Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Constant Avast Pop-Ups claiming "Malware Blocked" and "Tro


  • This topic is locked This topic is locked

#1
soshoreguy

soshoreguy

    Member

  • Member
  • PipPip
  • 12 posts
Hi--new to this site,
I'm getting constant pop-up that Avast file system shield has blocked these two--Malware and Trojan Horse.
The Infection is either "Win32:Malware-gen" or "Win32:Downloader-PKU[Trj] and the Process is "C:\Windows\System32\services.exe"
The Object changes sometimes on the last set of characters but the most of it is C:\Windows\Installer\{de292682-6ec1-8843-3648-40479e37cc8c}\U\[email protected]

Sometimes it ends with u\[email protected] or u\[email protected]

I ran Malwarbytes Anti-malware which will find one infection but it always comes back on reboot.

I ran OTL and the report is below--not sure what to do next--any assistance would be greatly appreciated---Thanks

OTL logfile created on: 8/8/2012 12:07:55 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Brian\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.35 Gb Available Physical Memory | 79.42% Memory free
15.98 Gb Paging File | 12.42 Gb Available in Paging File | 77.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.75 Gb Total Space | 744.44 Gb Free Space | 81.20% Space Free | Partition Type: NTFS
Drive D: | 14.76 Gb Total Space | 2.09 Gb Free Space | 14.14% Space Free | Partition Type: NTFS

Computer Name: BRIAN-PC | User Name: Brian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/08 12:06:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe
PRC - [2012/07/09 11:32:33 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/07/03 12:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/02/06 21:45:24 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2011/06/01 12:42:28 | 000,071,432 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
PRC - [2011/06/01 12:42:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2011/06/01 12:16:54 | 002,260,992 | ---- | M] (Axentra Corporation) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
PRC - [2010/09/14 19:09:52 | 001,213,848 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/09/09 15:38:16 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2009/08/06 04:08:34 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/07/23 21:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/01/26 16:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/12/04 13:00:26 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/12/04 13:00:20 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/09/30 20:59:26 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
PRC - [2007/11/02 14:52:40 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe
PRC - [2005/07/15 17:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
PRC - [2003/04/08 15:42:28 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Belkin\F1U201.401\usbshare.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 03:35:09 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d94445e265a23b70882891a257016fc7\System.ServiceProcess.ni.dll
MOD - [2012/06/14 03:35:04 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ec79cacc34b50705e123ce65f3f2f695\System.Web.ni.dll
MOD - [2012/06/14 03:34:38 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\491c25313af536aef12b311ac944b452\System.Windows.Forms.ni.dll
MOD - [2012/06/14 03:34:32 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c0f0396061385f6e9afd6be0df967c40\System.Drawing.ni.dll
MOD - [2012/02/16 04:25:34 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0a894f77b9aa64acbd3ce791916357d8\System.Runtime.Remoting.ni.dll
MOD - [2012/02/16 04:25:12 | 000,310,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\c9ba9c9f4251a1978433fb8a5b8b0e01\System.Runtime.Serialization.Formatters.Soap.ni.dll
MOD - [2012/02/16 04:24:46 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll
MOD - [2012/02/16 04:24:43 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll
MOD - [2012/02/16 04:24:39 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll
MOD - [2012/01/03 09:45:08 | 000,016,832 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ViewerPS.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/13 03:24:07 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d71769228ebe7732ae31ac194fe00ff0\Accessibility.ni.dll
MOD - [2011/10/13 03:23:31 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/06/01 12:46:02 | 000,030,984 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
MOD - [2011/06/01 12:42:24 | 000,108,296 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Progress.dll
MOD - [2011/06/01 12:16:54 | 000,971,776 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll
MOD - [2011/06/01 12:16:54 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
MOD - [2010/09/27 17:32:56 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.hpqusg\3.0.0.0__a53cf5803f4c3827\Interop.hpqusg.dll
MOD - [2009/08/06 04:08:32 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/07/13 21:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2009/07/13 21:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2008/12/12 18:11:26 | 000,148,480 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2008/12/12 18:11:26 | 000,097,280 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2008/02/07 10:05:18 | 000,163,840 | ---- | M] () -- C:\Windows\SysWOW64\hppatusg01.dll
MOD - [2007/11/02 14:52:40 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\HPUsageTracking.dll
MOD - [2007/11/02 14:52:40 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe
MOD - [2007/11/02 14:52:38 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\HPToolkit.dll
MOD - [2007/11/02 14:52:38 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\Enumeration.dll
MOD - [2007/11/02 14:52:22 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\HPTools.dll
MOD - [2007/11/02 14:52:16 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\HPStreamsInterface.dll
MOD - [2003/04/08 15:42:28 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Belkin\F1U201.401\usbshare.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/05/16 00:24:10 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/06 21:45:24 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2011/06/01 12:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2011/05/04 17:10:32 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/12/08 22:51:08 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/12/04 13:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/09/30 20:59:26 | 000,192,512 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe -- (HPBtnSrv)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/07/03 12:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/07/03 12:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/07/03 12:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/07/03 12:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/07/03 12:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/07/03 12:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/08 23:00:20 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2010/02/05 00:20:28 | 000,013,824 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HP8107.sys -- (HP8107Fltr)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/29 10:00:00 | 000,116,752 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/06/13 01:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 16:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 16:35:02 | 000,244,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1q60x64.sys -- (e1qexpress)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/16 01:02:04 | 005,957,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2008/12/18 16:30:58 | 000,098,656 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2008/12/12 18:05:18 | 000,033,072 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)
DRV:64bit: - [2008/12/12 18:05:18 | 000,031,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
DRV:64bit: - [2008/12/04 08:48:52 | 000,407,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{8FD0129F-8D6E-4EE4-9F08-D2C36A8F9BAC}: "URL" = http://search.live.c...ms}&FORM=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{F17666AB-12C0-477A-B6AD-625ED9CF490C}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{8FD0129F-8D6E-4EE4-9F08-D2C36A8F9BAC}: "URL" = http://search.live.c...ms}&FORM=HPDTDF
IE - HKLM\..\SearchScopes\{F17666AB-12C0-477A-B6AD-625ED9CF490C}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {26180AC2-1343-4125-9552-7FA46439FD3B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{26180AC2-1343-4125-9552-7FA46439FD3B}: "URL" = http://www.google.co...1I7ADFA_enUS478
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{8FD0129F-8D6E-4EE4-9F08-D2C36A8F9BAC}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{EB40EEE6-3427-4809-A7AB-9629F83C4E5E}: "URL" = http://websearch.ask...7-99417D688ED0
IE - HKCU\..\SearchScopes\{F17666AB-12C0-477A-B6AD-625ED9CF490C}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Brian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)



Hosts file not found
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HP Remote Software] C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe ()
O4:64bit: - HKLM..\Run: [HPUsageTracking] "\HP UT\bin\hppusg.exe" "\HP UT" File not found
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PrnStatusMX] C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe (Marvell Semiconductor, Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files (x86)\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe ()
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk.disabled ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} https://www.hpwindow...PProdDetect.cab (HP Product Detection Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://hockeycam.cam...activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F748035-6FBF-4CC5-AC43-F31883B6C40E}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96B65D71-13C0-453E-ABE6-ACD96080A6BF}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\bwaterscene.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\bwaterscene.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/08 12:06:38 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe
[2012/07/25 14:09:58 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/07/13 10:20:32 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/07/09 17:57:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/09 17:57:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[3103 C:\Windows\Installer\{de292682-6ec1-8843-3648-40479e37cc8c}\U\*.tmp files -> C:\Windows\Installer\{de292682-6ec1-8843-3648-40479e37cc8c}\U\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/08 12:07:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/08 12:06:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe
[2012/08/08 11:56:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At24.job
[2012/08/08 11:56:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At23.job
[2012/08/08 10:56:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At22.job
[2012/08/08 10:56:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At21.job
[2012/08/08 10:04:07 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/08 10:04:05 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At8.job
[2012/08/08 10:04:05 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At6.job
[2012/08/08 10:04:05 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At48.job
[2012/08/08 10:04:05 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At4.job
[2012/08/08 10:04:05 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At20.job
[2012/08/08 10:04:05 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At2.job
[2012/08/08 10:04:05 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At18.job
[2012/08/08 10:04:05 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At16.job
[2012/08/08 10:04:05 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At14.job
[2012/08/08 10:04:05 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At12.job
[2012/08/08 10:04:05 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At10.job
[2012/08/08 10:04:05 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At9.job
[2012/08/08 10:04:05 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At7.job
[2012/08/08 10:04:05 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At5.job
[2012/08/08 10:04:05 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At47.job
[2012/08/08 10:04:05 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At3.job
[2012/08/08 10:04:05 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At19.job
[2012/08/08 10:04:05 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At17.job
[2012/08/08 10:04:05 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At15.job
[2012/08/08 10:04:05 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At13.job
[2012/08/08 10:04:05 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At11.job
[2012/08/08 10:04:05 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At1.job
[2012/08/08 10:04:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/07 22:56:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At46.job
[2012/08/07 22:56:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At45.job
[2012/08/07 21:56:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At44.job
[2012/08/07 21:56:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At43.job
[2012/08/07 21:03:22 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At42.job
[2012/08/07 21:03:22 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At40.job
[2012/08/07 21:03:22 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At41.job
[2012/08/07 21:03:22 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At39.job
[2012/08/07 18:56:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At38.job
[2012/08/07 18:56:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At37.job
[2012/08/07 17:56:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At36.job
[2012/08/07 17:56:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At35.job
[2012/08/07 16:56:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At34.job
[2012/08/07 16:56:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At33.job
[2012/08/07 15:56:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At32.job
[2012/08/07 15:56:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At31.job
[2012/08/07 15:20:07 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At30.job
[2012/08/07 15:20:07 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At28.job
[2012/08/07 15:20:07 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At26.job
[2012/08/07 15:20:07 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At29.job
[2012/08/07 15:20:07 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At27.job
[2012/08/07 15:20:07 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At25.job
[2012/08/06 18:57:58 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/06 18:57:58 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/06 16:21:15 | 2140,528,639 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/27 16:59:57 | 001,085,882 | ---- | M] () -- C:\Users\Brian\Desktop\HE Apology.pdf
[2012/07/27 14:54:00 | 000,000,036 | ---- | M] () -- C:\Users\Brian\AppData\Local\housecall.guid.cache
[2012/07/25 14:09:58 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/07/21 12:31:12 | 000,581,331 | ---- | M] () -- C:\Users\Brian\Desktop\HE Letter.pdf
[2012/07/16 12:34:03 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/13 11:42:46 | 000,336,484 | ---- | M] () -- C:\Users\Brian\Desktop\How_ISO_works_photography_cheat_sheet.jpg
[2012/07/12 09:12:12 | 000,001,139 | ---- | M] () -- C:\Users\Brian\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/07/12 03:20:32 | 000,489,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/12 03:18:44 | 645,355,371 | ---- | M] () -- C:\Windows\MEMORY.DMP
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/06 16:22:49 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{de292682-6ec1-8843-3648-40479e37cc8c}\U\[email protected]
[2012/07/27 17:00:53 | 001,085,882 | ---- | C] () -- C:\Users\Brian\Desktop\HE Apology.pdf
[2012/07/27 16:12:00 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{de292682-6ec1-8843-3648-40479e37cc8c}\U\[email protected]
[2012/07/27 14:54:00 | 000,000,036 | ---- | C] () -- C:\Users\Brian\AppData\Local\housecall.guid.cache
[2012/07/27 13:44:28 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{de292682-6ec1-8843-3648-40479e37cc8c}\L\[email protected]
[2012/07/25 14:07:54 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{de292682-6ec1-8843-3648-40479e37cc8c}\U\[email protected]
[2012/07/21 12:32:03 | 000,581,331 | ---- | C] () -- C:\Users\Brian\Desktop\HE Letter.pdf
[2012/07/13 11:42:45 | 000,336,484 | ---- | C] () -- C:\Users\Brian\Desktop\How_ISO_works_photography_cheat_sheet.jpg
[2012/07/09 17:57:01 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/09 17:09:38 | 000,129,737 | ---- | C] () -- C:\Users\Brian\Documents\S_fence (2).JPG
[2012/07/09 17:08:52 | 000,129,737 | ---- | C] () -- C:\Users\Brian\Documents\S_fence.JPG
[2012/03/26 10:57:35 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Icons
[2012/03/26 10:54:21 | 000,000,000 | ---- | C] () -- C:\ProgramData\Clips
[2012/02/06 21:45:30 | 000,326,144 | ---- | C] () -- C:\Windows\SysWow64\HDREfexProFC32.dll
[2012/01/11 09:59:09 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{de292682-6ec1-8843-3648-40479e37cc8c}\@
[2012/01/11 09:59:09 | 000,002,048 | -HS- | C] () -- C:\Users\Brian\AppData\Local\{de292682-6ec1-8843-3648-40479e37cc8c}\@
[2011/11/26 23:05:04 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\N2BMLre6S.com.b
[2011/11/26 23:02:44 | 000,000,112 | ---- | C] () -- C:\ProgramData\58q7uu.dat
[2011/10/17 16:54:55 | 000,004,608 | ---- | C] () -- C:\Users\Brian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/20 13:34:50 | 024,804,015 | ---- | C] () -- C:\Users\Brian\NBC Best.rtf
[2010/11/03 22:29:58 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Database
[2010/11/03 22:29:58 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Dance Kit
[2010/11/03 22:29:58 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Dance
[2010/11/03 22:29:58 | 000,000,268 | RH-- | C] () -- C:\Users\Brian\AppData\Roaming\Core Data Application
[2010/11/03 22:29:58 | 000,000,268 | RH-- | C] () -- C:\Users\Brian\AppData\Roaming\Contextual Menu Items
[2010/11/03 22:29:58 | 000,000,268 | RH-- | C] () -- C:\Users\Brian\AppData\Roaming\Contents
[2010/11/03 22:29:58 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2010/11/03 22:29:58 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2010/11/03 22:29:58 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2010/11/03 21:53:26 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Conditionals
[2010/11/03 21:53:26 | 000,000,268 | RH-- | C] () -- C:\Users\Brian\AppData\Roaming\Commands
[2010/11/03 21:53:26 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/11/03 21:40:53 | 000,000,268 | RH-- | C] () -- C:\Users\Brian\AppData\Roaming\Hybrid Basic
[2010/11/03 21:36:46 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2010/09/22 12:57:31 | 000,072,080 | ---- | C] () -- C:\Users\Brian\g2mdlhlpx.exe
[2009/11/12 13:08:18 | 000,000,000 | ---- | C] () -- C:\Users\Brian\AppData\Roaming\wklnhst.dat
[2009/10/02 23:44:51 | 000,000,094 | ---- | C] () -- C:\Users\Brian\appletfile.props

========== LOP Check ==========

[2011/11/27 00:09:26 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\30CC1
[2011/11/27 15:48:58 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\3C330
[2011/10/17 16:16:40 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\ACD Systems
[2011/11/27 15:49:27 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\AIIBBrzzPNxA1vS
[2012/01/06 15:47:57 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Canon
[2010/01/20 22:56:06 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/11/26 13:27:04 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\d77ffELL9gTqjCw
[2011/04/21 13:02:54 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\deskPDF
[2011/01/20 20:32:33 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\eFax Messenger
[2010/10/23 12:20:09 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\ePaperPress
[2011/11/26 12:57:05 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\F444pmmG5sQJdE8
[2012/07/26 17:04:22 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\FileZilla
[2011/11/26 12:57:12 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\IHH66dWWK7fL9TX
[2011/01/20 20:33:34 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\j2 Global
[2012/05/16 14:27:34 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Leadertech
[2012/05/16 14:32:24 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Memeo
[2011/10/13 16:43:51 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Nikon
[2010/01/20 22:56:15 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\PictureMover
[2012/05/16 14:32:11 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Seagate
[2011/11/26 13:27:03 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\t77ffRL99TXqjCk
[2010/01/20 22:56:15 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Template
[2011/02/27 17:49:41 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Tific
[2011/11/26 12:57:06 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\tOOONyyxA0uS2iF
[2010/07/20 13:08:27 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\webex
[2011/11/26 12:57:12 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\zuuuvSS2ibF3nGa
[2012/08/08 10:04:05 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2012/08/08 10:04:05 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2012/08/08 10:04:05 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At11.job
[2012/08/08 10:04:05 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At12.job
[2012/08/08 10:04:05 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At13.job
[2012/08/08 10:04:05 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At14.job
[2012/08/08 10:04:05 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At15.job
[2012/08/08 10:04:05 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At16.job
[2012/08/08 10:04:05 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At17.job
[2012/08/08 10:04:05 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At18.job
[2012/08/08 10:04:05 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At19.job
[2012/08/08 10:04:05 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2012/08/08 10:04:05 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At20.job
[2012/08/08 10:56:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At21.job
[2012/08/08 10:56:00 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At22.job
[2012/08/08 11:56:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At23.job
[2012/08/08 11:56:00 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At24.job
[2012/08/07 15:20:07 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At25.job
[2012/08/07 15:20:07 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At26.job
[2012/08/07 15:20:07 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At27.job
[2012/08/07 15:20:07 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At28.job
[2012/08/07 15:20:07 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At29.job
[2012/08/08 10:04:05 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2012/08/07 15:20:07 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At30.job
[2012/08/07 15:56:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At31.job
[2012/08/07 15:56:00 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At32.job
[2012/08/07 16:56:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At33.job
[2012/08/07 16:56:00 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At34.job
[2012/08/07 17:56:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At35.job
[2012/08/07 17:56:00 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At36.job
[2012/08/07 18:56:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At37.job
[2012/08/07 18:56:00 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At38.job
[2012/08/07 21:03:22 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At39.job
[2012/08/08 10:04:05 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2012/08/07 21:03:22 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At40.job
[2012/08/07 21:03:22 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At41.job
[2012/08/07 21:03:22 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At42.job
[2012/08/07 21:56:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At43.job
[2012/08/07 21:56:00 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At44.job
[2012/08/07 22:56:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At45.job
[2012/08/07 22:56:00 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At46.job
[2012/08/08 10:04:05 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At47.job
[2012/08/08 10:04:05 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At48.job
[2012/08/08 10:04:05 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2012/08/08 10:04:05 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2012/08/08 10:04:05 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2012/08/08 10:04:05 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2012/08/08 10:04:05 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At9.job
[2012/05/31 09:13:40 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

< End of report >
  • 0

Advertisements


#2
dxfan1010101

dxfan1010101

    Member

  • Member
  • PipPipPip
  • 544 posts
Hello soshoreguy, Welcome to GeeksToGo

My name is dxfan101010 (dxfan for short) and I will be assisting you with your malware issue. Before continuing please read this post carefully.
  • **Please not i am still in training, every post i make has to be approved by my mentor, expect a slight delay.
  • It is recommended that you Print Or Save these instructions to The Desktop, as part of the fix could involve using Safe Mode
  • Malware removal is a multistage process. Please stay with me until I give you the All Clear
  • One that note please realize that these logs take time to review and I am a volunteer. Please be patient while I review your logs.
  • Follow all directions in the Order Posted. Not following the order can cause problems instead of fixing them.
  • Please Do Not run any programs / scans unless I request them.
  • When asked to post logs, Please Do Not use the attachment feature. Instead copy and paste them directly into your post.
  • If you have any questions, ask them Before continuing with the directions.
  • In order to remain fair, If you don't reply to this thread within 3 days it will be closed.
  • If you have run any removal programs or have experienced a change in symptoms since you posted this log please tell me.


I am going over your log and i should have a fix posted in the next 24 hours.
  • 0

#3
soshoreguy

soshoreguy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thanks Dxfan
  • 0

#4
dxfan1010101

dxfan1010101

    Member

  • Member
  • PipPipPip
  • 544 posts
Warning!!
You have an information stealing trojan installed on your computer.
Backdoor Trojans, IRCBots, keyloggers and Infostealers are very dangerous because they provide a way of accessing a computer system that bypasses security mechanisms and can steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, I suggest you do the following.

  • All passwords should be changed to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed using a different computer and not the infected one. If you use the infected computer, an attacker may get the new passwords and transaction information.
  • Banking and credit card institutions should be notified of the possible security breach.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards.

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/11/26 13:27:04 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\d77ffELL9gTqjCw
    [2011/11/26 12:57:05 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\F444pmmG5sQJdE8
    [2011/11/26 13:27:03 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\t77ffRL99TXqjCk
    [2011/11/26 12:57:06 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\tOOONyyxA0uS2iF
    [2011/11/26 12:57:12 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\zuuuvSS2ibF3nGa
    [2011/11/26 12:57:12 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\IHH66dWWK7fL9TX
    [2011/11/27 00:09:26 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\30CC1
    [2011/11/27 15:48:58 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\3C330
    :Files
    ipconfig /flushdns /c
    C:\Windows\Installer\{de292682-6ec1-8843-3648-40479e37cc8c}
    C:\Users\owner\AppData\Local\{de292682-6ec1-8843-3648-40479e37cc8c}
    C:\Windows\Tasks\At*.job
    :Commands
    [purity]
    [EMPTYFLASH]
    [EMPTYJAVA]

  • Then click the Run Fix button at the top
  • Let the program run unhindered.
  • OTL may ask to reboot the machine. Please do so if asked.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" for further review.
Notes:
  • Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  • Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
  • If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Dont forget
OTL Fix Log
Combofix.txt
  • 0

#5
soshoreguy

soshoreguy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi,
I have finished Step 1, the results are below--should I begin Step 2 ??

========== OTL ==========
C:\Users\Brian\AppData\Roaming\d77ffELL9gTqjCw folder moved successfully.
C:\Users\Brian\AppData\Roaming\F444pmmG5sQJdE8 folder moved successfully.
C:\Users\Brian\AppData\Roaming\t77ffRL99TXqjCk folder moved successfully.
C:\Users\Brian\AppData\Roaming\tOOONyyxA0uS2iF folder moved successfully.
C:\Users\Brian\AppData\Roaming\zuuuvSS2ibF3nGa folder moved successfully.
C:\Users\Brian\AppData\Roaming\IHH66dWWK7fL9TX folder moved successfully.
C:\Users\Brian\AppData\Roaming\30CC1 folder moved successfully.
C:\Users\Brian\AppData\Roaming\3C330 folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Brian\Desktop\cmd.bat deleted successfully.
C:\Users\Brian\Desktop\cmd.txt deleted successfully.
C:\Windows\Installer\{de292682-6ec1-8843-3648-40479e37cc8c}\U folder moved successfully.
C:\Windows\Installer\{de292682-6ec1-8843-3648-40479e37cc8c}\L folder moved successfully.
C:\Windows\Installer\{de292682-6ec1-8843-3648-40479e37cc8c} folder moved successfully.
File\Folder C:\Users\owner\AppData\Local\{de292682-6ec1-8843-3648-40479e37cc8c} not found.
C:\Windows\Tasks\At1.job moved successfully.
C:\Windows\Tasks\At10.job moved successfully.
C:\Windows\Tasks\At11.job moved successfully.
C:\Windows\Tasks\At12.job moved successfully.
C:\Windows\Tasks\At13.job moved successfully.
C:\Windows\Tasks\At14.job moved successfully.
C:\Windows\Tasks\At15.job moved successfully.
C:\Windows\Tasks\At16.job moved successfully.
C:\Windows\Tasks\At17.job moved successfully.
C:\Windows\Tasks\At18.job moved successfully.
C:\Windows\Tasks\At19.job moved successfully.
C:\Windows\Tasks\At2.job moved successfully.
C:\Windows\Tasks\At20.job moved successfully.
C:\Windows\Tasks\At21.job moved successfully.
C:\Windows\Tasks\At22.job moved successfully.
C:\Windows\Tasks\At23.job moved successfully.
C:\Windows\Tasks\At24.job moved successfully.
C:\Windows\Tasks\At25.job moved successfully.
C:\Windows\Tasks\At26.job moved successfully.
C:\Windows\Tasks\At27.job moved successfully.
C:\Windows\Tasks\At28.job moved successfully.
C:\Windows\Tasks\At29.job moved successfully.
C:\Windows\Tasks\At3.job moved successfully.
C:\Windows\Tasks\At30.job moved successfully.
C:\Windows\Tasks\At31.job moved successfully.
C:\Windows\Tasks\At32.job moved successfully.
C:\Windows\Tasks\At33.job moved successfully.
C:\Windows\Tasks\At34.job moved successfully.
C:\Windows\Tasks\At35.job moved successfully.
C:\Windows\Tasks\At36.job moved successfully.
C:\Windows\Tasks\At37.job moved successfully.
C:\Windows\Tasks\At38.job moved successfully.
C:\Windows\Tasks\At39.job moved successfully.
C:\Windows\Tasks\At4.job moved successfully.
C:\Windows\Tasks\At40.job moved successfully.
C:\Windows\Tasks\At41.job moved successfully.
C:\Windows\Tasks\At42.job moved successfully.
C:\Windows\Tasks\At43.job moved successfully.
C:\Windows\Tasks\At44.job moved successfully.
C:\Windows\Tasks\At45.job moved successfully.
C:\Windows\Tasks\At46.job moved successfully.
C:\Windows\Tasks\At47.job moved successfully.
C:\Windows\Tasks\At48.job moved successfully.
C:\Windows\Tasks\At5.job moved successfully.
C:\Windows\Tasks\At6.job moved successfully.
C:\Windows\Tasks\At7.job moved successfully.
C:\Windows\Tasks\At8.job moved successfully.
C:\Windows\Tasks\At9.job moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Brian
->Flash cache emptied: 271427 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Brian
->Java cache emptied: 39007382 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 37.00 mb


OTL by OldTimer - Version 3.2.56.0 log created on 08082012_145728
  • 0

#6
dxfan1010101

dxfan1010101

    Member

  • Member
  • PipPipPip
  • 544 posts
Yes. Please do step 2
  • 0

#7
soshoreguy

soshoreguy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi,
I downloaded and ran Combofix but it didn't produce any Report and I'm not sure where to find this report.
  • 0

#8
soshoreguy

soshoreguy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
It only took a few seconds to run and then the Combo slidebars went away and I didn't notice that it took away my internet connection and it didn't do a reboot.
Do you think it worked properly??
  • 0

#9
dxfan1010101

dxfan1010101

    Member

  • Member
  • PipPipPip
  • 544 posts
Reboot your computer, that should help. Please look in the C: drive of your computer for the combofix.txt file.
  • 0

#10
soshoreguy

soshoreguy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi dxfan,
I think I got it to run properly after you recommended I reboot.
Please let me know if you think My computer is cleaned up as best as can be done.
Also, can you tell what type of Malware was infecting my machine---was it a key stroke program??
Thanks!!

ComboFix 12-08-08.01 - Brian 08/08/2012 16:19:01.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8183.6015 [GMT -4:00]
Running from: c:\users\Brian\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\version.txt
c:\users\Brian\g2mdlhlpx.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\setupact.log
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-08 to 2012-08-08 )))))))))))))))))))))))))))))))
.
.
2012-08-08 20:27 . 2012-08-08 20:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-08 18:57 . 2012-08-08 18:57 -------- d-----w- C:\_OTL
2012-07-25 18:09 . 2012-07-03 16:21 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-13 14:20 . 2012-07-13 14:20 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-12 07:02 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-07-09 21:57 . 2012-07-20 14:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-09 15:32 . 2012-03-28 20:01 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-09 15:32 . 2012-01-17 16:46 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 17:46 . 2011-02-27 22:26 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 16:21 . 2011-11-27 18:36 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2011-11-27 18:36 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2011-11-27 18:36 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2011-11-27 18:36 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2011-11-27 18:36 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2011-11-27 18:36 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2011-11-27 18:36 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-03 16:21 . 2011-11-27 18:36 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-02 22:19 . 2012-06-22 11:55 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 11:55 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 11:55 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 11:55 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 11:55 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 11:55 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 11:55 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-22 11:55 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-22 11:55 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-07 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-06 224616]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-20 98304]
"KBD"="c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"HPUsageTracking"="c:\program files (x86)\HP\HP UT\bin\hppusg.exe" [2007-11-02 36864]
"hpbdfawep"="c:\program files (x86)\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 1214976]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2010-09-09 452016]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files (x86)\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
eFax 4.4.lnk.disabled [2011-1-20 1030]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Camio Viewer 2000.lnk - c:\program files (x86)\Sierra Imaging\Image Expert 2000\IXApplet.exe [2009-7-25 49152]
F1U201.401.lnk - c:\program files (x86)\Belkin\F1U201.401\usbshare.exe [2010-3-7 135168]
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-2-9 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"HP Health Check Scheduler"=c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"HP Remote Solution"=%ProgramFiles(x86)%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"Nikon Message Center 2"=c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
"Nikon Transfer Monitor"=c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"Memeo Instant Backup"=c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-07 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-04-09 47616]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [2009-06-13 287960]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-07 136176]
R3 HP8107Fltr;HP-HP8107;c:\windows\system32\DRIVERS\HP8107.sys [2010-02-05 13824]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1255736]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-05-16 203264]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2008-10-01 192512]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-05-04 25824]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2012-02-07 66560]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
S3 e1qexpress;Intel® PRO/1000 PCI Express Network Connection Driver Q;c:\windows\system32\DRIVERS\e1q60x64.sys [2009-06-10 244736]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - eeCtrl
*Deregistered* - EraserUtilRebootDrv
*Deregistered* - IDSVia64
*Deregistered* - SymEFA
*Deregistered* - SYMFW
*Deregistered* - SYMNDISV
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-07 22:07]
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-07 22:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPUsageTracking"="\HP UT\bin\hppusg.exe \HP UT" [X]
"HP Remote Software"="c:\program files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe" [2009-02-06 172032]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]
"PrnStatusMX"="c:\program files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe" [2007-08-29 1238528]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 10.0.0.1
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://hockeycam.campus.nd.edu/activex/AMC.cab
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.032"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.abr"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.amr"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.arw"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bay"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bw"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bwf"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.caf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.caf"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cel"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cr2"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.crw"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cs1"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcr"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcx"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djv"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djvu"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dng"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1086698201-1264888026-1829642065-1000)
"Progid"="ACDSee Photo Manager 2009.eps"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.erf"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fff"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.flc"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fli"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fpx"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gsm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.gsm"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gz\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1086698201-1264888026-1829642065-1000)
"Progid"="ACDSee Photo Manager 2009.gz"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.hdr"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icn"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iff"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ilbm"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.int"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.inta"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iw4"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2c"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2k"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jbr"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jif"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jp2"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpc"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpk"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpx"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.kar"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.kdc"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.lbm"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.m15"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.m1a"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.m2a"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.m75"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mef"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mos"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mpv"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mrw"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.orf"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbm"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbr"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcd"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcx"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pef"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pgm"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pics"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pix"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ppm"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psd"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psp"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspbrush"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspimage"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.qcp"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.qtpf"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raf"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ras"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raw"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgb"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgba"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rsb"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rw2"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rwl"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sdv"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sfil"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sgi"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.smf"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.smi"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.smil"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sml"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sr2"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1086698201-1264888026-1829642065-1000)
"Progid"="ACDSee Photo Manager 2009.srf"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.swa"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tar\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1086698201-1264888026-1829642065-1000)
"Progid"="ACDSee Photo Manager 2009.tar"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.taz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.taz"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tga"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tgz\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1086698201-1264888026-1829642065-1000)
"Progid"="ACDSee Photo Manager 2009.tgz"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.THM\UserChoice]
@Denied: (2) (S-1-5-21-1086698201-1264888026-1829642065-1000)
@Denied: (2) (LocalSystem)
"Progid"="Applications\\wmplayer.exe"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ulw"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (S-1-5-21-1086698201-1264888026-1829642065-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11o"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (S-1-5-21-1086698201-1264888026-1829642065-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11p"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (S-1-5-21-1086698201-1264888026-1829642065-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11pf"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.vfw"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbm"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbmp"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xbm"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xif"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (S-1-5-21-1086698201-1264888026-1829642065-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xmp"
.
[HKEY_USERS\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xpm"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-08-08 16:34:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-08 20:34
.
Pre-Run: 803,038,990,336 bytes free
Post-Run: 802,797,359,104 bytes free
.
- - End Of File - - B0783822476DDDD90A53FDEAA117F44F
  • 0

Advertisements


#11
soshoreguy

soshoreguy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi dxfan,
Can you look at my last logs that I sent to you and let me know what you think?
Thanks--can you tell me what type of virus this was?
I appreciate your help!
Thanks,
Brian
  • 0

#12
dxfan1010101

dxfan1010101

    Member

  • Member
  • PipPipPip
  • 544 posts
It wasent a key Logger, it was a trojan that infected services.exe, we got most of it but lets run a few more scans to be sure nothings left.

Step1

Posted Image OTL Custom Scan
  • Download OTL to your Desktop
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Under Extra Registry select Use Safelist
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s
    CREATERESTOREPOINT

  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt and Extras.txt in Notepad windows.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them with your next reply.

Step2

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step3

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


In your next post dont forget.
FSS.text
OTL log
MBAM log
  • 0

#13
soshoreguy

soshoreguy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Can I use the OTL program that I downloaded to my desk top previously??
Thanks
  • 0

#14
dxfan1010101

dxfan1010101

    Member

  • Member
  • PipPipPip
  • 544 posts
Yes that will be fine.
  • 0

#15
soshoreguy

soshoreguy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thanks,
Here are the rsults--please let me know what you think.

OTL logfile created on: 8/9/2012 12:33:23 PM - Run 2
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Brian\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.69 Gb Available Physical Memory | 83.68% Memory free
15.98 Gb Paging File | 13.83 Gb Available in Paging File | 86.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.75 Gb Total Space | 746.88 Gb Free Space | 81.47% Space Free | Partition Type: NTFS
Drive D: | 14.76 Gb Total Space | 2.09 Gb Free Space | 14.14% Space Free | Partition Type: NTFS

Computer Name: BRIAN-PC | User Name: Brian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/08 12:06:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe
PRC - [2012/07/09 11:32:33 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/07/03 12:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/02/06 21:45:24 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2011/11/02 00:25:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2011/10/24 22:31:54 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
PRC - [2011/10/09 12:54:58 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2011/06/01 12:42:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2010/09/14 19:09:52 | 001,213,848 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/09/09 15:38:16 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2009/08/06 04:08:34 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/07/23 21:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/12/04 13:00:26 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/12/04 13:00:20 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/09/30 20:59:26 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
PRC - [2005/07/15 17:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
PRC - [2003/04/08 15:42:28 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Belkin\F1U201.401\usbshare.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/08 09:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/08/06 04:08:32 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2008/12/12 18:11:26 | 000,148,480 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2008/12/12 18:11:26 | 000,097,280 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2003/04/08 15:42:28 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Belkin\F1U201.401\usbshare.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/05/16 00:24:10 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/06 21:45:24 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2011/06/01 12:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2011/05/04 17:10:32 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/12/08 22:51:08 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/12/04 13:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/09/30 20:59:26 | 000,192,512 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe -- (HPBtnSrv)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/07/03 12:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/07/03 12:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/07/03 12:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/07/03 12:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/07/03 12:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/07/03 12:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/08 23:00:20 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2010/02/05 00:20:28 | 000,013,824 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HP8107.sys -- (HP8107Fltr)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/29 10:00:00 | 000,116,752 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/06/13 01:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 16:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 16:35:02 | 000,244,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1q60x64.sys -- (e1qexpress)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/16 01:02:04 | 005,957,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2008/12/18 16:30:58 | 000,098,656 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2008/12/12 18:05:18 | 000,033,072 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)
DRV:64bit: - [2008/12/12 18:05:18 | 000,031,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
DRV:64bit: - [2008/12/04 08:48:52 | 000,407,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{8FD0129F-8D6E-4EE4-9F08-D2C36A8F9BAC}: "URL" = http://search.live.c...ms}&FORM=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{F17666AB-12C0-477A-B6AD-625ED9CF490C}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{8FD0129F-8D6E-4EE4-9F08-D2C36A8F9BAC}: "URL" = http://search.live.c...ms}&FORM=HPDTDF
IE - HKLM\..\SearchScopes\{F17666AB-12C0-477A-B6AD-625ED9CF490C}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1086698201-1264888026-1829642065-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1086698201-1264888026-1829642065-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1086698201-1264888026-1829642065-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1086698201-1264888026-1829642065-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1086698201-1264888026-1829642065-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1086698201-1264888026-1829642065-1000\..\SearchScopes,DefaultScope = {26180AC2-1343-4125-9552-7FA46439FD3B}
IE - HKU\S-1-5-21-1086698201-1264888026-1829642065-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1086698201-1264888026-1829642065-1000\..\SearchScopes\{26180AC2-1343-4125-9552-7FA46439FD3B}: "URL" = http://www.google.co...1I7ADFA_enUS478
IE - HKU\S-1-5-21-1086698201-1264888026-1829642065-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-1086698201-1264888026-1829642065-1000\..\SearchScopes\{8FD0129F-8D6E-4EE4-9F08-D2C36A8F9BAC}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-1086698201-1264888026-1829642065-1000\..\SearchScopes\{EB40EEE6-3427-4809-A7AB-9629F83C4E5E}: "URL" = http://websearch.ask...7-99417D688ED0
IE - HKU\S-1-5-21-1086698201-1264888026-1829642065-1000\..\SearchScopes\{F17666AB-12C0-477A-B6AD-625ED9CF490C}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKU\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Brian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)



O1 HOSTS File: ([2012/08/08 16:29:09 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKU\S-1-5-21-1086698201-1264888026-1829642065-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HP Remote Software] C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe ()
O4:64bit: - HKLM..\Run: [HPUsageTracking] "\HP UT\bin\hppusg.exe" "\HP UT" File not found
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PrnStatusMX] C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe (Marvell Semiconductor, Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files (x86)\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe ()
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1086698201-1264888026-1829642065-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk.disabled ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1086698201-1264888026-1829642065-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1086698201-1264888026-1829642065-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O16 - DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} https://www.hpwindow...PProdDetect.cab (HP Product Detection Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://hockeycam.cam...activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F748035-6FBF-4CC5-AC43-F31883B6C40E}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96B65D71-13C0-453E-ABE6-ACD96080A6BF}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\bwaterscene.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\bwaterscene.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/08 16:27:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/08 16:16:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/08 16:16:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/08 16:16:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/08 16:15:57 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/08/08 15:28:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/08 15:14:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/08 15:13:32 | 004,727,110 | R--- | C] (Swearware) -- C:\Users\Brian\Desktop\ComboFix.exe
[2012/08/08 14:57:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/08 12:06:38 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe
[2012/07/25 14:09:58 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/07/13 10:20:32 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/07/11 10:21:07 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/09 12:07:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/09 10:08:55 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/09 09:56:30 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HP WEP.job
[2012/08/09 09:56:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/08 19:21:33 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/08 19:21:33 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/08 16:29:09 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/08 16:28:25 | 2140,528,639 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/08 15:13:37 | 004,727,110 | R--- | M] (Swearware) -- C:\Users\Brian\Desktop\ComboFix.exe
[2012/08/08 12:06:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe
[2012/07/27 16:59:57 | 001,085,882 | ---- | M] () -- C:\Users\Brian\Desktop\HE Apology.pdf
[2012/07/27 14:54:00 | 000,000,036 | ---- | M] () -- C:\Users\Brian\AppData\Local\housecall.guid.cache
[2012/07/25 14:09:58 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/07/21 12:31:12 | 000,581,331 | ---- | M] () -- C:\Users\Brian\Desktop\HE Letter.pdf
[2012/07/16 12:34:03 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/13 11:42:46 | 000,336,484 | ---- | M] () -- C:\Users\Brian\Desktop\How_ISO_works_photography_cheat_sheet.jpg
[2012/07/12 09:12:12 | 000,001,139 | ---- | M] () -- C:\Users\Brian\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/07/12 03:20:32 | 000,489,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/12 03:18:44 | 645,355,371 | ---- | M] () -- C:\Windows\MEMORY.DMP
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/08 16:39:35 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\HP WEP.job
[2012/08/08 16:16:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/08 16:16:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/08 16:16:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/08 16:16:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/08 16:16:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/27 17:00:53 | 001,085,882 | ---- | C] () -- C:\Users\Brian\Desktop\HE Apology.pdf
[2012/07/27 14:54:00 | 000,000,036 | ---- | C] () -- C:\Users\Brian\AppData\Local\housecall.guid.cache
[2012/07/21 12:32:03 | 000,581,331 | ---- | C] () -- C:\Users\Brian\Desktop\HE Letter.pdf
[2012/07/13 11:42:45 | 000,336,484 | ---- | C] () -- C:\Users\Brian\Desktop\How_ISO_works_photography_cheat_sheet.jpg
[2012/03/26 10:57:35 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Icons
[2012/03/26 10:54:21 | 000,000,000 | ---- | C] () -- C:\ProgramData\Clips
[2012/02/06 21:45:30 | 000,326,144 | ---- | C] () -- C:\Windows\SysWow64\HDREfexProFC32.dll
[2012/01/11 09:59:09 | 000,002,048 | -HS- | C] () -- C:\Users\Brian\AppData\Local\{de292682-6ec1-8843-3648-40479e37cc8c}\@
[2011/11/26 23:05:04 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\N2BMLre6S.com.b
[2011/11/26 23:02:44 | 000,000,112 | ---- | C] () -- C:\ProgramData\58q7uu.dat
[2011/10/17 16:54:55 | 000,004,608 | ---- | C] () -- C:\Users\Brian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/20 13:34:50 | 024,804,015 | ---- | C] () -- C:\Users\Brian\NBC Best.rtf
[2010/11/03 22:29:58 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Database
[2010/11/03 22:29:58 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Dance Kit
[2010/11/03 22:29:58 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Dance
[2010/11/03 22:29:58 | 000,000,268 | RH-- | C] () -- C:\Users\Brian\AppData\Roaming\Core Data Application
[2010/11/03 22:29:58 | 000,000,268 | RH-- | C] () -- C:\Users\Brian\AppData\Roaming\Contextual Menu Items
[2010/11/03 22:29:58 | 000,000,268 | RH-- | C] () -- C:\Users\Brian\AppData\Roaming\Contents
[2010/11/03 22:29:58 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2010/11/03 22:29:58 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2010/11/03 22:29:58 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2010/11/03 21:53:26 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Conditionals
[2010/11/03 21:53:26 | 000,000,268 | RH-- | C] () -- C:\Users\Brian\AppData\Roaming\Commands
[2010/11/03 21:53:26 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/11/03 21:40:53 | 000,000,268 | RH-- | C] () -- C:\Users\Brian\AppData\Roaming\Hybrid Basic
[2010/11/03 21:36:46 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2009/11/12 13:08:18 | 000,000,000 | ---- | C] () -- C:\Users\Brian\AppData\Roaming\wklnhst.dat
[2009/10/02 23:44:51 | 000,000,094 | ---- | C] () -- C:\Users\Brian\appletfile.props

========== LOP Check ==========

[2011/10/17 16:16:40 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\ACD Systems
[2011/11/27 15:49:27 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\AIIBBrzzPNxA1vS
[2012/01/06 15:47:57 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Canon
[2010/01/20 22:56:06 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/04/21 13:02:54 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\deskPDF
[2011/01/20 20:32:33 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\eFax Messenger
[2010/10/23 12:20:09 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\ePaperPress
[2012/07/26 17:04:22 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\FileZilla
[2011/01/20 20:33:34 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\j2 Global
[2012/05/16 14:27:34 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Leadertech
[2012/05/16 14:32:24 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Memeo
[2011/10/13 16:43:51 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Nikon
[2010/01/20 22:56:15 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\PictureMover
[2012/05/16 14:32:11 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Seagate
[2010/01/20 22:56:15 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Template
[2011/02/27 17:49:41 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Tific
[2010/07/20 13:08:27 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\webex
[2012/05/31 09:13:40 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SERVICES >
[2006/09/18 17:37:24 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\$INPLACE.~TR\Machine\DATA\Windows\System32\drivers\etc\services
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\system64\drivers\etc\services
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\Services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\Services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\system64\Services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\system64\en-US\services.exe.mui
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.EXE.ND_ >
[2012/08/08 16:26:14 | 000,000,029 | ---- | M] () MD5=B292065A4D0808D063A7FBE19BF3F61E -- C:\ComboFix\Services.exe.ND_

< MD5 for: SERVICES.EXE.VIR >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=014A9CB92514E27C0107614DF764BC06 -- C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir

< MD5 for: SERVICES.EXE_X64.ND_ >
[2012/08/08 16:25:54 | 000,000,014 | ---- | M] () MD5=10CCAEC92EDF1A80F37B125DF73170FB -- C:\ComboFix\services.exe_X64.ND_

< MD5 for: SERVICES.HTM_CMP_FP-TABS-AND-FOLDERS010_VBTN[1].GIF >
[2012/07/10 10:20:03 | 000,000,338 | ---- | M] () MD5=7CD9E92CEDF8699AC72B031BB3997D8A -- C:\Users\Brian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TYS2WZJQ\services.htm_cmp_fp-tabs-and-folders010_vbtn[1].gif

< MD5 for: SERVICES.HTM_CMP_FP-TABS-AND-FOLDERS010_VBTN_A[1].GIF >
[2012/07/10 10:20:03 | 000,000,342 | ---- | M] () MD5=3CC153B1E92D4EC46655F2BE57C08719 -- C:\Users\Brian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XZQVWCLY\services.htm_cmp_fp-tabs-and-folders010_vbtn_a[1].gif

< MD5 for: SERVICES.LNK >
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\system64\wbem\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\system64\en-US\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\system64\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PNG >
[2009/06/10 19:13:24 | 000,000,875 | ---- | M] () MD5=3382D191625A7528ED791FEDCCE3F212 -- C:\Program Files\PC-Doctor for Windows\Images\img16_16\services.png
[2009/06/10 19:13:38 | 000,002,244 | ---- | M] () MD5=8C5F2C34A5FB317B868565F9451BF74C -- C:\Program Files\PC-Doctor for Windows\Images\img32_32\services.png
[2009/06/10 19:13:48 | 000,006,479 | ---- | M] () MD5=AFCA60ED198BE9309943722FE8758392 -- C:\Program Files\PC-Doctor for Windows\Images\img64_64\services.png
[2009/06/10 19:13:42 | 000,004,193 | ---- | M] () MD5=E1C3A20056206C394E65B37CE1D43851 -- C:\Program Files\PC-Doctor for Windows\Images\img48_48\services.png
[2009/06/10 19:13:32 | 000,001,509 | ---- | M] () MD5=F4EC3ABEAE15FA9BB42D721E9D543F44 -- C:\Program Files\PC-Doctor for Windows\Images\img24_24\services.png

< MD5 for: SERVICES.PTXML >
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\system64\wdi\perftrack\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.SBS >
[2011/02/24 05:18:30 | 000,034,818 | ---- | M] () MD5=DFA439701C39960288CF9F4784FDB684 -- C:\Program Files (x86)\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\system64\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\erdnt\cache86\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\erdnt\cache64\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\system64\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\erdnt\cache64\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\system64\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s >

< >

< >

< >

< >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

< End of report >



Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.09.08

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Brian :: BRIAN-PC [administrator]

Protection: Enabled

8/9/2012 12:44:32 PM
mbam-log-2012-08-09 (12-44-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198812
Time elapsed: 3 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Farbar Service Scanner Version: 06-08-2012
Ran by Brian (administrator) on 09-08-2012 at 13:10:41
Running from "C:\Users\Brian\Desktop"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-15 04:03] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-12 10:04] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-06-13 15:00] - [2012-04-24 01:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP