Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Several threats that can't be removed. PWS:Win32/Zbot.gen!Y /

Started by Grayfox23 , Mar 03 2012 10:12 PM

  • This topic is locked This topic is locked

#1
Grayfox23
Posted 03 March 2012 - 10:12 PM

Grayfox23

    Member

  • Member
  • PipPip
  • 12 posts
Hi there, I'm hoping someone can help me out. I've run Microsoft Security Essentials and come up with a list of threats on my computer. However when I tell MSE to remove the threats and then proceed to restart my computer, it won't boot up. As a temporary solution I simply restore my system back to before MSE deleted the threats. I've also tried using the program Malewarebyte but although it finds separate issues, the result is the same, a refusal to boot up after restarting. I'm at a loss of how to get rid of these threats without reformatting, which I don't overly want to do. Truth be told I don't notice many symptoms of the viruses at all. Once or twice there has been some general slow down, but that's about it. Still I would feel much better having a clean computer, so I would appreciate any help.

My most recent scan has come up with these 5 issues - PWS:Win32/Zbot.gen!Y / Trojan:Win32/Kexject.A / Trojan:Win64/Sirefef.B / TrojanDownloader:Win32/batosecu.B / Trojan:Win32/Bamital.N

Attaches is the OTL scan.

Attached Files

  • Attached File  OTL.Txt   121.46KB   117 downloads

Edited by Grayfox23, 03 March 2012 - 10:25 PM.

  • 0

Advertisements

#2
Nedklaw
Posted 04 March 2012 - 10:19 AM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hello, Grayfox23! :wave:

:welcome: I'm Nedklaw and I'll be glad to help you with your malware issues. :)

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

These instructions are specifically designed for Grayfox23 only. No one else should follow these instructions because it can cause serious damage to your computer.

Before we start to clean your computer of malware, please read through the following points to help me and you, and prevent damage to your computer:
  • Please completely read through all of the instructions given to you before attempting to follow them. Reading too lightly will cause you to miss important steps, which could have DESTRUCTIVE effects. If you can't perform a certain step or you are unsure about what to do, let me know!
  • Don't be afraid to ask questions! If you are unsure about anything, ask me! No question is considered stupid here!
  • Be patient with me, logs can take some time to research and my life can mean that I'm busy.
  • Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • NEVER fix anything in OTL or other programs on your own! This can be very dangerous and cause harm to your system.
  • Refrain from running any other tools apart from the ones I tell you to.
Note: You should save or print out my instructions for easy reference, as part of the fix may be in Safe Mode and you won't be able to access GeeksToGo.


I am currently reviewing your log and I will post back soon.
  • 0

#3
Nedklaw
Posted 05 March 2012 - 10:12 AM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Step 1

:alarm:
Your computer has been infected by a backdoor trojan/password stealer. This could allow hackers to remotely control your computer, steal critical system information including passwords credit card numbers, addresses, phone numbers, and other information stored on your computer. Before we can start I recommend to:

  • Use another, clean computer to change all your internet passwords, especially your financial passwords like your banks, pay pal, eBay. Also change the passwords for any other sites that you use.
  • Call your financial companies and tell them that your account may have been stolen and ask what you can do.
  • Closely monitor all bank and credit card statements. If you do think that you are a victim of identity theft you can go to Defend: Recover From Identity Theft to learn more.

Step 2

Download ComboFix from one of these locations and set the Save as type to All Files before saving it.

Link 1
Link 2
Link 3


IMPORTANT !!! You need to Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you are still unsure on how to do this, see here.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click Yes, to continue scanning for malware. Please be patient and don't use the PC whilst it is scanning.

When finished, it shall produce a log for you. Please copy & paste the contents of this log at C:\ComboFix.txt in your next reply.


Things I want to see in your next reply

  • ComboFix.txt
  • 0

#4
Grayfox23
Posted 05 March 2012 - 07:25 PM

Grayfox23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Alright so that didn't go too well. After ComboFix did it's thing and restarted my computer, I was unable to open any programs on my computer. I got a message saying something like "Illegal operation attempted on a registry key that has been marked for deletion". I once again used a system restore so that I could continue using my computer in the mean time. I did save the log to a USB stick before restoring, I'm not sure how useful the information still is but here it is:

ComboFix 12-03-04.02 - Jordan 05/03/2012 19:52:18.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8158.6601 [GMT -5:00]
Running from: c:\users\Jordan.Jordan-PC\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jordan.Jordan-PC\AppData\Local\khxd.exe
c:\users\Jordan.Jordan-PC\AppData\Local\lijm.exe
c:\users\Jordan.Jordan-PC\AppData\Local\mxbu.exe
c:\users\Jordan.Jordan-PC\AppData\Local\nmqr.exe
c:\users\Jordan.Jordan-PC\AppData\Roaming\Help\coredb\storage
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\system32\consrv.dll
c:\windows\System64
c:\windows\SysWOW64\ \updaterSettings.ini
c:\windows\SysWOW64\ . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2012-02-06 to 2012-03-06 )))))))))))))))))))))))))))))))
.
.
2012-03-06 00:58 . 2012-03-06 00:58 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9AC25781-F638-4F1C-8AD4-5786CD0FCD93}\offreg.dll
2012-03-04 08:42 . 2012-03-04 08:41 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4F1953E1-4E85-4E37-813F-D5DD1DB09A46}\gapaengine.dll
2012-03-04 08:42 . 2012-02-08 04:14 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9AC25781-F638-4F1C-8AD4-5786CD0FCD93}\mpengine.dll
2012-03-04 07:09 . 2012-03-04 07:50 -------- d-----w- c:\program files (x86)\PC Tools
2012-03-04 07:09 . 2012-03-04 07:42 -------- d-----w- c:\programdata\PC Tools
2012-03-04 07:09 . 2012-03-04 07:09 -------- d-----w- c:\users\Jordan.Jordan-PC\AppData\Roaming\TestApp
2012-03-04 05:19 . 2012-03-04 05:19 -------- d-----w- c:\users\Jordan.Jordan-PC\AppData\Roaming\Google Inc
2012-03-04 03:34 . 2012-03-04 03:34 -------- d-----w- c:\users\Jordan.Jordan-PC\AppData\Roaming\Malwarebytes
2012-03-04 03:34 . 2011-07-06 23:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-04 01:58 . 2012-03-04 02:20 -------- d-----w- c:\users\Jordan.Jordan-PC\AppData\Roaming\Apple
2012-03-04 01:47 . 2012-03-04 01:47 -------- d-----w- c:\users\Jordan.Jordan-PC\AppData\Roaming\TeamViewer
2012-03-04 01:03 . 2012-03-04 01:12 -------- d-----w- c:\users\Jordan.Jordan-PC\AppData\Local\ElevatedDiagnostics
2012-03-04 00:29 . 2012-03-04 00:29 -------- d-----w- c:\users\Jordan.Jordan-PC\AppData\Roaming\Windows Search
2012-03-04 00:16 . 2012-03-04 00:16 -------- d-----w- c:\users\Jordan.Jordan-PC\AppData\Roaming\ICQ
2012-03-03 23:50 . 2012-03-04 04:07 -------- d-----w- c:\users\Jordan.Jordan-PC\AppData\Roaming\Media Player Classic
2012-03-03 23:45 . 2012-03-04 03:04 -------- d-----w- c:\users\Jordan.Jordan-PC\AppData\Roaming\Dropbox
2012-03-03 23:44 . 2012-03-04 04:40 -------- d-----w- c:\users\Jordan.Jordan-PC\AppData\Roaming\Microsoft Corporation
2012-03-03 23:33 . 2012-03-03 23:33 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-03-02 12:26 . 2012-03-02 12:26 -------- d-----w- c:\users\Jordan.Jordan-PC\AppData\Local\DDMSettings
2012-03-02 12:21 . 2012-03-03 10:18 -------- d-----w- c:\users\Jordan.Jordan-PC\AppData\Roaming\DivX
2012-03-02 12:20 . 2012-03-02 12:20 -------- d-----w- c:\program files\DivX
2012-03-02 12:20 . 2012-03-02 12:20 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2012-03-02 12:14 . 2012-03-02 12:21 -------- d-----w- c:\program files (x86)\DivX
2012-03-02 12:13 . 2012-03-02 12:21 -------- d-----w- c:\programdata\DivX
2012-02-28 23:47 . 2012-02-28 23:47 -------- d-----w- c:\program files (x86)\Code Laboratories
2012-02-27 18:39 . 2012-02-27 18:39 -------- d-----w- c:\users\Jordan.Jordan-PC\.worldoflogs
2012-02-21 12:38 . 2012-02-21 12:38 -------- d-----w- c:\windows\SysWow64\5187~1
2012-02-20 05:01 . 2012-02-20 05:01 69952 ----a-w- c:\windows\system32\CLEyeDevices.dll
2012-02-16 08:53 . 2012-02-16 08:53 -------- d-----w- c:\windows\SysWow64\DF28~1
2012-02-14 20:03 . 2012-02-14 20:03 -------- d-----w- c:\windows\SysWow64\67B0~1
2012-02-13 04:13 . 2012-02-13 04:13 -------- d-----w- c:\windows\SysWow64\073B~1
2012-02-12 09:32 . 2012-02-12 09:32 -------- d-----w- c:\windows\SysWow64\378F~1
2012-02-12 08:12 . 2012-02-12 08:12 -------- d-----w- c:\program files\iTunes
2012-02-12 08:12 . 2012-02-12 08:12 -------- d-----w- c:\program files (x86)\iTunes
2012-02-12 08:12 . 2012-02-12 08:12 -------- d-----w- c:\program files\iPod
2012-02-12 08:08 . 2012-02-12 08:08 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-02-12 08:08 . 2012-02-12 08:08 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-02-12 08:08 . 2012-02-12 08:08 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-02-12 08:08 . 2012-02-12 08:08 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-02-12 08:08 . 2012-02-12 08:08 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-02-12 08:08 . 2012-02-12 08:08 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-02-12 08:08 . 2012-02-12 08:08 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-02-12 08:08 . 2012-02-12 08:08 -------- d-----w- c:\program files (x86)\QuickTime
2012-02-09 01:17 . 2012-02-09 01:17 -------- d-----w- c:\windows\SysWow64\972F~1
2012-02-08 00:30 . 2012-02-08 00:30 -------- d-----w- c:\windows\SysWow64\7188~1
2012-02-07 08:20 . 2012-02-07 08:20 -------- d-----w- c:\windows\SysWow64\C9A8~1
2012-02-07 07:24 . 2012-02-07 07:24 -------- d-----w- c:\windows\SysWow64\E576~1
2012-02-07 06:08 . 2012-03-03 23:33 -------- d-----w- c:\program files\Microsoft Security Client
2012-02-07 05:21 . 2012-02-07 05:21 -------- d-----w- c:\windows\SysWow64\539E~1
2012-02-07 05:10 . 2012-02-07 05:10 -------- d-----w- c:\windows\SysWow64\691E~1
2012-02-07 04:55 . 2012-02-07 04:55 -------- d-----w- c:\program files (x86)\Common Files\postureAgent
2012-02-07 04:55 . 2011-06-10 11:34 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2012-02-07 04:44 . 2012-02-07 04:44 -------- d-----w- c:\windows\SysWow64\535D~1
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-29 21:52 . 2011-08-15 23:08 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-31 12:44 . 2011-08-15 21:32 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-11-12 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2011-06-15 307200]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-14 559616]
.
c:\users\Jordan.Jordan-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-8-15 0]
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S2 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Jordan.Jordan-PC\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries25.gadget\WinRing0x64.sys [2011-09-01 14544]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPNWMON
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-06 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
2012-03-06 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"RunDLLEntry_EptMon"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-15 9644576]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"combofix"="c:\combofix\CF24071.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Jordan.Jordan-PC\AppData\Roaming\Mozilla\Firefox\Profiles\ew1uhpm4.default\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKU-Default-Run-4Y3Y0C3AZF7W1E4WCKXJHL - c:\recycle.bin\B6232F3AA07.exe
Toolbar-Locked - (no file)
AddRemove-{C73A3942-84C8-4597-9F9B-EE227DCBA758} - c:\programdata\{04A07C23-5821-4F25-BF46-1188636AE238}\delldock.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\08\01\0f\15\1d;?"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe
c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
.
**************************************************************************
.
Completion time: 2012-03-05 20:03:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-06 01:03
.
Pre-Run: 475,478,806,528 bytes free
Post-Run: 476,140,580,864 bytes free
.
- - End Of File - - 6A9D2691D99CE6A65CA7BC8F978637C6
  • 0

#5
Nedklaw
Posted 06 March 2012 - 01:14 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)

Please can you run ComboFix again as per my previous instructions. This is because the malware has probably been restored when you did a system restore.
The error you received after running ComboFix happens sometimes after ComboFix has been run. It is nothing to worry about and can be solved by simply restarting your computer.
  • 0

#6
Grayfox23
Posted 06 March 2012 - 07:21 PM

Grayfox23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
You were right, restarting after ComboFix solved the problem. After the computer restarted again Microsoft Security Essentials popped up saying it detected PWS:Win32/Zbot.gen!Y, however after a scan of my computer it couldn't find that particular malware, or any of the others I had been having trouble with. To the untrained eye it seems my computer is clean, but I'll let you be the judge; is there anything else I should do?
  • 0

#7
Nedklaw
Posted 07 March 2012 - 04:38 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
An absence of symptoms doesn't necessarily mean that your system is clean. We still have quite a bit to do before I can declare your system as being clean.

Please run ComboFix again and post the log. I want to confirm that the items ComboFix removed haven't come back after the system restore.


Things I want to see in your next reply

  • ComboFix.txt
  • 0

#8
Grayfox23
Posted 07 March 2012 - 06:02 PM

Grayfox23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
ComboFix 12-03-06.01 - Jordan 07/03/2012 18:54:29.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8158.6448 [GMT -5:00]
Running from: c:\users\Jordan.Jordan-PC\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-08 to 2012-03-08 )))))))))))))))))))))))))))))))
.
.
2012-03-08 00:00 . 2012-03-08 00:00 -------- d-----w- c:\users\JORDAN~1~JOR\AppData\Local\temp
2012-03-08 00:00 . 2012-03-08 00:00 -------- d-----w- c:\users\Jordan\AppData\Local\temp
2012-03-08 00:00 . 2012-03-08 00:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-07 23:34 . 2012-03-07 23:34 -------- d-----w- c:\programdata\Media Center Programs
2012-03-07 23:34 . 2012-03-07 23:34 -------- d-----w- c:\program files (x86)\Common Files\BioWare
2012-03-07 23:27 . 2012-03-07 23:35 -------- d-----w- c:\program files (x86)\Mass Effect
2012-03-04 07:09 . 2012-03-04 07:50 -------- d-----w- c:\program files (x86)\PC Tools
2012-03-04 07:09 . 2012-03-04 07:42 -------- d-----w- c:\programdata\PC Tools
2012-03-04 07:09 . 2012-03-04 07:09 -------- d-----w- c:\users\Jordan.Jordan-PC\AppData\Roaming\TestApp
2012-03-04 05:19 . 2012-03-04 05:19 -------- d-----w- c:\users\Jordan.Jordan-PC\AppData\Roaming\Google Inc
2012-03-04 03:34 . 2012-03-04 03:34 -------- d-----w- c:\users\Jordan.Jordan-PC\AppData\Roaming\Malwarebytes
2012-03-04 03:34 . 2011-07-06 23:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-04 01:58 . 2012-03-04 02:20 -------- d-----w- c:\users\Jordan.Jordan-PC\AppData\Roaming\Apple
2012-03-04 01:47 . 2012-03-04 01:47 -------- d-----w- c:\users\Jordan.Jordan-PC\AppData\Roaming\TeamViewer
2012-03-04 01:03 . 2012-03-04 01:12 -------- d-----w- c:\users\Jordan.Jordan-PC\AppData\Local\ElevatedDiagnostics
2012-03-04 00:29 . 2012-03-04 00:29 -------- d-----w- c:\users\Jordan.Jordan-PC\AppData\Roaming\Windows Search
2012-03-04 00:16 . 2012-03-04 00:16 -------- d-----w- c:\users\Jordan.Jordan-PC\AppData\Roaming\ICQ
2012-03-03 23:50 . 2012-03-04 04:07 -------- d-----w- c:\users\Jordan.Jordan-PC\AppData\Roaming\Media Player Classic
2012-03-03 23:45 . 2012-03-04 03:04 -------- d-----w- c:\users\Jordan.Jordan-PC\AppData\Roaming\Dropbox
2012-03-03 23:44 . 2012-03-04 04:40 -------- d-----w- c:\users\Jordan.Jordan-PC\AppData\Roaming\Microsoft Corporation
2012-03-02 12:26 . 2012-03-02 12:26 -------- d-----w- c:\users\Jordan.Jordan-PC\AppData\Local\DDMSettings
2012-03-02 12:21 . 2012-03-03 10:18 -------- d-----w- c:\users\Jordan.Jordan-PC\AppData\Roaming\DivX
2012-03-02 12:20 . 2012-03-02 12:20 -------- d-----w- c:\program files\DivX
2012-03-02 12:20 . 2012-03-02 12:20 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2012-03-02 12:14 . 2012-03-02 12:21 -------- d-----w- c:\program files (x86)\DivX
2012-03-02 12:13 . 2012-03-02 12:21 -------- d-----w- c:\programdata\DivX
2012-02-28 23:47 . 2012-02-28 23:47 -------- d-----w- c:\program files (x86)\Code Laboratories
2012-02-27 18:39 . 2012-02-27 18:39 -------- d-----w- c:\users\Jordan.Jordan-PC\.worldoflogs
2012-02-21 12:38 . 2012-02-21 12:38 -------- d-----w- c:\windows\SysWow64\5187~1
2012-02-20 05:01 . 2012-02-20 05:01 69952 ----a-w- c:\windows\system32\CLEyeDevices.dll
2012-02-16 08:53 . 2012-02-16 08:53 -------- d-----w- c:\windows\SysWow64\DF28~1
2012-02-14 20:03 . 2012-02-14 20:03 -------- d-----w- c:\windows\SysWow64\67B0~1
2012-02-13 04:13 . 2012-02-13 04:13 -------- d-----w- c:\windows\SysWow64\073B~1
2012-02-12 09:32 . 2012-02-12 09:32 -------- d-----w- c:\windows\SysWow64\378F~1
2012-02-12 08:12 . 2012-02-12 08:12 -------- d-----w- c:\program files\iTunes
2012-02-12 08:12 . 2012-02-12 08:12 -------- d-----w- c:\program files (x86)\iTunes
2012-02-12 08:12 . 2012-02-12 08:12 -------- d-----w- c:\program files\iPod
2012-02-12 08:08 . 2012-02-12 08:08 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-02-12 08:08 . 2012-02-12 08:08 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-02-12 08:08 . 2012-02-12 08:08 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-02-12 08:08 . 2012-02-12 08:08 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-02-12 08:08 . 2012-02-12 08:08 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-02-12 08:08 . 2012-02-12 08:08 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-02-12 08:08 . 2012-02-12 08:08 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-02-12 08:08 . 2012-02-12 08:08 -------- d-----w- c:\program files (x86)\QuickTime
2012-02-09 01:17 . 2012-02-09 01:17 -------- d-----w- c:\windows\SysWow64\972F~1
2012-02-08 00:30 . 2012-02-08 00:30 -------- d-----w- c:\windows\SysWow64\7188~1
2012-02-07 08:20 . 2012-02-07 08:20 -------- d-----w- c:\windows\SysWow64\C9A8~1
2012-02-07 07:24 . 2012-02-07 07:24 -------- d-----w- c:\windows\SysWow64\E576~1
2012-02-07 05:21 . 2012-02-07 05:21 -------- d-----w- c:\windows\SysWow64\539E~1
2012-02-07 05:10 . 2012-02-07 05:10 -------- d-----w- c:\windows\SysWow64\691E~1
2012-02-07 04:55 . 2012-02-07 04:55 -------- d-----w- c:\program files (x86)\Common Files\postureAgent
2012-02-07 04:55 . 2011-06-10 11:34 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2012-02-07 04:44 . 2012-02-07 04:44 -------- d-----w- c:\windows\SysWow64\535D~1
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-29 21:52 . 2011-08-15 23:08 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-31 12:44 . 2011-08-15 21:32 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-07_00.57.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-24 06:09 . 2012-03-07 23:51 44506 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-07 23:51 34848 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-15 23:51 . 2012-03-07 23:51 13020 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2964945071-228226090-1184030744-1000_UserData.bin
+ 2011-08-15 23:40 . 2012-03-07 23:34 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-15 23:40 . 2012-03-03 10:17 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-15 23:40 . 2012-03-07 23:34 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-08-15 23:40 . 2012-03-03 10:17 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-03 10:17 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-07 23:34 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-16 00:22 . 2012-03-07 23:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-16 00:22 . 2012-03-07 00:47 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-16 00:22 . 2012-03-07 00:47 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-16 00:22 . 2012-03-07 23:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-07 23:49 . 2012-03-07 23:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-07 00:56 . 2012-03-07 00:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-07 23:49 . 2012-03-07 23:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-07 00:56 . 2012-03-07 00:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-03-07 23:55 664532 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-07 23:55 125268 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-03-07 00:55 420348 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-07 23:48 420348 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-08-16 00:11 . 2012-03-07 00:55 2002608 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-08-16 00:11 . 2012-03-07 23:48 2002608 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-08-16 19:54 . 2012-03-07 00:55 34287144 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2964945071-228226090-1184030744-1000-8192.dat
+ 2011-08-16 19:54 . 2012-03-07 23:48 34287144 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2964945071-228226090-1184030744-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-11-12 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2011-06-15 307200]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-14 559616]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"4Y3Y0C3AZF7W1E4WCKXJHL"="c:\recycle.bin\B6232F3AA07.exe" [BU]
.
c:\users\Jordan.Jordan-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-8-15 0]
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S2 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Jordan.Jordan-PC\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries25.gadget\WinRing0x64.sys [2011-09-01 14544]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - NisDrv
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-07 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
2012-03-07 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"RunDLLEntry_EptMon"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-15 9644576]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Jordan.Jordan-PC\AppData\Roaming\Mozilla\Firefox\Profiles\ew1uhpm4.default\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\08\01\0f\15\1d;?"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-07 19:01:32
ComboFix-quarantined-files.txt 2012-03-08 00:01
ComboFix2.txt 2012-03-07 01:01
ComboFix3.txt 2012-03-06 01:03
.
Pre-Run: 446,644,326,400 bytes free
Post-Run: 446,350,385,152 bytes free
.
- - End Of File - - AD353A21954A8ADB560170AF638CAD82
  • 0

#9
Grayfox23
Posted 08 March 2012 - 08:06 PM

Grayfox23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
It seems as if my computer is completely defenseless. I've gained 2 new malware since I started this forum thread. I've removed them both manually, but the point is that my anti virus isn't doing anything in the least to stop them. This "Internet Security 2012" threat has come back twice now and it just shuts down my anti virus before it can even detect it. Is Microsoft Security Essentials really this worthless, or am I just having bad luck?

PS" The Internet Security 2012 threat has attacked twice since my last ComboFix log. I've removed them manually both times.
  • 0

#10
Nedklaw
Posted 08 March 2012 - 11:58 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


1. Close any open browsers.

2. Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it: 

File:: 
c:\recycle.bin\B6232F3AA07.exe
 
Folder:: 
c:\windows\SysWow64\5187~1
c:\windows\SysWow64\DF28~1
c:\windows\SysWow64\67B0~1
c:\windows\SysWow64\073B~1
c:\windows\SysWow64\378F~1 
c:\windows\SysWow64\972F~1
c:\windows\SysWow64\7188~1
c:\windows\SysWow64\C9A8~1
c:\windows\SysWow64\E576~1
c:\windows\SysWow64\539E~1
c:\windows\SysWow64\691E~1
c:\windows\SysWow64\535D~1
 
Registry:: 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"4Y3Y0C3AZF7W1E4WCKXJHL"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
 
RegLockDel::
[HKEY_LOCAL_MACHINE\software\McAfee]


Save this as CFScript.txt, in the same location as ComboFix.exe.


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Things I want to see in your next reply

  • ComboFix.txt
  • 0

Advertisements

#11
Grayfox23
Posted 09 March 2012 - 03:56 AM

Grayfox23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
ComboFix 12-03-06.01 - Jordan 09/03/2012 4:50.3.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8158.6764 [GMT -5:00]
Running from: c:\users\Jordan.Jordan-PC\Downloads\ComboFix.exe
Command switches used :: c:\users\Jordan.Jordan-PC\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\recycle.bin\B6232F3AA07.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\073B~1
c:\windows\SysWow64\378F~1
c:\windows\SysWow64\5187~1
c:\windows\SysWow64\535D~1
c:\windows\SysWow64\539E~1
c:\windows\SysWow64\67B0~1
c:\windows\SysWow64\691E~1
c:\windows\SysWow64\7188~1
c:\windows\SysWow64\972F~1
c:\windows\SysWow64\C9A8~1
c:\windows\SysWow64\DF28~1
c:\windows\SysWow64\E576~1
.
.
((((((((((((((((((((((((( Files Created from 2012-02-09 to 2012-03-09 )))))))))))))))))))))))))))))))
.
.
2012-03-09 09:54 . 2012-03-09 09:54 -------- d-----w- c:\users\JORDAN~1~JOR\AppData\Local\temp
2012-03-09 09:54 . 2012-03-09 09:54 -------- d-----w- c:\users\Jordan\AppData\Local\temp
2012-03-09 09:54 . 2012-03-09 09:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-08 03:50 . 2012-03-08 03:50 -------- d-----w- C:\2bf5cc9db56229ce132bcd61
2012-03-08 03:49 . 2012-03-08 03:49 -------- d-----w- C:\a6c597d93b02a542f92d5f5044b35c
2012-03-08 03:48 . 2012-03-08 03:48 -------- d-----w- C:\179984771dfc281042313e689b59cea0
2012-03-07 23:34 . 2012-03-07 23:34 -------- d-----w- c:\programdata\Media Center Programs
2012-03-07 23:34 . 2012-03-07 23:34 -------- d-----w- c:\program files (x86)\Common Files\BioWare
2012-03-07 23:27 . 2012-03-07 23:35 -------- d-----w- c:\program files (x86)\Mass Effect
2012-03-04 07:09 . 2012-03-04 07:50 -------- d-----w- c:\program files (x86)\PC Tools
2012-03-04 07:09 . 2012-03-04 07:42 -------- d-----w- c:\programdata\PC Tools
2012-03-04 07:09 . 2012-03-04 07:09 -------- d-----w- c:\users\Jordan.Jordan-PC\AppData\Roaming\TestApp
2012-03-04 05:19 . 2012-03-04 05:19 -------- d-----w- c:\users\Jordan.Jordan-PC\AppData\Roaming\Google Inc
2012-03-04 03:34 . 2012-03-04 03:34 -------- d-----w- c:\users\Jordan.Jordan-PC\AppData\Roaming\Malwarebytes
2012-03-04 03:34 . 2011-07-06 23:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-04 01:58 . 2012-03-04 02:20 -------- d-----w- c:\users\Jordan.Jordan-PC\AppData\Roaming\Apple
2012-03-04 01:47 . 2012-03-04 01:47 -------- d-----w- c:\users\Jordan.Jordan-PC\AppData\Roaming\TeamViewer
2012-03-04 01:03 . 2012-03-04 01:12 -------- d-----w- c:\users\Jordan.Jordan-PC\AppData\Local\ElevatedDiagnostics
2012-03-04 00:29 . 2012-03-04 00:29 -------- d-----w- c:\users\Jordan.Jordan-PC\AppData\Roaming\Windows Search
2012-03-04 00:16 . 2012-03-04 00:16 -------- d-----w- c:\users\Jordan.Jordan-PC\AppData\Roaming\ICQ
2012-03-03 23:50 . 2012-03-04 04:07 -------- d-----w- c:\users\Jordan.Jordan-PC\AppData\Roaming\Media Player Classic
2012-03-03 23:45 . 2012-03-04 03:04 -------- d-----w- c:\users\Jordan.Jordan-PC\AppData\Roaming\Dropbox
2012-03-03 23:44 . 2012-03-04 04:40 -------- d-----w- c:\users\Jordan.Jordan-PC\AppData\Roaming\Microsoft Corporation
2012-03-02 12:26 . 2012-03-02 12:26 -------- d-----w- c:\users\Jordan.Jordan-PC\AppData\Local\DDMSettings
2012-03-02 12:21 . 2012-03-08 15:34 -------- d-----w- c:\users\Jordan.Jordan-PC\AppData\Roaming\DivX
2012-03-02 12:20 . 2012-03-02 12:20 -------- d-----w- c:\program files\DivX
2012-03-02 12:20 . 2012-03-02 12:20 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2012-03-02 12:14 . 2012-03-02 12:21 -------- d-----w- c:\program files (x86)\DivX
2012-03-02 12:13 . 2012-03-02 12:21 -------- d-----w- c:\programdata\DivX
2012-02-28 23:47 . 2012-02-28 23:47 -------- d-----w- c:\program files (x86)\Code Laboratories
2012-02-27 18:39 . 2012-02-27 18:39 -------- d-----w- c:\users\Jordan.Jordan-PC\.worldoflogs
2012-02-20 05:01 . 2012-02-20 05:01 69952 ----a-w- c:\windows\system32\CLEyeDevices.dll
2012-02-14 07:03 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-14 07:03 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-14 07:03 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-14 07:03 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-14 07:03 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-14 07:03 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-14 07:03 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-14 07:03 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-12 08:12 . 2012-02-12 08:12 -------- d-----w- c:\program files\iTunes
2012-02-12 08:12 . 2012-02-12 08:12 -------- d-----w- c:\program files (x86)\iTunes
2012-02-12 08:12 . 2012-02-12 08:12 -------- d-----w- c:\program files\iPod
2012-02-12 08:08 . 2012-02-12 08:08 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-02-12 08:08 . 2012-02-12 08:08 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-02-12 08:08 . 2012-02-12 08:08 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-02-12 08:08 . 2012-02-12 08:08 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-02-12 08:08 . 2012-02-12 08:08 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-02-12 08:08 . 2012-02-12 08:08 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-02-12 08:08 . 2012-02-12 08:08 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-02-12 08:08 . 2012-02-12 08:08 -------- d-----w- c:\program files (x86)\QuickTime
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-29 21:52 . 2011-08-15 23:08 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-31 12:44 . 2011-08-15 21:32 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-07_00.57.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-08 11:22 . 2012-03-08 11:22 76800 c:\windows\SysWOW64\SetIEInstalledDate.exe
+ 2012-03-08 11:22 . 2012-03-08 11:22 74752 c:\windows\SysWOW64\RegisterIEPKEYs.exe
+ 2012-03-08 11:22 . 2012-03-08 11:22 54272 c:\windows\SysWOW64\pngfilt.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 48640 c:\windows\SysWOW64\mshtmler.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 72704 c:\windows\SysWOW64\mshtmled.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 11776 c:\windows\SysWOW64\mshta.exe
+ 2012-03-08 11:22 . 2012-03-08 11:22 10752 c:\windows\SysWOW64\msfeedssync.exe
+ 2012-03-08 11:22 . 2012-03-08 11:22 41472 c:\windows\SysWOW64\msfeedsbs.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 23552 c:\windows\SysWOW64\licmgr10.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 78848 c:\windows\SysWOW64\inseng.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 35840 c:\windows\SysWOW64\imgutil.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 86528 c:\windows\SysWOW64\iesysprep.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 74752 c:\windows\SysWOW64\iesetup.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 31744 c:\windows\SysWOW64\iernonce.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 74240 c:\windows\SysWOW64\ie4uinit.exe
+ 2012-03-08 11:22 . 2012-03-08 11:22 66048 c:\windows\SysWOW64\icardie.dll
+ 2010-12-24 06:09 . 2012-03-08 12:14 44676 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-08 12:14 34864 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-15 23:51 . 2012-03-07 23:51 13020 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2964945071-228226090-1184030744-1000_UserData.bin
+ 2012-03-08 11:22 . 2012-03-08 11:22 91648 c:\windows\system32\SetIEInstalledDate.exe
+ 2012-03-08 11:22 . 2012-03-08 11:22 89088 c:\windows\system32\RegisterIEPKEYs.exe
+ 2012-03-08 11:22 . 2012-03-08 11:22 65024 c:\windows\system32\pngfilt.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 48640 c:\windows\system32\mshtmler.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 96256 c:\windows\system32\mshtmled.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 12288 c:\windows\system32\mshta.exe
+ 2012-03-08 11:22 . 2012-03-08 11:22 10752 c:\windows\system32\msfeedssync.exe
+ 2012-03-08 11:22 . 2012-03-08 11:22 55296 c:\windows\system32\msfeedsbs.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 30720 c:\windows\system32\licmgr10.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 85504 c:\windows\system32\jsproxy.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 49664 c:\windows\system32\imgutil.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 85504 c:\windows\system32\iesetup.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 39936 c:\windows\system32\iernonce.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 89088 c:\windows\system32\ie4uinit.exe
+ 2012-03-08 11:22 . 2012-03-08 11:22 82432 c:\windows\system32\icardie.dll
+ 2011-08-15 23:40 . 2012-03-08 12:15 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-15 23:40 . 2012-03-03 10:17 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-15 23:40 . 2012-03-08 12:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-08-15 23:40 . 2012-03-03 10:17 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-08 12:15 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-03 10:17 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-03-09 01:33 92768 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2011-08-16 00:22 . 2012-03-07 00:47 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-16 00:22 . 2012-03-08 11:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-16 00:22 . 2012-03-07 00:47 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-16 00:22 . 2012-03-08 11:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-08 12:11 . 2012-03-08 12:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-07 00:56 . 2012-03-07 00:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-08 12:11 . 2012-03-08 12:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-07 00:56 . 2012-03-07 00:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-08 11:22 . 2012-03-08 11:22 152064 c:\windows\SysWOW64\wextract.exe
+ 2012-03-08 11:22 . 2012-03-08 11:22 203776 c:\windows\SysWOW64\webcheck.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 420864 c:\windows\SysWOW64\vbscript.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 231936 c:\windows\SysWOW64\url.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 123392 c:\windows\SysWOW64\occache.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 162304 c:\windows\SysWOW64\msrating.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 161792 c:\windows\SysWOW64\msls31.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 580608 c:\windows\SysWOW64\msfeeds.dll
- 2012-01-11 07:30 . 2011-10-14 04:24 716800 c:\windows\SysWOW64\jscript.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 716800 c:\windows\SysWOW64\jscript.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 150528 c:\windows\SysWOW64\iexpress.exe
+ 2012-03-08 11:22 . 2012-03-08 11:22 142848 c:\windows\SysWOW64\ieUnatt.exe
+ 2012-03-08 11:22 . 2012-03-08 11:22 176640 c:\windows\SysWOW64\ieui.dll
- 2012-02-14 07:03 . 2011-12-16 07:52 176640 c:\windows\SysWOW64\ieui.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 118784 c:\windows\SysWOW64\iepeers.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 353584 c:\windows\SysWOW64\iedkcs32.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 434176 c:\windows\SysWOW64\ieapfltr.dll
- 2009-07-13 23:42 . 2009-07-14 01:05 163840 c:\windows\SysWOW64\ieakui.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 163840 c:\windows\SysWOW64\ieakui.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 227840 c:\windows\SysWOW64\ieaksie.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 130560 c:\windows\SysWOW64\ieakeng.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 110592 c:\windows\SysWOW64\IEAdvpack.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 223232 c:\windows\SysWOW64\dxtrans.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 353792 c:\windows\SysWOW64\dxtmsft.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 101888 c:\windows\SysWOW64\admparse.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 160256 c:\windows\system32\wextract.exe
+ 2012-03-08 11:22 . 2012-03-08 11:22 249344 c:\windows\system32\webcheck.dll
+ 2011-08-18 22:11 . 2012-03-09 01:32 406160 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2012-03-08 11:22 . 2012-03-08 11:22 603648 c:\windows\system32\vbscript.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 237056 c:\windows\system32\url.dll
+ 2009-07-14 02:36 . 2012-03-09 09:48 652150 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-09 09:48 121082 c:\windows\system32\perfc009.dat
+ 2012-03-08 11:22 . 2012-03-08 11:22 149504 c:\windows\system32\occache.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 197120 c:\windows\system32\msrating.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 222208 c:\windows\system32\msls31.dll
- 2009-07-13 23:39 . 2009-07-14 01:41 222208 c:\windows\system32\msls31.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 697344 c:\windows\system32\msfeeds.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 818688 c:\windows\system32\jscript.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 103936 c:\windows\system32\inseng.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 165888 c:\windows\system32\iexpress.exe
+ 2012-03-08 11:22 . 2012-03-08 11:22 173056 c:\windows\system32\ieUnatt.exe
+ 2012-03-08 11:22 . 2012-03-08 11:22 248320 c:\windows\system32\ieui.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 111616 c:\windows\system32\iesysprep.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 145920 c:\windows\system32\iepeers.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 403248 c:\windows\system32\iedkcs32.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 534528 c:\windows\system32\ieapfltr.dll
- 2009-07-13 23:58 . 2009-07-14 01:27 163840 c:\windows\system32\ieakui.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 163840 c:\windows\system32\ieakui.dll
- 2009-07-13 23:58 . 2009-07-14 01:41 267776 c:\windows\system32\ieaksie.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 267776 c:\windows\system32\ieaksie.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 160256 c:\windows\system32\ieakeng.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 135168 c:\windows\system32\IEAdvpack.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 282112 c:\windows\system32\dxtrans.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 452608 c:\windows\system32\dxtmsft.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 114176 c:\windows\system32\admparse.dll
+ 2009-07-14 05:01 . 2012-03-08 11:30 420348 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-03-07 00:55 420348 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-08 11:22 . 2012-03-08 11:22 1127424 c:\windows\SysWOW64\wininet.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 1103360 c:\windows\SysWOW64\urlmon.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 1798656 c:\windows\SysWOW64\jscript9.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 1792000 c:\windows\SysWOW64\iertutil.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 9705472 c:\windows\SysWOW64\ieframe.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 3695416 c:\windows\SysWOW64\ieapfltr.dat
+ 2012-03-08 11:22 . 2012-03-08 11:22 1390080 c:\windows\system32\wininet.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 1345536 c:\windows\system32\urlmon.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 2308096 c:\windows\system32\jscript9.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 2144256 c:\windows\system32\iertutil.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 3695416 c:\windows\system32\ieapfltr.dat
+ 2009-07-14 04:45 . 2012-03-08 12:14 7176763 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-08-16 00:11 . 2012-03-08 11:30 2002608 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-08-16 00:11 . 2012-03-07 00:55 2002608 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-03-08 11:22 . 2012-03-08 11:22 12282368 c:\windows\SysWOW64\mshtml.dll
- 2009-07-14 02:34 . 2012-02-14 20:02 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-03-08 11:30 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-03-08 11:22 . 2012-03-08 11:22 17790464 c:\windows\system32\mshtml.dll
+ 2012-03-08 11:22 . 2012-03-08 11:22 10887168 c:\windows\system32\ieframe.dll
+ 2011-08-16 19:54 . 2012-03-08 11:30 34287144 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2964945071-228226090-1184030744-1000-8192.dat
- 2011-08-16 19:54 . 2012-03-07 00:55 34287144 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2964945071-228226090-1184030744-1000-8192.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-11-12 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2011-06-15 307200]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-14 559616]
.
c:\users\Jordan.Jordan-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-8-15 0]
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S2 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Jordan.Jordan-PC\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries25.gadget\WinRing0x64.sys [2011-09-01 14544]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NISDRV
*Deregistered* - NisDrv
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
2012-03-09 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"RunDLLEntry_EptMon"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-15 9644576]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Jordan.Jordan-PC\AppData\Roaming\Mozilla\Firefox\Profiles\ew1uhpm4.default\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Internet Security - c:\users\Jordan.Jordan-PC\AppData\Roaming\isecurity.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\08\01\0f\15\1d;?"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-09 04:55:31
ComboFix-quarantined-files.txt 2012-03-09 09:55
ComboFix2.txt 2012-03-08 00:01
ComboFix3.txt 2012-03-07 01:01
ComboFix4.txt 2012-03-06 01:03
.
Pre-Run: 449,883,090,944 bytes free
Post-Run: 449,624,731,648 bytes free
.
- - End Of File - - 3EC41ACF015A684197FC292693DEACD4
  • 0

#12
Nedklaw
Posted 11 March 2012 - 08:43 AM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
It sounds like malware is messing around with MSE. We will deal with this later after we have removed the majority of the malware.


Step 1

We're going to run the Mcafee removal tool to remove all traces of Mcafee left on your computer.

  • Download the removal tool from here.
  • Click Save, and save the file to a folder on your computer.
  • Navigate to the folder where the file was saved.
  • Ensure that all McAfee windows are closed.
  • Double-click MCPR.exe to run the removal tool.
    Note: Windows Vista users must right-click MCPR.exe and select Run as Administrator.
  • Restart your computer after receiving the message CleanUp Successful.
Your McAfee product will not be fully removed until the system is restarted.


Step 2

  • Open OTL again and select the "Scan All Users" box.
  • Click the Quick Scan button.
  • Attach the log that is produced in your next relply.

Step 3

Download aswMBR.exe (1.8mb) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.
If Avast asks to download definitions, please say Yes.

Posted Image


On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image


Things I want to see in your next reply

  • OTL.txt
  • aswMBR.txt
  • 0

#13
Grayfox23
Posted 11 March 2012 - 03:47 PM

Grayfox23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
OTL logfile created on: 3/11/2012 5:25:07 PM - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\Jordan.Jordan-PC\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

7.97 Gb Total Physical Memory | 6.24 Gb Available Physical Memory | 78.33% Memory free
15.93 Gb Paging File | 13.98 Gb Available in Paging File | 87.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 870.40 Gb Total Space | 417.68 Gb Free Space | 47.99% Space Free | Partition Type: NTFS
Drive E: | 48.83 Gb Total Space | 6.23 Gb Free Space | 12.75% Space Free | Partition Type: NTFS
Drive K: | 7.23 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JORDAN-PC | User Name: Jordan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/11 17:24:24 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Jordan.Jordan-PC\Downloads\OTL.exe
PRC - [2012/02/17 16:47:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/11/15 19:27:14 | 000,075,136 | ---- | M] () -- C:\WINDOWS\SysWOW64\PnkBstrA.exe
PRC - [2011/08/02 03:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/15 02:19:14 | 000,307,200 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2011/01/13 14:54:26 | 000,464,856 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/01/13 14:42:12 | 003,811,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/01/13 14:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/01/13 14:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/10/02 15:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/10/02 15:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/09/30 05:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 05:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/07/17 18:07:58 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/29 17:52:12 | 008,527,008 | ---- | M] () -- C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2012/02/17 16:47:41 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/02/15 15:40:15 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll
MOD - [2012/02/14 16:08:08 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll
MOD - [2012/02/14 16:07:57 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/14 16:07:49 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll
MOD - [2012/02/14 16:07:39 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/02/14 16:07:34 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/02/14 16:07:33 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll
MOD - [2012/02/14 16:07:25 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/14 16:07:21 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/14 16:07:19 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/14 16:07:17 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/11/01 09:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 09:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/14 05:22:07 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/01/13 14:42:02 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll
MOD - [2011/01/13 14:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/01/13 14:37:50 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2011/01/13 14:37:26 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2011/01/13 14:37:24 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2011/01/13 14:37:20 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2011/01/13 14:37:18 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2011/01/13 14:37:14 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2011/01/13 14:37:04 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll
MOD - [2011/01/13 14:36:50 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 18:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 18:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/05/17 17:03:54 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\WINDOWS\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/02/29 17:49:35 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/11/15 19:27:14 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/01/13 14:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/12/24 01:55:04 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/12/24 01:49:14 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/02 15:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/09/30 05:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 05:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/06/26 13:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/28 22:28:28 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/09/07 23:19:59 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/06/15 04:30:46 | 000,093,240 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/27 16:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/01 10:12:24 | 000,097,040 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010/05/17 17:35:30 | 006,853,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/17 16:30:28 | 000,263,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/04/08 03:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/02/26 19:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 09:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2009/10/16 07:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/10/02 16:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/17 16:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/16 07:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/17 23:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/11/01 14:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011/09/01 00:31:44 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | Auto | Running] -- C:\Users\Jordan.Jordan-PC\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries25.gadget\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2010/07/27 12:35:02 | 000,327,368 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/26 12:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\WINDOWS\SysWOW64\drivers\RxFilter.sys -- (RxFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {40CE7EAA-1ABB-4873-BA9E-538BFFD6D69A}
IE:64bit: - HKLM\..\SearchScopes\{40CE7EAA-1ABB-4873-BA9E-538BFFD6D69A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {C7C11DCF-C9C2-4677-8A00-911F0BD2EC27}
IE - HKLM\..\SearchScopes\{C7C11DCF-C9C2-4677-8A00-911F0BD2EC27}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2964945071-228226090-1184030744-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/23
IE - HKU\S-1-5-21-2964945071-228226090-1184030744-1000\..\SearchScopes,DefaultScope = {40CE7EAA-1ABB-4873-BA9E-538BFFD6D69A}
IE - HKU\S-1-5-21-2964945071-228226090-1184030744-1000\..\SearchScopes\{C7C11DCF-C9C2-4677-8A00-911F0BD2EC27}: "URL" = http://findgala.com/...q={searchTerms}
IE - HKU\S-1-5-21-2964945071-228226090-1184030744-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2964945071-228226090-1184030744-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========



FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/02 08:21:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/17 16:47:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/03/02 08:21:19 | 000,000,000 | ---D | M]

[2011/08/15 17:25:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\mozilla\Extensions
[2012/01/07 03:25:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\mozilla\Firefox\Profiles\ew1uhpm4.default\extensions
[2011/12/26 15:47:00 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\mozilla\Firefox\Profiles\ew1uhpm4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/01/05 20:23:25 | 000,000,000 | ---D | M] (English (Australian) Dictionary) -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\mozilla\Firefox\Profiles\ew1uhpm4.default\extensions\[email protected]
[2012/03/07 19:20:49 | 000,001,210 | ---- | M] () -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\Mozilla\Firefox\Profiles\ew1uhpm4.default\searchplugins\search.xml
[2011/08/15 17:25:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/02 08:21:20 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
() (No name found) -- C:\USERS\JORDAN.JORDAN-PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EW1UHPM4.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\JORDAN.JORDAN-PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EW1UHPM4.DEFAULT\EXTENSIONS\[email protected]
[2012/02/17 16:47:41 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/11 08:25:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/11 08:25:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/07 19:20:48 | 000,001,404 | RHS- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 188.119.151.111 www.google-analytics.com.
O1 - Hosts: 188.119.151.111 ad-emea.doubleclick.net.
O1 - Hosts: 188.119.151.111 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-2964945071-228226090-1184030744-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2964945071-228226090-1184030744-1000..\Run: [Internet Security] C:\Users\Jordan.Jordan-PC\AppData\Roaming\isecurity.exe File not found
O4 - HKU\S-1-5-21-2964945071-228226090-1184030744-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Jordan.Jordan-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Jordan.Jordan-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2964945071-228226090-1184030744-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2964945071-228226090-1184030744-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BDB7D157-9446-4D5F-B147-AE42E1DF425A}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F89F91CF-2CB4-4650-A9E9-A473E57EFC12}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/01 13:36:21 | 000,726,248 | R--- | M] (BioWare) - K:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/11/15 18:48:02 | 000,000,057 | R--- | M] () - K:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-2964945071-228226090-1184030744-1000..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/11 04:34:54 | 000,000,000 | ---D | C] -- C:\Users\Jordan.Jordan-PC\AppData\Local\_
[2012/03/10 17:12:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/09 12:34:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Motive
[2012/03/09 12:34:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2012/03/09 05:56:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/03/09 05:56:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/03/08 00:21:26 | 000,000,000 | ---D | C] -- C:\Users\Jordan.Jordan-PC\Desktop\Anti-Malware
[2012/03/07 23:50:38 | 000,000,000 | ---D | C] -- C:\2bf5cc9db56229ce132bcd61
[2012/03/07 23:49:45 | 000,000,000 | ---D | C] -- C:\a6c597d93b02a542f92d5f5044b35c
[2012/03/07 23:48:01 | 000,000,000 | ---D | C] -- C:\179984771dfc281042313e689b59cea0
[2012/03/07 20:01:33 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/07 19:35:17 | 000,000,000 | ---D | C] -- C:\Users\Jordan.Jordan-PC\Documents\BioWare
[2012/03/07 19:34:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2012/03/07 19:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect
[2012/03/07 19:34:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2012/03/07 19:27:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mass Effect
[2012/03/06 20:48:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/06 20:48:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/06 20:48:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/05 20:48:00 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/05 20:47:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/04 04:11:15 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/03/04 03:09:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/03/04 03:09:20 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/03/04 03:09:14 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/03/04 03:09:13 | 000,000,000 | ---D | C] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\TestApp
[2012/03/04 01:19:54 | 000,000,000 | ---D | C] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\Google Inc
[2012/03/03 23:34:22 | 000,000,000 | ---D | C] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\Malwarebytes
[2012/03/03 23:34:11 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/03 22:42:17 | 000,000,000 | ---D | C] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\Opera
[2012/03/03 22:09:16 | 000,000,000 | ---D | C] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\Sun
[2012/03/03 21:58:16 | 000,000,000 | ---D | C] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\Apple
[2012/03/03 21:47:16 | 000,000,000 | ---D | C] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\TeamViewer
[2012/03/03 21:11:16 | 000,000,000 | ---D | C] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\Google
[2012/03/03 21:03:53 | 000,000,000 | ---D | C] -- C:\Users\Jordan.Jordan-PC\AppData\Local\ElevatedDiagnostics
[2012/03/03 20:29:02 | 000,000,000 | ---D | C] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\Windows Search
[2012/03/03 20:16:02 | 000,000,000 | ---D | C] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\ICQ
[2012/03/03 19:50:32 | 000,000,000 | ---D | C] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\Media Player Classic
[2012/03/03 19:45:32 | 000,000,000 | ---D | C] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\Dropbox
[2012/03/03 19:44:32 | 000,000,000 | ---D | C] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\Microsoft Corporation
[2012/03/02 08:26:45 | 000,000,000 | ---D | C] -- C:\Users\Jordan.Jordan-PC\AppData\Local\DDMSettings
[2012/03/02 08:21:10 | 000,000,000 | ---D | C] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\DivX
[2012/03/02 08:20:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2012/03/02 08:20:48 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2012/03/02 08:20:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2012/03/02 08:14:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2012/03/02 08:13:36 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2012/02/28 19:48:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CL-Eye Driver
[2012/02/28 19:47:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Code Laboratories
[2012/02/27 14:39:19 | 000,000,000 | ---D | C] -- C:\Users\Jordan.Jordan-PC\.worldoflogs
[2012/02/21 23:24:46 | 000,000,000 | ---D | C] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\Help
[2012/02/12 04:12:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/02/12 04:12:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/02/12 04:12:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/02/12 04:12:32 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/02/12 04:08:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/02/12 04:08:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/11 17:28:41 | 000,018,992 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/11 17:28:41 | 000,018,992 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/11 17:26:47 | 000,782,702 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/11 17:26:47 | 000,666,660 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/11 17:26:47 | 000,126,296 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/11 17:21:10 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/03/11 17:21:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/11 17:20:56 | 2120,736,767 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/11 17:20:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/03/11 17:12:28 | 000,000,990 | ---- | M] () -- C:\Users\Jordan.Jordan-PC\Desktop\World of Warcraft.lnk
[2012/03/09 05:56:35 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/03/09 05:56:26 | 000,788,104 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/08 08:12:42 | 000,001,439 | ---- | M] () -- C:\Users\Jordan.Jordan-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/08 07:22:52 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/03/08 07:22:52 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/03/07 19:38:29 | 000,001,654 | ---- | M] () -- C:\Users\Jordan.Jordan-PC\Desktop\Mass Effect.lnk
[2012/03/07 19:34:52 | 000,001,104 | ---- | M] () -- C:\Users\Jordan.Jordan-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Mass Effect.lnk
[2012/03/07 19:20:48 | 000,001,404 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/28 19:48:04 | 000,001,248 | ---- | M] () -- C:\Users\Public\Desktop\CL-Eye Test.lnk
[2012/02/28 19:48:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2012/02/20 01:01:38 | 000,069,952 | ---- | M] () -- C:\Windows\SysNative\CLEyeDevices.dll
[2012/02/14 16:03:24 | 000,454,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/12 04:12:46 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/09 05:56:20 | 000,001,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/03/08 07:22:52 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/03/08 07:22:52 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/03/07 19:38:29 | 000,001,654 | ---- | C] () -- C:\Users\Jordan.Jordan-PC\Desktop\Mass Effect.lnk
[2012/03/07 19:34:52 | 000,001,104 | ---- | C] () -- C:\Users\Jordan.Jordan-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Mass Effect.lnk
[2012/03/06 20:48:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/06 20:48:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/06 20:48:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/05 20:48:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/05 20:48:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/03 19:34:08 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/02/28 19:48:04 | 000,001,248 | ---- | C] () -- C:\Users\Public\Desktop\CL-Eye Test.lnk
[2012/02/28 19:48:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2012/02/20 01:01:38 | 000,069,952 | ---- | C] () -- C:\Windows\SysNative\CLEyeDevices.dll
[2012/02/12 04:12:46 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/07 00:48:46 | 000,045,866 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012/02/07 00:47:43 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/02/07 00:47:42 | 000,032,590 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/11/15 19:27:20 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/11/15 19:27:14 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/11/09 22:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011/11/09 22:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/09/14 11:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/09/05 15:30:50 | 000,008,186 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011/09/04 00:14:44 | 000,013,808 | -HS- | C] () -- C:\Users\Jordan.Jordan-PC\AppData\Local\15f57215gifh67ld4m6jc81738x18gxu0iqowb6mto53
[2011/09/04 00:14:44 | 000,013,808 | -HS- | C] () -- C:\ProgramData\15f57215gifh67ld4m6jc81738x18gxu0iqowb6mto53
[2011/09/04 00:14:44 | 000,000,000 | ---- | C] () -- C:\ProgramData\pcch.exe
[2011/09/04 00:14:44 | 000,000,000 | ---- | C] () -- C:\ProgramData\nact.exe
[2011/09/04 00:14:44 | 000,000,000 | ---- | C] () -- C:\ProgramData\cpbv.exe
[2011/09/04 00:14:44 | 000,000,000 | ---- | C] () -- C:\ProgramData\brwy.exe
[2011/08/23 04:22:34 | 000,788,104 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/15 17:56:46 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/12/24 03:42:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/12/24 03:17:39 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/12/24 01:55:39 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/12/24 01:55:39 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/12/24 01:55:39 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2010/12/24 01:55:39 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2010/12/24 01:55:39 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini

========== LOP Check ==========

[2012/03/07 19:47:29 | 000,000,000 | ---D | M] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\Azureus
[2011/09/07 23:20:55 | 000,000,000 | ---D | M] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\DAEMON Tools Lite
[2012/03/03 23:04:17 | 000,000,000 | ---D | M] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\Dropbox
[2012/01/07 04:40:06 | 000,000,000 | ---D | M] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\DVDVideoSoft
[2012/01/11 15:00:21 | 000,000,000 | ---D | M] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\Fiudmy
[2012/03/03 20:16:02 | 000,000,000 | ---D | M] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\ICQ
[2011/08/16 15:51:25 | 000,000,000 | ---D | M] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\MotioninJoy
[2012/03/09 05:24:51 | 000,000,000 | ---D | M] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\Mumble
[2012/03/03 22:42:17 | 000,000,000 | ---D | M] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\Opera
[2011/08/27 09:06:57 | 000,000,000 | ---D | M] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\PCDr
[2011/11/15 19:27:13 | 000,000,000 | ---D | M] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\PunkBuster
[2011/09/07 22:09:04 | 000,000,000 | ---D | M] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\SoftGrid Client
[2012/03/03 21:47:16 | 000,000,000 | ---D | M] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\TeamViewer
[2012/03/04 03:09:13 | 000,000,000 | ---D | M] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\TestApp
[2011/08/23 04:23:10 | 000,000,000 | ---D | M] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\TP
[2012/03/03 20:29:02 | 000,000,000 | ---D | M] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\Windows Search
[2012/01/11 15:18:19 | 000,000,000 | ---D | M] -- C:\Users\Jordan.Jordan-PC\AppData\Roaming\Ytqixu
[2012/03/11 17:20:00 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/12/30 04:26:48 | 000,024,108 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/03/11 17:21:10 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/01/16 03:33:07 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\睟
[2012/01/16 03:33:07 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\睟
[2012/01/15 18:35:32 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\矌
[2012/01/15 18:35:32 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\矌
[2012/01/14 22:07:01 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\眑
[2012/01/14 22:07:01 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\眑
[2012/01/14 00:49:39 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\盺
[2012/01/14 00:49:39 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\盺
[2012/01/11 15:18:41 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\睿
[2012/01/11 15:18:41 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\睿
[2012/01/10 19:11:38 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\瞪
[2012/01/10 19:11:38 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\瞪
[2012/01/07 03:17:00 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\矒
[2012/01/07 03:17:00 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\矒
[2012/01/05 20:23:00 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\瞙
[2012/01/05 20:23:00 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\瞙
[2011/12/30 21:06:59 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\眖
[2011/12/30 21:06:59 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\眖
[2011/12/30 00:31:05 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\矄
[2011/12/30 00:31:05 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\矄
[2011/12/27 09:59:30 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\睜
[2011/12/27 09:59:30 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\睜
[2011/12/23 17:14:15 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\睇
[2011/12/23 17:14:15 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\睇
[2011/12/23 00:55:34 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\睖
[2011/12/23 00:55:34 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\睖
[2011/12/22 22:42:40 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\睼
[2011/12/22 22:42:40 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\睼
[2011/12/22 22:36:34 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\矦
[2011/12/22 22:36:34 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\矦
[2011/12/19 21:20:19 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\眈
[2011/12/19 21:20:19 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\眈
[2011/12/17 11:09:05 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\瞀
[2011/12/17 11:09:05 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\瞀
[2011/12/15 17:23:34 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\矗
[2011/12/15 17:23:34 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\矗
[2011/12/15 17:20:26 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\眘
[2011/12/15 17:20:26 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\眘
[2011/12/15 17:11:53 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\瞏
[2011/12/15 17:11:53 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\瞏
[2011/11/26 19:07:53 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\矠
[2011/11/26 19:07:53 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\矠
[2011/11/24 01:39:37 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\睢
[2011/11/24 01:39:37 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\睢
[2011/11/24 01:35:57 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\睭
[2011/11/24 01:35:57 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\睭
[2011/11/24 01:30:40 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\矩
[2011/11/24 01:30:40 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\矩
[2011/11/24 01:22:24 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\瞥
[2011/11/24 01:22:24 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\瞥
[2011/11/09 16:09:42 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\瞟
[2011/11/09 16:09:42 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\瞟
[2011/11/08 06:19:50 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\睯
[2011/11/08 06:19:50 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\睯
[2011/10/29 22:03:48 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\盫
[2011/10/29 22:03:48 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\盫
[2011/10/27 19:13:12 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\眓
[2011/10/27 19:13:12 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\眓
[2011/10/14 05:21:21 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\睃
[2011/10/14 05:21:21 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\睃
[2011/09/22 21:20:00 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\矚
[2011/09/22 21:20:00 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\矚
[2011/09/18 04:53:18 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\睻
[2011/09/18 04:53:18 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\睻
[2011/09/08 03:18:14 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\睾
[2011/09/08 03:18:14 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\睾
[2011/09/05 09:37:25 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\眬
[2011/09/05 09:37:25 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\眬
[2011/08/31 23:40:46 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\瞇
[2011/08/31 23:40:46 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\瞇
[2011/08/31 15:13:49 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\矟
[2011/08/31 15:13:49 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\矟
[2011/08/31 14:52:15 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\眙
[2011/08/31 14:52:15 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\眙
[2011/08/30 23:32:02 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\睽
[2011/08/30 23:32:02 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\睽
[2011/08/24 22:09:15 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\矢
[2011/08/24 22:09:15 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\矢
[2011/08/24 11:35:53 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\眇
[2011/08/24 11:35:53 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\眇
[2011/08/24 11:32:15 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\眒
[2011/08/24 11:32:15 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\眒
[2011/08/24 07:17:17 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\眄
[2011/08/24 07:17:17 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\眄
[2011/08/23 10:03:50 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\瞱
[2011/08/23 10:03:50 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\瞱
[2011/08/23 03:30:18 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\眨
[2011/08/23 03:30:18 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\眨
[2011/08/23 03:29:04 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\瞔
[2011/08/23 03:29:04 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\瞔
[2011/08/22 13:24:07 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\矡
[2011/08/22 13:24:07 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\矡
[2011/08/22 13:20:25 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\睋
[2011/08/22 13:20:25 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\睋
[2011/08/22 01:01:49 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\矔
[2011/08/22 01:01:49 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\矔
[2011/08/20 07:31:19 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\眜
[2011/08/20 07:31:19 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\眜
[2011/08/19 10:19:35 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\睗
[2011/08/19 10:19:35 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\睗
[2011/08/18 04:12:21 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\瞩
[2011/08/18 04:12:21 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\瞩
[2011/08/17 15:50:49 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\矡
[2011/08/17 15:50:49 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\矡
[2011/08/16 15:55:21 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\�矊
[2011/08/16 15:55:21 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\�矊
[2010/07/08 01:01:55 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\盯
[2010/07/08 01:01:55 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\盯
[2010/07/08 01:01:29 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\睬
[2010/07/08 01:01:29 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\睬

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-11 17:30:11
-----------------------------
17:30:11.551 OS Version: Windows x64 6.1.7601 Service Pack 1
17:30:11.551 Number of processors: 8 586 0x1E05
17:30:11.552 ComputerName: JORDAN-PC UserName: Jordan
17:30:12.195 Initialize success
17:31:56.872 AVAST engine defs: 12031101
17:32:24.959 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-5
17:32:24.962 Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 3
17:32:24.969 Disk 0 MBR read successfully
17:32:24.972 Disk 0 MBR scan
17:32:24.977 Disk 0 Windows VISTA default MBR code
17:32:24.979 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
17:32:24.991 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 12542 MB offset 81920
17:32:25.023 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 891286 MB offset 25767936
17:32:25.047 Disk 0 Partition - 00 0F Extended LBA 50000 MB offset 1851121664
17:32:25.077 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 49999 MB offset 1851123712
17:32:25.157 Disk 0 scanning C:\Windows\system32\drivers
17:32:34.052 Service scanning
17:32:55.111 Modules scanning
17:32:55.442 Disk 0 trace - called modules:
17:32:55.454 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
17:32:55.460 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007785790]
17:32:55.467 3 CLASSPNP.SYS[fffff88001ba443f] -> nt!IofCallDriver -> [0xfffffa800758e520]
17:32:55.470 5 ACPI.sys[fffff88000f067a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-5[0xfffffa8007586680]
17:32:56.077 AVAST engine scan C:\Windows
17:32:59.181 AVAST engine scan C:\Windows\system32
17:36:28.477 AVAST engine scan C:\Windows\system32\drivers
17:36:41.207 AVAST engine scan C:\Users\Jordan.Jordan-PC
17:37:48.150 File: C:\Users\Jordan.Jordan-PC\AppData\Local\Temp\0.4310279220364035.exe **INFECTED** Win32:Downloader-NLZ [Trj]
17:37:48.248 File: C:\Users\Jordan.Jordan-PC\AppData\Local\Temp\8545.tmp **INFECTED** Win32:Downloader-NLZ [Trj]
17:41:43.395 AVAST engine scan C:\ProgramData
17:44:24.718 Scan finished successfully
17:45:52.614 Disk 0 MBR has been saved successfully to "C:\Users\Jordan.Jordan-PC\Desktop\MBR.dat"
17:45:52.620 The log file has been saved successfully to "C:\Users\Jordan.Jordan-PC\Desktop\aswMBR.txt"
  • 0

#14
Nedklaw
Posted 11 March 2012 - 04:04 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)

Please can you attach the OTL log instead of posting it because the forum's software doesn't fair well with Unicode characters.

You can attach the log by:
  • Click Browse (under the reply window under Attachments).
  • Find the OTL.txt file and then click Open.
  • Click Attach This File.
  • Finally, click on Add to Post.

  • 0

#15
Grayfox23
Posted 11 March 2012 - 05:11 PM

Grayfox23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
My mistake, sorry

Attached Files

  • Attached File  OTL.Txt   114.15KB   93 downloads

Edited by Grayfox23, 11 March 2012 - 05:12 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP