Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

A big mess- Malware [Solved]

Started by honz , Aug 16 2012 10:52 AM

  • This topic is locked This topic is locked

#1
honz
Posted 16 August 2012 - 10:52 AM

honz

    Member

  • Member
  • PipPip
  • 14 posts
My friend asked me to fix her computer. I have no idea where to start. It has quite a few problems and obviously infected.
-Internet browsers have a Babylon toolbar that cannot be uninstalled by traditional means
-cannot use any Google search engines
-at start-up computer prompts for a system recovery and will scan and scan and never get anywhere. You cancel and it restarts and then you may log in.

Any help will be greatly appreciated!

OTL logfile created on: 8/16/2012 12:24:48 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = E:\Virus Removal
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.95 Gb Available Physical Memory | 74.50% Memory free
7.92 Gb Paging File | 6.73 Gb Available in Paging File | 84.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 328.64 Gb Free Space | 72.86% Space Free | Partition Type: NTFS
Drive D: | 407.92 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 7.51 Gb Total Space | 1.66 Gb Free Space | 22.07% Space Free | Partition Type: NTFS

Computer Name: AMANDA-PC | User Name: Amanda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/14 15:53:56 | 000,596,992 | ---- | M] (OldTimer Tools) -- E:\Virus Removal\OTL.exe
PRC - [2012/07/14 00:11:46 | 000,186,832 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe
PRC - [2012/05/22 15:59:29 | 000,281,088 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Microsoft\36C9\ADB.exe
PRC - [2012/04/11 09:30:54 | 000,186,368 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\00FC0\lvvm.exe
PRC - [2012/04/02 12:13:45 | 000,167,936 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\9ED00\ABC36.exe
PRC - [2012/02/01 11:20:35 | 000,100,912 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\ctfdevice.exe
PRC - [2010/03/04 13:28:08 | 000,658,656 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/06/09 12:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/06/04 21:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/05/21 10:59:14 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\gs_agent\dsc.exe
PRC - [2009/05/21 10:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 10:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/22 15:59:29 | 000,281,088 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Microsoft\36C9\ADB.exe
MOD - [2012/05/19 17:05:47 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012/05/19 17:05:40 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/05/19 17:05:29 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2012/04/11 09:30:54 | 000,186,368 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\00FC0\lvvm.exe
MOD - [2012/04/02 12:13:45 | 000,167,936 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\9ED00\ABC36.exe
MOD - [2009/07/13 21:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2009/07/13 21:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McMPFSvc)
SRV:64bit: - [2009/07/16 21:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/06/29 00:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/06/09 12:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2012/07/19 13:33:14 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010/07/31 23:24:23 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/08 21:03:58 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/04 13:28:08 | 000,658,656 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2009/06/29 00:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe -- (STacSV)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 20:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/05/21 10:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/09/17 21:21:40 | 000,415,360 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CryptOSD.sys -- (CryptOSD)
DRV:64bit: - [2009/07/16 21:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/16 21:06:18 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/29 00:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/15 15:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 06:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/06/02 23:16:56 | 007,333,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/05/19 23:10:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/05/08 04:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/02/05 07:54:10 | 000,225,328 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{2E58D3AF-7ED6-49D5-B98B-E72303684EC1}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...mrud=24-09-2010
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{A2FD40B5-F212-4F45-87F7-12D44E490828}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2786678
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 0A 57 5E 12 C8 7E F1 44 B1 88 E2 DE ED E4 BE 1B [binary data]
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...search&AF=18556
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADFA_enUS396
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678
IE - HKCU\..\SearchScopes\{c8b322ce-7838-418e-adb2-6aa25235aa35}: "URL" = http://slirsredirect...mrud=24-09-2010
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:54424

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentBar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "uTorrentBar Customized Web Search"
FF - prefs.js..keyword.URL: "http://search.condui...d=CT2786678&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 54424
FF - prefs.js..network.proxy.type: 1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Amanda\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010/08/28 00:10:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/12 15:53:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 13:33:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Amanda\AppData\Roaming\Move Networks [2010/06/03 21:18:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 13:33:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/06/22 18:49:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Extensions
[2012/07/16 22:51:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\z2ftmcfi.default\extensions
[2011/07/04 11:33:24 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\z2ftmcfi.default\extensions\{817e63e5-f17f-44ff-ab6e-18d2b1fd6657}
[2012/07/16 22:51:27 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\z2ftmcfi.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2012/01/03 18:29:10 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\z2ftmcfi.default\extensions\[email protected]
[2011/12/06 06:04:42 | 000,000,925 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\z2ftmcfi.default\searchplugins\conduit.xml
[2012/06/21 13:19:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/03 21:18:41 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\AMANDA\APPDATA\ROAMING\MOVE NETWORKS
[2012/07/19 13:33:15 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/14 18:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/14 18:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - Extension: YouTube = C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/02/22 00:55:14 | 000,000,882 | RH-- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 94.63.147.16 www.google.com
O1 - Hosts: 94.63.147.17 www.bing.com
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~2\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [ADB.exe] C:\Program Files (x86)\LP\36C9\ADB.exe ()
O4 - HKLM..\Run: [ctfdevice] C:\ProgramData\ctfdevice.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dlldevice] C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\dlldevice.exe (Microsoft Corporation)
O4 - HKLM..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe File not found
O4 - HKCU..\Run: [ADB.exe] C:\Users\Amanda\AppData\Roaming\Microsoft\36C9\ADB.exe ()
O4 - HKCU..\Run: [ctfdevice] C:\ProgramData\ctfdevice.exe (Microsoft Corporation)
O4 - HKCU..\Run: [dlldevice] C:\Users\Amanda\AppData\Roaming\dlldevice.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Amanda\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
F3:64bit: - HKCU WinNT: Load - (C:\Users\Amanda\AppData\Roaming\00FC0\lvvm.exe) - C:\Users\Amanda\AppData\Roaming\00FC0\lvvm.exe ()
F3 - HKCU WinNT: Load - (C:\Users\Amanda\AppData\Roaming\00FC0\lvvm.exe) - C:\Users\Amanda\AppData\Roaming\00FC0\lvvm.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} http://content9.mite...XCltInstall.dll (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{422FE7BC-A81F-4C80-871E-C292E096401E}: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9E68976-1801-4D34-912A-9ABABC121316}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\Amanda\AppData\Roaming\9ED00\ABC36.exe) - C:\Users\Amanda\AppData\Roaming\9ED00\ABC36.exe ()
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{34e678d5-a61c-11e1-9375-a4badbabc36c}\Shell - "" = AutoRun
O33 - MountPoints2\{34e678d5-a61c-11e1-9375-a4badbabc36c}\Shell\AutoRun\command - "" = E:\iStudio.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = ah] -- Reg Error: Key error. File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = ah] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=consrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


========== Files/Folders - Created Within 30 Days ==========

[2012/08/11 21:30:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/08/11 21:30:51 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\Adobe
[2012/08/11 21:30:47 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\Adobe
[2012/08/10 15:35:14 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/08/10 15:34:31 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\Dropbox
[2012/08/10 02:33:33 | 000,000,000 | ---D | C] -- C:\Temp
[2012/08/09 16:08:55 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\Adobe-BackupByPhotoshopCS6Portable
[2012/08/09 16:08:50 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\Adobe-BackupByPhotoshopCS6Portable
[2012/08/08 18:25:02 | 000,000,000 | ---D | C] -- C:\Windows\Fonts\.svn
[2012/08/08 17:13:27 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\Samsung
[2012/08/08 17:13:19 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\Samsung
[2012/08/08 17:13:09 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Documents\samsung
[2012/08/08 17:09:14 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwh.sys
[2012/08/08 17:09:12 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcm.sys
[2012/08/08 17:07:26 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2012/08/08 17:06:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2012/08/08 17:06:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2012/08/08 17:03:25 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\Downloaded Installations
[2012/08/08 16:52:41 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Desktop\phone content
[2012/08/06 18:44:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe-BackupByPhotoshopCS6Portable
[2012/08/01 19:06:52 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Desktop\copy and paste
[2012/08/01 17:06:38 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Desktop\myc july2012
[2012/07/18 21:31:49 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Desktop\devitt
[2012/02/01 11:53:04 | 000,100,912 | ---- | C] (Microsoft Corporation) -- C:\Users\Amanda\AppData\Roaming\dlldevice.exe
[2012/02/01 11:20:35 | 000,100,912 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\ctfdevice.exe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/16 12:29:41 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/16 12:29:41 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/16 12:27:06 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/16 12:27:06 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/16 12:27:06 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/16 12:22:08 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/16 12:21:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/16 12:21:28 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/16 07:31:05 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/16 07:31:05 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At16.job
[2012/08/16 07:31:05 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At14.job
[2012/08/16 07:31:05 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At12.job
[2012/08/16 07:31:05 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At10.job
[2012/08/16 07:31:05 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At15.job
[2012/08/16 07:31:05 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At13.job
[2012/08/16 07:31:05 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At11.job
[2012/08/16 07:31:04 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At9.job
[2012/08/12 21:07:01 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At44.job
[2012/08/12 21:07:01 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At43.job
[2012/08/11 21:55:36 | 000,336,036 | ---- | M] () -- C:\Users\Amanda\Desktop\j.jpg
[2012/08/11 21:53:53 | 000,164,130 | ---- | M] () -- C:\Users\Amanda\Desktop\IMG_20120811_214208.jpg
[2012/08/11 21:35:01 | 000,216,016 | ---- | M] () -- C:\Users\Amanda\Desktop\7762048924_70047b9210.jpg
[2012/08/11 21:21:33 | 000,145,150 | ---- | M] () -- C:\Users\Amanda\Desktop\7762041900_2922ff20db.jpg
[2012/08/11 21:20:16 | 000,146,488 | ---- | M] () -- C:\Users\Amanda\Desktop\7762049140_01d831308f.jpg
[2012/08/11 21:16:04 | 002,394,108 | ---- | M] () -- C:\Users\Amanda\Desktop\20120811_182023-1.jpg
[2012/08/10 23:07:02 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At48.job
[2012/08/10 23:07:02 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At47.job
[2012/08/10 22:45:24 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At46.job
[2012/08/10 22:45:24 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At45.job
[2012/08/10 22:45:23 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At42.job
[2012/08/10 22:45:23 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At41.job
[2012/08/10 22:45:22 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At40.job
[2012/08/10 22:45:21 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At39.job
[2012/08/10 18:49:20 | 000,081,634 | ---- | M] () -- C:\Users\Amanda\Desktop\527060_390688404319426_528452038_n.jpg
[2012/08/10 18:42:49 | 000,030,893 | ---- | M] () -- C:\Users\Amanda\Desktop\424289_10151102203121907_836461213_n.jpg
[2012/08/10 18:32:33 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At38.job
[2012/08/10 18:32:33 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At37.job
[2012/08/10 18:32:32 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At36.job
[2012/08/10 18:32:31 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At35.job
[2012/08/10 16:07:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At34.job
[2012/08/10 16:07:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At33.job
[2012/08/10 16:01:03 | 000,001,005 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/08/10 15:58:03 | 000,214,215 | ---- | M] () -- C:\Users\Amanda\Desktop\1.jpg
[2012/08/10 03:46:21 | 005,133,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/10 03:07:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At8.job
[2012/08/10 03:07:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At7.job
[2012/08/10 02:30:23 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012/08/10 02:21:06 | 001,664,515 | ---- | M] () -- C:\Users\Amanda\Desktop\20120303_020929.jpg
[2012/08/10 02:07:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At6.job
[2012/08/10 02:07:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At5.job
[2012/08/09 16:41:54 | 000,658,876 | ---- | M] () -- C:\Users\Amanda\Desktop\Untitled-1.jpg
[2012/08/09 15:07:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At32.job
[2012/08/09 15:07:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At31.job
[2012/08/09 14:06:47 | 366,501,003 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/08 17:41:17 | 000,000,378 | ---- | M] () -- C:\Users\Amanda\Desktop\Document.rtf
[2012/08/08 17:17:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2012/08/07 14:07:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At30.job
[2012/08/07 14:07:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At29.job
[2012/08/07 13:07:01 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At28.job
[2012/08/07 13:07:01 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At27.job
[2012/08/07 12:47:22 | 000,047,612 | ---- | M] () -- C:\Users\Amanda\Desktop\552083_10151085909814701_171552911_n.jpg
[2012/08/07 12:12:21 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At26.job
[2012/08/07 12:12:21 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At25.job
[2012/08/07 03:00:22 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At4.job
[2012/08/07 03:00:22 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At2.job
[2012/08/07 03:00:22 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At3.job
[2012/08/07 03:00:22 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At1.job
[2012/07/30 14:16:48 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2012/07/18 22:44:56 | 000,000,112 | -H-- | M] () -- C:\F3F9DCABD663
[2012/07/18 22:44:56 | 000,000,112 | -H-- | M] () -- C:\3C23943CFE43
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/11 21:55:34 | 000,336,036 | ---- | C] () -- C:\Users\Amanda\Desktop\j.jpg
[2012/08/11 21:53:52 | 000,164,130 | ---- | C] () -- C:\Users\Amanda\Desktop\IMG_20120811_214208.jpg
[2012/08/11 21:21:33 | 000,145,150 | ---- | C] () -- C:\Users\Amanda\Desktop\7762041900_2922ff20db.jpg
[2012/08/11 21:20:16 | 000,146,488 | ---- | C] () -- C:\Users\Amanda\Desktop\7762049140_01d831308f.jpg
[2012/08/11 21:20:01 | 000,216,016 | ---- | C] () -- C:\Users\Amanda\Desktop\7762048924_70047b9210.jpg
[2012/08/11 21:16:00 | 002,394,108 | ---- | C] () -- C:\Users\Amanda\Desktop\20120811_182023-1.jpg
[2012/08/10 18:49:18 | 000,081,634 | ---- | C] () -- C:\Users\Amanda\Desktop\527060_390688404319426_528452038_n.jpg
[2012/08/10 18:42:49 | 000,030,893 | ---- | C] () -- C:\Users\Amanda\Desktop\424289_10151102203121907_836461213_n.jpg
[2012/08/10 15:40:09 | 000,214,215 | ---- | C] () -- C:\Users\Amanda\Desktop\1.jpg
[2012/08/10 15:35:25 | 000,001,005 | ---- | C] () -- C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/08/10 02:30:23 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012/08/10 02:21:40 | 002,390,797 | ---- | C] () -- C:\Users\Amanda\Desktop\20120303_020542.jpg
[2012/08/10 02:21:40 | 002,151,538 | ---- | C] () -- C:\Users\Amanda\Desktop\20120303_020546.jpg
[2012/08/10 02:21:40 | 001,934,483 | ---- | C] () -- C:\Users\Amanda\Desktop\20120303_020528.jpg
[2012/08/10 02:21:39 | 001,950,128 | ---- | C] () -- C:\Users\Amanda\Desktop\20120303_020513.jpg
[2012/08/09 16:14:58 | 000,658,876 | ---- | C] () -- C:\Users\Amanda\Desktop\Untitled-1.jpg
[2012/08/09 16:10:27 | 000,111,482 | ---- | C] () -- C:\Users\Amanda\Desktop\934_untitled_325 (2).jpg
[2012/08/09 16:10:20 | 000,129,065 | ---- | C] () -- C:\Users\Amanda\Desktop\934_untitled_304.jpg
[2012/08/08 17:41:17 | 000,000,378 | ---- | C] () -- C:\Users\Amanda\Desktop\Document.rtf
[2012/08/08 17:17:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2012/08/07 12:47:21 | 000,047,612 | ---- | C] () -- C:\Users\Amanda\Desktop\552083_10151085909814701_171552911_n.jpg
[2012/07/18 22:44:56 | 000,000,112 | -H-- | C] () -- C:\F3F9DCABD663
[2012/07/18 22:44:56 | 000,000,112 | -H-- | C] () -- C:\3C23943CFE43
[2012/06/26 16:02:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/06/26 16:02:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/06/26 16:02:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/06/26 16:02:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/06/21 13:36:13 | 000,281,088 | ---- | C] () -- C:\Users\Amanda\AppData\Roaming\firefox.exe
[2012/06/21 13:16:54 | 000,281,088 | ---- | C] () -- C:\Users\Amanda\AppData\Roaming\iexplore.exe
[2011/12/12 22:30:52 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/12/12 22:30:52 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/12/09 19:13:21 | 000,011,732 | -HS- | C] () -- C:\ProgramData\2058024917
[2011/12/09 15:00:48 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\1nj7H.com.b
[2011/12/09 14:58:39 | 000,000,112 | ---- | C] () -- C:\ProgramData\OQU8Mgm2.dat
[2011/12/09 14:48:41 | 000,011,736 | -HS- | C] () -- C:\Users\Amanda\AppData\Local\jqrpys0j5vyo7wyk6jdl2e230v3q
[2011/12/09 14:48:41 | 000,011,736 | -HS- | C] () -- C:\ProgramData\jqrpys0j5vyo7wyk6jdl2e230v3q
[2011/12/09 12:47:08 | 000,012,910 | -HS- | C] () -- C:\Users\Amanda\AppData\Local\ceexxb5c1dhw3mbd0art2r660v3r
[2011/12/09 12:47:08 | 000,012,910 | -HS- | C] () -- C:\ProgramData\ceexxb5c1dhw3mbd0art2r660v3r
[2011/08/10 23:27:58 | 000,009,216 | ---- | C] () -- C:\Users\Amanda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/29 11:03:44 | 000,010,904 | -HS- | C] () -- C:\Users\Amanda\AppData\Local\pu806jx5yg0imjt4ot0gjdt21t3yw2621i1ca11gk8m4
[2011/07/29 11:03:44 | 000,010,904 | -HS- | C] () -- C:\ProgramData\pu806jx5yg0imjt4ot0gjdt21t3yw2621i1ca11gk8m4
[2011/07/29 11:03:43 | 000,000,000 | ---- | C] () -- C:\Users\Amanda\AppData\Local\yxwe.exe
[2011/07/29 11:03:43 | 000,000,000 | ---- | C] () -- C:\Users\Amanda\AppData\Local\yigo.exe
[2011/07/29 11:03:43 | 000,000,000 | ---- | C] () -- C:\ProgramData\xrwg.exe
[2011/07/29 11:03:43 | 000,000,000 | ---- | C] () -- C:\ProgramData\ouay.exe
[2011/07/29 11:03:43 | 000,000,000 | ---- | C] () -- C:\ProgramData\myar.exe
[2011/07/29 11:03:43 | 000,000,000 | ---- | C] () -- C:\Users\Amanda\AppData\Local\lymn.exe
[2011/07/29 11:03:43 | 000,000,000 | ---- | C] () -- C:\ProgramData\linp.exe
[2011/07/29 11:03:43 | 000,000,000 | ---- | C] () -- C:\Users\Amanda\AppData\Local\cqkt.exe
[2011/07/13 08:21:30 | 000,000,040 | ---- | C] () -- C:\ProgramData\4e5008c7
[2010/06/02 18:57:55 | 000,000,482 | ---- | C] () -- C:\Users\Amanda\AppData\Roaming\wklnhst.dat

========== LOP Check ==========

[2012/06/21 13:10:27 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\00FC0
[2012/06/21 13:15:40 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\9ED00
[2010/07/30 22:11:31 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\acccore
[2011/11/07 12:31:06 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\BD22oonF4pmHsQ7
[2011/11/07 12:31:07 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\cmmmG55aQJ6dK8R
[2012/08/16 12:31:19 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Dropbox
[2011/11/07 12:31:05 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\gcSS11ivD3on4mH
[2011/11/07 12:49:49 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\JUUUCCekIBrzNyA
[2012/08/12 21:08:15 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Samsung
[2010/06/06 22:44:43 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/06/15 19:28:18 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Template
[2012/03/15 15:10:22 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\uTorrent
[2012/01/25 21:39:22 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Windows Live Writer
[2011/11/07 12:31:12 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\zLLL9hhTXq
[2012/08/07 03:00:22 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2012/08/16 07:31:05 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2012/08/16 07:31:05 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At11.job
[2012/08/16 07:31:05 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At12.job
[2012/08/16 07:31:05 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At13.job
[2012/08/16 07:31:05 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At14.job
[2012/08/16 07:31:05 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At15.job
[2012/08/16 07:31:05 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At16.job
[2012/01/25 11:26:48 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At17.job
[2012/01/25 11:26:48 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At18.job
[2012/07/10 12:45:46 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At19.job
[2012/08/07 03:00:22 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2012/07/10 12:45:46 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At20.job
[2012/07/10 12:45:46 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At21.job
[2012/07/10 12:45:46 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At22.job
[2012/07/10 12:45:46 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At23.job
[2012/07/10 12:45:46 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At24.job
[2012/08/07 12:12:21 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At25.job
[2012/08/07 12:12:21 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At26.job
[2012/08/07 13:07:01 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At27.job
[2012/08/07 13:07:01 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At28.job
[2012/08/07 14:07:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At29.job
[2012/08/07 03:00:22 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2012/08/07 14:07:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At30.job
[2012/08/09 15:07:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At31.job
[2012/08/09 15:07:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At32.job
[2012/08/10 16:07:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At33.job
[2012/08/10 16:07:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At34.job
[2012/08/10 18:32:31 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At35.job
[2012/08/10 18:32:32 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At36.job
[2012/08/10 18:32:33 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At37.job
[2012/08/10 18:32:33 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At38.job
[2012/08/10 22:45:21 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At39.job
[2012/08/07 03:00:22 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2012/08/10 22:45:22 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At40.job
[2012/08/10 22:45:23 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At41.job
[2012/08/10 22:45:23 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At42.job
[2012/08/12 21:07:01 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At43.job
[2012/08/12 21:07:01 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At44.job
[2012/08/10 22:45:24 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At45.job
[2012/08/10 22:45:24 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At46.job
[2012/08/10 23:07:02 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At47.job
[2012/08/10 23:07:02 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At48.job
[2012/06/21 13:37:04 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\At49.job
[2012/08/10 02:07:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2012/08/10 02:07:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2012/08/10 03:07:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2012/08/10 03:07:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2012/08/16 07:31:04 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At9.job
[2012/06/06 01:22:54 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 16 August 2012 - 11:11 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there the first thing to do is try and stabilise the system.. If this fails do you have either the Windows CD or a USB drive of at least 1GB. Both of these programmes can be run from safe mode if need be

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
    O4 - HKLM..\Run: [ADB.exe] C:\Program Files (x86)\LP\36C9\ADB.exe ()
    O4 - HKLM..\Run: [ctfdevice] C:\ProgramData\ctfdevice.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [dlldevice] C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\dlldevice.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe File not found
    O4 - HKCU..\Run: [ADB.exe] C:\Users\Amanda\AppData\Roaming\Microsoft\36C9\ADB.exe ()
    O4 - HKCU..\Run: [ctfdevice] C:\ProgramData\ctfdevice.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [dlldevice] C:\Users\Amanda\AppData\Roaming\dlldevice.exe (Microsoft Corporation)
    F3:64bit: - HKCU WinNT: Load - (C:\Users\Amanda\AppData\Roaming\00FC0\lvvm.exe) - C:\Users\Amanda\AppData\Roaming\00FC0\lvvm.exe ()
    F3 - HKCU WinNT: Load - (C:\Users\Amanda\AppData\Roaming\00FC0\lvvm.exe) - C:\Users\Amanda\AppData\Roaming\00FC0\lvvm.exe ()
    O20 - HKCU Winlogon: Shell - (C:\Users\Amanda\AppData\Roaming\9ED00\ABC36.exe) - C:\Users\Amanda\AppData\Roaming\9ED00\ABC36.exe ()
    [2011/12/09 19:13:21 | 000,011,732 | -HS- | C] () -- C:\ProgramData\2058024917
    [2011/12/09 15:00:48 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\1nj7H.com.b
    [2011/12/09 14:58:39 | 000,000,112 | ---- | C] () -- C:\ProgramData\OQU8Mgm2.dat
    [2011/12/09 14:48:41 | 000,011,736 | -HS- | C] () -- C:\Users\Amanda\AppData\Local\jqrpys0j5vyo7wyk6jdl2e230v3q
    [2011/12/09 14:48:41 | 000,011,736 | -HS- | C] () -- C:\ProgramData\jqrpys0j5vyo7wyk6jdl2e230v3q
    [2011/12/09 12:47:08 | 000,012,910 | -HS- | C] () -- C:\Users\Amanda\AppData\Local\ceexxb5c1dhw3mbd0art2r660v3r
    [2011/12/09 12:47:08 | 000,012,910 | -HS- | C] () -- C:\ProgramData\ceexxb5c1dhw3mbd0art2r660v3r
    [2011/07/29 11:03:44 | 000,010,904 | -HS- | C] () -- C:\Users\Amanda\AppData\Local\pu806jx5yg0imjt4ot0gjdt21t3yw2621i1ca11gk8m4
    [2011/07/29 11:03:44 | 000,010,904 | -HS- | C] () -- C:\ProgramData\pu806jx5yg0imjt4ot0gjdt21t3yw2621i1ca11gk8m4
    [2011/07/29 11:03:43 | 000,000,000 | ---- | C] () -- C:\Users\Amanda\AppData\Local\yxwe.exe
    [2011/07/29 11:03:43 | 000,000,000 | ---- | C] () -- C:\Users\Amanda\AppData\Local\yigo.exe
    [2011/07/29 11:03:43 | 000,000,000 | ---- | C] () -- C:\ProgramData\xrwg.exe
    [2011/07/29 11:03:43 | 000,000,000 | ---- | C] () -- C:\ProgramData\ouay.exe
    [2011/07/29 11:03:43 | 000,000,000 | ---- | C] () -- C:\ProgramData\myar.exe
    [2011/07/29 11:03:43 | 000,000,000 | ---- | C] () -- C:\Users\Amanda\AppData\Local\lymn.exe
    [2011/07/29 11:03:43 | 000,000,000 | ---- | C] () -- C:\ProgramData\linp.exe
    [2011/07/29 11:03:43 | 000,000,000 | ---- | C] () -- C:\Users\Amanda\AppData\Local\cqkt.exe
    [2011/07/13 08:21:30 | 000,000,040 | ---- | C] () -- C:\ProgramData\4e5008c7
    [2012/06/21 13:10:27 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\00FC0
    [2012/06/21 13:15:40 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\9ED00
    [2011/11/07 12:31:06 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\BD22oonF4pmHsQ7
    [2011/11/07 12:31:07 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\cmmmG55aQJ6dK8R
    [2011/11/07 12:31:05 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\gcSS11ivD3on4mH
    [2011/11/07 12:49:49 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\JUUUCCekIBrzNyA

    :Files
    C:\Windows\tasks\At*.job
    ipconfig /flushdns /c
    C:\Program Files (x86)\LP

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.
  • 0

#3
honz
Posted 16 August 2012 - 01:22 PM

honz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
OTL logfile created on: 8/16/2012 2:49:14 PM - Run 2
OTL by OldTimer - Version 3.2.57.0 Folder = E:\Virus Removal
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 3.02 Gb Available Physical Memory | 76.28% Memory free
7.92 Gb Paging File | 6.81 Gb Available in Paging File | 85.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 344.20 Gb Free Space | 76.31% Space Free | Partition Type: NTFS
Drive D: | 407.92 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 7.51 Gb Total Space | 1.66 Gb Free Space | 22.06% Space Free | Partition Type: NTFS

Computer Name: AMANDA-PC | User Name: Amanda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/14 15:53:56 | 000,596,992 | ---- | M] (OldTimer Tools) -- E:\Virus Removal\OTL.exe
PRC - [2012/07/19 13:33:15 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/14 00:11:46 | 000,186,832 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe
PRC - [2010/03/04 13:28:08 | 000,658,656 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/06/09 12:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/06/04 21:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/05/21 10:59:14 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\gs_agent\dsc.exe
PRC - [2009/05/21 10:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/19 13:33:14 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/05/19 17:05:47 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012/05/19 17:05:40 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/05/19 17:05:29 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2009/07/13 21:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2009/07/13 21:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McMPFSvc)
SRV:64bit: - [2009/07/16 21:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/06/29 00:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/06/09 12:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2012/07/19 13:33:14 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010/07/31 23:24:23 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/08 21:03:58 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/04 13:28:08 | 000,658,656 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2009/06/29 00:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe -- (STacSV)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 20:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/05/21 10:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/09/17 21:21:40 | 000,415,360 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CryptOSD.sys -- (CryptOSD)
DRV:64bit: - [2009/07/16 21:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/16 21:06:18 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/29 00:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/15 15:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 06:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/06/02 23:16:56 | 007,333,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/05/19 23:10:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/05/08 04:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/02/05 07:54:10 | 000,225,328 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{2E58D3AF-7ED6-49D5-B98B-E72303684EC1}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...mrud=24-09-2010
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{A2FD40B5-F212-4F45-87F7-12D44E490828}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2786678
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 0A 57 5E 12 C8 7E F1 44 B1 88 E2 DE ED E4 BE 1B [binary data]
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...search&AF=18556
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADFA_enUS396
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678
IE - HKCU\..\SearchScopes\{c8b322ce-7838-418e-adb2-6aa25235aa35}: "URL" = http://slirsredirect...mrud=24-09-2010
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:54424

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentBar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..keyword.URL: "http://search.condui...d=CT2786678&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 54424
FF - prefs.js..network.proxy.type: 1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Amanda\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010/08/28 00:10:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/12 15:53:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 13:33:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Amanda\AppData\Roaming\Move Networks [2010/06/03 21:18:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 13:33:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/06/22 18:49:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Extensions
[2012/07/16 22:51:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\z2ftmcfi.default\extensions
[2011/07/04 11:33:24 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\z2ftmcfi.default\extensions\{817e63e5-f17f-44ff-ab6e-18d2b1fd6657}
[2012/07/16 22:51:27 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\z2ftmcfi.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2012/01/03 18:29:10 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\z2ftmcfi.default\extensions\[email protected]
[2011/12/06 06:04:42 | 000,000,925 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\z2ftmcfi.default\searchplugins\conduit.xml
[2012/06/21 13:19:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/03 21:18:41 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\AMANDA\APPDATA\ROAMING\MOVE NETWORKS
[2012/07/19 13:33:15 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/14 18:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/14 18:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - Extension: YouTube = C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/08/16 14:33:07 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~2\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - Startup: C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Amanda\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} http://content9.mite...XCltInstall.dll (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{422FE7BC-A81F-4C80-871E-C292E096401E}: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9E68976-1801-4D34-912A-9ABABC121316}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{34e678d5-a61c-11e1-9375-a4badbabc36c}\Shell - "" = AutoRun
O33 - MountPoints2\{34e678d5-a61c-11e1-9375-a4badbabc36c}\Shell\AutoRun\command - "" = E:\iStudio.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = ah] -- Reg Error: Key error. File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = ah] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=consrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


========== Files/Folders - Created Within 30 Days ==========

[2012/08/11 21:30:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/08/11 21:30:51 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\Adobe
[2012/08/11 21:30:47 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\Adobe
[2012/08/10 15:35:14 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/08/10 15:34:31 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\Dropbox
[2012/08/10 02:33:33 | 000,000,000 | ---D | C] -- C:\Temp
[2012/08/09 16:08:55 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\Adobe-BackupByPhotoshopCS6Portable
[2012/08/09 16:08:50 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\Adobe-BackupByPhotoshopCS6Portable
[2012/08/08 18:25:02 | 000,000,000 | ---D | C] -- C:\Windows\Fonts\.svn
[2012/08/08 17:13:27 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\Samsung
[2012/08/08 17:13:19 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\Samsung
[2012/08/08 17:13:09 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Documents\samsung
[2012/08/08 17:09:14 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwh.sys
[2012/08/08 17:09:12 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcm.sys
[2012/08/08 17:07:26 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2012/08/08 17:06:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2012/08/08 17:06:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2012/08/08 17:03:25 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\Downloaded Installations
[2012/08/08 16:52:41 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Desktop\phone content
[2012/08/06 18:44:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe-BackupByPhotoshopCS6Portable
[2012/08/01 19:06:52 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Desktop\copy and paste
[2012/08/01 17:06:38 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Desktop\myc july2012
[2012/07/18 21:31:49 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Desktop\devitt

========== Files - Modified Within 30 Days ==========

[2012/08/16 14:55:07 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/16 14:55:07 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/16 14:47:46 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/16 14:47:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/16 14:47:05 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/16 14:34:20 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/16 14:34:20 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/16 14:34:20 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/16 14:33:07 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/08/16 14:29:56 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/16 12:58:29 | 000,000,089 | ---- | M] () -- C:\Users\Amanda\Desktop\A big mess- Malware - Geeks to Go Forums.URL
[2012/08/11 21:55:36 | 000,336,036 | ---- | M] () -- C:\Users\Amanda\Desktop\j.jpg
[2012/08/11 21:53:53 | 000,164,130 | ---- | M] () -- C:\Users\Amanda\Desktop\IMG_20120811_214208.jpg
[2012/08/11 21:35:01 | 000,216,016 | ---- | M] () -- C:\Users\Amanda\Desktop\7762048924_70047b9210.jpg
[2012/08/11 21:21:33 | 000,145,150 | ---- | M] () -- C:\Users\Amanda\Desktop\7762041900_2922ff20db.jpg
[2012/08/11 21:20:16 | 000,146,488 | ---- | M] () -- C:\Users\Amanda\Desktop\7762049140_01d831308f.jpg
[2012/08/11 21:16:04 | 002,394,108 | ---- | M] () -- C:\Users\Amanda\Desktop\20120811_182023-1.jpg
[2012/08/10 18:49:20 | 000,081,634 | ---- | M] () -- C:\Users\Amanda\Desktop\527060_390688404319426_528452038_n.jpg
[2012/08/10 18:42:49 | 000,030,893 | ---- | M] () -- C:\Users\Amanda\Desktop\424289_10151102203121907_836461213_n.jpg
[2012/08/10 16:01:03 | 000,001,005 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/08/10 15:58:03 | 000,214,215 | ---- | M] () -- C:\Users\Amanda\Desktop\1.jpg
[2012/08/10 03:46:21 | 005,133,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/10 02:30:23 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012/08/10 02:21:06 | 001,664,515 | ---- | M] () -- C:\Users\Amanda\Desktop\20120303_020929.jpg
[2012/08/09 16:41:54 | 000,658,876 | ---- | M] () -- C:\Users\Amanda\Desktop\Untitled-1.jpg
[2012/08/09 14:06:47 | 366,501,003 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/08 17:41:17 | 000,000,378 | ---- | M] () -- C:\Users\Amanda\Desktop\Document.rtf
[2012/08/08 17:17:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2012/08/07 12:47:22 | 000,047,612 | ---- | M] () -- C:\Users\Amanda\Desktop\552083_10151085909814701_171552911_n.jpg
[2012/07/30 14:16:48 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2012/07/18 22:44:56 | 000,000,112 | -H-- | M] () -- C:\F3F9DCABD663
[2012/07/18 22:44:56 | 000,000,112 | -H-- | M] () -- C:\3C23943CFE43

========== Files Created - No Company Name ==========

[2012/08/16 12:58:29 | 000,000,089 | ---- | C] () -- C:\Users\Amanda\Desktop\A big mess- Malware - Geeks to Go Forums.URL
[2012/08/11 21:55:34 | 000,336,036 | ---- | C] () -- C:\Users\Amanda\Desktop\j.jpg
[2012/08/11 21:53:52 | 000,164,130 | ---- | C] () -- C:\Users\Amanda\Desktop\IMG_20120811_214208.jpg
[2012/08/11 21:21:33 | 000,145,150 | ---- | C] () -- C:\Users\Amanda\Desktop\7762041900_2922ff20db.jpg
[2012/08/11 21:20:16 | 000,146,488 | ---- | C] () -- C:\Users\Amanda\Desktop\7762049140_01d831308f.jpg
[2012/08/11 21:20:01 | 000,216,016 | ---- | C] () -- C:\Users\Amanda\Desktop\7762048924_70047b9210.jpg
[2012/08/11 21:16:00 | 002,394,108 | ---- | C] () -- C:\Users\Amanda\Desktop\20120811_182023-1.jpg
[2012/08/10 18:49:18 | 000,081,634 | ---- | C] () -- C:\Users\Amanda\Desktop\527060_390688404319426_528452038_n.jpg
[2012/08/10 18:42:49 | 000,030,893 | ---- | C] () -- C:\Users\Amanda\Desktop\424289_10151102203121907_836461213_n.jpg
[2012/08/10 15:40:09 | 000,214,215 | ---- | C] () -- C:\Users\Amanda\Desktop\1.jpg
[2012/08/10 15:35:25 | 000,001,005 | ---- | C] () -- C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/08/10 02:30:23 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012/08/10 02:21:40 | 002,390,797 | ---- | C] () -- C:\Users\Amanda\Desktop\20120303_020542.jpg
[2012/08/10 02:21:40 | 002,151,538 | ---- | C] () -- C:\Users\Amanda\Desktop\20120303_020546.jpg
[2012/08/10 02:21:40 | 001,934,483 | ---- | C] () -- C:\Users\Amanda\Desktop\20120303_020528.jpg
[2012/08/10 02:21:39 | 001,950,128 | ---- | C] () -- C:\Users\Amanda\Desktop\20120303_020513.jpg
[2012/08/09 16:14:58 | 000,658,876 | ---- | C] () -- C:\Users\Amanda\Desktop\Untitled-1.jpg
[2012/08/09 16:10:27 | 000,111,482 | ---- | C] () -- C:\Users\Amanda\Desktop\934_untitled_325 (2).jpg
[2012/08/09 16:10:20 | 000,129,065 | ---- | C] () -- C:\Users\Amanda\Desktop\934_untitled_304.jpg
[2012/08/08 17:41:17 | 000,000,378 | ---- | C] () -- C:\Users\Amanda\Desktop\Document.rtf
[2012/08/08 17:17:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2012/08/07 12:47:21 | 000,047,612 | ---- | C] () -- C:\Users\Amanda\Desktop\552083_10151085909814701_171552911_n.jpg
[2012/07/18 22:44:56 | 000,000,112 | -H-- | C] () -- C:\F3F9DCABD663
[2012/07/18 22:44:56 | 000,000,112 | -H-- | C] () -- C:\3C23943CFE43
[2012/06/26 16:02:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/06/26 16:02:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/06/26 16:02:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/06/26 16:02:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/06/21 13:36:13 | 000,281,088 | ---- | C] () -- C:\Users\Amanda\AppData\Roaming\firefox.exe
[2012/06/21 13:16:54 | 000,281,088 | ---- | C] () -- C:\Users\Amanda\AppData\Roaming\iexplore.exe
[2011/12/12 22:30:52 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/12/12 22:30:52 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/08/10 23:27:58 | 000,009,216 | ---- | C] () -- C:\Users\Amanda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/02 18:57:55 | 000,000,482 | ---- | C] () -- C:\Users\Amanda\AppData\Roaming\wklnhst.dat

========== LOP Check ==========

[2010/07/30 22:11:31 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\acccore
[2012/08/16 14:48:13 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Dropbox
[2012/08/12 21:08:15 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Samsung
[2010/06/06 22:44:43 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/06/15 19:28:18 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Template
[2012/03/15 15:10:22 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\uTorrent
[2012/01/25 21:39:22 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Windows Live Writer
[2011/11/07 12:31:12 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\zLLL9hhTXq
[2012/06/06 01:22:54 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

< End of report >
  • 0

#4
honz
Posted 16 August 2012 - 01:22 PM

honz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
15:12:53.0111 3712 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
15:12:53.0642 3712 ============================================================
15:12:53.0642 3712 Current date / time: 2012/08/16 15:12:53.0642
15:12:53.0642 3712 SystemInfo:
15:12:53.0642 3712
15:12:53.0642 3712 OS Version: 6.1.7600 ServicePack: 0.0
15:12:53.0642 3712 Product type: Workstation
15:12:53.0642 3712 ComputerName: AMANDA-PC
15:12:53.0642 3712 UserName: Amanda
15:12:53.0642 3712 Windows directory: C:\Windows
15:12:53.0642 3712 System windows directory: C:\Windows
15:12:53.0642 3712 Running under WOW64
15:12:53.0642 3712 Processor architecture: Intel x64
15:12:53.0642 3712 Number of processors: 2
15:12:53.0642 3712 Page size: 0x1000
15:12:53.0642 3712 Boot type: Normal boot
15:12:53.0642 3712 ============================================================
15:12:56.0387 3712 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:12:56.0387 3712 Drive \Device\Harddisk1\DR2 - Size: 0x1E0BFFE00 (7.51 Gb), SectorSize: 0x200, Cylinders: 0x3D4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:12:56.0387 3712 ============================================================
15:12:56.0387 3712 \Device\Harddisk0\DR0:
15:12:56.0387 3712 MBR partitions:
15:12:56.0387 3712 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
15:12:56.0387 3712 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x38625830
15:12:56.0387 3712 \Device\Harddisk1\DR2:
15:12:56.0387 3712 MBR partitions:
15:12:56.0387 3712 \Device\Harddisk1\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xF05FC0
15:12:56.0387 3712 ============================================================
15:12:56.0450 3712 C: <-> \Device\Harddisk0\DR0\Partition2
15:12:56.0450 3712 ============================================================
15:12:56.0450 3712 Initialize success
15:12:56.0450 3712 ============================================================
15:13:41.0877 3532 ============================================================
15:13:41.0877 3532 Scan started
15:13:41.0877 3532 Mode: Manual; SigCheck; TDLFS;
15:13:41.0877 3532 ============================================================
15:13:45.0449 3532 ================ Scan services =============================
15:13:45.0855 3532 0040081323473193mcinstcleanup - ok
15:13:46.0136 3532 [ 1b00662092f9f9568b995902f0cc40d5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
15:13:46.0292 3532 1394ohci - ok
15:13:46.0354 3532 [ 6f11e88748cdefd2f76aa215f97ddfe5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
15:13:46.0385 3532 ACPI - ok
15:13:46.0463 3532 [ 63b05a0420ce4bf0e4af6dcc7cada254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
15:13:46.0541 3532 AcpiPmi - ok
15:13:46.0744 3532 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:13:46.0822 3532 adp94xx - ok
15:13:46.0900 3532 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:13:46.0931 3532 adpahci - ok
15:13:47.0040 3532 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:13:47.0072 3532 adpu320 - ok
15:13:47.0103 3532 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:13:47.0415 3532 AeLookupSvc - ok
15:13:47.0524 3532 [ db9d6c6b2cd95a9ca414d045b627422e ] AFD C:\Windows\system32\drivers\afd.sys
15:13:47.0649 3532 AFD - ok
15:13:47.0711 3532 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
15:13:47.0742 3532 agp440 - ok
15:13:47.0820 3532 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe
15:13:47.0914 3532 ALG - ok
15:13:48.0023 3532 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
15:13:48.0054 3532 aliide - ok
15:13:48.0148 3532 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\DRIVERS\amdide.sys
15:13:48.0164 3532 amdide - ok
15:13:48.0257 3532 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:13:48.0304 3532 AmdK8 - ok
15:13:48.0320 3532 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:13:48.0366 3532 AmdPPM - ok
15:13:48.0429 3532 [ 7a4b413614c055935567cf88a9734d38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
15:13:48.0444 3532 amdsata - ok
15:13:48.0460 3532 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:13:48.0476 3532 amdsbs - ok
15:13:48.0507 3532 [ b4ad0cacbab298671dd6f6ef7e20679d ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
15:13:48.0522 3532 amdxata - ok
15:13:48.0585 3532 [ 1412e9a88fe1f7e35ce6058a2ef03664 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
15:13:48.0647 3532 ApfiltrService - ok
15:13:48.0741 3532 [ 42fd751b27fa0e9c69bb39f39e409594 ] AppID C:\Windows\system32\drivers\appid.sys
15:13:48.0897 3532 AppID - ok
15:13:48.0959 3532 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:13:49.0053 3532 AppIDSvc - ok
15:13:49.0193 3532 [ d065be66822847b7f127d1f90158376e ] Appinfo C:\Windows\System32\appinfo.dll
15:13:49.0256 3532 Appinfo - ok
15:13:49.0396 3532 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\DRIVERS\arc.sys
15:13:49.0427 3532 arc - ok
15:13:49.0474 3532 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:13:49.0490 3532 arcsas - ok
15:13:49.0599 3532 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:13:49.0677 3532 AsyncMac - ok
15:13:49.0724 3532 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\DRIVERS\atapi.sys
15:13:49.0739 3532 atapi - ok
15:13:49.0833 3532 [ 07721a77180edd4d39ccb865bf63c7fd ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:13:49.0911 3532 AudioEndpointBuilder - ok
15:13:49.0973 3532 [ 07721a77180edd4d39ccb865bf63c7fd ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:13:50.0051 3532 AudioSrv - ok
15:13:50.0114 3532 [ b20b5fa5ca050e9926e4d1db81501b32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:13:50.0223 3532 AxInstSV - ok
15:13:50.0363 3532 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
15:13:50.0426 3532 b06bdrv - ok
15:13:50.0551 3532 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:13:50.0613 3532 b57nd60a - ok
15:13:50.0644 3532 [ e001dd475a7c27ebe5a0db45c11bad71 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
15:13:50.0660 3532 BCM42RLY - ok
15:13:50.0894 3532 [ 37394d3553e220fb732c21e217e1bd8b ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
15:13:50.0972 3532 BCM43XX - ok
15:13:51.0097 3532 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:13:51.0143 3532 BDESVC - ok
15:13:51.0190 3532 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:13:51.0284 3532 Beep - ok
15:13:51.0362 3532 [ 7f0c323fe3da28aa4aa1bda3f575707f ] BITS C:\Windows\System32\qmgr.dll
15:13:51.0518 3532 BITS - ok
15:13:51.0611 3532 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:13:51.0643 3532 blbdrive - ok
15:13:51.0970 3532 [ 1c87705ccb2f60172b0fc86b5d82f00d ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
15:13:52.0001 3532 Bonjour Service - ok
15:13:52.0048 3532 [ 19d20159708e152267e53b66677a4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:13:52.0111 3532 bowser - ok
15:13:52.0220 3532 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:13:52.0282 3532 BrFiltLo - ok
15:13:52.0313 3532 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:13:52.0423 3532 BrFiltUp - ok
15:13:52.0501 3532 [ 6b054c67aaa87843504e8e3c09102009 ] Browser C:\Windows\System32\browser.dll
15:13:52.0547 3532 Browser - ok
15:13:52.0641 3532 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:13:52.0735 3532 Brserid - ok
15:13:52.0750 3532 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:13:52.0797 3532 BrSerWdm - ok
15:13:52.0875 3532 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:13:52.0922 3532 BrUsbMdm - ok
15:13:52.0937 3532 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:13:52.0984 3532 BrUsbSer - ok
15:13:53.0062 3532 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:13:53.0109 3532 BTHMODEM - ok
15:13:53.0187 3532 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll
15:13:53.0265 3532 bthserv - ok
15:13:53.0343 3532 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:13:53.0437 3532 cdfs - ok
15:13:53.0546 3532 [ 83d2d75e1efb81b3450c18131443f7db ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:13:53.0608 3532 cdrom - ok
15:13:53.0671 3532 [ 312e2f82af11e79906898ac3e3d58a1f ] CertPropSvc C:\Windows\System32\certprop.dll
15:13:53.0764 3532 CertPropSvc - ok
15:13:53.0827 3532 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:13:53.0905 3532 circlass - ok
15:13:53.0998 3532 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys
15:13:54.0029 3532 CLFS - ok
15:13:54.0139 3532 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:13:54.0170 3532 clr_optimization_v2.0.50727_32 - ok
15:13:54.0263 3532 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:13:54.0295 3532 clr_optimization_v2.0.50727_64 - ok
15:13:54.0341 3532 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:13:54.0373 3532 CmBatt - ok
15:13:54.0451 3532 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
15:13:54.0466 3532 cmdide - ok
15:13:54.0497 3532 [ ca7720b73446fddec5c69519c1174c98 ] CNG C:\Windows\system32\Drivers\cng.sys
15:13:54.0607 3532 CNG - ok
15:13:54.0716 3532 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:13:54.0731 3532 Compbatt - ok
15:13:54.0763 3532 [ f26b3a86f6fa87ca360b879581ab4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
15:13:54.0825 3532 CompositeBus - ok
15:13:54.0950 3532 COMSysApp - ok
15:13:55.0012 3532 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:13:55.0043 3532 crcdisk - ok
15:13:55.0153 3532 [ 670de326b62dc1967a72e164c9b65b6d ] CryptOSD C:\Windows\system32\DRIVERS\CryptOSD.sys
15:13:55.0199 3532 CryptOSD - ok
15:13:55.0246 3532 [ f02786b66375292e58c8777082d4396d ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:13:55.0293 3532 CryptSvc - ok
15:13:55.0355 3532 [ ed5cf92396a62f4c15110dcdb5e854d9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
15:13:55.0402 3532 CtClsFlt - ok
15:13:55.0511 3532 [ 7266972e86890e2b30c0c322e906b027 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:13:55.0621 3532 DcomLaunch - ok
15:13:55.0683 3532 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll
15:13:55.0792 3532 defragsvc - ok
15:13:55.0823 3532 [ 9c253ce7311ca60fc11c774692a13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:13:55.0901 3532 DfsC - ok
15:13:56.0057 3532 [ ce3b9562d997f69b330d181a8875960f ] Dhcp C:\Windows\system32\dhcpcore.dll
15:13:56.0182 3532 Dhcp - ok
15:13:56.0229 3532 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys
15:13:56.0323 3532 discache - ok
15:13:56.0401 3532 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:13:56.0416 3532 Disk - ok
15:13:56.0525 3532 [ 85cf424c74a1d5ec33533e1dbff9920a ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:13:56.0572 3532 Dnscache - ok
15:13:56.0837 3532 [ 0840abbbdf438691ee65a20040635cbe ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
15:13:56.0915 3532 DockLoginService ( UnsignedFile.Multi.Generic ) - warning
15:13:56.0915 3532 DockLoginService - detected UnsignedFile.Multi.Generic (1)
15:13:57.0040 3532 [ 14452acdb09b70964c8c21bf80a13acb ] dot3svc C:\Windows\System32\dot3svc.dll
15:13:57.0134 3532 dot3svc - ok
15:13:57.0212 3532 [ 8c2ba6bea949ee6e68385f5692bafb94 ] DPS C:\Windows\system32\dps.dll
15:13:57.0305 3532 DPS - ok
15:13:57.0415 3532 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:13:57.0461 3532 drmkaud - ok
15:13:57.0524 3532 [ ebce0b0924835f635f620d19f0529dce ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:13:57.0555 3532 DXGKrnl - ok
15:13:57.0649 3532 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:13:57.0727 3532 EapHost - ok
15:13:57.0758 3532 easytether - ok
15:13:58.0023 3532 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
15:13:58.0273 3532 ebdrv - ok
15:13:58.0288 3532 [ 156f6159457d0aa7e59b62681b56eb90 ] EFS C:\Windows\System32\lsass.exe
15:13:58.0319 3532 EFS - ok
15:13:58.0475 3532 [ b91d81b3b54a54ccafc03733dbc2e29e ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:13:58.0538 3532 ehRecvr - ok
15:13:58.0569 3532 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe
15:13:58.0647 3532 ehSched - ok
15:13:58.0694 3532 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:13:58.0725 3532 elxstor - ok
15:13:58.0772 3532 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
15:13:58.0819 3532 ErrDev - ok
15:13:58.0897 3532 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll
15:13:59.0053 3532 EventSystem - ok
15:13:59.0099 3532 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys
15:13:59.0162 3532 exfat - ok
15:13:59.0177 3532 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:13:59.0240 3532 fastfat - ok
15:13:59.0396 3532 [ d607b2f1bee3992aa6c2c92c0a2f0855 ] Fax C:\Windows\system32\fxssvc.exe
15:13:59.0458 3532 Fax - ok
15:13:59.0521 3532 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:13:59.0567 3532 fdc - ok
15:13:59.0614 3532 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:13:59.0692 3532 fdPHost - ok
15:13:59.0723 3532 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:13:59.0817 3532 FDResPub - ok
15:13:59.0848 3532 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:13:59.0864 3532 FileInfo - ok
15:13:59.0942 3532 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:14:00.0020 3532 Filetrace - ok
15:14:00.0254 3532 [ 227846995afeefa70d328bf5334a86a5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:14:00.0347 3532 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
15:14:00.0347 3532 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
15:14:00.0425 3532 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:14:00.0472 3532 flpydisk - ok
15:14:00.0519 3532 [ f7866af72abbaf84b1fa5aa195378c59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:14:00.0550 3532 FltMgr - ok
15:14:00.0613 3532 [ 8ac4cb4ea61e41009fae9ae7b2b5da3a ] FontCache C:\Windows\system32\FntCache.dll
15:14:00.0722 3532 FontCache - ok
15:14:00.0800 3532 [ 8d89e3131c27fdd6932189cb785e1b7a ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:14:00.0815 3532 FontCache3.0.0.0 - ok
15:14:00.0831 3532 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:14:00.0831 3532 FsDepends - ok
15:14:00.0893 3532 [ d3e3f93d67821a2db2b3d9fac2dc2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:14:00.0925 3532 Fs_Rec - ok
15:14:00.0987 3532 [ b8b2a6e1558f8f5de5ce431c5b2c7b09 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:14:01.0018 3532 fvevol - ok
15:14:01.0049 3532 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:14:01.0065 3532 gagp30kx - ok
15:14:01.0143 3532 [ c1bbce4b30b45410178ee674c818d10c ] GameConsoleService C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
15:14:01.0174 3532 GameConsoleService - ok
15:14:01.0346 3532 [ d3316f6e3c011435f36e3d6e49b3196c ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
15:14:01.0361 3532 GoToAssist - ok
15:14:01.0455 3532 [ fe5ab4525bc2ec68b9119a6e5d40128b ] gpsvc C:\Windows\System32\gpsvc.dll
15:14:01.0517 3532 gpsvc - ok
15:14:01.0642 3532 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:14:01.0673 3532 gupdate - ok
15:14:01.0767 3532 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:14:01.0783 3532 gupdatem - ok
15:14:01.0829 3532 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:14:01.0876 3532 hcw85cir - ok
15:14:01.0954 3532 [ 0a49913402747a0b67de940fb42cbdbb ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:14:02.0001 3532 HDAudBus - ok
15:14:02.0017 3532 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:14:02.0063 3532 HidBatt - ok
15:14:02.0095 3532 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:14:02.0173 3532 HidBth - ok
15:14:02.0235 3532 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:14:02.0297 3532 HidIr - ok
15:14:02.0344 3532 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\system32\hidserv.dll
15:14:02.0438 3532 hidserv - ok
15:14:02.0563 3532 [ b3bf6b5b50006def50b66306d99fcf6f ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:14:02.0641 3532 HidUsb - ok
15:14:02.0703 3532 [ efa58ede58dd74388ffd04cb32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:14:02.0781 3532 hkmsvc - ok
15:14:02.0812 3532 [ 046b2673767ca626e2cfb7fdf735e9e8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:14:02.0859 3532 HomeGroupListener - ok
15:14:02.0906 3532 [ 06a7422224d9865a5613710a089987df ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:14:02.0953 3532 HomeGroupProvider - ok
15:14:02.0968 3532 [ 0886d440058f203eba0e1825e4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
15:14:02.0999 3532 HpSAMD - ok
15:14:03.0109 3532 [ cee049cac4efa7f4e1e4ad014414a5d4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:14:03.0202 3532 HTTP - ok
15:14:03.0218 3532 [ f17766a19145f111856378df337a5d79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:14:03.0249 3532 hwpolicy - ok
15:14:03.0311 3532 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:14:03.0343 3532 i8042prt - ok
15:14:03.0436 3532 [ 7548066df68a8a1a56b043359f915f37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
15:14:03.0467 3532 IAANTMON - ok
15:14:03.0577 3532 [ 1d004cb1da6323b1f55caef7f94b61d9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
15:14:03.0608 3532 iaStor - ok
15:14:03.0686 3532 [ d83efb6fd45df9d55e9a1afc63640d50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
15:14:03.0733 3532 iaStorV - ok
15:14:03.0811 3532 [ 2f2be70d3e02b6fa877921ab9516d43c ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:14:03.0857 3532 idsvc - ok
15:14:04.0263 3532 [ babd5f9b2bcc82ce556a0baf1ae208a7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
15:14:04.0544 3532 igfx - ok
15:14:04.0575 3532 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:14:04.0606 3532 iirsp - ok
15:14:04.0700 3532 [ c5b4683680df085b57bc53e5ef34861f ] IKEEXT C:\Windows\System32\ikeext.dll
15:14:04.0809 3532 IKEEXT - ok
15:14:04.0840 3532 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\DRIVERS\intelide.sys
15:14:04.0856 3532 intelide - ok
15:14:04.0965 3532 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:14:05.0012 3532 intelppm - ok
15:14:05.0074 3532 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:14:05.0152 3532 IPBusEnum - ok
15:14:05.0199 3532 [ 722dd294df62483cecaae6e094b4d695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:14:05.0308 3532 IpFilterDriver - ok
15:14:05.0339 3532 [ e2b4a4494db7cb9b89b55ca268c337c5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:14:05.0386 3532 IPMIDRV - ok
15:14:05.0480 3532 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:14:05.0558 3532 IPNAT - ok
15:14:05.0620 3532 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:14:05.0667 3532 IRENUM - ok
15:14:05.0714 3532 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
15:14:05.0745 3532 isapnp - ok
15:14:05.0776 3532 [ fa4d2557de56d45b0a346f93564be6e1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
15:14:05.0792 3532 iScsiPrt - ok
15:14:05.0823 3532 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:14:05.0839 3532 kbdclass - ok
15:14:05.0901 3532 [ 6def98f8541e1b5dceb2c822a11f7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:14:05.0948 3532 kbdhid - ok
15:14:05.0979 3532 [ 156f6159457d0aa7e59b62681b56eb90 ] KeyIso C:\Windows\system32\lsass.exe
15:14:05.0995 3532 KeyIso - ok
15:14:06.0057 3532 [ 4f4b5fde429416877de7143044582eb5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:14:06.0088 3532 KSecDD - ok
15:14:06.0151 3532 [ 6f40465a44ecdc1731befafec5bdd03c ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:14:06.0166 3532 KSecPkg - ok
15:14:06.0197 3532 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:14:06.0275 3532 ksthunk - ok
15:14:06.0369 3532 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll
15:14:06.0463 3532 KtmRm - ok
15:14:06.0541 3532 [ 81f1d04d4d0e433099365127375fd501 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:14:06.0603 3532 LanmanServer - ok
15:14:06.0681 3532 [ 27026eac8818e8a6c00a1cad2f11d29a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:14:06.0806 3532 LanmanWorkstation - ok
15:14:06.0884 3532 Lavasoft Kernexplorer - ok
15:14:06.0946 3532 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:14:07.0055 3532 lltdio - ok
15:14:07.0118 3532 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:14:07.0211 3532 lltdsvc - ok
15:14:07.0274 3532 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:14:07.0352 3532 lmhosts - ok
15:14:07.0414 3532 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:14:07.0445 3532 LSI_FC - ok
15:14:07.0492 3532 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:14:07.0508 3532 LSI_SAS - ok
15:14:07.0570 3532 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:14:07.0601 3532 LSI_SAS2 - ok
15:14:07.0633 3532 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:14:07.0664 3532 LSI_SCSI - ok
15:14:07.0695 3532 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys
15:14:07.0789 3532 luafv - ok
15:14:07.0882 3532 McMPFSvc - ok
15:14:07.0945 3532 [ f84c8f1000bc11e3b7b23cbd3baff111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:14:07.0991 3532 Mcx2Svc - ok
15:14:08.0038 3532 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:14:08.0054 3532 megasas - ok
15:14:08.0101 3532 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:14:08.0147 3532 MegaSR - ok
15:14:08.0194 3532 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll
15:14:08.0288 3532 MMCSS - ok
15:14:08.0303 3532 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:14:08.0350 3532 Modem - ok
15:14:08.0381 3532 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:14:08.0459 3532 monitor - ok
15:14:08.0491 3532 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:14:08.0522 3532 mouclass - ok
15:14:08.0584 3532 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:14:08.0631 3532 mouhid - ok
15:14:08.0662 3532 [ 791af66c4d0e7c90a3646066386fb571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:14:08.0693 3532 mountmgr - ok
15:14:08.0771 3532 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:14:08.0803 3532 MozillaMaintenance - ok
15:14:08.0865 3532 [ 609d1d87649ecc19796f4d76d4c15cea ] mpio C:\Windows\system32\DRIVERS\mpio.sys
15:14:08.0896 3532 mpio - ok
15:14:08.0959 3532 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:14:09.0052 3532 mpsdrv - ok
15:14:09.0115 3532 [ 30524261bb51d96d6fcbac20c810183c ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:14:09.0161 3532 MRxDAV - ok
15:14:09.0239 3532 [ 040d62a9d8ad28922632137acdd984f2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:14:09.0302 3532 mrxsmb - ok
15:14:09.0349 3532 [ f0067552f8f9b33d7c59403ab808a3cb ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:14:09.0380 3532 mrxsmb10 - ok
15:14:09.0442 3532 [ 3c142d31de9f2f193218a53fe2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:14:09.0473 3532 mrxsmb20 - ok
15:14:09.0505 3532 [ 5c37497276e3b3a5488b23a326a754b7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
15:14:09.0520 3532 msahci - ok
15:14:09.0536 3532 [ 8d27b597229aed79430fb9db3bcbfbd0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
15:14:09.0551 3532 msdsm - ok
15:14:09.0567 3532 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe
15:14:09.0598 3532 MSDTC - ok
15:14:09.0629 3532 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:14:09.0707 3532 Msfs - ok
15:14:09.0723 3532 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:14:09.0785 3532 mshidkmdf - ok
15:14:09.0801 3532 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
15:14:09.0817 3532 msisadrv - ok
15:14:09.0879 3532 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:14:09.0926 3532 MSiSCSI - ok
15:14:09.0941 3532 msiserver - ok
15:14:10.0004 3532 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:14:10.0051 3532 MSKSSRV - ok
15:14:10.0066 3532 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:14:10.0129 3532 MSPCLOCK - ok
15:14:10.0175 3532 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:14:10.0222 3532 MSPQM - ok
15:14:10.0269 3532 [ 89cb141aa8616d8c6a4610fa26c60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:14:10.0285 3532 MsRPC - ok
15:14:10.0316 3532 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:14:10.0331 3532 mssmbios - ok
15:14:10.0378 3532 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:14:10.0425 3532 MSTEE - ok
15:14:10.0487 3532 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
15:14:10.0534 3532 MTConfig - ok
15:14:10.0597 3532 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:14:10.0612 3532 Mup - ok
15:14:10.0659 3532 [ 4987e079a4530fa737a128be54b63b12 ] napagent C:\Windows\system32\qagentRT.dll
15:14:10.0721 3532 napagent - ok
15:14:10.0799 3532 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:14:10.0846 3532 NativeWifiP - ok
15:14:10.0924 3532 [ cad515dbd07d082bb317d9928ce8962c ] NDIS C:\Windows\system32\drivers\ndis.sys
15:14:10.0955 3532 NDIS - ok
15:14:11.0002 3532 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:14:11.0049 3532 NdisCap - ok
15:14:11.0111 3532 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:14:11.0158 3532 NdisTapi - ok
15:14:11.0205 3532 [ f105ba1e22bf1f2ee8f005d4305e4bec ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:14:11.0252 3532 Ndisuio - ok
15:14:11.0283 3532 [ 557dfab9ca1fcb036ac77564c010dad3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:14:11.0314 3532 NdisWan - ok
15:14:11.0345 3532 [ 659b74fb74b86228d6338d643cd3e3cf ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:14:11.0392 3532 NDProxy - ok
15:14:11.0439 3532 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:14:11.0486 3532 NetBIOS - ok
15:14:11.0533 3532 [ 9162b273a44ab9dce5b44362731d062a ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:14:11.0564 3532 NetBT - ok
15:14:11.0595 3532 [ 156f6159457d0aa7e59b62681b56eb90 ] Netlogon C:\Windows\system32\lsass.exe
15:14:11.0611 3532 Netlogon - ok
15:14:11.0673 3532 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll
15:14:11.0720 3532 Netman - ok
15:14:11.0751 3532 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll
15:14:11.0813 3532 netprofm - ok
15:14:11.0860 3532 [ 3e5a36127e201ddf663176b66828fafe ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:14:11.0876 3532 NetTcpPortSharing - ok
15:14:11.0907 3532 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
15:14:11.0923 3532 nfrd960 - ok
15:14:12.0016 3532 [ d9a0ce66046d6efa0c61baa885cba0a8 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:14:12.0047 3532 NlaSvc - ok
15:14:12.0079 3532 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:14:12.0110 3532 Npfs - ok
15:14:12.0157 3532 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:14:12.0235 3532 nsi - ok
15:14:12.0281 3532 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:14:12.0344 3532 nsiproxy - ok
15:14:12.0453 3532 [ 356698a13c4630d5b31c37378d469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:14:12.0515 3532 Ntfs - ok
15:14:12.0562 3532 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys
15:14:12.0609 3532 Null - ok
15:14:12.0671 3532 [ 3e38712941e9bb4ddbee00affe3fed3d ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
15:14:12.0687 3532 nvraid - ok
15:14:12.0718 3532 [ 477dc4d6deb99be37084c9ac6d013da1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
15:14:12.0734 3532 nvstor - ok
15:14:12.0781 3532 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
15:14:12.0796 3532 nv_agp - ok
15:14:12.0812 3532 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
15:14:12.0827 3532 ohci1394 - ok
15:14:12.0905 3532 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:14:12.0937 3532 p2pimsvc - ok
15:14:12.0983 3532 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:14:13.0015 3532 p2psvc - ok
15:14:13.0061 3532 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:14:13.0077 3532 Parport - ok
15:14:13.0108 3532 [ 90061b1acfe8ccaa5345750ffe08d8b8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:14:13.0124 3532 partmgr - ok
15:14:13.0171 3532 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:14:13.0186 3532 PcaSvc - ok
15:14:13.0217 3532 [ f36f6504009f2fb0dfd1b17a116ad74b ] pci C:\Windows\system32\DRIVERS\pci.sys
15:14:13.0233 3532 pci - ok
15:14:13.0249 3532 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\DRIVERS\pciide.sys
15:14:13.0264 3532 pciide - ok
15:14:13.0280 3532 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:14:13.0311 3532 pcmcia - ok
15:14:13.0327 3532 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:14:13.0342 3532 pcw - ok
15:14:13.0373 3532 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:14:13.0420 3532 PEAUTH - ok
15:14:13.0498 3532 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:14:13.0529 3532 PerfHost - ok
15:14:13.0701 3532 [ 557e9a86f65f0de18c9b6751dfe9d3f1 ] pla C:\Windows\system32\pla.dll
15:14:13.0795 3532 pla - ok
15:14:13.0857 3532 [ 98b1721b8718164293b9701b98c52d77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:14:13.0904 3532 PlugPlay - ok
15:14:13.0919 3532 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:14:13.0966 3532 PNRPAutoReg - ok
15:14:14.0013 3532 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:14:14.0029 3532 PNRPsvc - ok
15:14:14.0107 3532 [ 166eb40d1f5b47e615de3d0fffe5f243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:14:14.0169 3532 PolicyAgent - ok
15:14:14.0263 3532 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll
15:14:14.0341 3532 Power - ok
15:14:14.0387 3532 [ 27cc19e81ba5e3403c48302127bda717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:14:14.0434 3532 PptpMiniport - ok
15:14:14.0497 3532 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:14:14.0512 3532 Processor - ok
15:14:14.0590 3532 [ f381975e1f4346de875cb07339ce8d3a ] ProfSvc C:\Windows\system32\profsvc.dll
15:14:14.0653 3532 ProfSvc - ok
15:14:14.0684 3532 [ 156f6159457d0aa7e59b62681b56eb90 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:14:14.0699 3532 ProtectedStorage - ok
15:14:14.0731 3532 [ ee992183bd8eaefd9973f352e587a299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:14:14.0840 3532 Psched - ok
15:14:14.0871 3532 [ 4712cc14e720ecccc0aa16949d18aaf1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
15:14:14.0871 3532 PxHlpa64 - ok
15:14:14.0933 3532 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
15:14:14.0996 3532 ql2300 - ok
15:14:15.0058 3532 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
15:14:15.0074 3532 ql40xx - ok
15:14:15.0105 3532 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll
15:14:15.0152 3532 QWAVE - ok
15:14:15.0167 3532 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:14:15.0214 3532 QWAVEdrv - ok
15:14:15.0277 3532 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:14:15.0355 3532 RasAcd - ok
15:14:15.0401 3532 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:14:15.0495 3532 RasAgileVpn - ok
15:14:15.0511 3532 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll
15:14:15.0589 3532 RasAuto - ok
15:14:15.0713 3532 [ 87a6e852a22991580d6d39adc4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:14:15.0791 3532 Rasl2tp - ok
15:14:15.0932 3532 [ 47394ed3d16d053f5906efe5ab51cc83 ] RasMan C:\Windows\System32\rasmans.dll
15:14:16.0041 3532 RasMan - ok
15:14:16.0150 3532 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:14:16.0275 3532 RasPppoe - ok
15:14:16.0384 3532 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:14:16.0556 3532 RasSstp - ok
15:14:16.0727 3532 [ 3bac8142102c15d59a87757c1d41dce5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:14:16.0805 3532 rdbss - ok
15:14:16.0868 3532 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:14:16.0930 3532 rdpbus - ok
15:14:16.0961 3532 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:14:17.0071 3532 RDPCDD - ok
15:14:17.0117 3532 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:14:17.0305 3532 RDPENCDD - ok
15:14:17.0336 3532 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:14:17.0414 3532 RDPREFMP - ok
15:14:17.0476 3532 [ 447de7e3dea39d422c1504f245b668b1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:14:17.0523 3532 RDPWD - ok
15:14:17.0601 3532 [ 634b9a2181d98f15941236886164ec8b ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:14:17.0617 3532 rdyboost - ok
15:14:17.0710 3532 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:14:17.0788 3532 RemoteAccess - ok
15:14:17.0835 3532 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:14:18.0053 3532 RemoteRegistry - ok
15:14:18.0085 3532 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:14:18.0163 3532 RpcEptMapper - ok
15:14:18.0287 3532 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe
15:14:18.0350 3532 RpcLocator - ok
15:14:18.0443 3532 [ 7266972e86890e2b30c0c322e906b027 ] RpcSs C:\Windows\system32\rpcss.dll
15:14:18.0506 3532 RpcSs - ok
15:14:18.0709 3532 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:14:18.0802 3532 rspndr - ok
15:14:18.0865 3532 [ 4a25dc970c58104602ed274dacafd784 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
15:14:18.0943 3532 RSUSBSTOR - ok
15:14:18.0989 3532 [ 156f6159457d0aa7e59b62681b56eb90 ] SamSs C:\Windows\system32\lsass.exe
15:14:19.0005 3532 SamSs - ok
15:14:19.0052 3532 [ e3bbb89983daf5622c1d50cf49f28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
15:14:19.0099 3532 sbp2port - ok
15:14:19.0457 3532 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:14:19.0567 3532 SCardSvr - ok
15:14:19.0598 3532 [ c94da20c7e3ba1dca269bc8460d98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:14:19.0707 3532 scfilter - ok
15:14:19.0801 3532 [ 624d0f5ff99428bb90a5b8a4123e918e ] Schedule C:\Windows\system32\schedsvc.dll
15:14:19.0879 3532 Schedule - ok
15:14:19.0925 3532 [ 312e2f82af11e79906898ac3e3d58a1f ] SCPolicySvc C:\Windows\System32\certprop.dll
15:14:19.0972 3532 SCPolicySvc - ok
15:14:20.0035 3532 [ 765a27c3279ce11d14cb9e4f5869fca5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:14:20.0284 3532 SDRSVC - ok
15:14:20.0830 3532 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:14:21.0017 3532 secdrv - ok
15:14:21.0423 3532 [ 463b386ebc70f98da5dff85f7e654346 ] seclogon C:\Windows\system32\seclogon.dll
15:14:21.0517 3532 seclogon - ok
15:14:21.0563 3532 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\System32\sens.dll
15:14:21.0673 3532 SENS - ok
15:14:21.0688 3532 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:14:21.0735 3532 SensrSvc - ok
15:14:21.0782 3532 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:14:21.0813 3532 Serenum - ok
15:14:21.0860 3532 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:14:21.0891 3532 Serial - ok
15:14:21.0938 3532 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
15:14:21.0969 3532 sermouse - ok
15:14:22.0031 3532 [ c3bc61ce47ff6f4e88ab8a3b429a36af ] SessionEnv C:\Windows\system32\sessenv.dll
15:14:22.0203 3532 SessionEnv - ok
15:14:22.0234 3532 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
15:14:22.0265 3532 sffdisk - ok
15:14:22.0328 3532 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:14:22.0390 3532 sffp_mmc - ok
15:14:22.0421 3532 [ 5588b8c6193eb1522490c122eb94dffa ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
15:14:22.0453 3532 sffp_sd - ok
15:14:22.0484 3532 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:14:22.0609 3532 sfloppy - ok
15:14:22.0702 3532 [ 21d48d7c9bdef13af16fdcbc5719fc3b ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
15:14:22.0749 3532 SftService ( UnsignedFile.Multi.Generic ) - warning
15:14:22.0749 3532 SftService - detected UnsignedFile.Multi.Generic (1)
15:14:22.0843 3532 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:14:22.0921 3532 SharedAccess - ok
15:14:23.0014 3532 [ 0298ac45d0efffb2db4baa7dd186e7bf ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:14:23.0077 3532 ShellHWDetection - ok
15:14:23.0123 3532 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:14:23.0139 3532 SiSRaid2 - ok
15:14:23.0155 3532 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
15:14:23.0186 3532 SiSRaid4 - ok
15:14:23.0248 3532 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:14:23.0326 3532 Smb - ok
15:14:23.0404 3532 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:14:23.0451 3532 SNMPTRAP - ok
15:14:23.0498 3532 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:14:23.0513 3532 spldr - ok
15:14:23.0638 3532 [ f8e1fa03cb70d54a9892ac88b91d1e7b ] Spooler C:\Windows\System32\spoolsv.exe
15:14:23.0732 3532 Spooler - ok
15:14:24.0137 3532 [ 913d843498553a1bc8f8dbad6358e49f ] sppsvc C:\Windows\system32\sppsvc.exe
15:14:24.0512 3532 sppsvc - ok
15:14:24.0605 3532 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:14:24.0683 3532 sppuinotify - ok
15:14:24.0871 3532 [ d630b6f2e8379b6f10dc16e82a426552 ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
15:14:24.0886 3532 sprtsvc_DellSupportCenter - ok
15:14:24.0933 3532 [ 2408c0366d96bcdf63e8f1c78e4a29c5 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:14:25.0011 3532 srv - ok
15:14:25.0058 3532 [ 76548f7b818881b47d8d1ae1be9c11f8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:14:25.0089 3532 srv2 - ok
15:14:25.0105 3532 [ 0af6e19d39c70844c5caa8fb0183c36e ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:14:25.0167 3532 srvnet - ok
15:14:25.0245 3532 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:14:25.0354 3532 SSDPSRV - ok
15:14:25.0417 3532 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:14:25.0479 3532 SstpSvc - ok
15:14:25.0791 3532 [ 444109453a2b87e6c16bcda5953e81a9 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
15:14:25.0900 3532 STacSV - ok
15:14:26.0150 3532 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
15:14:26.0165 3532 stexstor - ok
15:14:26.0290 3532 [ 02e784fa49032f84964db90a3ed81890 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
15:14:26.0415 3532 STHDA - ok
15:14:26.0524 3532 [ 52d0e33b681bd0f33fdc08812fee4f7d ] stisvc C:\Windows\System32\wiaservc.dll
15:14:26.0618 3532 stisvc - ok
15:14:26.0774 3532 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:14:26.0805 3532 swenum - ok
15:14:26.0992 3532 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll
15:14:27.0101 3532 swprv - ok
15:14:27.0257 3532 [ 3c1284516a62078fb68f768de4f1a7be ] SysMain C:\Windows\system32\sysmain.dll
15:14:27.0413 3532 SysMain - ok
15:14:27.0460 3532 [ 238935c3cf2854886dc7cbb2a0e2cc66 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:14:27.0507 3532 TabletInputService - ok
15:14:27.0538 3532 [ 884264ac597b690c5707c89723bb8e7b ] TapiSrv C:\Windows\System32\tapisrv.dll
15:14:27.0616 3532 TapiSrv - ok
15:14:27.0663 3532 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll
15:14:27.0741 3532 TBS - ok
15:14:27.0866 3532 [ 624c5b3aa4c99b3184bb922d9ece3ff0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:14:27.0913 3532 Tcpip - ok
15:14:27.0944 3532 [ 624c5b3aa4c99b3184bb922d9ece3ff0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:14:27.0991 3532 TCPIP6 - ok
15:14:28.0053 3532 [ 76d078af6f587b162d50210f761eb9ed ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:14:28.0084 3532 tcpipreg - ok
15:14:28.0115 3532 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:14:28.0131 3532 TDPIPE - ok
15:14:28.0178 3532 [ 7518f7bcfd4b308abc9192bacaf6c970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:14:28.0225 3532 TDTCP - ok
15:14:28.0396 3532 [ 079125c4b17b01fcaeebce0bcb290c0f ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:14:28.0474 3532 tdx - ok
15:14:28.0521 3532 [ c448651339196c0e869a355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:14:28.0537 3532 TermDD - ok
15:14:28.0615 3532 [ 0f05ec2887bfe197ad82a13287d2f404 ] TermService C:\Windows\System32\termsrv.dll
15:14:28.0708 3532 TermService - ok
15:14:28.0755 3532 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll
15:14:28.0817 3532 Themes - ok
15:14:28.0895 3532 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll
15:14:28.0973 3532 THREADORDER - ok
15:14:29.0036 3532 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll
15:14:29.0114 3532 TrkWks - ok
15:14:29.0176 3532 [ 840f7fb849f5887a49ba18c13b2da920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:14:29.0207 3532 TrustedInstaller - ok
15:14:29.0239 3532 [ 61b96c26131e37b24e93327a0bd1fb95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:14:29.0317 3532 tssecsrv - ok
15:14:29.0379 3532 [ 3836171a2cdf3af8ef10856db9835a70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:14:29.0457 3532 tunnel - ok
15:14:29.0473 3532 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
15:14:29.0488 3532 uagp35 - ok
15:14:29.0519 3532 [ d47baead86c65d4f4069d7ce0a4edceb ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:14:29.0597 3532 udfs - ok
15:14:29.0753 3532 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:14:29.0785 3532 UI0Detect - ok
15:14:29.0847 3532 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
15:14:29.0878 3532 uliagpkx - ok
15:14:29.0941 3532 [ eab6c35e62b1b0db0d1b48b671d3a117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:14:29.0972 3532 umbus - ok
15:14:30.0003 3532 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:14:30.0019 3532 UmPass - ok
15:14:30.0081 3532 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll
15:14:30.0175 3532 upnphost - ok
15:14:30.0206 3532 [ b26afb54a534d634523c4fb66765b026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:14:30.0237 3532 usbccgp - ok
15:14:30.0284 3532 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
15:14:30.0315 3532 usbcir - ok
15:14:30.0331 3532 [ 2ea4aff7be7eb4632e3aa8595b0803b5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:14:30.0362 3532 usbehci - ok
15:14:30.0424 3532 [ 7cc1c95896d60e868aa6dd2dd2f97ead ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:14:30.0471 3532 usbhub - ok
15:14:30.0502 3532 [ 58e546bbaf87664fc57e0f6081e4f609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
15:14:30.0533 3532 usbohci - ok
15:14:30.0565 3532 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:14:30.0596 3532 usbprint - ok
15:14:30.0658 3532 [ 080d3820da6c046be82fc8b45a893e83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:14:30.0705 3532 USBSTOR - ok
15:14:30.0721 3532 [ 81fb2216d3a60d1284455d511797db3d ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:14:30.0752 3532 usbuhci - ok
15:14:30.0767 3532 [ d501e12614b00a3252073101d6a1a74b ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
15:14:30.0814 3532 usbvideo - ok
15:14:30.0861 3532 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll
15:14:30.0939 3532 UxSms - ok
15:14:30.0970 3532 [ 156f6159457d0aa7e59b62681b56eb90 ] VaultSvc C:\Windows\system32\lsass.exe
15:14:30.0970 3532 VaultSvc - ok
15:14:31.0033 3532 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
15:14:31.0048 3532 vdrvroot - ok
15:14:31.0095 3532 [ 44d73e0bbc1d3c8981304ba15135c2f2 ] vds C:\Windows\System32\vds.exe
15:14:31.0157 3532 vds - ok
15:14:31.0204 3532 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:14:31.0235 3532 vga - ok
15:14:31.0251 3532 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys
15:14:31.0313 3532 VgaSave - ok
15:14:31.0329 3532 [ c82e748660f62a242b2dfac1442f22a4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
15:14:31.0360 3532 vhdmp - ok
15:14:31.0360 3532 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
15:14:31.0376 3532 viaide - ok
15:14:31.0407 3532 [ 2b1a3dae2b4e70dbba822b7a03fbd4a3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
15:14:31.0438 3532 volmgr - ok
15:14:31.0469 3532 [ 99b0cbb569ca79acaed8c91461d765fb ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:14:31.0501 3532 volmgrx - ok
15:14:31.0532 3532 [ 58f82eed8ca24b461441f9c3e4f0bf5c ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
15:14:31.0563 3532 volsnap - ok
15:14:31.0594 3532 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
15:14:31.0610 3532 vsmraid - ok
15:14:31.0750 3532 [ 787898bf9fb6d7bd87a36e2d95c899ba ] VSS C:\Windows\system32\vssvc.exe
15:14:31.0844 3532 VSS - ok
15:14:31.0859 3532 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
15:14:31.0906 3532 vwifibus - ok
15:14:31.0937 3532 [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:14:31.0984 3532 vwififlt - ok
15:14:32.0047 3532 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll
15:14:32.0234 3532 W32Time - ok
15:14:32.0296 3532 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
15:14:32.0343 3532 WacomPen - ok
15:14:32.0390 3532 [ 47ca49400643effd3f1c9a27e1d69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:14:32.0452 3532 WANARP - ok
15:14:32.0468 3532 [ 47ca49400643effd3f1c9a27e1d69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:14:32.0515 3532 Wanarpv6 - ok
15:14:32.0593 3532 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
15:14:32.0655 3532 WatAdminSvc - ok
15:14:32.0717 3532 [ 5ab1bb85bd8b5089cc5d64200dedae68 ] wbengine C:\Windows\system32\wbengine.exe
15:14:32.0780 3532 wbengine - ok
15:14:32.0811 3532 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:14:32.0858 3532 WbioSrvc - ok
15:14:32.0905 3532 [ 8321c2ca3b62b61b293cda3451984468 ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:14:32.0967 3532 wcncsvc - ok
15:14:32.0983 3532 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:14:32.0998 3532 WcsPlugInService - ok
15:14:33.0029 3532 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\DRIVERS\wd.sys
15:14:33.0061 3532 Wd - ok
15:14:33.0107 3532 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:14:33.0154 3532 Wdf01000 - ok
15:14:33.0170 3532 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:14:33.0217 3532 WdiServiceHost - ok
15:14:33.0217 3532 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:14:33.0248 3532 WdiSystemHost - ok
15:14:33.0295 3532 [ 8a438cbb8c032a0c798b0c642ffbe572 ] WebClient C:\Windows\System32\webclnt.dll
15:14:33.0357 3532 WebClient - ok
15:14:33.0373 3532 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:14:33.0466 3532 Wecsvc - ok
15:14:33.0529 3532 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:14:33.0622 3532 wercplsupport - ok
15:14:33.0685 3532 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:14:33.0763 3532 WerSvc - ok
15:14:33.0809 3532 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:14:33.0856 3532 WfpLwf - ok
15:14:33.0919 3532 [ b14ef15bd757fa488f9c970eee9c0d35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
15:14:33.0950 3532 WimFltr - ok
15:14:33.0997 3532 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:14:34.0028 3532 WIMMount - ok
15:14:34.0028 3532 WinHttpAutoProxySvc - ok
15:14:34.0246 3532 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:14:34.0340 3532 Winmgmt - ok
15:14:34.0465 3532 [ 41fbb751936b387f9179e7f03a74fe29 ] WinRM C:\Windows\system32\WsmSvc.dll
15:14:34.0621 3532 WinRM - ok
15:14:34.0699 3532 [ 817eaff5d38674edd7713b9dfb8e9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:14:34.0714 3532 WinUsb - ok
15:14:34.0777 3532 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll
15:14:34.0839 3532 Wlansvc - ok
15:14:35.0135 3532 [ 2bacd71123f42cea603f4e205e1ae337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:14:35.0245 3532 wlidsvc - ok
15:14:35.0276 3532 [ 13b0a570e1ae451c92da550085d72cf3 ] wltrysvc C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
15:14:35.0307 3532 wltrysvc ( UnsignedFile.Multi.Generic ) - warning
15:14:35.0307 3532 wltrysvc - detected UnsignedFile.Multi.Generic (1)
15:14:35.0354 3532 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
15:14:35.0385 3532 WmiAcpi - ok
15:14:35.0432 3532 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:14:35.0463 3532 wmiApSrv - ok
15:14:35.0494 3532 WMPNetworkSvc - ok
15:14:35.0588 3532 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:14:35.0619 3532 WPCSvc - ok
15:14:35.0635 3532 [ 2e57ddf2880a7e52e76f41c7e96d327b ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:14:35.0666 3532 WPDBusEnum - ok
15:14:35.0713 3532 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:14:35.0791 3532 ws2ifsl - ok
15:14:35.0791 3532 WSearch - ok
15:14:36.0149 3532 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:14:36.0290 3532 wuauserv - ok
15:14:36.0305 3532 [ 7cadc74271dd6461c452c271b30bd378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:14:36.0368 3532 WudfPf - ok
15:14:36.0446 3532 [ 3b197af0fff08aa66b6b2241ca538d64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:14:36.0524 3532 WUDFRd - ok
15:14:36.0571 3532 [ b551d6637aa0e132c18ac6e504f7b79b ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:14:36.0664 3532 wudfsvc - ok
15:14:36.0742 3532 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll
15:14:36.0789 3532 WwanSvc - ok
15:14:36.0851 3532 [ 79d9ce9614c955dd31aa2556b4014662 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
15:14:36.0914 3532 yukonw7 - ok
15:14:36.0945 3532 ================ Scan global ===============================
15:14:36.0976 3532 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll
15:14:37.0023 3532 (0cb6ebf4b461a6043353c570bd72a1e1) C:\Windows\system32\winsrv.dll
15:14:37.0054 3532 (63e99b675a1337db6d8430195ea3efd2) C:\Windows\system32\consrv.dll
15:14:37.0085 3532 C:\Windows\system32\consrv.dll ( Backdoor.Multi.ZAccess.genb ) - infected
15:14:37.0085 3532 C:\Windows\system32\consrv.dll - detected Backdoor.Multi.ZAccess.genb (0)
15:14:37.0148 3532 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe
15:14:37.0148 3532 ================ Scan MBR ==================================
15:14:37.0163 3532 MBR (0x1B8) (ae8fa489bdbabb7f15572f885c9ff9ae) \Device\Harddisk0\DR0
15:14:37.0163 3532 Suspicious mbr (Forged): \Device\Harddisk0\DR0
15:14:37.0226 3532 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
15:14:37.0226 3532 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
15:14:37.0631 3532 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
15:14:37.0631 3532 \Device\Harddisk0\DR0 - detected TDSS File System (1)
15:14:37.0631 3532 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk1\DR2
15:14:37.0772 3532 \Device\Harddisk1\DR2 - ok
15:14:37.0772 3532 ================ Scan VBR ==================================
15:14:37.0803 3532 Boot (0x1200) (63ae89776e1f7bfc95372da309d14096) \Device\Harddisk0\DR0\Partition1
15:14:37.0819 3532 \Device\Harddisk0\DR0\Partition1 - ok
15:14:37.0850 3532 Boot (0x1200) (cbbd52f7a7046bc92e329cfca3461126) \Device\Harddisk0\DR0\Partition2
15:14:37.0850 3532 \Device\Harddisk0\DR0\Partition2 - ok
15:14:37.0865 3532 Boot (0x1200) (0236d455004d98f09349138500f3ffde) \Device\Harddisk1\DR2\Partition1
15:14:37.0865 3532 \Device\Harddisk1\DR2\Partition1 - ok
15:14:37.0865 3532 ============================================================
15:14:37.0865 3532 Scan finished
15:14:37.0865 3532 ============================================================
15:14:37.0881 3256 Detected object count: 7
15:14:37.0881 3256 Actual detected object count: 7
15:15:25.0695 3256 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user
15:15:25.0695 3256 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:15:25.0695 3256 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:15:25.0711 3256 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:15:25.0711 3256 SftService ( UnsignedFile.Multi.Generic ) - skipped by user
15:15:25.0711 3256 SftService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:15:25.0711 3256 wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:15:25.0711 3256 wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:15:25.0711 3256 C:\Windows\system32\consrv.dll ( Backdoor.Multi.ZAccess.genb ) - skipped by user
15:15:25.0711 3256 C:\Windows\system32\consrv.dll ( Backdoor.Multi.ZAccess.genb ) - User select action: Skip
15:15:26.0943 3256 \Device\Harddisk0\DR0\# - copied to quarantine
15:15:26.0959 3256 \Device\Harddisk0\DR0 - copied to quarantine
15:15:27.0037 3256 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
15:15:27.0037 3256 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
15:15:27.0037 3256 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine
15:15:27.0052 3256 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
15:15:27.0052 3256 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
15:15:27.0052 3256 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
15:15:27.0052 3256 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
15:15:27.0068 3256 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
15:15:27.0068 3256 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
15:15:27.0068 3256 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
15:15:27.0068 3256 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
15:15:27.0161 3256 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
15:15:27.0161 3256 \Device\Harddisk0\DR0 - ok
15:15:27.0161 3256 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
15:15:27.0161 3256 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
15:15:27.0161 3256 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
  • 0

#5
honz
Posted 16 August 2012 - 01:28 PM

honz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Also, to answer your first question, I have a 8GB USB drive but not the Windows CD.
  • 0

#6
Essexboy
Posted 16 August 2012 - 01:34 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Thats OK not needed as a goodly portion of the malware has been killed... Onward and upward

Re-run TDSSKiller with the same parameters as before
When you see this element then select delete :

\Device\Harddisk0\DR0 ( TDSS File System )

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

FINALLY

run farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#7
honz
Posted 16 August 2012 - 03:15 PM

honz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
ComboFix 12-08-16.01 - Amanda 08/16/2012 16:03:10.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4056.2700 [GMT -4:00]
Running from: C:\Users\Amanda\Desktop\ComboFix.exe
AV: McAfee VirusScan *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Users\Amanda\AppData\Roaming\firefox.exe
C:\Users\Amanda\AppData\Roaming\iexplore.exe
C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\z2ftmcfi.default\extensions\{817e63e5-f17f-44ff-ab6e-18d2b1fd6657}
C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\z2ftmcfi.default\extensions\{817e63e5-f17f-44ff-ab6e-18d2b1fd6657}\chrome.manifest
C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\z2ftmcfi.default\extensions\{817e63e5-f17f-44ff-ab6e-18d2b1fd6657}\chrome\xulcache.jar
C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\z2ftmcfi.default\extensions\{817e63e5-f17f-44ff-ab6e-18d2b1fd6657}\defaults\preferences\xulcache.js
C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\z2ftmcfi.default\extensions\{817e63e5-f17f-44ff-ab6e-18d2b1fd6657}\install.rdf
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\svchost.exe
C:\Windows\system32\consrv.dll
C:\Windows\System64
C:\Windows\SysWow64\jucheck.exe
C:\Windows\SysWow64\jusched.exe
C:\Windows\SysWow64\muzapp.exe


((((((((((((((((((((((((( Files Created from 2012-07-16 to 2012-08-16 )))))))))))))))))))))))))))))))


2012-08-16 19:15:25 . 2012-08-16 19:56:31 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-16 07:14:39 . 2012-06-16 04:37:51 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-16 07:14:38 . 2012-06-16 05:25:51 609792 ----a-w- C:\Windows\system32\vbscript.dll
2012-08-16 07:14:38 . 2012-06-16 05:25:03 850944 ----a-w- C:\Windows\system32\jscript.dll
2012-08-16 07:14:27 . 2012-07-04 21:23:55 41472 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-16 07:14:25 . 2012-07-04 22:04:36 73216 ----a-w- C:\Windows\system32\netapi32.dll
2012-08-16 07:14:25 . 2012-07-04 22:01:38 58880 ----a-w- C:\Windows\system32\browcli.dll
2012-08-16 07:14:25 . 2012-07-04 22:01:38 136704 ----a-w- C:\Windows\system32\browser.dll
2012-08-12 01:30:51 . 2012-08-12 01:30:52 -------- d-----w- C:\Users\Amanda\AppData\Local\Adobe
2012-08-10 19:34:31 . 2012-08-16 21:05:38 -------- d-----w- C:\Users\Amanda\AppData\Roaming\Dropbox
2012-08-10 06:33:33 . 2012-08-10 06:33:33 -------- d-----w- C:\Temp
2012-08-09 20:08:55 . 2012-08-10 19:26:08 -------- d-----w- C:\Users\Amanda\AppData\Local\Adobe-BackupByPhotoshopCS6Portable
2012-08-09 20:08:50 . 2012-08-11 03:06:18 -------- d-----w- C:\Users\Amanda\AppData\Roaming\Adobe-BackupByPhotoshopCS6Portable
2012-08-08 22:17:25 . 2012-08-10 06:47:25 770912 ----a-w- C:\Windows\SysWow64\Msfdbqp.dll
2012-08-08 22:17:25 . 2012-08-10 06:47:25 397152 ----a-w- C:\Windows\SysWow64\Msfdbse.dll
2012-08-08 22:17:25 . 2012-08-10 06:47:25 189792 ----a-w- C:\Windows\SysWow64\SimpleProviders2.dll
2012-08-08 22:17:25 . 2012-08-10 06:47:24 511328 ----a-w- C:\Windows\SysWow64\Synchronization2.dll
2012-08-08 22:17:25 . 2012-08-10 06:47:24 253280 ----a-w- C:\Windows\SysWow64\MetaStore2.dll
2012-08-08 22:17:25 . 2012-08-10 06:47:24 230240 ----a-w- C:\Windows\SysWow64\Msfdb.dll
2012-08-08 22:17:25 . 2012-08-10 06:47:24 171360 ----a-w- C:\Windows\SysWow64\FileSyncProvider2.dll
2012-08-08 22:17:25 . 2012-08-10 06:47:24 156512 ----a-w- C:\Windows\SysWow64\FeedSync2.dll
2012-08-08 21:13:27 . 2012-08-13 01:12:33 -------- d-----w- C:\Users\Amanda\AppData\Local\Samsung
2012-08-08 21:13:19 . 2012-08-13 01:08:15 -------- d-----w- C:\Users\Amanda\AppData\Roaming\Samsung
2012-08-08 21:09:14 . 2011-06-02 05:47:22 13800 ----a-w- C:\Windows\system32\drivers\ssadwh.sys
2012-08-08 21:09:14 . 2010-12-21 05:55:02 1917416 ----a-w- C:\Windows\system32\WdfCoInstaller01005.dll
2012-08-08 21:09:14 . 2010-12-21 05:55:02 1917416 ----a-w- C:\Windows\system32\drivers\WdfCoInstaller01005.dll
2012-08-08 21:09:12 . 2011-06-02 05:47:22 13288 ----a-w- C:\Windows\system32\drivers\ssadcm.sys
2012-08-08 21:07:26 . 2012-07-30 18:16:48 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2012-08-08 21:06:51 . 2012-08-13 07:05:35 -------- d-----w- C:\Program Files (x86)\MarkAny
2012-08-08 21:06:16 . 2012-08-09 07:05:23 -------- d-----w- C:\Program Files (x86)\Samsung
2012-08-08 21:03:25 . 2012-08-10 05:52:21 -------- d-----w- C:\Users\Amanda\AppData\Local\Downloaded Installations
2012-08-06 22:44:58 . 2012-08-06 23:29:32 -------- d-----w- C:\ProgramData\Adobe-BackupByPhotoshopCS6Portable
2012-07-30 17:32:08 . 2012-07-30 17:32:08 708168 ----a-w- C:\Windows\system32\WinUSBCoInstaller.dll
2012-07-30 17:32:08 . 2012-07-30 17:32:08 1490656 ----a-w- C:\Windows\system32\WdfCoInstaller01007.dll
2012-07-21 02:55:19 . 2012-07-21 02:55:19 322048 ----a-w- C:\Users\Amanda\AppData\Roaming\Microsoft\36C9\57C.exe
2012-07-19 17:25:53 . 2012-07-19 17:25:53 322048 ----a-w- C:\Users\Amanda\AppData\Roaming\Microsoft\36C9\6640.exe
2012-07-19 01:28:34 . 2012-07-19 01:28:34 204800 ----a-w- C:\Users\Amanda\AppData\Roaming\Microsoft\36C9\8259.exe
2012-07-19 01:28:17 . 2012-07-19 01:28:17 322048 ----a-w- C:\Users\Amanda\AppData\Roaming\Microsoft\36C9\3A12.exe
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-07-17 15:41:51 . 2012-07-17 15:41:51 322048 ----a-w- C:\Users\Amanda\AppData\Roaming\Microsoft\36C9\1EA6.exe
2012-07-17 02:40:18 . 2012-07-17 02:40:18 204800 ----a-w- C:\Users\Amanda\AppData\Roaming\Microsoft\36C9\E37C.exe
2012-07-17 02:40:03 . 2012-07-17 02:40:03 322048 ----a-w- C:\Users\Amanda\AppData\Roaming\Microsoft\36C9\AAFD.exe
2012-07-14 16:32:48 . 2012-07-14 16:32:48 322048 ----a-w- C:\Users\Amanda\AppData\Roaming\Microsoft\36C9\275D.exe
2012-07-10 12:20:58 . 2012-07-10 12:20:58 322048 ----a-w- C:\Users\Amanda\AppData\Roaming\Microsoft\36C9\2451.exe
2012-07-09 18:54:45 . 2012-07-09 18:54:45 322560 ----a-w- C:\Users\Amanda\AppData\Roaming\Microsoft\36C9\1708.exe
2012-07-06 03:50:13 . 2012-07-06 03:50:13 322048 ----a-w- C:\Users\Amanda\AppData\Roaming\Microsoft\36C9\187F.exe
2012-07-05 17:12:59 . 2012-07-05 17:12:59 204288 ----a-w- C:\Users\Amanda\AppData\Roaming\Microsoft\36C9\9BA3.exe
2012-07-05 17:12:45 . 2012-07-05 17:12:45 322048 ----a-w- C:\Users\Amanda\AppData\Roaming\Microsoft\36C9\668E.exe
2012-06-29 18:26:39 . 2012-06-29 18:26:39 322560 ----a-w- C:\Users\Amanda\AppData\Roaming\Microsoft\36C9\3310.exe
2012-06-28 22:53:26 . 2010-06-11 01:14:15 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-06-28 22:43:03 . 2010-07-03 21:08:15 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-06-28 22:42:47 . 2010-07-03 21:08:03 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-06-26 20:02:38 . 2012-06-26 20:02:38 974848 ----a-w- C:\Windows\SysWow64\cis-2.4.dll
2012-06-26 20:02:38 . 2012-06-26 20:02:38 81920 ----a-w- C:\Windows\SysWow64\issacapi_bs-2.3.dll
2012-06-26 20:02:38 . 2012-06-26 20:02:38 65536 ----a-w- C:\Windows\SysWow64\issacapi_pe-2.3.dll
2012-06-26 20:02:38 . 2012-06-26 20:02:38 57344 ----a-w- C:\Windows\SysWow64\MTXSYNCICON.dll
2012-06-26 20:02:38 . 2012-06-26 20:02:38 57344 ----a-w- C:\Windows\SysWow64\MK_Lyric.dll
2012-06-26 20:02:38 . 2012-06-26 20:02:38 57344 ----a-w- C:\Windows\SysWow64\issacapi_se-2.3.dll
2012-06-26 20:02:38 . 2012-06-26 20:02:38 569344 ----a-w- C:\Windows\SysWow64\muzdecode.ax
2012-06-26 20:02:38 . 2012-06-26 20:02:38 491520 ----a-w- C:\Windows\SysWow64\muzapp.dll
2012-06-26 20:02:38 . 2012-06-26 20:02:38 49152 ----a-w- C:\Windows\SysWow64\MaJGUILib.dll
2012-06-26 20:02:38 . 2012-06-26 20:02:38 45320 ----a-w- C:\Windows\SysWow64\MAMACExtract.dll
2012-06-26 20:02:38 . 2012-06-26 20:02:38 45056 ----a-w- C:\Windows\SysWow64\MaXMLProto.dll
2012-06-26 20:02:38 . 2012-06-26 20:02:38 45056 ----a-w- C:\Windows\SysWow64\MACXMLProto.dll
2012-06-26 20:02:38 . 2012-06-26 20:02:38 40960 ----a-w- C:\Windows\SysWow64\MTTELECHIP.dll
2012-06-26 20:02:38 . 2012-06-26 20:02:38 352256 ----a-w- C:\Windows\SysWow64\MSLUR71.dll
2012-06-26 20:02:38 . 2012-06-26 20:02:38 258048 ----a-w- C:\Windows\SysWow64\muzoggsp.ax
2012-06-26 20:02:38 . 2012-06-26 20:02:38 245760 ----a-w- C:\Windows\SysWow64\MSCLib.dll
2012-06-26 20:02:38 . 2012-06-26 20:02:38 24576 ----a-w- C:\Windows\SysWow64\MASetupCleaner.exe
2012-06-26 20:02:38 . 2012-06-26 20:02:38 200704 ----a-w- C:\Windows\SysWow64\muzwmts.dll
2012-06-26 20:02:38 . 2012-06-26 20:02:38 155648 ----a-w- C:\Windows\SysWow64\MSFLib.dll
2012-06-26 20:02:38 . 2012-06-26 20:02:38 143360 ----a-w- C:\Windows\SysWow64\3DAudio.ax
2012-06-26 20:02:38 . 2012-06-26 20:02:38 135168 ----a-w- C:\Windows\SysWow64\muzaf1.dll
2012-06-26 20:02:38 . 2012-06-26 20:02:38 131072 ----a-w- C:\Windows\SysWow64\muzmpgsp.ax
2012-06-26 20:02:38 . 2012-06-26 20:02:38 122880 ----a-w- C:\Windows\SysWow64\muzeffect.ax
2012-06-26 20:02:38 . 2012-06-26 20:02:38 118784 ----a-w- C:\Windows\SysWow64\MaDRM.dll
2012-06-26 20:02:38 . 2012-06-26 20:02:38 110592 ----a-w- C:\Windows\SysWow64\muzmp4sp.ax
2012-06-25 17:40:19 . 2012-06-25 17:40:19 322048 ----a-w- C:\Users\Amanda\AppData\Roaming\Microsoft\36C9\30B0.exe
2012-06-25 15:13:07 . 2012-06-25 15:13:07 322560 ----a-w- C:\Users\Amanda\AppData\Roaming\Microsoft\36C9\2A3A.exe
2012-06-24 23:37:49 . 2012-06-24 23:37:49 321024 ----a-w- C:\Users\Amanda\AppData\Roaming\Microsoft\36C9\868.exe
2012-06-22 15:18:19 . 2012-06-22 15:18:19 204288 ----a-w- C:\Users\Amanda\AppData\Roaming\Microsoft\36C9\4EBB.exe
2012-06-21 17:16:25 . 2012-06-21 17:16:25 99328 ----a-w- C:\Users\Amanda\AppData\Roaming\Microsoft\36C9\4C89.tmp
2012-06-15 16:08:49 . 2012-06-15 16:08:49 320512 ----a-w- C:\Users\Amanda\AppData\Roaming\Microsoft\36C9\3B7.exe
2012-06-09 05:30:56 . 2012-07-17 15:51:34 14165504 ----a-w- C:\Windows\system32\shell32.dll
2012-06-08 19:55:31 . 2012-06-08 19:55:31 320000 ----a-w- C:\Users\Amanda\AppData\Roaming\Microsoft\36C9\33EB.exe
2012-06-07 05:05:48 . 2012-06-07 05:05:48 204288 ----a-w- C:\Users\Amanda\AppData\Roaming\Microsoft\36C9\5B59.exe
2012-06-07 05:05:33 . 2012-06-07 05:05:33 321024 ----a-w- C:\Users\Amanda\AppData\Roaming\Microsoft\36C9\23D4.exe
2012-06-06 05:50:50 . 2012-07-17 15:51:53 2003968 ----a-w- C:\Windows\system32\msxml6.dll
2012-06-06 05:50:50 . 2012-07-17 15:51:52 1880064 ----a-w- C:\Windows\system32\msxml3.dll
2012-06-06 05:09:46 . 2012-07-17 15:51:52 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:09:46 . 2012-07-17 15:51:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-02 22:19:46 . 2012-06-25 15:16:39 38424 ----a-w- C:\Windows\system32\wups.dll
2012-06-02 22:19:43 . 2012-06-25 15:16:54 2428952 ----a-w- C:\Windows\system32\wuaueng.dll
2012-06-02 22:19:42 . 2012-06-25 15:16:54 57880 ----a-w- C:\Windows\system32\wuauclt.exe
2012-06-02 22:19:42 . 2012-06-25 15:16:54 44056 ----a-w- C:\Windows\system32\wups2.dll
2012-06-02 22:19:23 . 2012-06-25 15:16:39 701976 ----a-w- C:\Windows\system32\wuapi.dll
2012-06-02 22:15:31 . 2012-06-25 15:16:54 2622464 ----a-w- C:\Windows\system32\wucltux.dll
2012-06-02 22:15:08 . 2012-06-25 15:16:39 99840 ----a-w- C:\Windows\system32\wudriver.dll
2012-06-02 19:19:42 . 2012-06-25 15:16:26 186752 ----a-w- C:\Windows\system32\wuwebv.dll
2012-06-02 19:15:12 . 2012-06-25 15:16:26 36864 ----a-w- C:\Windows\system32\wuapp.exe
2012-06-02 05:38:26 . 2012-07-17 15:51:24 95088 ----a-w- C:\Windows\system32\drivers\ksecdd.sys
2012-06-02 05:38:24 . 2012-07-17 15:51:24 152432 ----a-w- C:\Windows\system32\drivers\ksecpkg.sys
2012-06-02 05:37:45 . 2012-07-17 15:51:24 459216 ----a-w- C:\Windows\system32\drivers\cng.sys
2012-06-02 05:27:02 . 2012-07-17 15:51:24 340992 ----a-w- C:\Windows\system32\schannel.dll
2012-06-02 05:27:00 . 2012-07-17 15:51:24 307200 ----a-w- C:\Windows\system32\ncrypt.dll
2012-06-02 04:48:39 . 2012-07-17 15:51:24 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:48:35 . 2012-07-17 15:51:24 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:47:31 . 2012-07-17 15:51:24 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:42:51 . 2012-07-17 15:51:24 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 16:32:07 . 2012-05-31 16:32:07 315392 ----a-w- C:\Users\Amanda\AppData\Roaming\Microsoft\36C9\FCF4.exe
2012-05-30 21:58:38 . 2012-05-30 21:58:38 315392 ----a-w- C:\Users\Amanda\AppData\Roaming\Microsoft\36C9\A5C.exe
2012-05-28 17:11:06 . 2012-05-28 17:11:06 315392 ----a-w- C:\Users\Amanda\AppData\Roaming\Microsoft\36C9\21E1.exe
2012-05-25 03:47:39 . 2012-05-25 03:47:39 321536 ----a-w- C:\Users\Amanda\AppData\Roaming\Microsoft\36C9\26F0.exe
2012-05-24 18:26:11 . 2012-05-24 18:26:11 321536 ----a-w- C:\Users\Amanda\AppData\Roaming\Microsoft\36C9\3E76.exe
2012-05-20 02:38:08 . 2012-05-20 02:38:08 278016 ----a-w- C:\Users\Amanda\AppData\Roaming\Microsoft\36C9\B624.exe
2012-05-19 15:46:54 . 2012-05-19 15:46:54 183808 ----a-w- C:\Users\Amanda\AppData\Roaming\Microsoft\36C9\4F39.exe
2012-05-19 15:46:40 . 2012-05-19 15:46:40 277504 ----a-w- C:\Users\Amanda\AppData\Roaming\Microsoft\36C9\1785.exe
2012-05-19 00:45:40 . 2011-03-28 22:36:46 19736 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-19 00:37:43 . 2010-09-10 04:27:19 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19:10 94208 ----a-w- C:\Users\Amanda\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19:10 94208 ----a-w- C:\Users\Amanda\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19:10 94208 ----a-w- C:\Users\Amanda\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 14:59:08 206064]

C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
Dropbox.lnk - C:\Users\Amanda\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-24 26909544]

C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - C:\Program Files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R2 0040081323473193mcinstcleanup;McAfee Application Installer Cleanup (0040081323473193);C:\Users\Amanda\AppData\Local\Temp\004008~1.EXE [x]
R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-28 02:54:36 136176]
R2 McMPFSvc;McAfee Personal Firewall;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R3 easytether;easytether;C:\Windows\system32\DRIVERS\easytthr.sys [x]
R3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-28 02:54:36 136176]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 17:33:14 113120]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-04 13:07:45 1255736]
S0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [2009-07-09 09:00:00 55280]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 00:07:22 59904]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-06-09 16:11:14 155648]
S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-03-04 17:28:08 658656]
S3 CryptOSD;Phoenix CryptOSD Device Driver;C:\Windows\system32\DRIVERS\CryptOSD.sys [2009-09-18 01:21:40 415360]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 19:06:42 172704]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys [2009-05-08 08:15:18 215552]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys [2009-05-20 03:10:00 393728]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - WS2IFSL

Contents of the 'Scheduled Tasks' folder

2012-08-16 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-28 04:10:46 . 2010-08-28 02:54:36]

2012-08-16 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-28 04:10:46 . 2010-08-28 02:54:36]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19:10 97792 ----a-w- C:\Users\Amanda\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19:10 97792 ----a-w- C:\Users\Amanda\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19:10 97792 ----a-w- C:\Users\Amanda\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19:10 97792 ----a-w- C:\Users\Amanda\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2009-01-23 03:07:28 305664]
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" [2009-06-29 04:44:38 444416]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2009-06-30 06:03:04 165912]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2009-06-30 06:02:50 385560]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2009-06-30 06:02:56 365080]
"Broadcom Wireless Manager UI"="C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 01:06:22 4968960]
"QuickSet"="C:\Program Files\Dell\QuickSet\QuickSet.exe" [2009-07-02 22:15:22 3180624]
"IAAnotif"="C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 01:03:32 186904]
"combofix"="C:\ComboFix\CF2956.3XE" [2009-07-14 01:39:01 344576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0

------- Supplementary Scan -------

uLocal Page = C:\Windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:54424
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\z2ftmcfi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 54424
FF - prefs.js: network.proxy.type - 0

- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKU-Default-Run-ctfdevice - C:\ProgramData\ctfdevice.exe
Wow6432Node-HKU-Default-Run-dlldevice - C:\Windows\system32\config\systemprofile\AppData\Roaming\dlldevice.exe
Wow6432Node-HKU-Default-Run-dplaysvr - C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
SafeBoot-35573299.sys
Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
  • 0

#8
honz
Posted 16 August 2012 - 03:16 PM

honz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Farbar Service Scanner Version: 06-08-2012
Ran by Amanda (administrator) on 16-08-2012 at 17:15:38
Running from "C:\Users\Amanda\Desktop"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-20 15:48] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-18 13:55] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-07-17 11:51] - [2012-04-24 01:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#9
Essexboy
Posted 16 August 2012 - 03:57 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer now ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image


    :Files
    ipconfig /flushdns /c
    C:\Users\Amanda\AppData\Roaming\Microsoft\36C9
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that

FINALLY

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#10
honz
Posted 16 August 2012 - 06:59 PM

honz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Computer is running much better now!
:thumbsup:

OTL logfile created on: 8/16/2012 6:27:47 PM - Run 3
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Amanda\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.89 Gb Available Physical Memory | 72.97% Memory free
7.92 Gb Paging File | 6.69 Gb Available in Paging File | 84.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 344.07 Gb Free Space | 76.28% Space Free | Partition Type: NTFS
Drive D: | 407.92 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: AMANDA-PC | User Name: Amanda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/16 18:21:43 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Amanda\Desktop\OTL.exe
PRC - [2012/07/19 13:33:15 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/14 00:11:46 | 000,186,832 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe
PRC - [2010/03/04 13:28:08 | 000,658,656 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/06/09 12:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/06/04 21:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/05/21 10:59:14 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\gs_agent\dsc.exe
PRC - [2009/05/21 10:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 10:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/19 13:33:14 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/05/19 17:05:47 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012/05/19 17:05:40 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/05/19 17:05:29 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2011/06/22 18:50:56 | 006,271,136 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McMPFSvc)
SRV:64bit: - [2009/07/16 21:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/29 00:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/06/09 12:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2012/07/19 13:33:14 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010/07/31 23:24:23 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/08 21:03:58 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/04 13:28:08 | 000,658,656 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2009/06/29 00:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe -- (STacSV)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 20:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/05/21 10:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/09/17 21:21:40 | 000,415,360 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CryptOSD.sys -- (CryptOSD)
DRV:64bit: - [2009/07/16 21:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/16 21:06:18 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/29 00:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/15 15:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 06:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/06/02 23:16:56 | 007,333,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/05/19 23:10:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/05/08 04:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/02/05 07:54:10 | 000,225,328 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{2E58D3AF-7ED6-49D5-B98B-E72303684EC1}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...mrud=24-09-2010
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{A2FD40B5-F212-4F45-87F7-12D44E490828}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2786678
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 0A 57 5E 12 C8 7E F1 44 B1 88 E2 DE ED E4 BE 1B [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...search&AF=18556
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADFA_enUS396
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678
IE - HKCU\..\SearchScopes\{c8b322ce-7838-418e-adb2-6aa25235aa35}: "URL" = http://slirsredirect...mrud=24-09-2010
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:54424

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentBar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..keyword.URL: "http://search.condui...d=CT2786678&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 54424
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Amanda\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010/08/28 00:10:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/12 15:53:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 13:33:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Amanda\AppData\Roaming\Move Networks [2010/06/03 21:18:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 13:33:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/06/22 18:49:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Extensions
[2012/07/16 22:51:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\z2ftmcfi.default\extensions
[2012/07/16 22:51:27 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\z2ftmcfi.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2012/01/03 18:29:10 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\z2ftmcfi.default\extensions\[email protected]
[2011/12/06 06:04:42 | 000,000,925 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\z2ftmcfi.default\searchplugins\conduit.xml
[2012/06/21 13:19:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/03 21:18:41 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\AMANDA\APPDATA\ROAMING\MOVE NETWORKS
[2012/07/19 13:33:15 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/14 18:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/14 18:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - Extension: YouTube = C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/08/16 18:23:04 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~2\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - Startup: C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Amanda\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} http://content9.mite...XCltInstall.dll (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{422FE7BC-A81F-4C80-871E-C292E096401E}: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9E68976-1801-4D34-912A-9ABABC121316}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/16 18:23:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/16 18:23:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/16 18:21:42 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Amanda\Desktop\OTL.exe
[2012/08/16 17:13:05 | 000,693,235 | ---- | C] (Farbar) -- C:\Users\Amanda\Desktop\FSS.exe
[2012/08/16 17:10:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/16 16:00:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/16 16:00:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/16 16:00:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/16 16:00:38 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/08/16 15:58:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/16 15:57:53 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/16 15:57:06 | 004,731,953 | R--- | C] (Swearware) -- C:\Users\Amanda\Desktop\ComboFix.exe
[2012/08/16 15:15:25 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/16 15:12:47 | 002,208,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Amanda\Desktop\tdsskiller.exe
[2012/08/11 21:30:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/08/11 21:30:51 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\Adobe
[2012/08/11 21:30:47 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\Adobe
[2012/08/10 15:35:14 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/08/10 15:34:31 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\Dropbox
[2012/08/10 02:33:33 | 000,000,000 | ---D | C] -- C:\Temp
[2012/08/09 16:08:55 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\Adobe-BackupByPhotoshopCS6Portable
[2012/08/09 16:08:50 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\Adobe-BackupByPhotoshopCS6Portable
[2012/08/08 18:25:02 | 000,000,000 | ---D | C] -- C:\Windows\Fonts\.svn
[2012/08/08 17:13:27 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\Samsung
[2012/08/08 17:13:19 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\Samsung
[2012/08/08 17:13:09 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Documents\samsung
[2012/08/08 17:09:14 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwh.sys
[2012/08/08 17:09:12 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcm.sys
[2012/08/08 17:07:26 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2012/08/08 17:06:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2012/08/08 17:06:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2012/08/08 17:03:25 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\Downloaded Installations
[2012/08/08 16:52:41 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Desktop\phone content
[2012/08/06 18:44:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe-BackupByPhotoshopCS6Portable
[2012/08/01 19:06:52 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Desktop\copy and paste
[2012/08/01 17:06:38 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Desktop\myc july2012
[2012/07/18 21:31:49 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Desktop\devitt

========== Files - Modified Within 30 Days ==========

[2012/08/16 18:32:47 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/16 18:32:47 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/16 18:25:46 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/16 18:25:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/16 18:25:10 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/16 18:23:04 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/08/16 18:21:43 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Amanda\Desktop\OTL.exe
[2012/08/16 18:17:15 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/16 17:13:06 | 000,693,235 | ---- | M] (Farbar) -- C:\Users\Amanda\Desktop\FSS.exe
[2012/08/16 15:57:19 | 004,731,953 | R--- | M] (Swearware) -- C:\Users\Amanda\Desktop\ComboFix.exe
[2012/08/16 15:10:12 | 002,208,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Amanda\Desktop\tdsskiller.exe
[2012/08/16 15:10:04 | 005,133,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/16 14:34:20 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/16 14:34:20 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/16 14:34:20 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/16 12:58:29 | 000,000,089 | ---- | M] () -- C:\Users\Amanda\Desktop\A big mess- Malware - Geeks to Go Forums.URL
[2012/08/11 21:55:36 | 000,336,036 | ---- | M] () -- C:\Users\Amanda\Desktop\j.jpg
[2012/08/11 21:53:53 | 000,164,130 | ---- | M] () -- C:\Users\Amanda\Desktop\IMG_20120811_214208.jpg
[2012/08/11 21:35:01 | 000,216,016 | ---- | M] () -- C:\Users\Amanda\Desktop\7762048924_70047b9210.jpg
[2012/08/11 21:21:33 | 000,145,150 | ---- | M] () -- C:\Users\Amanda\Desktop\7762041900_2922ff20db.jpg
[2012/08/11 21:20:16 | 000,146,488 | ---- | M] () -- C:\Users\Amanda\Desktop\7762049140_01d831308f.jpg
[2012/08/11 21:16:04 | 002,394,108 | ---- | M] () -- C:\Users\Amanda\Desktop\20120811_182023-1.jpg
[2012/08/10 18:49:20 | 000,081,634 | ---- | M] () -- C:\Users\Amanda\Desktop\527060_390688404319426_528452038_n.jpg
[2012/08/10 18:42:49 | 000,030,893 | ---- | M] () -- C:\Users\Amanda\Desktop\424289_10151102203121907_836461213_n.jpg
[2012/08/10 16:01:03 | 000,001,005 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/08/10 15:58:03 | 000,214,215 | ---- | M] () -- C:\Users\Amanda\Desktop\1.jpg
[2012/08/10 02:30:23 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012/08/10 02:21:06 | 001,664,515 | ---- | M] () -- C:\Users\Amanda\Desktop\20120303_020929.jpg
[2012/08/09 16:41:54 | 000,658,876 | ---- | M] () -- C:\Users\Amanda\Desktop\Untitled-1.jpg
[2012/08/09 14:06:47 | 366,501,003 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/08 17:41:17 | 000,000,378 | ---- | M] () -- C:\Users\Amanda\Desktop\Document.rtf
[2012/08/08 17:17:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2012/08/07 12:47:22 | 000,047,612 | ---- | M] () -- C:\Users\Amanda\Desktop\552083_10151085909814701_171552911_n.jpg
[2012/07/30 14:16:48 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2012/07/18 22:44:56 | 000,000,112 | -H-- | M] () -- C:\F3F9DCABD663
[2012/07/18 22:44:56 | 000,000,112 | -H-- | M] () -- C:\3C23943CFE43

========== Files Created - No Company Name ==========

[2012/08/16 16:00:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/16 16:00:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/16 16:00:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/16 16:00:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/16 16:00:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/16 12:58:29 | 000,000,089 | ---- | C] () -- C:\Users\Amanda\Desktop\A big mess- Malware - Geeks to Go Forums.URL
[2012/08/11 21:55:34 | 000,336,036 | ---- | C] () -- C:\Users\Amanda\Desktop\j.jpg
[2012/08/11 21:53:52 | 000,164,130 | ---- | C] () -- C:\Users\Amanda\Desktop\IMG_20120811_214208.jpg
[2012/08/11 21:21:33 | 000,145,150 | ---- | C] () -- C:\Users\Amanda\Desktop\7762041900_2922ff20db.jpg
[2012/08/11 21:20:16 | 000,146,488 | ---- | C] () -- C:\Users\Amanda\Desktop\7762049140_01d831308f.jpg
[2012/08/11 21:20:01 | 000,216,016 | ---- | C] () -- C:\Users\Amanda\Desktop\7762048924_70047b9210.jpg
[2012/08/11 21:16:00 | 002,394,108 | ---- | C] () -- C:\Users\Amanda\Desktop\20120811_182023-1.jpg
[2012/08/10 18:49:18 | 000,081,634 | ---- | C] () -- C:\Users\Amanda\Desktop\527060_390688404319426_528452038_n.jpg
[2012/08/10 18:42:49 | 000,030,893 | ---- | C] () -- C:\Users\Amanda\Desktop\424289_10151102203121907_836461213_n.jpg
[2012/08/10 15:40:09 | 000,214,215 | ---- | C] () -- C:\Users\Amanda\Desktop\1.jpg
[2012/08/10 15:35:25 | 000,001,005 | ---- | C] () -- C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/08/10 02:30:23 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012/08/10 02:21:40 | 002,390,797 | ---- | C] () -- C:\Users\Amanda\Desktop\20120303_020542.jpg
[2012/08/10 02:21:40 | 002,151,538 | ---- | C] () -- C:\Users\Amanda\Desktop\20120303_020546.jpg
[2012/08/10 02:21:40 | 001,934,483 | ---- | C] () -- C:\Users\Amanda\Desktop\20120303_020528.jpg
[2012/08/10 02:21:39 | 001,950,128 | ---- | C] () -- C:\Users\Amanda\Desktop\20120303_020513.jpg
[2012/08/09 16:14:58 | 000,658,876 | ---- | C] () -- C:\Users\Amanda\Desktop\Untitled-1.jpg
[2012/08/09 16:10:27 | 000,111,482 | ---- | C] () -- C:\Users\Amanda\Desktop\934_untitled_325 (2).jpg
[2012/08/09 16:10:20 | 000,129,065 | ---- | C] () -- C:\Users\Amanda\Desktop\934_untitled_304.jpg
[2012/08/08 17:41:17 | 000,000,378 | ---- | C] () -- C:\Users\Amanda\Desktop\Document.rtf
[2012/08/08 17:17:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2012/08/07 12:47:21 | 000,047,612 | ---- | C] () -- C:\Users\Amanda\Desktop\552083_10151085909814701_171552911_n.jpg
[2012/07/18 22:44:56 | 000,000,112 | -H-- | C] () -- C:\F3F9DCABD663
[2012/07/18 22:44:56 | 000,000,112 | -H-- | C] () -- C:\3C23943CFE43
[2012/06/26 16:02:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/06/26 16:02:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/06/26 16:02:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/06/26 16:02:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/12/12 22:30:52 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/12/12 22:30:52 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/08/10 23:27:58 | 000,009,216 | ---- | C] () -- C:\Users\Amanda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/02 18:57:55 | 000,000,482 | ---- | C] () -- C:\Users\Amanda\AppData\Roaming\wklnhst.dat

========== LOP Check ==========

[2010/07/30 22:11:31 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\acccore
[2012/08/16 18:26:34 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Dropbox
[2012/08/16 17:14:32 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Samsung
[2010/06/06 22:44:43 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/06/15 19:28:18 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Template
[2012/03/15 15:10:22 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\uTorrent
[2012/01/25 21:39:22 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Windows Live Writer
[2011/11/07 12:31:12 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\zLLL9hhTXq
[2012/06/06 01:22:54 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#11
honz
Posted 16 August 2012 - 06:59 PM

honz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
# AdwCleaner v1.801 - Logfile created 08/16/2012 at 18:59:19
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Amanda - AMANDA-PC
# Boot Mode : Normal
# Running from : C:\Users\Amanda\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Amanda\AppData\Local\Conduit
Folder Deleted : C:\Users\Amanda\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Amanda\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\z2ftmcfi.default\ConduitCommon
Folder Deleted : C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\z2ftmcfi.default\CT2786678
Folder Deleted : C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\z2ftmcfi.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
Folder Deleted : C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\z2ftmcfi.default\extensions\[email protected]
Folder Deleted : C:\Program Files\Babylon
File Deleted : C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\z2ftmcfi.default\searchplugins\Conduit.xml

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678 --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\z2ftmcfi.default\prefs.js

Deleted : user_pref("CT2786678..clientLogIsEnabled", false);
Deleted : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2786678.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2786678.AppTrackingLastCheckTime", "Thu Aug 16 2012 15:31:52 GMT-0400 (Eastern Daylight[...]
Deleted : user_pref("CT2786678.BrowserCompStateIsOpen_129579220236217502", true);
Deleted : user_pref("CT2786678.CTID", "CT2786678");
Deleted : user_pref("CT2786678.CommunitiesChangesLastCheckTime", "0");
Deleted : user_pref("CT2786678.CurrentServerDate", "16-8-2012");
Deleted : user_pref("CT2786678.DSChangedManually", true);
Deleted : user_pref("CT2786678.DSInstall", true);
Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2786678.DialogsGetterLastCheckTime", "Wed Aug 15 2012 17:59:11 GMT-0400 (Eastern Daylig[...]
Deleted : user_pref("CT2786678.DownloadReferralCookieData", "");
Deleted : user_pref("CT2786678.EMailNotifierPollDate", "Thu Aug 16 2012 14:49:30 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT2786678.FeedLastCount5690698542593514850", 281);
Deleted : user_pref("CT2786678.FeedPollDate2429156812186649977", "Thu Aug 16 2012 14:30:11 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813040823546", "Thu Aug 16 2012 14:30:10 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813130095866", "Thu Aug 16 2012 14:30:10 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813224203613", "Thu Aug 16 2012 14:30:10 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813230837251", "Thu Aug 16 2012 14:30:10 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813454291735", "Thu Aug 16 2012 14:30:10 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813729834876", "Thu Aug 16 2012 14:30:10 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813860870021", "Thu Aug 16 2012 14:30:11 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156814264681793", "Thu Aug 16 2012 14:30:10 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156814863075366", "Thu Aug 16 2012 14:30:10 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156815257761081", "Thu Aug 16 2012 14:30:10 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.FeedTTL2429156813040823546", 15);
Deleted : user_pref("CT2786678.FeedTTL2429156813130095866", 10);
Deleted : user_pref("CT2786678.FeedTTL2429156813454291735", 5);
Deleted : user_pref("CT2786678.FeedTTL2429156814264681793", 5);
Deleted : user_pref("CT2786678.FirstServerDate", "16-12-2011");
Deleted : user_pref("CT2786678.FirstTime", true);
Deleted : user_pref("CT2786678.FirstTimeFF3", true);
Deleted : user_pref("CT2786678.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2786678.GroupingInvalidateCache", false);
Deleted : user_pref("CT2786678.GroupingLastCheckTime", "0");
Deleted : user_pref("CT2786678.GroupingLastServerUpdateTime", "0");
Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2786678.HPInstall", false);
Deleted : user_pref("CT2786678.HasUserGlobalKeys", true);
Deleted : user_pref("CT2786678.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2786678.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties");
Deleted : user_pref("CT2786678.Initialize", true);
Deleted : user_pref("CT2786678.InitializeCommonPrefs", true);
Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2786678.InstallationType", "Unknown");
Deleted : user_pref("CT2786678.InstalledDate", "Thu Dec 15 2011 20:49:32 GMT-0500 (Eastern Standard Time)");
Deleted : user_pref("CT2786678.InvalidateCache", false);
Deleted : user_pref("CT2786678.IsAlertDBUpdated", true);
Deleted : user_pref("CT2786678.IsGrouping", false);
Deleted : user_pref("CT2786678.IsInitSetupIni", true);
Deleted : user_pref("CT2786678.IsMulticommunity", false);
Deleted : user_pref("CT2786678.IsOpenThankYouPage", true);
Deleted : user_pref("CT2786678.IsOpenUninstallPage", true);
Deleted : user_pref("CT2786678.IsProtectorsInit", true);
Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Thu Aug 16 2012 18:27:17 GMT-0400 (Eastern Dayligh[...]
Deleted : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2786678.LastLogin_3.10.0.1", "Thu Mar 15 2012 13:59:24 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2786678.LastLogin_3.14.1.0", "Thu Aug 16 2012 15:33:48 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2786678.LastLogin_3.8.1.0", "Wed Jan 11 2012 21:44:31 GMT-0500 (Eastern Standard Time)"[...]
Deleted : user_pref("CT2786678.LastLogin_3.9.0.3", "Thu Mar 08 2012 08:01:21 GMT-0500 (Eastern Standard Time)"[...]
Deleted : user_pref("CT2786678.LatestVersion", "3.14.1.0");
Deleted : user_pref("CT2786678.Locale", "en");
Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2786678.MCDetectTooltipShow", false);
Deleted : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2786678.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2786678.OriginalFirstVersion", "3.8.1.0");
Deleted : user_pref("CT2786678.RadioLastCheckTime", "0");
Deleted : user_pref("CT2786678.RadioLastUpdateIPServer", "0");
Deleted : user_pref("CT2786678.RadioLastUpdateServer", "0");
Deleted : user_pref("CT2786678.SearchCaption", "uTorrentBar Customized Web Search");
Deleted : user_pref("CT2786678.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Deleted : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT278[...]
Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Thu Aug 16 2012 18:27:16 GMT-0400 (Eastern Dayli[...]
Deleted : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT2786678.SearchProtectorEnabled", false);
Deleted : user_pref("CT2786678.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2786678.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2786678.ServiceMapLastCheckTime", "Thu Aug 16 2012 18:27:16 GMT-0400 (Eastern Daylight [...]
Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Thu Aug 16 2012 14:30:09 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT2786678.SettingsLastUpdate", "1344943776");
Deleted : user_pref("CT2786678.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13");
Deleted : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Tue Aug 07 2012 12:30:06 GMT-0400 (Eastern Day[...]
Deleted : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT2786678.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");
Deleted : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2786678.UserID", "UN47180058686121827");
Deleted : user_pref("CT2786678.ValidationData_Search", 0);
Deleted : user_pref("CT2786678.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2786678.WeatherNetwork", "");
Deleted : user_pref("CT2786678.WeatherPollDate", "Thu Aug 16 2012 14:30:11 GMT-0400 (Eastern Daylight Time)");
Deleted : user_pref("CT2786678.WeatherUnit", "C");
Deleted : user_pref("CT2786678.alertChannelId", "1178763");
Deleted : user_pref("CT2786678.approveUntrustedApps", false);
Deleted : user_pref("CT2786678.backendstorage.cb_experience_000", "3436");
Deleted : user_pref("CT2786678.backendstorage.cb_firstuse0100", "31");
Deleted : user_pref("CT2786678.backendstorage.cb_user_id_000", "43423233303333393533383037355F46697265666F78")[...]
Deleted : user_pref("CT2786678.backendstorage.cbcountry_001", "5553");
Deleted : user_pref("CT2786678.backendstorage.cbfirsttime", "5468752044656320313520323031312032303A34393A33332[...]
Deleted : user_pref("CT2786678.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
Deleted : user_pref("CT2786678.backendstorage.url_history", "687474703A2F2F7777772E66616365626F6F6B2E636F6D2F3[...]
Deleted : user_pref("CT2786678.backendstorage.url_history0001", "687474703A2F2F7777772E66616365626F6F6B2E636F6[...]
Deleted : user_pref("CT2786678.backendstorage.url_history_time", "31333234303831313831303132");
Deleted : user_pref("CT2786678.components.1000034", false);
Deleted : user_pref("CT2786678.components.1000234", false);
Deleted : user_pref("CT2786678.components.129309485163350924", false);
Deleted : user_pref("CT2786678.components.129309489763975460", false);
Deleted : user_pref("CT2786678.components.129315411424256896", false);
Deleted : user_pref("CT2786678.components.129526967958500204", false);
Deleted : user_pref("CT2786678.components.129579220236217502", false);
Deleted : user_pref("CT2786678.components.129789450454597254", false);
Deleted : user_pref("CT2786678.components.5690698542593514850", false);
Deleted : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Mon Aug 06 2012 15:45:33 GMT-0400 (Eastern [...]
Deleted : user_pref("CT2786678.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2786678.initDone", true);
Deleted : user_pref("CT2786678.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2786678.myStuffEnabled", true);
Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2786678.oldAppsList", "129295695672325902,129295695672325903,1000234,129789450454597254[...]
Deleted : user_pref("CT2786678.revertSettingsEnabled", false);
Deleted : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2786678.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2786678.testingCtid", "");
Deleted : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Thu Aug 16 2012 18:27:17 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Wed Aug 15 2012 17:59:11 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "uTorrentBar Customized Web Search");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2786678/CT2786678[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/US", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"827[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Amanda\\AppData\\Roaming\\Mozilla\\[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.14.1.0");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2786678");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2786678");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2786678");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Jul 16 2012 22:51:31 GMT-0400 (Eas[...]
Deleted : user_pref("CommunityToolbar.globalUserId", "6dfc26da-ca15-4284-92af-0ea2a10683f9");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2786678");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Aug 15 2012 17:59:1[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed Aug 15 2012 17:59:21 GMT-040[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Aug 15 2012 17:59:12 GMT-0400 (E[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "bb1e223d-de15-4538-b8e5-d8bf1c5776bd");
Deleted : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Deleted : user_pref("browser.search.defaultthis.engineName", "uTorrentBar Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&Sea[...]
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "orgnl");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 16);
Deleted : user_pref("extensions.BabylonToolbar.cntry", "US");
Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "22A7B6342635730AAA65B92D122EC612");
Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
Deleted : user_pref("extensions.BabylonToolbar.lastActv", "3");
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 16);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "");
Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "14.0");
Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP");
Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 83716038);
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "free");
Deleted : user_pref("extensions.enabledAddons", "[email protected]:1.2.0,[email protected]:7,{bf73[...]
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=");

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "description": "The fastest way to search the web.",
Deleted : "urls_to_restore_on_startup": [ "hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=48" ]

*************************

AdwCleaner[S1].txt - [21980 octets] - [16/08/2012 18:59:19]

########## EOF - C:\AdwCleaner[S1].txt - [22109 octets] ##########
  • 0

#12
honz
Posted 16 August 2012 - 07:00 PM

honz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.17.01

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Amanda :: AMANDA-PC [administrator]

8/16/2012 8:54:05 PM
mbam-log-2012-08-16 (20-54-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197532
Time elapsed: 2 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\System32\config\systemprofile\AppData\Roaming\9ED00\ABC36.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.

(end)
  • 0

#13
Essexboy
Posted 17 August 2012 - 05:35 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK this should be the last run :) Let me know of any outstanding problems on completion

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:54424
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 54424
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
    [2011/11/07 12:31:12 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\zLLL9hhTXq

    :Reg
    [HKCU\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-

    :Files
    ipconfig /flushdns /c
    C:\Windows\System32\config\systemprofile\AppData\Roaming\9ED00

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#14
honz
Posted 17 August 2012 - 11:33 AM

honz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Everything seems normal :thumbsup:

OTL logfile created on: 8/17/2012 1:18:00 PM - Run 4
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Amanda\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.86 Gb Available Physical Memory | 72.22% Memory free
7.92 Gb Paging File | 6.65 Gb Available in Paging File | 83.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 343.69 Gb Free Space | 76.19% Space Free | Partition Type: NTFS
Drive D: | 407.92 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: AMANDA-PC | User Name: Amanda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/16 18:21:43 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Amanda\Desktop\OTL.exe
PRC - [2012/07/24 22:08:10 | 026,909,544 | ---- | M] (Dropbox, Inc.) -- C:\Users\Amanda\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/07/14 00:11:46 | 000,186,832 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/03/04 13:28:08 | 000,658,656 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/06/09 12:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/06/04 21:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/05/21 10:59:14 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\gs_agent\dsc.exe
PRC - [2009/05/21 10:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 10:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/19 17:05:47 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012/05/19 17:05:40 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/05/19 17:05:29 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McMPFSvc)
SRV:64bit: - [2009/07/16 21:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/29 00:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/06/09 12:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2012/07/19 13:33:14 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/07/31 23:24:23 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/08 21:03:58 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/04 13:28:08 | 000,658,656 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2009/06/29 00:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe -- (STacSV)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 20:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/05/21 10:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/09/17 21:21:40 | 000,415,360 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CryptOSD.sys -- (CryptOSD)
DRV:64bit: - [2009/07/16 21:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/16 21:06:18 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/29 00:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/15 15:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 06:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/06/02 23:16:56 | 007,333,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/05/19 23:10:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/05/08 04:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/02/05 07:54:10 | 000,225,328 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{2E58D3AF-7ED6-49D5-B98B-E72303684EC1}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...mrud=24-09-2010
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{A2FD40B5-F212-4F45-87F7-12D44E490828}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADFA_enUS396
IE - HKCU\..\SearchScopes\{c8b322ce-7838-418e-adb2-6aa25235aa35}: "URL" = http://slirsredirect...mrud=24-09-2010
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

========== FireFox ==========

FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Amanda\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010/08/28 00:10:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/12 15:53:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 13:33:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Amanda\AppData\Roaming\Move Networks [2010/06/03 21:18:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 13:33:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/06/22 18:49:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Extensions
[2012/08/16 19:00:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\z2ftmcfi.default\extensions
[2012/06/21 13:19:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/03 21:18:41 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\AMANDA\APPDATA\ROAMING\MOVE NETWORKS
[2012/07/19 13:33:15 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/14 18:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/14 18:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - Extension: YouTube = C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/08/17 13:13:15 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~2\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Amanda\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} http://content9.mite...XCltInstall.dll (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{422FE7BC-A81F-4C80-871E-C292E096401E}: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9E68976-1801-4D34-912A-9ABABC121316}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/16 21:09:26 | 000,000,000 | R--D | C] -- C:\Users\Amanda\Dropbox
[2012/08/16 20:51:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/16 20:51:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2012/08/16 20:51:36 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/16 18:23:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/16 18:23:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/16 18:21:42 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Amanda\Desktop\OTL.exe
[2012/08/16 17:13:05 | 000,693,235 | ---- | C] (Farbar) -- C:\Users\Amanda\Desktop\FSS.exe
[2012/08/16 17:10:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/16 16:00:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/16 16:00:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/16 16:00:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/16 16:00:38 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/08/16 15:58:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/16 15:57:53 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/16 15:57:06 | 004,731,953 | R--- | C] (Swearware) -- C:\Users\Amanda\Desktop\ComboFix.exe
[2012/08/16 15:15:25 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/16 15:12:47 | 002,208,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Amanda\Desktop\tdsskiller.exe
[2012/08/11 21:30:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/08/11 21:30:51 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\Adobe
[2012/08/11 21:30:47 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\Adobe
[2012/08/10 15:35:14 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/08/10 15:34:31 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\Dropbox
[2012/08/10 02:33:33 | 000,000,000 | ---D | C] -- C:\Temp
[2012/08/09 16:08:55 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\Adobe-BackupByPhotoshopCS6Portable
[2012/08/09 16:08:50 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\Adobe-BackupByPhotoshopCS6Portable
[2012/08/08 18:25:02 | 000,000,000 | ---D | C] -- C:\Windows\Fonts\.svn
[2012/08/08 17:13:27 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\Samsung
[2012/08/08 17:13:19 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Roaming\Samsung
[2012/08/08 17:13:09 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Documents\samsung
[2012/08/08 17:09:14 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwh.sys
[2012/08/08 17:09:12 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcm.sys
[2012/08/08 17:07:26 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2012/08/08 17:06:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2012/08/08 17:06:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2012/08/08 17:03:25 | 000,000,000 | ---D | C] -- C:\Users\Amanda\AppData\Local\Downloaded Installations
[2012/08/08 16:52:41 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Desktop\phone content
[2012/08/06 18:44:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe-BackupByPhotoshopCS6Portable
[2012/08/01 19:06:52 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Desktop\copy and paste
[2012/08/01 17:06:38 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Desktop\myc july2012
[2012/07/18 21:31:49 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Desktop\devitt

========== Files - Modified Within 30 Days ==========

[2012/08/17 13:23:39 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/17 13:23:39 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/17 13:16:30 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/17 13:16:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/17 13:15:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/17 13:15:33 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/17 13:13:15 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/08/16 23:12:30 | 002,151,591 | ---- | M] () -- C:\Users\Amanda\Desktop\20120816_223909.jpg
[2012/08/16 21:09:26 | 000,001,045 | ---- | M] () -- C:\Users\Amanda\Desktop\Dropbox.lnk
[2012/08/16 20:53:00 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/16 18:58:43 | 000,618,227 | ---- | M] () -- C:\Users\Amanda\Desktop\adwcleaner.exe
[2012/08/16 18:21:43 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Amanda\Desktop\OTL.exe
[2012/08/16 17:13:06 | 000,693,235 | ---- | M] (Farbar) -- C:\Users\Amanda\Desktop\FSS.exe
[2012/08/16 15:57:19 | 004,731,953 | R--- | M] (Swearware) -- C:\Users\Amanda\Desktop\ComboFix.exe
[2012/08/16 15:10:12 | 002,208,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Amanda\Desktop\tdsskiller.exe
[2012/08/16 15:10:04 | 005,133,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/16 14:34:20 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/16 14:34:20 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/16 14:34:20 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/16 12:58:29 | 000,000,089 | ---- | M] () -- C:\Users\Amanda\Desktop\A big mess- Malware - Geeks to Go Forums.URL
[2012/08/11 21:55:36 | 000,336,036 | ---- | M] () -- C:\Users\Amanda\Desktop\j.jpg
[2012/08/11 21:53:53 | 000,164,130 | ---- | M] () -- C:\Users\Amanda\Desktop\IMG_20120811_214208.jpg
[2012/08/11 21:35:01 | 000,216,016 | ---- | M] () -- C:\Users\Amanda\Desktop\7762048924_70047b9210.jpg
[2012/08/11 21:20:16 | 000,146,488 | ---- | M] () -- C:\Users\Amanda\Desktop\7762049140_01d831308f.jpg
[2012/08/11 21:16:04 | 002,394,108 | ---- | M] () -- C:\Users\Amanda\Desktop\20120811_182023-1.jpg
[2012/08/10 18:49:20 | 000,081,634 | ---- | M] () -- C:\Users\Amanda\Desktop\527060_390688404319426_528452038_n.jpg
[2012/08/10 18:42:49 | 000,030,893 | ---- | M] () -- C:\Users\Amanda\Desktop\424289_10151102203121907_836461213_n.jpg
[2012/08/10 16:01:03 | 000,001,005 | ---- | M] () -- C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/08/10 02:30:23 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012/08/10 02:21:06 | 001,664,515 | ---- | M] () -- C:\Users\Amanda\Desktop\20120303_020929.jpg
[2012/08/09 14:06:47 | 366,501,003 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/08 17:41:17 | 000,000,378 | ---- | M] () -- C:\Users\Amanda\Desktop\Document.rtf
[2012/08/08 17:17:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2012/08/07 12:47:22 | 000,047,612 | ---- | M] () -- C:\Users\Amanda\Desktop\552083_10151085909814701_171552911_n.jpg
[2012/07/30 14:16:48 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2012/07/18 22:44:56 | 000,000,112 | -H-- | M] () -- C:\F3F9DCABD663
[2012/07/18 22:44:56 | 000,000,112 | -H-- | M] () -- C:\3C23943CFE43

========== Files Created - No Company Name ==========

[2012/08/16 23:10:21 | 002,151,591 | ---- | C] () -- C:\Users\Amanda\Desktop\20120816_223909.jpg
[2012/08/16 21:09:26 | 000,001,045 | ---- | C] () -- C:\Users\Amanda\Desktop\Dropbox.lnk
[2012/08/16 20:53:00 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/16 18:58:38 | 000,618,227 | ---- | C] () -- C:\Users\Amanda\Desktop\adwcleaner.exe
[2012/08/16 16:00:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/16 16:00:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/16 16:00:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/16 16:00:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/16 16:00:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/16 12:58:29 | 000,000,089 | ---- | C] () -- C:\Users\Amanda\Desktop\A big mess- Malware - Geeks to Go Forums.URL
[2012/08/11 21:55:34 | 000,336,036 | ---- | C] () -- C:\Users\Amanda\Desktop\j.jpg
[2012/08/11 21:53:52 | 000,164,130 | ---- | C] () -- C:\Users\Amanda\Desktop\IMG_20120811_214208.jpg
[2012/08/11 21:20:16 | 000,146,488 | ---- | C] () -- C:\Users\Amanda\Desktop\7762049140_01d831308f.jpg
[2012/08/11 21:20:01 | 000,216,016 | ---- | C] () -- C:\Users\Amanda\Desktop\7762048924_70047b9210.jpg
[2012/08/11 21:16:00 | 002,394,108 | ---- | C] () -- C:\Users\Amanda\Desktop\20120811_182023-1.jpg
[2012/08/10 18:49:18 | 000,081,634 | ---- | C] () -- C:\Users\Amanda\Desktop\527060_390688404319426_528452038_n.jpg
[2012/08/10 18:42:49 | 000,030,893 | ---- | C] () -- C:\Users\Amanda\Desktop\424289_10151102203121907_836461213_n.jpg
[2012/08/10 15:35:25 | 000,001,005 | ---- | C] () -- C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/08/10 02:30:23 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012/08/10 02:21:40 | 002,390,797 | ---- | C] () -- C:\Users\Amanda\Desktop\20120303_020542.jpg
[2012/08/10 02:21:40 | 002,151,538 | ---- | C] () -- C:\Users\Amanda\Desktop\20120303_020546.jpg
[2012/08/10 02:21:40 | 001,934,483 | ---- | C] () -- C:\Users\Amanda\Desktop\20120303_020528.jpg
[2012/08/10 02:21:39 | 001,950,128 | ---- | C] () -- C:\Users\Amanda\Desktop\20120303_020513.jpg
[2012/08/09 16:10:20 | 000,129,065 | ---- | C] () -- C:\Users\Amanda\Desktop\934_untitled_304.jpg
[2012/08/08 17:41:17 | 000,000,378 | ---- | C] () -- C:\Users\Amanda\Desktop\Document.rtf
[2012/08/08 17:17:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2012/08/07 12:47:21 | 000,047,612 | ---- | C] () -- C:\Users\Amanda\Desktop\552083_10151085909814701_171552911_n.jpg
[2012/07/18 22:44:56 | 000,000,112 | -H-- | C] () -- C:\F3F9DCABD663
[2012/07/18 22:44:56 | 000,000,112 | -H-- | C] () -- C:\3C23943CFE43
[2012/06/26 16:02:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/06/26 16:02:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/06/26 16:02:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/06/26 16:02:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/12/12 22:30:52 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/12/12 22:30:52 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/08/10 23:27:58 | 000,009,216 | ---- | C] () -- C:\Users\Amanda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/02 18:57:55 | 000,000,482 | ---- | C] () -- C:\Users\Amanda\AppData\Roaming\wklnhst.dat

========== LOP Check ==========

[2010/07/30 22:11:31 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\acccore
[2012/08/17 13:17:47 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Dropbox
[2012/08/16 17:14:32 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Samsung
[2010/06/06 22:44:43 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/06/15 19:28:18 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Template
[2012/03/15 15:10:22 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\uTorrent
[2012/01/25 21:39:22 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Windows Live Writer
[2012/06/06 01:22:54 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#15
Essexboy
Posted 17 August 2012 - 11:38 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Now that looks pretty :)

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Go to control panel
  • Select folder options (Appearance > Folder options in category view)
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP