Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Spyware Problem. Log Scans provided.

Started by Derek Elko , Mar 05 2012 04:00 PM

  • Please log in to reply

#1
Derek Elko
Posted 05 March 2012 - 04:00 PM

Derek Elko

    New Member

  • Member
  • Pip
  • 2 posts
Hey guys. I've recently accrued what I believe to be a spyware problem on my Lenovo G560 PC. I'm using Windows 7 Home Edition. I have MalwareBytes Anti-Malware Pro and BitDefender Total Security 2012. I've also provided a ComboFix log and a HijackThis log. I also ran Kaspersky TDSSKiller to look for rootkit problems and it came up clean.

Hints to help you guys:

1. BitDefender was strangely kept routinely rejecting the process PING.exe executable coming from Windows/SysWOW64/ folder. Also. and this happened only once, my ping.exe ran up to about 85 percent of my CPU. But after restart, the CPU problem went away (though the process is still running once I gave BitDefender permission to let it execute).

2. Malwarebytes keeps spontaneously blocking IP's from outgoing svchost.exe ports in the 6X,XXX (60 thousands) even when I don't have the web browser running.

3. I'm not sure if this is relevant, but every time I enable my bitdefender firewal, my internet doesn't work now. The firewall has never been a problem until recently with internet access. If I ping in CMD, it also doesn't receive data (just to show it's not browser-specific). It is as if the spyware is involved in blocking the internet when the firewall is on. My settings currently ALLOW all web browsing HTTP, incoming ICMP, incoming ICMPv6, and DNS over UDP and TCP.

4. BitDefender keeps blocking infected files from C:\Windows\assembly\temp\U\0.xxxxxxxxxx .@ files as "Trojan.Generic.XXXXXX"

5. My university public network blocked me and send me the following e-mail:

UT Information Security Office [email protected]

2:23 PM (2 hours ago)

to me, abuse
----------------------------------------
PUBLIC NETWORK ACCESS DISABLED
-----
Please contact the Help Desk (475-9400).
----------------------------------------

Derek Daniel Elko --

The Information Security Office at the University of Texas at
Austin has found a machine using your PNA service to be infected
with a unknown variant of an IRCbot, HTTPbot, or worm and is currently being
remotely controlled:

HOST: 128.62.93.32 [wireless-128-62-93-32.public.utexas.edu]
MAC: 78:e4:00:45:a4:b3
DATE: 2012-03-05 14:12:54 CDT/CST

** This system is infected with a variant of ZeroAccess **

LIKELY ATTACK VECTOR: Viewing a compromised or malicious web site

ADDITIONAL DETAILS: http://threatpost.co...e-appear-052411

We strongly recommend reformatting your hard drive and reinstalling the
operating system as the only method to completely ensure that the malicious
code is removed from this system, http://security.utex...itigation.html.
Accordingly, you should begin backing up any data from this system that you wish to keep.

If you do not wish to reformat and reinstall, the following tools may be
useful in identifying and removing the malicious code:

For Windows Systems:
--------------------
- Sysinternals
[http://www.microsoft...s/default.mspx]

- SecCheck
[http://www.mynetwatc....com/tools/sc/]

For *nix/OSX Systems:
---------------------
- lsof -i +M
- chkrootkit

Although the majority of the remediation process can be done by you, the
end-user, a second security incident will most likely require bringing the
system in to the ITS Help Desk for clean-up.

Please ensure that this machine is offline until it is secured so as not
to affect any machines on or external to UTnet. All systems connected to
UTnet should adhere to the Minimum Security Standards for Systems, found at:

http://www.utexas.ed...nual/secstd.php

Please contact the ITS Help Desk at 475-9400 should you
require any assistance.

Thanks for your prompt attention.

Bert Hayes, GCIH
Senior Network Security Analyst
Information Security Office
- Report Misuse/Abuse To:
- [email protected]
- 512.475.9242
--------------------------------------------------------
END

Thanks for your help. Below is the OTL log txt

OTL logfile created on: 3/5/2012 4:02:16 PM - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\Derek\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 54.30% Memory free
7.61 Gb Paging File | 5.80 Gb Available in Paging File | 76.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 254.14 Gb Total Space | 124.03 Gb Free Space | 48.80% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 28.11 Gb Free Space | 96.93% Space Free | Partition Type: NTFS

Computer Name: DEREK-PC | User Name: Derek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/05 16:02:03 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Derek\Downloads\OTL.exe
PRC - [2012/03/01 17:05:46 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/25 20:42:24 | 003,298,712 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2010/04/13 15:47:14 | 001,636,872 | ---- | M] (M-Audio) -- C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe
PRC - [2009/12/23 11:39:04 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/12/23 11:39:02 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/12/17 06:33:56 | 004,114,368 | ---- | M] (Lenovo(beijing) Limited) -- C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
PRC - [2009/12/17 06:31:22 | 006,223,808 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
PRC - [2009/12/09 02:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/12/09 02:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/07/13 19:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE


========== Modules (No Company Name) ==========

MOD - [2012/03/04 13:55:46 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2012/03/01 17:05:45 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/05/28 19:37:47 | 011,807,744 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\b867fbc0d573ac5e5fe71143d9caf43b\System.Web.ni.dll
MOD - [2011/05/28 19:37:41 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\adc8998d96ca331d17cef00b1ef95a5f\System.Runtime.Remoting.ni.dll
MOD - [2011/05/28 19:37:14 | 012,430,848 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4ea95056046fdf87f06ae807308b627\System.Windows.Forms.ni.dll
MOD - [2011/05/28 19:37:08 | 001,586,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2a34e74599686e7383ae90670a994cdf\System.Drawing.ni.dll
MOD - [2011/05/28 19:36:54 | 003,325,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\caa9d8bca3092573cdbb67c8e81bf0f3\WindowsBase.ni.dll
MOD - [2011/05/28 19:36:48 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\167c8c3817ba1f48fe7396cc56f557e3\System.Xml.ni.dll
MOD - [2011/05/28 19:36:44 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9d054fc9618b81d5703af1662cd11135\System.Configuration.ni.dll
MOD - [2011/05/28 19:36:41 | 007,949,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\50c67f851ae3df2d0ab7d86fd1c5c7e0\System.ni.dll
MOD - [2011/05/28 19:36:31 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ebdaeaeb9f66c9035b5f11431f10cda4\mscorlib.ni.dll
MOD - [2008/12/20 03:20:50 | 000,063,304 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Energy Management\KbdHook.dll
MOD - [2008/12/20 03:20:08 | 000,051,016 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/01/23 19:49:56 | 001,953,032 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (VSSERV)
SRV:64bit: - [2012/01/23 19:41:02 | 000,062,512 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV)
SRV:64bit: - [2011/12/21 11:16:18 | 000,075,384 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe -- (SafeBox)
SRV:64bit: - [2011/10/14 22:57:26 | 000,466,736 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV:64bit: - [2011/09/27 13:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:39:46 | 000,006,656 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\Windows\SysNative\msiserver.dll -- (winpowerrmi)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/04/13 15:47:14 | 001,636,872 | ---- | M] (M-Audio) [Auto | Running] -- C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe -- (USBMIDIAudioDevMon)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/23 11:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/12/09 02:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/12/09 02:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/31 09:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/18 17:16:58 | 000,544,552 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)
DRV:64bit: - [2012/01/18 17:16:56 | 000,691,384 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/11/25 14:00:36 | 000,258,736 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv)
DRV:64bit: - [2011/11/17 16:38:34 | 000,079,952 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (bdsandbox)
DRV:64bit: - [2011/11/14 19:16:42 | 000,090,192 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Program Files\Common Files\BitDefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf)
DRV:64bit: - [2011/11/14 19:16:38 | 000,103,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2011/10/27 14:07:05 | 000,329,800 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos)
DRV:64bit: - [2011/10/04 13:49:32 | 002,770,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/09/02 00:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 00:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/08/16 13:59:12 | 000,442,088 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/28 11:46:40 | 000,146,568 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2010/12/24 15:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV:64bit: - [2010/12/24 15:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV:64bit: - [2010/12/24 15:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV:64bit: - [2010/12/24 15:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV:64bit: - [2010/12/24 15:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV:64bit: - [2010/10/29 22:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/07/12 12:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/04/13 15:47:12 | 000,200,200 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioUSBMIDI.sys -- (MAUSBMIDI)
DRV:64bit: - [2010/03/31 14:47:08 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/26 15:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/19 06:33:48 | 000,167,816 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/02/03 05:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/01/19 18:32:40 | 000,103,944 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bdvedisk.sys -- (BDVEDISK)
DRV:64bit: - [2009/12/17 16:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/12/17 04:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/12/01 13:04:08 | 000,709,632 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/10/18 18:40:50 | 000,028,176 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2009/09/16 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/08/20 10:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/08/09 15:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/07/21 08:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/13 19:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 19:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 14:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/08/06 06:32:16 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {155276F4-D2A3-E016-B329-F646B1D9E78C}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{155276F4-D2A3-E016-B329-F646B1D9E78C}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Derek\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Derek\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2012\BDTBEXT\ [2012/03/04 14:32:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\CodecCheck\firefox [2011/10/19 21:08:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/16 00:26:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/01 17:05:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/01 19:33:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ [2012/03/04 14:32:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Derek\AppData\Roaming\IDM\idmmzcc3 [2012/03/05 00:04:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Derek\AppData\Roaming\IDM\idmmzcc3 [2012/03/05 00:04:31 | 000,000,000 | ---D | M]

[2011/02/11 15:47:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Derek\AppData\Roaming\Mozilla\Extensions
[2012/02/29 23:54:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\lk1r3tbs.default\extensions
[2011/08/09 17:14:09 | 000,000,000 | ---D | M] (Add N Edit Cookies) -- C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\lk1r3tbs.default\extensions\{038dc421-b19e-4711-a218-1fd10de9163b}
[2011/05/06 20:26:40 | 000,000,000 | ---D | M] (Veehd Plugin) -- C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\lk1r3tbs.default\extensions\{3DB5ABE1-407D-458F-AD5D-8D89BD625CCC}
[2012/02/29 23:54:28 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\lk1r3tbs.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/02/29 15:33:57 | 000,000,000 | ---D | M] (IDM CC) -- C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\lk1r3tbs.default\extensions\[email protected]
[2012/02/01 19:33:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/16 00:26:28 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/03/01 17:05:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/29 07:36:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/29 07:36:35 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/...l_date=20110901
CHR - default_search_provider: suggest_url = http://api.bing.com/...n.aspx?query=%s
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Derek\AppData\Local\Google\Chrome\Application\17.0.963.65\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Derek\AppData\Local\Google\Chrome\Application\17.0.963.65\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Derek\AppData\Local\Google\Chrome\Application\17.0.963.65\pdf.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Derek\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\windows\system32\Wat\npWatWeb.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Clear history = C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpledeejjeclnbheljakfceonnainbbc\4.51_0\
CHR - Extension: Veehd Plugin = C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nggibpkldeegooaoeafiingedpapjifl\1.2_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

Hosts file not found
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: utexas.edu ([courses] https in Trusted sites)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCA61059-B0E9-40B4-99F4-CE5D008C4233}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE48BD1E-FE32-4BB4-91EA-5073BC9F8744}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/04 23:37:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/03/04 23:37:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/03/04 23:37:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/03/04 23:37:22 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/03/04 23:33:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/04 15:05:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/04 15:05:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/03/04 14:33:10 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging
[2012/03/04 14:32:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2012
[2012/03/04 14:30:53 | 000,442,088 | ---- | C] (BitDefender) -- C:\windows\SysNative\drivers\bdfsfltr.sys
[2012/03/04 14:30:43 | 000,329,800 | ---- | C] (BitDefender S.R.L.) -- C:\windows\SysNative\drivers\trufos.sys
[2012/03/03 14:08:26 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\InstallShield
[2012/03/02 11:41:09 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\Meaga
[2012/03/02 11:41:09 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\Doago
[2012/03/02 11:41:09 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\Coro

========== Files - Modified Within 30 Days ==========

[2012/03/05 15:51:33 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/05 15:51:33 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/05 15:09:20 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/03/05 00:22:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1984822501-3104199865-601314547-1000UA.job
[2012/03/05 00:22:00 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1984822501-3104199865-601314547-1000Core.job
[2012/03/05 00:16:35 | 000,000,112 | ---- | M] () -- C:\ProgramData\u8M8LDC4.dat
[2012/03/05 00:12:00 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At2.job
[2012/03/05 00:12:00 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At1.job
[2012/03/05 00:08:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1984822501-3104199865-601314547-1000UA1cc8d90a367550d.job
[2012/03/05 00:02:28 | 000,090,112 | ---- | M] () -- C:\windows\SysWow64\7j11R82E.com_
[2012/03/05 00:02:00 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At48.job
[2012/03/05 00:02:00 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At46.job
[2012/03/05 00:02:00 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At44.job
[2012/03/05 00:02:00 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At47.job
[2012/03/05 00:02:00 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At45.job
[2012/03/05 00:02:00 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At43.job
[2012/03/05 00:01:59 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At42.job
[2012/03/05 00:01:59 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At40.job
[2012/03/05 00:01:59 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At38.job
[2012/03/05 00:01:59 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At36.job
[2012/03/05 00:01:59 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At34.job
[2012/03/05 00:01:59 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At32.job
[2012/03/05 00:01:59 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At41.job
[2012/03/05 00:01:59 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At39.job
[2012/03/05 00:01:59 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At37.job
[2012/03/05 00:01:59 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At35.job
[2012/03/05 00:01:59 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At33.job
[2012/03/05 00:01:58 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At30.job
[2012/03/05 00:01:58 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At28.job
[2012/03/05 00:01:58 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At26.job
[2012/03/05 00:01:58 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At24.job
[2012/03/05 00:01:58 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At31.job
[2012/03/05 00:01:58 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At29.job
[2012/03/05 00:01:58 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At27.job
[2012/03/05 00:01:58 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At25.job
[2012/03/05 00:01:58 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At23.job
[2012/03/05 00:01:57 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At22.job
[2012/03/05 00:01:57 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At20.job
[2012/03/05 00:01:57 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At18.job
[2012/03/05 00:01:57 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At16.job
[2012/03/05 00:01:57 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At14.job
[2012/03/05 00:01:57 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At21.job
[2012/03/05 00:01:57 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At19.job
[2012/03/05 00:01:57 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At17.job
[2012/03/05 00:01:57 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At15.job
[2012/03/05 00:01:56 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At8.job
[2012/03/05 00:01:56 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At6.job
[2012/03/05 00:01:56 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At12.job
[2012/03/05 00:01:56 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At10.job
[2012/03/05 00:01:56 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At9.job
[2012/03/05 00:01:56 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At7.job
[2012/03/05 00:01:56 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At13.job
[2012/03/05 00:01:56 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At11.job
[2012/03/05 00:01:55 | 000,000,352 | ---- | M] () -- C:\windows\tasks\At4.job
[2012/03/05 00:01:55 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At5.job
[2012/03/05 00:01:55 | 000,000,350 | ---- | M] () -- C:\windows\tasks\At3.job
[2012/03/04 23:51:54 | 000,000,000 | -HS- | M] () -- C:\windows\SysNative\dds_trash_log.cmd
[2012/03/04 23:50:58 | 3063,033,856 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/04 15:24:58 | 000,001,201 | ---- | M] () -- C:\Users\Derek\Desktop\Live 8.2.1.lnk
[2012/03/04 15:05:15 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/04 14:37:56 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2012/03/04 14:34:26 | 001,760,402 | ---- | M] () -- C:\ProgramData\1330893041.bdinstall.bin
[2012/03/04 14:33:12 | 000,000,270 | ---- | M] () -- C:\bdr-conf
[2012/03/04 14:32:52 | 000,002,096 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Total Security 2012.lnk
[2012/03/04 14:05:18 | 000,501,734 | ---- | M] () -- C:\ProgramData\bdinstall.bin
[2012/03/04 13:49:45 | 000,739,600 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/03/04 13:49:45 | 000,632,946 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/03/04 13:49:45 | 000,110,548 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/03/02 10:08:00 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1984822501-3104199865-601314547-1000Core1cc8d909fe3ed82.job

========== Files Created - No Company Name ==========

[2012/03/05 00:02:00 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At48.job
[2012/03/05 00:02:00 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At46.job
[2012/03/05 00:02:00 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At44.job
[2012/03/05 00:02:00 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At47.job
[2012/03/05 00:02:00 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At45.job
[2012/03/05 00:02:00 | 000,000,112 | ---- | C] () -- C:\ProgramData\u8M8LDC4.dat
[2012/03/05 00:01:59 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At42.job
[2012/03/05 00:01:59 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At40.job
[2012/03/05 00:01:59 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At38.job
[2012/03/05 00:01:59 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At36.job
[2012/03/05 00:01:59 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At34.job
[2012/03/05 00:01:59 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At43.job
[2012/03/05 00:01:59 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At41.job
[2012/03/05 00:01:59 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At39.job
[2012/03/05 00:01:59 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At37.job
[2012/03/05 00:01:59 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At35.job
[2012/03/05 00:01:59 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At33.job
[2012/03/05 00:01:58 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At32.job
[2012/03/05 00:01:58 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At30.job
[2012/03/05 00:01:58 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At28.job
[2012/03/05 00:01:58 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At26.job
[2012/03/05 00:01:58 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At24.job
[2012/03/05 00:01:58 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At31.job
[2012/03/05 00:01:58 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At29.job
[2012/03/05 00:01:58 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At27.job
[2012/03/05 00:01:58 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At25.job
[2012/03/05 00:01:57 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At22.job
[2012/03/05 00:01:57 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At20.job
[2012/03/05 00:01:57 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At18.job
[2012/03/05 00:01:57 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At16.job
[2012/03/05 00:01:57 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At23.job
[2012/03/05 00:01:57 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At21.job
[2012/03/05 00:01:57 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At19.job
[2012/03/05 00:01:57 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At17.job
[2012/03/05 00:01:57 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At15.job
[2012/03/05 00:01:56 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At8.job
[2012/03/05 00:01:56 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At14.job
[2012/03/05 00:01:56 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At12.job
[2012/03/05 00:01:56 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At10.job
[2012/03/05 00:01:56 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At9.job
[2012/03/05 00:01:56 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At7.job
[2012/03/05 00:01:56 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At13.job
[2012/03/05 00:01:56 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At11.job
[2012/03/05 00:01:55 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At6.job
[2012/03/05 00:01:55 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At4.job
[2012/03/05 00:01:55 | 000,000,352 | ---- | C] () -- C:\windows\tasks\At2.job
[2012/03/05 00:01:55 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At5.job
[2012/03/05 00:01:55 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At3.job
[2012/03/05 00:01:55 | 000,000,350 | ---- | C] () -- C:\windows\tasks\At1.job
[2012/03/04 23:37:40 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/03/04 23:37:40 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/03/04 23:37:40 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/03/04 23:37:40 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/03/04 23:37:40 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/03/04 19:22:34 | 000,090,112 | ---- | C] () -- C:\windows\SysWow64\7j11R82E.com_
[2012/03/04 15:24:58 | 000,001,201 | ---- | C] () -- C:\Users\Derek\Desktop\Live 8.2.1.lnk
[2012/03/04 15:05:15 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/04 14:37:56 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2012/03/04 14:34:26 | 001,760,402 | ---- | C] () -- C:\ProgramData\1330893041.bdinstall.bin
[2012/03/04 14:33:12 | 036,942,680 | ---- | C] () -- C:\bdrescue.gz
[2012/03/04 14:33:12 | 002,510,608 | ---- | C] () -- C:\bdrescue.vm
[2012/03/04 14:33:12 | 000,217,769 | ---- | C] () -- C:\bdrescue
[2012/03/04 14:33:12 | 000,009,216 | ---- | C] () -- C:\bdrescue.mbr
[2012/03/04 14:33:12 | 000,000,270 | ---- | C] () -- C:\bdr-conf
[2012/03/04 14:32:52 | 000,002,096 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Total Security 2012.lnk
[2012/03/03 14:47:04 | 000,000,000 | -HS- | C] () -- C:\windows\SysNative\dds_trash_log.cmd
[2012/01/07 22:59:41 | 000,004,608 | ---- | C] () -- C:\Users\Derek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/24 22:45:19 | 000,000,000 | ---- | C] () -- C:\windows\PowerReg.dat
[2011/08/16 21:56:53 | 000,007,627 | ---- | C] () -- C:\Users\Derek\AppData\Local\Resmon.ResmonCfg
[2011/05/29 11:36:24 | 000,501,734 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011/03/26 11:00:54 | 000,004,893 | ---- | C] () -- C:\ProgramData\cdjuscuc.sqp
[2010/09/09 01:25:34 | 000,000,093 | ---- | C] () -- C:\Users\Derek\AppData\Local\fusioncache.dat
[2010/08/23 15:12:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/21 11:30:00 | 000,000,025 | ---- | C] () -- C:\Users\Derek\AppData\Roaming\bdfvconp.ini
[2010/08/21 11:25:14 | 000,756,022 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/07/08 09:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe
[2010/05/27 02:24:20 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin
[2010/05/27 02:24:20 | 000,000,512 | ---- | C] () -- C:\windows\current.bin
[2010/05/27 02:07:08 | 002,110,816 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2010/05/27 02:07:08 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2010/05/27 02:07:00 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2010/05/27 01:36:57 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/05/27 01:36:57 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2010/03/31 14:44:38 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2010/03/31 14:44:38 | 000,104,636 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2010/03/31 14:44:36 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin

========== LOP Check ==========

[2010/12/13 19:49:24 | 000,000,000 | ---D | M] -- C:\Users\Derek\AppData\Roaming\Ableton
[2011/01/26 00:29:28 | 000,000,000 | ---D | M] -- C:\Users\Derek\AppData\Roaming\adma
[2011/05/03 10:22:42 | 000,000,000 | ---D | M] -- C:\Users\Derek\AppData\Roaming\allTunes
[2011/12/21 22:52:43 | 000,000,000 | ---D | M] -- C:\Users\Derek\AppData\Roaming\Amazon
[2012/03/04 14:35:04 | 000,000,000 | ---D | M] -- C:\Users\Derek\AppData\Roaming\BitDefender
[2012/01/16 16:27:34 | 000,000,000 | ---D | M] -- C:\Users\Derek\AppData\Roaming\calibre
[2011/07/29 12:54:33 | 000,000,000 | ---D | M] -- C:\Users\Derek\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/03/02 11:43:02 | 000,000,000 | ---D | M] -- C:\Users\Derek\AppData\Roaming\Coro
[2012/03/05 16:00:13 | 000,000,000 | ---D | M] -- C:\Users\Derek\AppData\Roaming\DMCache
[2012/03/02 11:43:17 | 000,000,000 | ---D | M] -- C:\Users\Derek\AppData\Roaming\Doago
[2011/02/24 23:51:47 | 000,000,000 | ---D | M] -- C:\Users\Derek\AppData\Roaming\DVDVideoSoft
[2011/12/13 20:36:17 | 000,000,000 | ---D | M] -- C:\Users\Derek\AppData\Roaming\FileZilla
[2011/12/08 12:13:25 | 000,000,000 | ---D | M] -- C:\Users\Derek\AppData\Roaming\GetRightToGo
[2010/09/04 14:33:39 | 000,000,000 | ---D | M] -- C:\Users\Derek\AppData\Roaming\ID Vault
[2012/03/04 23:52:09 | 000,000,000 | ---D | M] -- C:\Users\Derek\AppData\Roaming\IDM
[2011/10/29 15:05:50 | 000,000,000 | ---D | M] -- C:\Users\Derek\AppData\Roaming\Leadertech
[2010/08/22 09:57:50 | 000,000,000 | ---D | M] -- C:\Users\Derek\AppData\Roaming\Lenovo
[2012/03/02 11:43:34 | 000,000,000 | ---D | M] -- C:\Users\Derek\AppData\Roaming\Meaga
[2010/08/13 22:31:07 | 000,000,000 | ---D | M] -- C:\Users\Derek\AppData\Roaming\ooVoo Details
[2010/08/21 14:02:41 | 000,000,000 | ---D | M] -- C:\Users\Derek\AppData\Roaming\PACE Anti-Piracy
[2011/08/01 20:14:41 | 000,000,000 | ---D | M] -- C:\Users\Derek\AppData\Roaming\Publish Providers
[2011/05/29 11:36:54 | 000,000,000 | ---D | M] -- C:\Users\Derek\AppData\Roaming\QuickScan
[2011/08/01 18:25:19 | 000,000,000 | ---D | M] -- C:\Users\Derek\AppData\Roaming\Sony
[2012/03/04 12:42:43 | 000,000,000 | ---D | M] -- C:\Users\Derek\AppData\Roaming\Spotify
[2010/09/27 23:50:48 | 000,000,000 | ---D | M] -- C:\Users\Derek\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/03/26 11:09:09 | 000,000,000 | ---D | M] -- C:\Users\Derek\AppData\Roaming\SumatraPDF
[2011/03/26 11:03:11 | 000,000,000 | ---D | M] -- C:\Users\Derek\AppData\Roaming\YCanPDF
[2012/03/05 00:12:00 | 000,000,350 | ---- | M] () -- C:\windows\Tasks\At1.job
[2012/03/05 00:01:56 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At10.job
[2012/03/05 00:01:56 | 000,000,350 | ---- | M] () -- C:\windows\Tasks\At11.job
[2012/03/05 00:01:56 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At12.job
[2012/03/05 00:01:56 | 000,000,350 | ---- | M] () -- C:\windows\Tasks\At13.job
[2012/03/05 00:01:57 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At14.job
[2012/03/05 00:01:57 | 000,000,350 | ---- | M] () -- C:\windows\Tasks\At15.job
[2012/03/05 00:01:57 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At16.job
[2012/03/05 00:01:57 | 000,000,350 | ---- | M] () -- C:\windows\Tasks\At17.job
[2012/03/05 00:01:57 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At18.job
[2012/03/05 00:01:57 | 000,000,350 | ---- | M] () -- C:\windows\Tasks\At19.job
[2012/03/05 00:12:00 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At2.job
[2012/03/05 00:01:57 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At20.job
[2012/03/05 00:01:57 | 000,000,350 | ---- | M] () -- C:\windows\Tasks\At21.job
[2012/03/05 00:01:57 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At22.job
[2012/03/05 00:01:58 | 000,000,350 | ---- | M] () -- C:\windows\Tasks\At23.job
[2012/03/05 00:01:58 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At24.job
[2012/03/05 00:01:58 | 000,000,350 | ---- | M] () -- C:\windows\Tasks\At25.job
[2012/03/05 00:01:58 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At26.job
[2012/03/05 00:01:58 | 000,000,350 | ---- | M] () -- C:\windows\Tasks\At27.job
[2012/03/05 00:01:58 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At28.job
[2012/03/05 00:01:58 | 000,000,350 | ---- | M] () -- C:\windows\Tasks\At29.job
[2012/03/05 00:01:55 | 000,000,350 | ---- | M] () -- C:\windows\Tasks\At3.job
[2012/03/05 00:01:58 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At30.job
[2012/03/05 00:01:58 | 000,000,350 | ---- | M] () -- C:\windows\Tasks\At31.job
[2012/03/05 00:01:59 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At32.job
[2012/03/05 00:01:59 | 000,000,350 | ---- | M] () -- C:\windows\Tasks\At33.job
[2012/03/05 00:01:59 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At34.job
[2012/03/05 00:01:59 | 000,000,350 | ---- | M] () -- C:\windows\Tasks\At35.job
[2012/03/05 00:01:59 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At36.job
[2012/03/05 00:01:59 | 000,000,350 | ---- | M] () -- C:\windows\Tasks\At37.job
[2012/03/05 00:01:59 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At38.job
[2012/03/05 00:01:59 | 000,000,350 | ---- | M] () -- C:\windows\Tasks\At39.job
[2012/03/05 00:01:55 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At4.job
[2012/03/05 00:01:59 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At40.job
[2012/03/05 00:01:59 | 000,000,350 | ---- | M] () -- C:\windows\Tasks\At41.job
[2012/03/05 00:01:59 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At42.job
[2012/03/05 00:02:00 | 000,000,350 | ---- | M] () -- C:\windows\Tasks\At43.job
[2012/03/05 00:02:00 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At44.job
[2012/03/05 00:02:00 | 000,000,350 | ---- | M] () -- C:\windows\Tasks\At45.job
[2012/03/05 00:02:00 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At46.job
[2012/03/05 00:02:00 | 000,000,350 | ---- | M] () -- C:\windows\Tasks\At47.job
[2012/03/05 00:02:00 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At48.job
[2012/03/05 00:01:55 | 000,000,350 | ---- | M] () -- C:\windows\Tasks\At5.job
[2012/03/05 00:01:56 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At6.job
[2012/03/05 00:01:56 | 000,000,350 | ---- | M] () -- C:\windows\Tasks\At7.job
[2012/03/05 00:01:56 | 000,000,352 | ---- | M] () -- C:\windows\Tasks\At8.job
[2012/03/05 00:01:56 | 000,000,350 | ---- | M] () -- C:\windows\Tasks\At9.job
[2012/01/26 23:21:11 | 000,032,608 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/03/04 13:51:07 | 000,000,000 | ---- | M] ()(C:\windows\SysNative\?????) -- C:\windows\SysNative\獷楬汢捯污
[2012/03/04 13:51:07 | 000,000,000 | ---- | C] ()(C:\windows\SysNative\?????) -- C:\windows\SysNative\獷楬汢捯污

========== Alternate Data Streams ==========

@Alternate Data Stream - 1107 bytes -> C:\Users\Derek\AppData\Local\n5GTMNwpI3N:WEKbiaACNpDmQGPgBfYGN5gPS
@Alternate Data Stream - 1030 bytes -> C:\Users\Derek\AppData\Local\SOKCEBaIPITiQF:uvqnkpgfVfDHgFoANaKhuDi

< End of report >

Attached Files


Edited by Derek Elko, 05 March 2012 - 04:28 PM.

  • 0

Advertisements

#2
Derek Elko
Posted 05 March 2012 - 04:03 PM

Derek Elko

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
I just realized I disobeyed the instructions with the log scans and not using OTL. Sorry for the disobedience lol.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP