk0\DR0\Partition0
18:03:32.0629 4372 \Device\Harddisk0\DR0\Partition0 - ok
18:03:32.0645 4372 Boot (0x1200) (2c28b4b46877a8f674274308b2b76526) \Device\Harddisk0\DR0\Partition1
18:03:32.0661 4372 \Device\Harddisk0\DR0\Partition1 - ok
18:03:32.0661 4372 ============================================================
18:03:32.0661 4372 Scan finished
18:03:32.0661 4372 ============================================================
18:03:32.0661 4948 Detected object count: 1
18:03:32.0661 4948 Actual detected object count: 1
18:04:46.0316 4948 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
18:04:46.0316 4948 \Device\Harddisk0\DR0 - ok
18:04:46.0317 4948 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
18:04:52.0841 3468 Deinitialize success

Edited by SuperJess, 21 December 2011 - 08:42 PM.

  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP
Can you perhaps run Combofix again?


Copy the text in the code box by highlighting and Ctrl + c

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"
     
:Commands
[EMPTYFLASH]
[EMPTYJAVA]



then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL should not need to reboot the PC when it is done.
  • 0

#6
SuperJess

SuperJess

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Hurray! After running Combofix, my icons are back and I can click on programs in my start menu! Just a note, I am still in safe mode. I was also unable to disable Avast, as I could not access its icon. Trying to get to it by its folder, I could open the UI but it said the protection was off anyways.

Update: Well, I left my computer in regular mode... big mistake. Apparently it downloaded a Windows update and rebooted, and now the Win 7 Security 2012 has reappeared and is blocking my IE again. I am going to stay in safe mode until everything is all set.

Here are my two logs:

ComboFix 11-12-22.01 - Jess 12/22/2011 7:27.3.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6007.5140 [GMT -5:00]
Running from: c:\users\Jess\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\~QVjUvLBmzRgyXl
c:\programdata\graffast.exe
c:\programdata\hFITnUFOxHN.exe
c:\programdata\QVjUvLBmzRgyXl
c:\programdata\QVjUvLBmzRgyXl.exe
C:\Recycle.Bin
c:\recycle.bin\9227F773F6B96CA
c:\recycle.bin\B6232F3A33C.exe
c:\users\Jess\AppData\Local\mqf.exe
c:\users\Jess\AppData\Roaming\machst.exe
c:\users\Jess\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
c:\users\Jess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
c:\users\Jess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\System Fix.lnk
c:\users\Jess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\Uninstall System Fix.lnk
c:\users\Jess\Desktop\System Fix.lnk
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-22 to 2011-12-22 )))))))))))))))))))))))))))))))
.
.
2011-12-22 12:32 . 2011-12-22 12:32 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-12-22 12:32 . 2011-12-22 12:32 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-12-22 12:32 . 2011-12-22 12:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-22 02:32 . 2011-12-22 02:32 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B2987734-5C0C-4FE3-A528-223B2A9069B5}\offreg.dll
2011-12-20 22:57 . 2011-12-20 22:58 -------- d--h--w- c:\users\Jess\AppData\Roaming\Origin
2011-12-20 22:57 . 2011-12-20 22:57 -------- d--h--w- c:\users\Jess\AppData\Local\Origin
2011-12-20 22:57 . 2011-12-20 22:58 -------- d--h--w- c:\programdata\Origin
2011-12-20 22:57 . 2011-12-20 22:57 -------- d--h--w- c:\programdata\Electronic Arts
2011-12-20 22:57 . 2011-12-20 22:57 -------- d--h--w- c:\program files (x86)\Origin Games
2011-12-20 22:57 . 2011-12-20 22:57 -------- d-----w- c:\program files (x86)\Origin
2011-12-20 15:16 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B2987734-5C0C-4FE3-A528-223B2A9069B5}\mpengine.dll
2011-12-19 23:39 . 2011-12-19 23:39 -------- d-----w- c:\windows\system32\Macromed
2011-12-19 02:07 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-19 02:07 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-19 02:06 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-19 02:06 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-19 02:06 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-17 16:08 . 2011-12-17 16:08 -------- d--h--w- c:\users\Jess\AppData\Roaming\Artifex Mundi
2011-12-15 18:47 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-09 02:26 . 2011-12-09 02:26 -------- d--h--w- c:\users\Jess\AppData\Roaming\SMIGames
2011-12-08 02:03 . 2011-12-08 02:03 -------- d--h--w- c:\users\Jess\AppData\Roaming\Trine2
2011-12-08 01:42 . 2011-12-08 01:42 -------- d-----w- c:\program files (x86)\Frozenbyte
2011-12-03 01:32 . 2011-12-03 01:32 -------- d--h--w- c:\users\Jess\AppData\Roaming\Blue Tea Games
2011-11-23 00:49 . 2011-12-08 01:48 -------- d--h--w- c:\users\Jess\AppData\Local\SKIDROW
2011-11-23 00:39 . 2007-04-04 23:54 107368 ----a-w- c:\windows\system32\xinput1_3.dll
2011-11-23 00:39 . 2007-04-04 23:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll
2011-11-23 00:31 . 2011-11-23 00:31 -------- d-----w- c:\program files (x86)\R.G. Catalyst
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-20 01:12 . 2011-05-16 21:33 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-28 18:01 . 2010-12-23 01:34 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2010-12-23 01:34 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-11-28 18:01 . 2011-01-20 02:44 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:54 . 2011-03-04 01:28 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2010-12-23 01:35 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2010-12-23 01:35 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2010-12-23 01:35 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2010-12-23 01:35 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2010-12-23 01:35 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-10-25 23:20 . 2010-11-19 02:31 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-29 16:29 . 2011-11-08 20:33 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTZDetec.exe"="c:\program files (x86)\Creative\Creative Media Lite\CTZDetec.exe" [2008-04-24 368640]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"SoftAuto.exe"="c:\program files (x86)\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-09-03 3077528]
"Akamai NetSession Interface"="c:\users\Jess\AppData\Local\Akamai\netsession_win.exe" [2011-12-13 3305760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-01-27 237568]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-08-23 3926528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-11-28 3744552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-07-21 165184]
.
c:\users\Jess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-1-30 0]
Dell Dock.lnk - c:\program files (x86)\Dell\DellDock\DellDock.exe [N/A]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-12 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32]
.
2011-12-21 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060832]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 68.87.71.230 68.87.73.246
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-graffast - c:\programdata\graffast.exe
Wow6432Node-HKCU-Run-machst - c:\users\Jess\AppData\Roaming\machst.exe
Wow6432Node-HKCU-Run-4Y3Y0C3AVF7XXW5DBZHBY - c:\recycle.bin\B6232F3A33C.exe
Wow6432Node-HKLM-Run-graffast - c:\programdata\graffast.exe
Wow6432Node-HKLM-Run-machst - c:\users\Jess\AppData\Roaming\machst.exe
Wow6432Node-HKLM-Run-hFITnUFOxHN.exe - c:\programdata\hFITnUFOxHN.exe
HKLM-Run-combofix - c:\combofix\CF6774.3XE
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_b427739.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3969135123-2343454017-3882555379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3969135123-2343454017-3882555379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-22 07:36:10
ComboFix-quarantined-files.txt 2011-12-22 12:36
.
Pre-Run: 571,888,635,904 bytes free
Post-Run: 571,622,096,896 bytes free
.
- - End Of File - - EAF628AC6CAFC90003EBEAD58CEDB548

Error: Unable to interpret < > in the current context!
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Jess\Desktop\cmd.bat deleted successfully.
C:\Users\Jess\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Jess\Desktop\cmd.bat deleted successfully.
C:\Users\Jess\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Jess\Desktop\cmd.bat deleted successfully.
C:\Users\Jess\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Jess\Desktop\cmd.bat deleted successfully.
C:\Users\Jess\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 41620 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jess
->Flash cache emptied: 3496156 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 41620 bytes

Total Flash Files Cleaned = 3.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Jess
->Java cache emptied: 6770564 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 6.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12222011_073837

Edited by SuperJess, 22 December 2011 - 07:27 AM.

  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP
Run Combofix again and post the log.

Run MBAM and post the log:

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



Copy the following:

:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.


Run OTL, Quickscan and post the logs.

Do the following:
  • Click on the Start button and then choose Control Panel.
  • Click on the System and Security link.

    Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
  • In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
  • In the Administrative Tools window, double-click on the Computer Management icon.
  • When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.

    After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.

    Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.
Take a screen Shot of the Disk Management Window and attach the screen shot to your reply. Make sure that the column with the partition size is visible.
http://graphicssoft....nscreenshot.htm Save the file as a .jpg or the forum won't allow it.

Ron
  • 0

#8
SuperJess

SuperJess

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
ComboFix 11-12-22.04 - Jess 12/22/2011 13:42:53.4.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6007.5159 [GMT -5:00]
Running from: c:\users\Jess\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\graffast.exe
c:\users\Jess\AppData\Local\nxi.exe
c:\users\Jess\AppData\Roaming\machst.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-22 to 2011-12-22 )))))))))))))))))))))))))))))))
.
.
2011-12-22 18:48 . 2011-12-22 18:48 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-12-22 18:48 . 2011-12-22 18:48 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-12-22 18:48 . 2011-12-22 18:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-20 22:57 . 2011-12-20 22:58 -------- d-----w- c:\users\Jess\AppData\Roaming\Origin
2011-12-20 22:57 . 2011-12-20 22:57 -------- d-----w- c:\users\Jess\AppData\Local\Origin
2011-12-20 22:57 . 2011-12-20 22:58 -------- d-----w- c:\programdata\Origin
2011-12-20 22:57 . 2011-12-20 22:57 -------- d-----w- c:\programdata\Electronic Arts
2011-12-20 22:57 . 2011-12-20 22:57 -------- d-----w- c:\program files (x86)\Origin Games
2011-12-20 22:57 . 2011-12-20 22:57 -------- d-----w- c:\program files (x86)\Origin
2011-12-20 15:16 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B2987734-5C0C-4FE3-A528-223B2A9069B5}\mpengine.dll
2011-12-19 23:39 . 2011-12-19 23:39 -------- d-----w- c:\windows\system32\Macromed
2011-12-19 02:07 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-19 02:07 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-19 02:06 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-19 02:06 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-19 02:06 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-17 16:08 . 2011-12-17 16:08 -------- d-----w- c:\users\Jess\AppData\Roaming\Artifex Mundi
2011-12-15 18:47 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-09 02:26 . 2011-12-09 02:26 -------- d-----w- c:\users\Jess\AppData\Roaming\SMIGames
2011-12-08 02:03 . 2011-12-08 02:03 -------- d-----w- c:\users\Jess\AppData\Roaming\Trine2
2011-12-08 01:42 . 2011-12-08 01:42 -------- d-----w- c:\program files (x86)\Frozenbyte
2011-12-03 01:32 . 2011-12-03 01:32 -------- d-----w- c:\users\Jess\AppData\Roaming\Blue Tea Games
2011-11-23 00:49 . 2011-12-08 01:48 -------- d-----w- c:\users\Jess\AppData\Local\SKIDROW
2011-11-23 00:39 . 2007-04-04 23:54 107368 ----a-w- c:\windows\system32\xinput1_3.dll
2011-11-23 00:39 . 2007-04-04 23:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll
2011-11-23 00:31 . 2011-11-23 00:31 -------- d-----w- c:\program files (x86)\R.G. Catalyst
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-20 01:12 . 2011-05-16 21:33 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-28 18:01 . 2010-12-23 01:34 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2010-12-23 01:34 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-11-28 18:01 . 2011-01-20 02:44 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:54 . 2011-03-04 01:28 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2010-12-23 01:35 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2010-12-23 01:35 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2010-12-23 01:35 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2010-12-23 01:35 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2010-12-23 01:35 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-10-25 23:20 . 2010-11-19 02:31 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-29 16:29 . 2011-11-08 20:33 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((( [email protected]_12.32.51 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-02-20 04:03 . 2011-02-20 04:03 51024 c:\windows\SysWOW64\vcomp100.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 51024 c:\windows\SysWOW64\vcomp100.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 81744 c:\windows\SysWOW64\mfcm100u.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 81744 c:\windows\SysWOW64\mfcm100u.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 81744 c:\windows\SysWOW64\mfcm100.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 81744 c:\windows\SysWOW64\mfcm100.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 60752 c:\windows\SysWOW64\mfc100rus.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 60752 c:\windows\SysWOW64\mfc100rus.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 43344 c:\windows\SysWOW64\mfc100kor.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 43344 c:\windows\SysWOW64\mfc100kor.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 43856 c:\windows\SysWOW64\mfc100jpn.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 43856 c:\windows\SysWOW64\mfc100jpn.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 62288 c:\windows\SysWOW64\mfc100ita.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 62288 c:\windows\SysWOW64\mfc100ita.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 64336 c:\windows\SysWOW64\mfc100fra.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 64336 c:\windows\SysWOW64\mfc100fra.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 63824 c:\windows\SysWOW64\mfc100esn.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 63824 c:\windows\SysWOW64\mfc100esn.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 55120 c:\windows\SysWOW64\mfc100enu.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 55120 c:\windows\SysWOW64\mfc100enu.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 64336 c:\windows\SysWOW64\mfc100deu.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 64336 c:\windows\SysWOW64\mfc100deu.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 36176 c:\windows\SysWOW64\mfc100cht.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 36176 c:\windows\SysWOW64\mfc100cht.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 36176 c:\windows\SysWOW64\mfc100chs.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 36176 c:\windows\SysWOW64\mfc100chs.dll
- 2011-12-22 02:24 . 2011-12-22 02:24 16004 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2011-12-22 13:24 . 2011-12-22 13:24 16004 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2009-07-14 04:54 . 2011-12-22 02:29 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-12-22 13:17 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-19 02:53 . 2011-12-22 12:58 42378 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-22 13:24 26998 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-11 06:15 . 2011-06-11 06:15 57168 c:\windows\system32\vcomp100.dll
- 2011-02-20 03:51 . 2011-02-20 03:51 57168 c:\windows\system32\vcomp100.dll
- 2011-02-20 03:51 . 2011-02-20 03:51 93008 c:\windows\system32\mfcm100u.dll
+ 2011-06-11 06:15 . 2011-06-11 06:15 93008 c:\windows\system32\mfcm100u.dll
- 2011-02-20 03:51 . 2011-02-20 03:51 93008 c:\windows\system32\mfcm100.dll
+ 2011-06-11 06:15 . 2011-06-11 06:15 93008 c:\windows\system32\mfcm100.dll
+ 2011-06-11 06:15 . 2011-06-11 06:15 60752 c:\windows\system32\mfc100rus.dll
- 2011-02-20 03:51 . 2011-02-20 03:51 60752 c:\windows\system32\mfc100rus.dll
+ 2011-06-11 06:15 . 2011-06-11 06:15 43344 c:\windows\system32\mfc100kor.dll
- 2011-02-20 03:51 . 2011-02-20 03:51 43344 c:\windows\system32\mfc100kor.dll
- 2011-02-20 03:51 . 2011-02-20 03:51 43856 c:\windows\system32\mfc100jpn.dll
+ 2011-06-11 06:15 . 2011-06-11 06:15 43856 c:\windows\system32\mfc100jpn.dll
- 2011-02-20 03:51 . 2011-02-20 03:51 62288 c:\windows\system32\mfc100ita.dll
+ 2011-06-11 06:15 . 2011-06-11 06:15 62288 c:\windows\system32\mfc100ita.dll
- 2011-02-20 03:51 . 2011-02-20 03:51 64336 c:\windows\system32\mfc100fra.dll
+ 2011-06-11 06:15 . 2011-06-11 06:15 64336 c:\windows\system32\mfc100fra.dll
- 2011-02-20 03:51 . 2011-02-20 03:51 63824 c:\windows\system32\mfc100esn.dll
+ 2011-06-11 06:15 . 2011-06-11 06:15 63824 c:\windows\system32\mfc100esn.dll
+ 2011-06-11 06:15 . 2011-06-11 06:15 55120 c:\windows\system32\mfc100enu.dll
- 2011-02-20 03:51 . 2011-02-20 03:51 55120 c:\windows\system32\mfc100enu.dll
+ 2011-06-11 06:15 . 2011-06-11 06:15 64336 c:\windows\system32\mfc100deu.dll
- 2011-02-20 03:51 . 2011-02-20 03:51 64336 c:\windows\system32\mfc100deu.dll
- 2011-02-20 03:51 . 2011-02-20 03:51 36176 c:\windows\system32\mfc100cht.dll
+ 2011-06-11 06:15 . 2011-06-11 06:15 36176 c:\windows\system32\mfc100cht.dll
- 2011-02-20 03:51 . 2011-02-20 03:51 36176 c:\windows\system32\mfc100chs.dll
+ 2011-06-11 06:15 . 2011-06-11 06:15 36176 c:\windows\system32\mfc100chs.dll
- 2010-12-23 01:12 . 2011-12-21 23:30 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-23 01:12 . 2011-12-22 13:01 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-23 01:12 . 2011-12-21 23:30 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-23 01:12 . 2011-12-22 13:01 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-21 23:30 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-22 13:01 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-23 23:35 . 2011-12-22 13:24 8620 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3969135123-2343454017-3882555379-1000_UserData.bin
- 2011-12-22 02:25 . 2011-12-22 02:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-22 15:50 . 2011-12-22 15:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-22 02:25 . 2011-12-22 02:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-22 15:50 . 2011-12-22 15:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-06-11 06:58 . 2011-06-11 06:58 773968 c:\windows\SysWOW64\msvcr100.dll
- 2011-02-19 05:40 . 2011-02-19 05:40 773968 c:\windows\SysWOW64\msvcr100.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 421200 c:\windows\SysWOW64\msvcp100.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 421200 c:\windows\SysWOW64\msvcp100.dll
- 2009-07-14 04:54 . 2011-12-22 02:29 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-22 13:17 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-22 13:17 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-22 02:29 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-11 06:58 . 2011-06-11 06:58 138056 c:\windows\SysWOW64\atl100.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 138056 c:\windows\SysWOW64\atl100.dll
+ 2009-07-14 02:36 . 2011-12-22 15:54 624606 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-12-22 02:34 624606 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-12-22 02:34 106724 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-12-22 15:54 106724 c:\windows\system32\perfc009.dat
- 2011-02-19 05:52 . 2011-02-19 05:52 829264 c:\windows\system32\msvcr100.dll
+ 2011-06-11 06:15 . 2011-06-11 06:15 829264 c:\windows\system32\msvcr100.dll
+ 2011-06-11 06:15 . 2011-06-11 06:15 608080 c:\windows\system32\msvcp100.dll
- 2011-02-20 03:51 . 2011-02-20 03:51 608080 c:\windows\system32\msvcp100.dll
+ 2011-06-11 06:15 . 2011-06-11 06:15 158536 c:\windows\system32\atl100.dll
- 2011-02-20 03:51 . 2011-02-20 03:51 158536 c:\windows\system32\atl100.dll
+ 2009-07-14 05:01 . 2011-12-22 13:24 432032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-12-22 02:24 432032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-06-11 06:58 . 2011-06-11 06:58 4422992 c:\windows\SysWOW64\mfc100u.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 4422992 c:\windows\SysWOW64\mfc100u.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 4397384 c:\windows\SysWOW64\mfc100.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 4397384 c:\windows\SysWOW64\mfc100.dll
+ 2011-06-11 06:15 . 2011-06-11 06:15 5601616 c:\windows\system32\mfc100u.dll
- 2011-02-20 03:51 . 2011-02-20 03:51 5601616 c:\windows\system32\mfc100u.dll
+ 2011-06-11 06:15 . 2011-06-11 06:15 5574984 c:\windows\system32\mfc100.dll
+ 2011-06-29 02:27 . 2011-06-29 02:27 4028928 c:\windows\Installer\55641.msp
+ 2011-06-29 02:21 . 2011-06-29 02:21 4637184 c:\windows\Installer\50229.msp
- 2011-07-06 21:45 . 2011-12-22 02:24 24622252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3969135123-2343454017-3882555379-1000-8192.dat
+ 2011-07-06 21:45 . 2011-12-22 13:24 24622252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3969135123-2343454017-3882555379-1000-8192.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTZDetec.exe"="c:\program files (x86)\Creative\Creative Media Lite\CTZDetec.exe" [2008-04-24 368640]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"SoftAuto.exe"="c:\program files (x86)\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-09-03 3077528]
"Akamai NetSession Interface"="c:\users\Jess\AppData\Local\Akamai\netsession_win.exe" [2011-12-13 3305760]
"graffast"="c:\programdata\graffast.exe" [BU]
"machst"="c:\users\Jess\AppData\Roaming\machst.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-01-27 237568]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-08-23 3926528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-11-28 3744552]
"graffast"="c:\programdata\graffast.exe" [BU]
"machst"="c:\users\Jess\AppData\Roaming\machst.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-07-21 165184]
.
c:\users\Jess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-1-30 0]
Dell Dock.lnk - c:\program files (x86)\Dell\DellDock\DellDock.exe [N/A]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-12 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32]
.
2011-12-21 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060832]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 68.87.71.230 68.87.73.246
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_b427739.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3969135123-2343454017-3882555379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3969135123-2343454017-3882555379-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-22 13:50:23
ComboFix-quarantined-files.txt 2011-12-22 18:50
ComboFix2.txt 2011-12-22 12:36
.
Pre-Run: 571,038,072,832 bytes free
Post-Run: 570,996,924,416 bytes free
.
- - End Of File - - 3EB55D43EFB32CD7F555481BF1B417B5


My C:/Documents and Settings folder is 'Access Denied'. Not sure if that is because I am in safe mode... so I opened the MBAM program and pulled the log that way:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122204

Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 9.0.8112.16421

12/22/2011 1:54:58 PM
mbam-log-2011-12-22 (13-54-58).txt

Scan type: Quick scan
Objects scanned: 190914
Time elapsed: 1 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



OTL logfile created on: 12/22/2011 2:05:26 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jess\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.87 Gb Total Physical Memory | 4.67 Gb Available Physical Memory | 79.61% Memory free
11.73 Gb Paging File | 10.56 Gb Available in Paging File | 89.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 688.72 Gb Total Space | 531.86 Gb Free Space | 77.22% Space Free | Partition Type: NTFS

Computer Name: JESS-PC | User Name: Jess | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/22 07:38:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jess\Desktop\OTL.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2011/12/14 14:56:45 | 003,316,000 | ---- | M] () [Auto | Stopped] -- c:\program files (x86)\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011/08/03 06:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/03 02:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/11/18 21:33:51 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/08/20 18:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/04/02 01:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/28 12:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/11/28 12:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/11/28 12:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/11/28 12:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/11/28 12:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/11/28 12:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/05/28 13:25:52 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/27 10:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/04 00:38:32 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2009/10/16 06:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 18:10:10 | 001,478,144 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@eximion.com/KalydoPlayer: C:\Users\Jess\AppData\Roaming\Kalydo\KalydoPlayer\bin\npkalydo.dll (Eximion B.V.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)



O1 HOSTS File: ([2011/12/22 13:48:50 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe (Dell, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [graffast] C:\ProgramData\graffast.exe File not found
O4 - HKLM..\Run: [machst] C:\Users\Jess\AppData\Roaming\machst.exe File not found
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Jess\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [CTZDetec.exe] C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [graffast] C:\ProgramData\graffast.exe File not found
O4 - HKCU..\Run: [machst] C:\Users\Jess\AppData\Roaming\machst.exe File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [SoftAuto.exe] C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto....veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3011E44-305E-49BD-9103-3BE2C10D2F0D}: DhcpNameServer = 68.87.71.230 68.87.73.246
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4A824B9-DCB9-40E7-9531-6C21BA1CF126}: DhcpNameServer = 68.87.71.230 68.87.73.246
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/22 14:04:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/22 13:53:08 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jess\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/22 13:50:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/22 08:01:06 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/12/22 07:38:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/22 07:38:00 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jess\Desktop\OTL.exe
[2011/12/22 07:23:36 | 004,348,814 | R--- | C] (Swearware) -- C:\Users\Jess\Desktop\ComboFix.exe
[2011/12/21 18:08:22 | 001,917,952 | ---- | C] (AVAST Software) -- C:\Users\Jess\Desktop\aswMBR.exe
[2011/12/21 17:46:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/21 17:46:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/21 17:46:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/21 17:46:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/20 23:18:12 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Local\{73B9682A-BAE4-4612-88E0-31652DB41A1D}
[2011/12/20 18:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
[2011/12/20 17:57:55 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Roaming\Origin
[2011/12/20 17:57:50 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Local\Origin
[2011/12/20 17:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2011/12/20 17:57:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2011/12/20 17:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2011/12/20 17:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2011/12/20 17:57:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2011/12/19 18:39:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/12/17 11:08:19 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Roaming\Artifex Mundi
[2011/12/08 21:26:58 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Roaming\SMIGames
[2011/12/07 21:03:47 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Roaming\Trine2
[2011/12/07 20:42:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Frozenbyte
[2011/12/07 20:42:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Frozenbyte
[2011/12/06 22:07:40 | 000,000,000 | ---D | C] -- C:\Users\Jess\Documents\Be a King Golden Empire
[2011/12/02 20:32:21 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Roaming\Blue Tea Games
[2011/11/22 19:49:26 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Local\SKIDROW
[2011/11/22 19:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Catalyst
[2011/11/22 19:31:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\R.G. Catalyst
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/22 14:04:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/22 14:04:12 | 429,219,839 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/22 13:53:18 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jess\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/22 13:48:50 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/22 13:42:01 | 004,348,814 | R--- | M] (Swearware) -- C:\Users\Jess\Desktop\ComboFix.exe
[2011/12/22 13:41:02 | 000,007,942 | -HS- | M] () -- C:\Users\Jess\AppData\Local\3go1d17isd3c05laewb0456le458sxj70w2l
[2011/12/22 13:41:02 | 000,007,942 | -HS- | M] () -- C:\ProgramData\3go1d17isd3c05laewb0456le458sxj70w2l
[2011/12/22 10:54:48 | 000,727,374 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/22 10:54:48 | 000,624,606 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/22 10:54:48 | 000,106,724 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/22 08:24:25 | 000,014,240 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/22 08:24:25 | 000,014,240 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/22 07:38:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jess\Desktop\OTL.exe
[2011/12/22 07:23:57 | 000,007,074 | -HS- | M] () -- C:\Users\Jess\AppData\Local\2kj2a38xid0y35telry6853mw776mpa22g3e
[2011/12/22 07:23:57 | 000,007,074 | -HS- | M] () -- C:\ProgramData\2kj2a38xid0y35telry6853mw776mpa22g3e
[2011/12/21 18:09:39 | 449,526,443 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/21 18:08:31 | 001,917,952 | ---- | M] (AVAST Software) -- C:\Users\Jess\Desktop\aswMBR.exe
[2011/12/21 17:54:19 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/12/21 07:28:44 | 000,001,980 | ---- | M] () -- C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2011/12/21 07:28:42 | 000,002,603 | ---- | M] () -- C:\Users\Jess\Desktop\Reincarnations 3 - Back to Reality Collectors Edition.lnk
[2011/12/21 07:28:42 | 000,001,798 | ---- | M] () -- C:\Users\Jess\Desktop\Ventrilo.lnk
[2011/12/21 07:28:41 | 000,003,024 | ---- | M] () -- C:\Users\Jess\Desktop\launcher - Shortcut.lnk
[2011/12/21 07:28:41 | 000,002,101 | ---- | M] () -- C:\Users\Jess\Desktop\Overlord2 - Shortcut.lnk
[2011/12/21 07:28:41 | 000,002,071 | ---- | M] () -- C:\Users\Jess\Desktop\Drawn 3- Trail of Shadows CE.lnk
[2011/12/21 07:28:41 | 000,002,021 | ---- | M] () -- C:\Users\Jess\Desktop\Inspector Parker.lnk
[2011/12/21 07:28:41 | 000,001,925 | ---- | M] () -- C:\Users\Jess\Desktop\BeTrapped!.lnk
[2011/12/21 07:28:41 | 000,001,753 | ---- | M] () -- C:\Users\Jess\Desktop\EdenEternal.lnk
[2011/12/21 07:28:41 | 000,001,114 | ---- | M] () -- C:\Users\Jess\Desktop\Atlantica Online.lnk
[2011/12/20 23:14:34 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/12/20 17:57:47 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2011/12/19 03:21:25 | 000,432,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/18 21:00:52 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/12/12 18:31:56 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/12/07 20:42:54 | 000,002,098 | ---- | M] () -- C:\Users\Public\Desktop\Trine 2.lnk
[2011/11/30 21:00:43 | 000,001,280 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2011/11/29 21:43:38 | 000,000,117 | ---- | M] () -- C:\Users\Jess\webct_upload_applet.properties
[2011/11/28 13:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/28 13:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/11/28 13:01:14 | 000,256,960 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/11/28 12:54:06 | 000,591,192 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/11/28 12:53:58 | 000,304,472 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/11/28 12:52:22 | 000,042,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/11/28 12:52:20 | 000,058,712 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/11/28 12:52:11 | 000,066,904 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/11/28 12:51:53 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/11/22 19:39:27 | 000,002,224 | ---- | M] () -- C:\Users\Public\Desktop\Saints Row. The Third.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/22 08:02:14 | 000,007,942 | -HS- | C] () -- C:\Users\Jess\AppData\Local\3go1d17isd3c05laewb0456le458sxj70w2l
[2011/12/22 08:02:14 | 000,007,942 | -HS- | C] () -- C:\ProgramData\3go1d17isd3c05laewb0456le458sxj70w2l
[2011/12/22 07:30:27 | 000,002,488 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/12/22 07:30:27 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/12/22 07:30:27 | 000,002,315 | ---- | C] () -- C:\Users\Public\Desktop\Play Awakening - The Goblin Kingdom Collector's Edition.lnk
[2011/12/22 07:30:27 | 000,002,224 | ---- | C] () -- C:\Users\Public\Desktop\Saints Row. The Third.lnk
[2011/12/22 07:30:27 | 000,002,130 | ---- | C] () -- C:\Users\Public\Desktop\Creative Media Lite.lnk
[2011/12/22 07:30:27 | 000,002,098 | ---- | C] () -- C:\Users\Public\Desktop\Trine 2.lnk
[2011/12/22 07:30:27 | 000,002,081 | ---- | C] () -- C:\Users\Public\Desktop\Overlord.lnk
[2011/12/22 07:30:27 | 000,002,046 | ---- | C] () -- C:\Users\Public\Desktop\Play Oddly Enough - Pied Piper.lnk
[2011/12/22 07:30:27 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/12/22 07:30:27 | 000,001,979 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
[2011/12/22 07:30:27 | 000,001,933 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
[2011/12/22 07:30:27 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/12/22 07:30:27 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Foldit.lnk
[2011/12/22 07:30:27 | 000,001,700 | ---- | C] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2011/12/22 07:30:27 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/12/22 07:30:27 | 000,001,460 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/12/22 07:30:27 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/12/22 07:30:27 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2011/12/22 07:30:27 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/12/22 07:30:27 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011/12/22 07:30:27 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/12/22 07:30:27 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/12/22 07:30:27 | 000,001,280 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2011/12/22 07:30:27 | 000,001,248 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\More Great Games.lnk
[2011/12/22 07:30:27 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011/12/22 07:30:27 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011/12/22 07:30:27 | 000,001,177 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011/12/22 07:30:27 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2011/12/22 07:30:27 | 000,001,099 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2011/12/22 07:30:27 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2011/12/22 07:30:27 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\Core FTP Lite.lnk
[2011/12/21 18:20:21 | 000,007,074 | -HS- | C] () -- C:\Users\Jess\AppData\Local\2kj2a38xid0y35telry6853mw776mpa22g3e
[2011/12/21 18:20:21 | 000,007,074 | -HS- | C] () -- C:\ProgramData\2kj2a38xid0y35telry6853mw776mpa22g3e
[2011/12/21 17:46:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/21 17:46:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/21 17:46:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/21 17:46:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/21 17:46:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/20 21:20:59 | 000,003,024 | ---- | C] () -- C:\Users\Jess\Desktop\launcher - Shortcut.lnk
[2011/12/02 07:35:19 | 000,001,980 | ---- | C] () -- C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2011/08/03 22:00:30 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/08/03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/12/22 20:23:56 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/18 23:05:28 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/11/18 23:05:28 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/11/18 23:05:28 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/08/25 19:34:30 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/08/25 19:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/10/21 19:08:05 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Alawar
[2011/04/15 18:52:24 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\aliasworlds
[2011/06/18 21:57:08 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Anarchy
[2011/12/17 11:08:19 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Artifex Mundi
[2011/06/30 20:38:01 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Awem
[2011/05/27 19:42:21 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Az-Art
[2011/10/23 16:13:24 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Big Fish Games
[2011/11/18 21:20:57 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\BlamGames
[2011/12/02 20:32:21 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Blue Tea Games
[2011/08/26 19:33:32 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Boomzap
[2011/05/17 17:31:34 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Braintonik Games
[2011/10/16 22:12:45 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\BumpkinBrothers
[2011/05/15 20:06:58 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Colibri Games
[2011/03/31 18:51:33 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\CoreFTP
[2011/05/30 07:26:43 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Crown
[2011/11/04 21:16:10 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Daedalic Entertainment
[2011/02/15 20:07:49 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\DAEMON Tools Lite
[2011/11/01 20:47:04 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\DieselPuppet
[2011/06/01 07:52:35 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\DragonsEye Studios
[2011/04/14 20:54:33 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\DreamWoods2ScreenShot
[2011/11/15 21:34:54 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Elephant Games
[2011/05/10 21:27:13 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\EmilyArcher
[2011/10/25 20:42:41 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Enki Games
[2011/04/14 20:50:28 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\FairyTale
[2011/06/25 19:38:05 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Friday's games
[2011/06/04 13:56:28 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Funswitch
[2011/08/11 19:01:50 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Funzai!
[2011/10/05 20:00:33 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\GO Games
[2011/05/21 10:56:44 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Gogii
[2011/06/28 19:37:02 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\HeroCraft
[2011/07/01 19:29:51 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Islands2
[2011/06/14 16:06:41 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\JCP
[2011/09/16 16:44:45 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Kalydo
[2011/05/28 10:30:17 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Lazy Turtle Games
[2010/12/22 20:17:58 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Leadertech
[2011/07/05 20:00:35 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\LestaStudio
[2011/04/07 20:37:33 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\MagicIndie
[2011/06/30 18:44:13 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\MoMB_Full_Eng
[2011/05/02 19:32:45 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\My Games
[2011/01/05 18:06:44 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Mystery of Mortlake Mansion
[2011/06/03 06:56:12 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\NevoSoft
[2011/03/30 21:31:34 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\OpenOffice.org
[2011/12/20 17:58:54 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Origin
[2011/04/18 19:58:40 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Orneon
[2010/12/24 14:33:59 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\PCDr
[2011/09/02 21:57:24 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\PeaceCraft3
[2011/01/13 20:02:50 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Phantasmat_bf_ce1
[2011/05/11 19:10:27 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\playmink
[2011/05/21 11:23:24 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Princess Isabella
[2011/08/20 14:32:21 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\RIFT
[2011/12/08 21:26:58 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\SMIGames
[2011/11/30 18:11:25 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\SoftGrid Client
[2011/05/20 20:05:24 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\thejoyoffarming
[2011/06/04 07:29:14 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\TheKingOfFire
[2011/01/29 19:22:25 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\TP
[2011/05/21 08:55:05 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\TrickySoftware
[2011/12/07 21:03:47 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Trine2
[2011/08/23 19:26:19 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Twilight Games
[2011/11/15 21:34:30 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Urban Legends The Maze Strategy Guide
[2011/12/18 20:55:30 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\uTorrent
[2011/09/16 20:56:00 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Vagrant Hearts
[2011/06/15 20:38:11 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\WendigoStudios
[2011/09/10 18:49:18 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Windows Live Writer
[2011/11/17 20:21:40 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\YoudaGames
[2011/12/12 18:31:56 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2009/07/14 00:08:49 | 000,022,176 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/12/21 17:54:19 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:767A78E5
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:45912F61
@Alternate Data Stream - 182 bytes -> C:\ProgramData\TEMP:1A15E356
@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:58E38390
@Alternate Data Stream - 174 bytes -> C:\ProgramData\TEMP:ECF3C50F
@Alternate Data Stream - 159 bytes -> C:\ProgramData\TEMP:1604D047
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:63210866
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:F3591DDB
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:F53B274A
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:8AED9359
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:68A41423
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:F6A0889A
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:E5BA9ADD
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:35629AE6
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:6EE8565A
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:BFE54417
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:40752783
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:16F4BC64
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:0968E571
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:5C4A588B
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:4F28299B
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:F5FC5DCE
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:B0A727D1
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:A42FABF7
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:4EC7F009
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:2CED8825
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:2C250258
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:2216A431
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:3C0887BF
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:44E16D4A
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:19636FDD
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:BEACE4C8
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:06C34166
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E5B07840
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:C43C957E
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:8D1CA181
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:7EF55396
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:2AE74FF9
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:D36E068F
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:2B9555D8
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:0ACF1AF5
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E894A3ED
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DCA79AB3
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:5511B474
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:18BBD3D5
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:164561C8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:ED0B32CA
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:69FE2EE4
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:14362DF8
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:86E0BFC8
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:16B49C20
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D026A5A4
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:701B92FB
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:6C049F97
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:6423D635
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:5B4686D7
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:02F30776
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:954C27C6
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:00AA4B31
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:40DA0795
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:3D36932D

< End of report >

Attached Thumbnails

  • Disk management.jpg

  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:processes
killallprocesses

:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKCU..\Run: [winupd] C:\Users\Jess\AppData\Local\Temp:winupd.exe File not found
O4 - HKLM..\Run: [graffast] C:\ProgramData\graffast.exe File not found
O4 - HKLM..\Run: [machst] C:\Users\Jess\AppData\Roaming\machst.exe File not found
O4 - HKCU..\Run: [graffast] C:\ProgramData\graffast.exe File not found
O4 - HKCU..\Run: [machst] C:\Users\Jess\AppData\Roaming\machst.exe File not found
O4 - Startup: C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
[2011/12/22 13:41:02 | 000,007,942 | -HS- | M] () -- C:\Users\Jess\AppData\Local\3go1d17isd3c05laewb0456le458sxj70w2l
[2011/12/22 13:41:02 | 000,007,942 | -HS- | M] () -- C:\ProgramData\3go1d17isd3c05laewb0456le458sxj70w2l
[2011/12/22 07:23:57 | 000,007,074 | -HS- | M] () -- C:\Users\Jess\AppData\Local\2kj2a38xid0y35telry6853mw776mpa22g3e
[2011/12/22 07:23:57 | 000,007,074 | -HS- | M] () -- C:\ProgramData\2kj2a38xid0y35telry6853mw776mpa22g3e
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:767A78E5
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:45912F61
@Alternate Data Stream - 182 bytes -> C:\ProgramData\TEMP:1A15E356
@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:58E38390
@Alternate Data Stream - 174 bytes -> C:\ProgramData\TEMP:ECF3C50F
@Alternate Data Stream - 159 bytes -> C:\ProgramData\TEMP:1604D047
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:63210866
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:F3591DDB
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:F53B274A
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:8AED9359
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:68A41423
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:F6A0889A
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:E5BA9ADD
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:35629AE6
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:6EE8565A
@Alternate Data Stream - 136192 bytes -> C:\Users\Jess\AppData\Local\Temp:winupd.exe
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:BFE54417
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:40752783
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:16F4BC64
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:0968E571
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:5C4A588B
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:4F28299B
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:F5FC5DCE
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:B0A727D1
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:A42FABF7
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:4EC7F009
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:2CED8825
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:2C250258
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:2216A431
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:3C0887BF
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:44E16D4A
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:19636FDD
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:BEACE4C8
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:06C34166
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E5B07840
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:C43C957E
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:8D1CA181
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:7EF55396
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:2AE74FF9
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:D36E068F
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:2B9555D8
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:0ACF1AF5
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E894A3ED
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DCA79AB3
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:5511B474
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:18BBD3D5
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:164561C8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:ED0B32CA
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:69FE2EE4
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:14362DF8
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:86E0BFC8
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:16B49C20
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D026A5A4
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:701B92FB
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:6C049F97
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:6423D635
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:5B4686D7
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:02F30776
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:954C27C6
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:00AA4B31
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:40DA0795
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:3D36932D
[2011/12/12 18:31:56 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/12/20 18:00:52 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

:files
C:\Windows\SysWow64\config.nt
C:\Users\Jess\AppData\Local\3go1d17isd3c05laewb0456le458sxj70w2l
C:\ProgramData\3go1d17isd3c05laewb0456le458sxj70w2l
C:\Users\Jess\AppData\Local\2kj2a38xid0y35telry6853mw776mpa22g3e
C:\ProgramData\2kj2a38xid0y35telry6853mw776mpa22g3e
C:\ProgramData\graffast.exe
C:\Users\Jess\AppData\Roaming\machst.exe
mkdir C:\ProgramData\graffast.exe /c
mkdir C:\Users\Jess\AppData\Roaming\machst.exe /c
reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters %userprofile%\Desktop\winsock2.reg /c
    
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.

OTL will also create a file called winsock2.reg on your desktop. Just leave it there for now.

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after the line:
netsh  winsock  reset catalog

(I use two spaces in the code box so you can see where 1 space goes.)

Reboot. If you have trouble getting on line then right click on the winsock2.reg file and MERGE. If that doesn't work then you will need to do a System Restore.

If you do get on line OK after a reboot then delete the file winsock2.reg.

Run OTL, Quickscan and copy and paste the log.

Can you verify that you are not missing the usual links in Start, All Programs? I'd like to clear the temp files but don't want to do it if you are missing anything as the malware hides it in the Temp folder.
  • 0

#10
SuperJess

SuperJess

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Had no issues getting back online. The links all appear to be there in my Start -> All programs. I am however missing the little drop down bar from Windows 7... not sure if that matters or not. I apologize, I don't believe I saved OTL's log from the fix. Here is the log from OTL's Quick Scan:

OTL logfile created on: 12/22/2011 5:30:54 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jess\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.87 Gb Total Physical Memory | 4.57 Gb Available Physical Memory | 77.94% Memory free
11.73 Gb Paging File | 10.37 Gb Available in Paging File | 88.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 688.72 Gb Total Space | 531.84 Gb Free Space | 77.22% Space Free | Partition Type: NTFS

Computer Name: JESS-PC | User Name: Jess | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/22 07:38:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jess\Desktop\OTL.exe
PRC - [2011/12/12 23:20:56 | 003,305,760 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Jess\AppData\Local\Akamai\netsession_win.exe
PRC - [2011/11/28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/09/03 14:45:21 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2011/08/03 02:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/20 04:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/08/20 18:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/07/21 11:36:02 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2010/01/27 17:01:56 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
PRC - [2009/10/15 04:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/08/12 22:49:30 | 000,405,504 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe
PRC - [2008/04/24 17:57:00 | 000,368,640 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe
PRC - [2007/04/02 01:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/03 14:45:21 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2010/07/21 11:36:02 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2010/07/21 11:34:20 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2010/07/21 11:34:00 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2010/07/21 11:33:58 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2010/07/21 11:33:52 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2010/07/21 11:33:50 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2010/07/21 11:33:46 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2010/07/21 11:33:22 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
MOD - [2009/10/15 04:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2011/12/14 14:56:45 | 003,316,000 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011/08/03 06:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/03 02:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/11/18 21:33:51 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/08/20 18:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/04/02 01:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/28 12:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/11/28 12:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/11/28 12:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/11/28 12:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/11/28 12:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/11/28 12:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/05/28 13:25:52 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/27 10:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/04 00:38:32 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2009/10/16 06:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 18:10:10 | 001,478,144 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@eximion.com/KalydoPlayer: C:\Users\Jess\AppData\Roaming\Kalydo\KalydoPlayer\bin\npkalydo.dll (Eximion B.V.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)



O1 HOSTS File: ([2011/12/22 13:48:50 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe (Dell, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Jess\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [CTZDetec.exe] C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [SoftAuto.exe] C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - Startup: C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto....veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3011E44-305E-49BD-9103-3BE2C10D2F0D}: DhcpNameServer = 68.87.71.230 68.87.73.246
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4A824B9-DCB9-40E7-9531-6C21BA1CF126}: DhcpNameServer = 68.87.71.230 68.87.73.246
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/22 17:23:54 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Roaming\machst.exe
[2011/12/22 17:23:53 | 000,000,000 | ---D | C] -- C:\ProgramData\graffast.exe
[2011/12/22 14:04:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/22 13:53:08 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jess\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/22 13:50:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/22 08:01:06 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/12/22 07:38:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/22 07:38:00 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jess\Desktop\OTL.exe
[2011/12/22 07:23:36 | 004,348,814 | R--- | C] (Swearware) -- C:\Users\Jess\Desktop\ComboFix.exe
[2011/12/21 18:08:22 | 001,917,952 | ---- | C] (AVAST Software) -- C:\Users\Jess\Desktop\aswMBR.exe
[2011/12/21 17:46:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/21 17:46:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/21 17:46:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/21 17:46:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/20 23:18:12 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Local\{73B9682A-BAE4-4612-88E0-31652DB41A1D}
[2011/12/20 18:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
[2011/12/20 17:57:55 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Roaming\Origin
[2011/12/20 17:57:50 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Local\Origin
[2011/12/20 17:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2011/12/20 17:57:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2011/12/20 17:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2011/12/20 17:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2011/12/20 17:57:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2011/12/19 18:39:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/12/17 11:08:19 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Roaming\Artifex Mundi
[2011/12/08 21:26:58 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Roaming\SMIGames
[2011/12/07 21:03:47 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Roaming\Trine2
[2011/12/07 20:42:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Frozenbyte
[2011/12/07 20:42:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Frozenbyte
[2011/12/06 22:07:40 | 000,000,000 | ---D | C] -- C:\Users\Jess\Documents\Be a King Golden Empire
[2011/12/02 20:32:21 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Roaming\Blue Tea Games
[2011/11/22 19:49:26 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Local\SKIDROW
[2011/11/22 19:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Catalyst
[2011/11/22 19:31:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\R.G. Catalyst
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/22 17:28:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/22 17:28:36 | 429,219,839 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/22 17:28:07 | 000,014,240 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/22 17:28:07 | 000,014,240 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/22 17:23:54 | 000,255,874 | ---- | M] () -- C:\Users\Jess\Desktop\winsock2.reg
[2011/12/22 14:18:47 | 000,196,269 | ---- | M] () -- C:\Users\Jess\Desktop\Disk management.jpg
[2011/12/22 14:13:57 | 003,072,054 | ---- | M] () -- C:\Users\Jess\Desktop\Disk management.bmp
[2011/12/22 14:08:28 | 000,727,374 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/22 14:08:28 | 000,624,606 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/22 14:08:28 | 000,106,724 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/22 13:53:18 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jess\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/22 13:48:50 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/22 13:42:01 | 004,348,814 | R--- | M] (Swearware) -- C:\Users\Jess\Desktop\ComboFix.exe
[2011/12/22 07:38:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jess\Desktop\OTL.exe
[2011/12/21 18:09:39 | 449,526,443 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/21 18:08:31 | 001,917,952 | ---- | M] (AVAST Software) -- C:\Users\Jess\Desktop\aswMBR.exe
[2011/12/21 07:28:42 | 000,002,603 | ---- | M] () -- C:\Users\Jess\Desktop\Reincarnations 3 - Back to Reality Collectors Edition.lnk
[2011/12/21 07:28:42 | 000,001,798 | ---- | M] () -- C:\Users\Jess\Desktop\Ventrilo.lnk
[2011/12/21 07:28:41 | 000,003,024 | ---- | M] () -- C:\Users\Jess\Desktop\launcher - Shortcut.lnk
[2011/12/21 07:28:41 | 000,002,101 | ---- | M] () -- C:\Users\Jess\Desktop\Overlord2 - Shortcut.lnk
[2011/12/21 07:28:41 | 000,002,071 | ---- | M] () -- C:\Users\Jess\Desktop\Drawn 3- Trail of Shadows CE.lnk
[2011/12/21 07:28:41 | 000,002,021 | ---- | M] () -- C:\Users\Jess\Desktop\Inspector Parker.lnk
[2011/12/21 07:28:41 | 000,001,925 | ---- | M] () -- C:\Users\Jess\Desktop\BeTrapped!.lnk
[2011/12/21 07:28:41 | 000,001,753 | ---- | M] () -- C:\Users\Jess\Desktop\EdenEternal.lnk
[2011/12/21 07:28:41 | 000,001,114 | ---- | M] () -- C:\Users\Jess\Desktop\Atlantica Online.lnk
[2011/12/20 17:57:47 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2011/12/19 03:21:25 | 000,432,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/18 21:00:52 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/12/07 20:42:54 | 000,002,098 | ---- | M] () -- C:\Users\Public\Desktop\Trine 2.lnk
[2011/11/30 21:00:43 | 000,001,280 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2011/11/29 21:43:38 | 000,000,117 | ---- | M] () -- C:\Users\Jess\webct_upload_applet.properties
[2011/11/28 13:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/28 13:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/11/28 13:01:14 | 000,256,960 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/11/28 12:54:06 | 000,591,192 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/11/28 12:53:58 | 000,304,472 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/11/28 12:52:22 | 000,042,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/11/28 12:52:20 | 000,058,712 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/11/28 12:52:11 | 000,066,904 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/11/28 12:51:53 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/11/22 19:39:27 | 000,002,224 | ---- | M] () -- C:\Users\Public\Desktop\Saints Row. The Third.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/22 17:23:54 | 000,255,874 | ---- | C] () -- C:\Users\Jess\Desktop\winsock2.reg
[2011/12/22 14:18:47 | 000,196,269 | ---- | C] () -- C:\Users\Jess\Desktop\Disk management.jpg
[2011/12/22 14:13:57 | 003,072,054 | ---- | C] () -- C:\Users\Jess\Desktop\Disk management.bmp
[2011/12/22 07:30:27 | 000,002,488 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/12/22 07:30:27 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/12/22 07:30:27 | 000,002,315 | ---- | C] () -- C:\Users\Public\Desktop\Play Awakening - The Goblin Kingdom Collector's Edition.lnk
[2011/12/22 07:30:27 | 000,002,224 | ---- | C] () -- C:\Users\Public\Desktop\Saints Row. The Third.lnk
[2011/12/22 07:30:27 | 000,002,130 | ---- | C] () -- C:\Users\Public\Desktop\Creative Media Lite.lnk
[2011/12/22 07:30:27 | 000,002,098 | ---- | C] () -- C:\Users\Public\Desktop\Trine 2.lnk
[2011/12/22 07:30:27 | 000,002,081 | ---- | C] () -- C:\Users\Public\Desktop\Overlord.lnk
[2011/12/22 07:30:27 | 000,002,046 | ---- | C] () -- C:\Users\Public\Desktop\Play Oddly Enough - Pied Piper.lnk
[2011/12/22 07:30:27 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/12/22 07:30:27 | 000,001,979 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
[2011/12/22 07:30:27 | 000,001,933 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
[2011/12/22 07:30:27 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/12/22 07:30:27 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Foldit.lnk
[2011/12/22 07:30:27 | 000,001,700 | ---- | C] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2011/12/22 07:30:27 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/12/22 07:30:27 | 000,001,460 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/12/22 07:30:27 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/12/22 07:30:27 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2011/12/22 07:30:27 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/12/22 07:30:27 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011/12/22 07:30:27 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/12/22 07:30:27 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/12/22 07:30:27 | 000,001,280 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2011/12/22 07:30:27 | 000,001,248 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\More Great Games.lnk
[2011/12/22 07:30:27 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011/12/22 07:30:27 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011/12/22 07:30:27 | 000,001,177 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011/12/22 07:30:27 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2011/12/22 07:30:27 | 000,001,099 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2011/12/22 07:30:27 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2011/12/22 07:30:27 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\Core FTP Lite.lnk
[2011/12/21 17:46:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/21 17:46:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/21 17:46:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/21 17:46:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/21 17:46:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/20 21:20:59 | 000,003,024 | ---- | C] () -- C:\Users\Jess\Desktop\launcher - Shortcut.lnk
[2011/08/03 22:00:30 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/08/03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/12/22 20:23:56 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/18 23:05:28 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/11/18 23:05:28 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/11/18 23:05:28 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/08/25 19:34:30 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/08/25 19:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/10/21 19:08:05 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Alawar
[2011/04/15 18:52:24 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\aliasworlds
[2011/06/18 21:57:08 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Anarchy
[2011/12/17 11:08:19 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Artifex Mundi
[2011/06/30 20:38:01 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Awem
[2011/05/27 19:42:21 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Az-Art
[2011/10/23 16:13:24 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Big Fish Games
[2011/11/18 21:20:57 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\BlamGames
[2011/12/02 20:32:21 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Blue Tea Games
[2011/08/26 19:33:32 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Boomzap
[2011/05/17 17:31:34 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Braintonik Games
[2011/10/16 22:12:45 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\BumpkinBrothers
[2011/05/15 20:06:58 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Colibri Games
[2011/03/31 18:51:33 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\CoreFTP
[2011/05/30 07:26:43 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Crown
[2011/11/04 21:16:10 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Daedalic Entertainment
[2011/02/15 20:07:49 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\DAEMON Tools Lite
[2011/11/01 20:47:04 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\DieselPuppet
[2011/06/01 07:52:35 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\DragonsEye Studios
[2011/04/14 20:54:33 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\DreamWoods2ScreenShot
[2011/11/15 21:34:54 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Elephant Games
[2011/05/10 21:27:13 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\EmilyArcher
[2011/10/25 20:42:41 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Enki Games
[2011/04/14 20:50:28 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\FairyTale
[2011/06/25 19:38:05 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Friday's games
[2011/06/04 13:56:28 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Funswitch
[2011/08/11 19:01:50 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Funzai!
[2011/10/05 20:00:33 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\GO Games
[2011/05/21 10:56:44 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Gogii
[2011/06/28 19:37:02 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\HeroCraft
[2011/07/01 19:29:51 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Islands2
[2011/06/14 16:06:41 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\JCP
[2011/09/16 16:44:45 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Kalydo
[2011/05/28 10:30:17 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Lazy Turtle Games
[2010/12/22 20:17:58 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Leadertech
[2011/07/05 20:00:35 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\LestaStudio
[2011/12/22 17:23:54 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\machst.exe
[2011/04/07 20:37:33 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\MagicIndie
[2011/06/30 18:44:13 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\MoMB_Full_Eng
[2011/05/02 19:32:45 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\My Games
[2011/01/05 18:06:44 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Mystery of Mortlake Mansion
[2011/06/03 06:56:12 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\NevoSoft
[2011/03/30 21:31:34 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\OpenOffice.org
[2011/12/20 17:58:54 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Origin
[2011/04/18 19:58:40 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Orneon
[2010/12/24 14:33:59 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\PCDr
[2011/09/02 21:57:24 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\PeaceCraft3
[2011/01/13 20:02:50 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Phantasmat_bf_ce1
[2011/05/11 19:10:27 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\playmink
[2011/05/21 11:23:24 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Princess Isabella
[2011/08/20 14:32:21 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\RIFT
[2011/12/08 21:26:58 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\SMIGames
[2011/11/30 18:11:25 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\SoftGrid Client
[2011/05/20 20:05:24 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\thejoyoffarming
[2011/06/04 07:29:14 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\TheKingOfFire
[2011/01/29 19:22:25 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\TP
[2011/05/21 08:55:05 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\TrickySoftware
[2011/12/07 21:03:47 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Trine2
[2011/08/23 19:26:19 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Twilight Games
[2011/11/15 21:34:30 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Urban Legends The Maze Strategy Guide
[2011/12/18 20:55:30 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\uTorrent
[2011/09/16 20:56:00 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Vagrant Hearts
[2011/06/15 20:38:11 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\WendigoStudios
[2011/09/10 18:49:18 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Windows Live Writer
[2011/11/17 20:21:40 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\YoudaGames
[2009/07/14 00:08:49 | 000,022,680 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Edit: Found this log after checking around. Is this the log from the fix run?

========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\winupd not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\graffast deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\machst deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\graffast deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\machst deleted successfully.
C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
C:\Users\Jess\AppData\Local\3go1d17isd3c05laewb0456le458sxj70w2l moved successfully.
C:\ProgramData\3go1d17isd3c05laewb0456le458sxj70w2l moved successfully.
C:\Users\Jess\AppData\Local\2kj2a38xid0y35telry6853mw776mpa22g3e moved successfully.
C:\ProgramData\2kj2a38xid0y35telry6853mw776mpa22g3e moved successfully.
ADS C:\ProgramData\TEMP:767A78E5 deleted successfully.
ADS C:\ProgramData\TEMP:45912F61 deleted successfully.
ADS C:\ProgramData\TEMP:1A15E356 deleted successfully.
ADS C:\ProgramData\TEMP:58E38390 deleted successfully.
ADS C:\ProgramData\TEMP:ECF3C50F deleted successfully.
ADS C:\ProgramData\TEMP:1604D047 deleted successfully.
ADS C:\ProgramData\TEMP:63210866 deleted successfully.
ADS C:\ProgramData\TEMP:F3591DDB deleted successfully.
ADS C:\ProgramData\TEMP:F53B274A deleted successfully.
ADS C:\ProgramData\TEMP:8AED9359 deleted successfully.
ADS C:\ProgramData\TEMP:68A41423 deleted successfully.
ADS C:\ProgramData\TEMP:F6A0889A deleted successfully.
ADS C:\ProgramData\TEMP:E5BA9ADD deleted successfully.
ADS C:\ProgramData\TEMP:35629AE6 deleted successfully.
ADS C:\ProgramData\TEMP:6EE8565A deleted successfully.
Unable to delete ADS C:\Users\Jess\AppData\Local\Temp:winupd.exe .
ADS C:\ProgramData\TEMP:BFE54417 deleted successfully.
ADS C:\ProgramData\TEMP:40752783 deleted successfully.
ADS C:\ProgramData\TEMP:16F4BC64 deleted successfully.
ADS C:\ProgramData\TEMP:0968E571 deleted successfully.
ADS C:\ProgramData\TEMP:5C4A588B deleted successfully.
ADS C:\ProgramData\TEMP:4F28299B deleted successfully.
ADS C:\ProgramData\TEMP:F5FC5DCE deleted successfully.
ADS C:\ProgramData\TEMP:B0A727D1 deleted successfully.
ADS C:\ProgramData\TEMP:A42FABF7 deleted successfully.
ADS C:\ProgramData\TEMP:4EC7F009 deleted successfully.
ADS C:\ProgramData\TEMP:2CED8825 deleted successfully.
ADS C:\ProgramData\TEMP:2C250258 deleted successfully.
ADS C:\ProgramData\TEMP:2216A431 deleted successfully.
ADS C:\ProgramData\TEMP:3C0887BF deleted successfully.
ADS C:\ProgramData\TEMP:44E16D4A deleted successfully.
ADS C:\ProgramData\TEMP:19636FDD deleted successfully.
ADS C:\ProgramData\TEMP:BEACE4C8 deleted successfully.
ADS C:\ProgramData\TEMP:06C34166 deleted successfully.
ADS C:\ProgramData\TEMP:E5B07840 deleted successfully.
ADS C:\ProgramData\TEMP:C43C957E deleted successfully.
ADS C:\ProgramData\TEMP:8D1CA181 deleted successfully.
ADS C:\ProgramData\TEMP:7EF55396 deleted successfully.
ADS C:\ProgramData\TEMP:2AE74FF9 deleted successfully.
ADS C:\ProgramData\TEMP:D36E068F deleted successfully.
ADS C:\ProgramData\TEMP:2B9555D8 deleted successfully.
ADS C:\ProgramData\TEMP:0ACF1AF5 deleted successfully.
ADS C:\ProgramData\TEMP:E894A3ED deleted successfully.
ADS C:\ProgramData\TEMP:DCA79AB3 deleted successfully.
ADS C:\ProgramData\TEMP:5511B474 deleted successfully.
ADS C:\ProgramData\TEMP:18BBD3D5 deleted successfully.
ADS C:\ProgramData\TEMP:164561C8 deleted successfully.
ADS C:\ProgramData\TEMP:ED0B32CA deleted successfully.
ADS C:\ProgramData\TEMP:69FE2EE4 deleted successfully.
ADS C:\ProgramData\TEMP:14362DF8 deleted successfully.
ADS C:\ProgramData\TEMP:86E0BFC8 deleted successfully.
ADS C:\ProgramData\TEMP:16B49C20 deleted successfully.
ADS C:\ProgramData\TEMP:D026A5A4 deleted successfully.
ADS C:\ProgramData\TEMP:701B92FB deleted successfully.
ADS C:\ProgramData\TEMP:6C049F97 deleted successfully.
ADS C:\ProgramData\TEMP:6423D635 deleted successfully.
ADS C:\ProgramData\TEMP:5B4686D7 deleted successfully.
ADS C:\ProgramData\TEMP:02F30776 deleted successfully.
ADS C:\ProgramData\TEMP:954C27C6 deleted successfully.
ADS C:\ProgramData\TEMP:00AA4B31 deleted successfully.
ADS C:\ProgramData\TEMP:40DA0795 deleted successfully.
ADS C:\ProgramData\TEMP:3D36932D deleted successfully.
C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job moved successfully.
C:\Windows\Tasks\SystemToolsDailyTest.job moved successfully.
========== FILES ==========
C:\Windows\SysWow64\config.nt moved successfully.
File\Folder C:\Users\Jess\AppData\Local\3go1d17isd3c05laewb0456le458sxj70w2l not found.
File\Folder C:\ProgramData\3go1d17isd3c05laewb0456le458sxj70w2l not found.
File\Folder C:\Users\Jess\AppData\Local\2kj2a38xid0y35telry6853mw776mpa22g3e not found.
File\Folder C:\ProgramData\2kj2a38xid0y35telry6853mw776mpa22g3e not found.
File\Folder C:\ProgramData\graffast.exe not found.
File\Folder C:\Users\Jess\AppData\Roaming\machst.exe not found.
< mkdir C:\ProgramData\graffast.exe /c >
C:\Users\Jess\Desktop\cmd.bat deleted successfully.
C:\Users\Jess\Desktop\cmd.txt deleted successfully.
< mkdir C:\Users\Jess\AppData\Roaming\machst.exe /c >
C:\Users\Jess\Desktop\cmd.bat deleted successfully.
C:\Users\Jess\Desktop\cmd.txt deleted successfully.
< reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters %userprofile%\Desktop\winsock2.reg /c >
The operation completed successfully.
C:\Users\Jess\Desktop\cmd.bat deleted successfully.
C:\Users\Jess\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jess
->Flash cache emptied: 4455 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Jess
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12222011_172353

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Edited by SuperJess, 22 December 2011 - 04:42 PM.

  • 0

#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP
That was the correct log. Things are looking pretty good now. I'm not sure I know what you mean by the dropdown window.

Let's check for damages.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)



1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#12
SuperJess

SuperJess

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
I didn't seem to get a log from the System run of VEW. It opened Notepad, but the file was just called 'Untitled' and the notepad was empty. Here is the log from Application run:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 22/12/2011 7:07:33 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 22/12/2011 11:57:38 PM
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. CurrentSoftGridPrereq: Click2Run installation (version = 14.0.4763.1000) is found on the machine; skipping installation...

Log: 'Application' Date/Time: 22/12/2011 11:57:38 PM
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE is trusted.

Log: 'Application' Date/Time: 22/12/2011 11:47:12 PM
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=B10}
The Application Virtualization Client Core initialized correctly. Installed Product: Version: 4.6.1.10263 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: JESS-PC Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command:

Log: 'Application' Date/Time: 22/12/2011 11:47:09 PM
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=B10}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)

Edit: I ran the System run again, and it produced a log this time:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 22/12/2011 7:09:07 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 22/12/2011 11:46:23 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.


I'm curious why the 'system date' says a time later than the actual time? Wierd...

Edited by SuperJess, 22 December 2011 - 06:10 PM.

  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP
The dates are in GMT so not so odd.

Doesn't look like anything got broken so unless you still have a problem I think we are done.

We need to cleanup System Restore:

Copy the following:

:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#14
SuperJess

SuperJess

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Thank you so much, everything looks great! I appreciate all your help! Have a very Merry Christmas!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP