Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus/Malware?Trojan? [Solved]

Started by darlinbassmaster , Jan 28 2013 05:23 PM

  • This topic is locked This topic is locked

#46
darlinbassmaster
Posted 03 February 2013 - 01:23 PM

darlinbassmaster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
For some reason I had to reboot and had to look for this, So I hope this is the right one! I am assuming it is Since I just turned this on after coming home from Church. LOL..


ComboFix 13-02-03.03 - Darlene 02/03/2013 13:54:31.6.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2937.1900 [GMT -5:00]
Running from: c:\users\Darlene\Downloads\ComboFix.exe
Command switches used :: c:\users\Darlene\Downloads\CFScript.txt,.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe"
"c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe"
"c:\program files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe"
"c:\program files (x86)\NortonInstaller\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST\LicenseType\2013.2.1.33\InstStub.exe"
"c:\windows\System32\drivers\SMR311.SYS"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Norton PC Checkup 3.0
c:\program files (x86)\Norton PC Checkup 3.0\Awesomium.Core.dll
c:\program files (x86)\Norton PC Checkup 3.0\Awesomium.Core.xml
c:\program files (x86)\Norton PC Checkup 3.0\Awesomium.dll
c:\program files (x86)\Norton PC Checkup 3.0\Awesomium.Windows.Controls.dll
c:\program files (x86)\Norton PC Checkup 3.0\Awesomium.Windows.Controls.xml
c:\program files (x86)\Norton PC Checkup 3.0\AwesomiumProcess
c:\program files (x86)\Norton PC Checkup 3.0\ccL110U.dll
c:\program files (x86)\Norton PC Checkup 3.0\ccUtilityProxy.dll
c:\program files (x86)\Norton PC Checkup 3.0\cpuidsdk.dll
c:\program files (x86)\Norton PC Checkup 3.0\Downloader.exe
c:\program files (x86)\Norton PC Checkup 3.0\DriversHQ.API.Client.Services.dll
c:\program files (x86)\Norton PC Checkup 3.0\DriversHQ.API.Common.dll
c:\program files (x86)\Norton PC Checkup 3.0\DriversHQ.API.Types.dll
c:\program files (x86)\Norton PC Checkup 3.0\DriversHQ.SDK.CPU.exe
c:\program files (x86)\Norton PC Checkup 3.0\DriversHQ.SDK.dll
c:\program files (x86)\Norton PC Checkup 3.0\en-US.dll
c:\program files (x86)\Norton PC Checkup 3.0\icudt42.dll
c:\program files (x86)\Norton PC Checkup 3.0\InstallHelper.exe
c:\program files (x86)\Norton PC Checkup 3.0\Interop.WUApiLib.dll
c:\program files (x86)\Norton PC Checkup 3.0\Microsoft.Win32.TaskScheduler.dll
c:\program files (x86)\Norton PC Checkup 3.0\Modules\Symantec.NortonLive.PCCU.Experience.dll
c:\program files (x86)\Norton PC Checkup 3.0\Modules\Symantec.NortonLive.PCCU.Modules.BrowserSettingsScanner.dll
c:\program files (x86)\Norton PC Checkup 3.0\Modules\Symantec.NortonLive.PCCU.Modules.Common.dll
c:\program files (x86)\Norton PC Checkup 3.0\Modules\Symantec.NortonLive.PCCU.Modules.DeviceDriverScanner.dll
c:\program files (x86)\Norton PC Checkup 3.0\Modules\Symantec.NortonLive.PCCU.Modules.InternetPrivacyScanner.dll
c:\program files (x86)\Norton PC Checkup 3.0\Modules\Symantec.NortonLive.PCCU.Modules.InternetSpeedScanner.dll
c:\program files (x86)\Norton PC Checkup 3.0\Modules\Symantec.NortonLive.PCCU.Modules.NetworkSecurityScanner.dll
c:\program files (x86)\Norton PC Checkup 3.0\Modules\Symantec.NortonLive.PCCU.Modules.ProductDetector.dll
c:\program files (x86)\Norton PC Checkup 3.0\Modules\Symantec.NortonLive.PCCU.Modules.StabilityScanner.dll
c:\program files (x86)\Norton PC Checkup 3.0\Modules\Symantec.NortonLive.PCCU.Modules.VirusScanner.dll
c:\program files (x86)\Norton PC Checkup 3.0\Newtonsoft.Json.dll
c:\program files (x86)\Norton PC Checkup 3.0\Newtonsoft.Json.xml
c:\program files (x86)\Norton PC Checkup 3.0\NLAppLauncher.exe
c:\program files (x86)\Norton PC Checkup 3.0\Norton PC Checkup.exe
c:\program files (x86)\Norton PC Checkup 3.0\OOBEHelper.exe
c:\program files (x86)\Norton PC Checkup 3.0\PCCU.exe
c:\program files (x86)\Norton PC Checkup 3.0\PCCU.exe.config
c:\program files (x86)\Norton PC Checkup 3.0\scanner\npd_scanner\NLpePIScanner.exe
c:\program files (x86)\Norton PC Checkup 3.0\scanner\npd_scanner\pePIRes.dll
c:\program files (x86)\Norton PC Checkup 3.0\scanner\nss_scanner\ccL70U.dll
c:\program files (x86)\Norton PC Checkup 3.0\scanner\nss_scanner\ccScanw.dll
c:\program files (x86)\Norton PC Checkup 3.0\scanner\nss_scanner\ccVrTrst.dll
c:\program files (x86)\Norton PC Checkup 3.0\scanner\nss_scanner\dec_abi.dll
c:\program files (x86)\Norton PC Checkup 3.0\scanner\nss_scanner\DefUtDCD.dll
c:\program files (x86)\Norton PC Checkup 3.0\scanner\nss_scanner\ecmldr32.dll
c:\program files (x86)\Norton PC Checkup 3.0\scanner\nss_scanner\Microsoft.VC80.CRT.manifest
c:\program files (x86)\Norton PC Checkup 3.0\scanner\nss_scanner\msl.dll
c:\program files (x86)\Norton PC Checkup 3.0\scanner\nss_scanner\msvcp80.dll
c:\program files (x86)\Norton PC Checkup 3.0\scanner\nss_scanner\msvcr80.dll
c:\program files (x86)\Norton PC Checkup 3.0\scanner\nss_scanner\OEMScanner.exe
c:\program files (x86)\Norton PC Checkup 3.0\scanner\nss_scanner\patch25d.dll
c:\program files (x86)\Norton PC Checkup 3.0\scanner\nss_scanner\SAUpdt.dll
c:\program files (x86)\Norton PC Checkup 3.0\scanner\nss_scanner\ScanCore.dll
c:\program files (x86)\Norton PC Checkup 3.0\scanner\pc_scanner\DataPoints.cfg
c:\program files (x86)\Norton PC Checkup 3.0\scanner\pc_scanner\FirewallDataPoint.cfg
c:\program files (x86)\Norton PC Checkup 3.0\scanner\pc_scanner\pcscanner.exe
c:\program files (x86)\Norton PC Checkup 3.0\Symantec.NortonLive.PCCU.ExperienceBase.dll
c:\program files (x86)\Norton PC Checkup 3.0\Symantec.NortonLive.PCCU.KernelLibrary.dll
c:\program files (x86)\Norton PC Checkup 3.0\Symantec.NortonLive.PCCU.Shared.dll
c:\program files (x86)\Norton PC Checkup 3.0\Updater.exe
c:\program files (x86)\Norton PC Checkup 3.0\version.json
c:\program files\Common Files\Symantec Shared
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SMR311
-------\Service_AdvancedSystemCareService6
-------\Service_Norton PC Checkup Application Launcher
-------\Service_SMR311
.
.
((((((((((((((((((((((((( Files Created from 2013-01-03 to 2013-02-03 )))))))))))))))))))))))))))))))
.
.
2013-02-03 19:01 . 2013-02-03 19:01 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-02-03 19:01 . 2013-02-03 19:01 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-02-03 19:01 . 2013-02-03 19:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-03 18:41 . 2013-01-08 02:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D82C1901-A311-4658-BEA3-F666CB7CAB01}\mpengine.dll
2013-02-01 22:25 . 2013-01-08 02:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-01 20:00 . 2013-02-01 20:00 -------- d-----w- c:\program files (x86)\ZSoft
2013-01-31 20:30 . 2013-01-31 20:30 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6DAAF024-3AA8-4D76-BC99-1FF2E72CCF41}\gapaengine.dll
2013-01-31 20:29 . 2013-01-31 20:29 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-01-31 20:29 . 2013-01-31 20:30 -------- d-----w- c:\program files\Microsoft Security Client
2013-01-31 20:23 . 2013-01-31 20:23 -------- d-----w- C:\Rbackup
2013-01-31 18:38 . 2013-01-31 20:23 -------- d-----w- c:\program files\Perfect Uninstaller
2013-01-31 02:16 . 2013-01-31 02:16 -------- d-----w- C:\_OTL
2013-01-30 18:13 . 2013-01-30 18:14 -------- d-----w- c:\users\Darlene\FrostWire
2013-01-30 18:13 . 2013-01-30 21:46 -------- d-----w- c:\users\Darlene\.frostwire5
2013-01-30 18:12 . 2013-01-30 21:49 -------- d-----w- c:\program files (x86)\FrostWire 5
2013-01-30 02:00 . 2013-01-30 02:00 -------- d-----w- c:\users\Darlene\AppData\Local\Apps
2013-01-28 15:22 . 2013-01-28 15:22 -------- d-----w- c:\users\Darlene\AppData\Roaming\Malwarebytes
2013-01-28 15:22 . 2013-01-28 15:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-28 15:22 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-28 15:21 . 2013-01-28 15:21 -------- d-----w- c:\users\Darlene\AppData\Local\Programs
2013-01-26 19:42 . 2013-01-26 19:42 -------- d-----w- c:\users\Darlene\AppData\Roaming\WinISO Computing
2013-01-26 19:42 . 2013-01-26 19:42 -------- d-----w- c:\users\Darlene\AppData\Local\WinISO Computing
2013-01-26 19:42 . 2013-01-27 23:21 -------- d-----w- c:\program files (x86)\WinISO Computing
2013-01-25 03:38 . 2013-01-25 03:38 -------- d-----w- c:\users\Darlene\AppData\Local\Mozilla
2013-01-24 23:58 . 2013-01-24 23:58 -------- d-----w- c:\programdata\NCH Swift Sound
2013-01-24 23:53 . 2013-01-24 23:53 -------- d-----w- c:\programdata\Canneverbe Limited
2013-01-24 22:52 . 2013-01-25 15:20 -------- d-----w- c:\windows\system32\drivers\N360x64
2013-01-24 22:34 . 2013-01-24 22:34 -------- d-----w- c:\windows\system32\drivers\NSTx64
2013-01-24 22:33 . 2013-01-31 02:16 -------- d-----w- c:\program files (x86)\Norton Identity Safe
2013-01-24 19:22 . 2013-01-24 19:22 -------- d-----w- C:\_945401_
2013-01-24 19:20 . 2013-01-24 19:20 -------- d-----w- C:\_823657_
2013-01-24 18:54 . 2013-01-24 18:54 -------- d-----w- c:\users\Darlene\AppData\Roaming\SpeedyPC Software
2013-01-24 18:53 . 2013-01-26 04:37 -------- d-----w- c:\programdata\SpeedyPC Software
2013-01-24 18:19 . 2013-01-24 18:19 -------- d-----w- c:\programdata\ClickIT
2013-01-24 03:32 . 2013-01-27 23:36 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2013-01-24 00:59 . 2013-01-24 00:59 -------- d-----w- c:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-01-24 00:54 . 2013-01-24 00:54 -------- d--h--w- c:\programdata\CanonIJEPPEX2
2013-01-24 00:54 . 2013-01-24 00:54 -------- d--h--w- c:\programdata\CanonEPP
2013-01-23 20:13 . 2013-01-24 00:43 -------- d-----w- c:\users\Darlene\AppData\Roaming\WiseDrivers
2013-01-23 20:06 . 2013-01-23 20:06 -------- d-----w- c:\users\Darlene\AppData\Roaming\RegGenie
2013-01-23 19:46 . 2011-03-08 08:30 299544 ----a-w- c:\windows\RegGenieOnUninstall.exe
2013-01-23 19:00 . 2013-01-23 19:04 -------- d-----w- C:\CAT-Logs
2013-01-23 18:31 . 2013-01-23 18:31 -------- d-----w- c:\users\Darlene\AppData\Roaming\PCCUStubInstaller
2013-01-22 00:40 . 2013-01-22 00:40 -------- d-----w- c:\users\Darlene\AppData\Local\VS Revo Group
2013-01-18 00:04 . 2013-01-18 00:04 -------- d-----w- c:\users\Darlene\AppData\Roaming\GlarySoft
2013-01-17 22:23 . 2013-01-17 22:23 -------- d-----w- c:\programdata\RegInOut
2013-01-16 01:33 . 2012-11-14 03:51 19450880 ----a-w- c:\windows\system32\mshtml.dll
2013-01-16 01:33 . 2012-11-14 03:25 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-01-16 01:33 . 2012-11-14 01:14 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-01-15 02:32 . 2013-01-15 02:32 -------- d-----w- c:\users\Darlene\AppData\Roaming\DriverCure
2013-01-14 23:31 . 2012-11-09 05:46 28672 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-01-14 23:27 . 2013-01-14 23:27 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-12 23:31 . 2013-01-12 23:50 -------- d-----w- c:\programdata\RegAce
2013-01-12 22:35 . 2013-01-12 22:40 -------- d-----w- c:\program files (x86)\Smart Driver Updater
2013-01-12 22:02 . 2013-01-12 22:02 -------- d-----w- c:\windows\ERUNT
2013-01-12 22:01 . 2013-01-12 22:01 -------- d-----w- C:\JRT
2013-01-12 21:52 . 2013-02-01 22:05 -------- d-----w- c:\program files\CCleaner
2013-01-10 03:03 . 2013-01-10 03:03 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-01-09 21:35 . 2012-12-07 13:20 441856 ----a-w- c:\windows\system32\Wpc.dll
2013-01-09 21:34 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-09 21:34 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-08 23:24 . 2013-01-08 23:24 15739912 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-01-06 00:54 . 2013-01-06 00:54 -------- d-----w- c:\windows\SysWow64\N360_BACKUP
2013-01-05 13:14 . 2013-01-27 20:56 -------- d-----w- c:\users\Darlene\AppData\Local\NPE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-30 10:53 . 2009-11-29 15:04 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-28 18:08 . 2009-10-20 08:01 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-01-28 18:08 . 2009-10-20 08:01 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-01-15 23:49 . 2012-11-14 22:59 26432 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2013-01-10 03:11 . 2009-12-06 23:50 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-08 23:24 . 2012-04-04 22:06 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-08 23:24 . 2011-05-17 18:17 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-16 17:11 . 2012-12-22 04:07 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 04:07 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 04:07 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 04:07 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-11-30 04:45 . 2013-01-09 21:36 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-29 21:18 . 2012-11-29 21:18 18944 ----a-r- c:\users\Darlene\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
2012-11-14 23:27 . 2012-11-14 23:27 154624 ----a-w- c:\windows\SysWow64\iisRtl.dll
2012-11-14 23:27 . 2012-11-14 23:27 8192 ----a-w- c:\windows\SysWow64\iisrstap.dll
2012-11-14 23:27 . 2012-11-14 23:27 60928 ----a-w- c:\windows\system32\ahadmin.dll
2012-11-14 23:27 . 2012-11-14 23:27 55296 ----a-w- c:\windows\system32\admwprox.dll
2012-11-14 23:27 . 2012-11-14 23:27 50688 ----a-w- c:\windows\SysWow64\admwprox.dll
2012-11-14 23:27 . 2012-11-14 23:27 26624 ----a-w- c:\windows\SysWow64\ahadmin.dll
2012-11-14 23:27 . 2012-11-14 23:27 192000 ----a-w- c:\windows\system32\iisRtl.dll
2012-11-14 23:27 . 2012-11-14 23:27 16896 ----a-w- c:\windows\system32\iisreset.exe
2012-11-14 23:27 . 2012-11-14 23:27 15360 ----a-w- c:\windows\SysWow64\iisreset.exe
2012-11-14 23:27 . 2012-11-14 23:27 14848 ----a-w- c:\windows\system32\wamregps.dll
2012-11-14 23:27 . 2012-11-14 23:27 10752 ----a-w- c:\windows\SysWow64\wamregps.dll
2012-11-14 23:26 . 2012-11-14 23:26 11264 ----a-w- c:\windows\system32\iisrstap.dll
2012-11-14 23:26 . 2012-11-14 23:26 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 23:26 . 2012-11-14 23:26 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-14 23:25 . 2012-11-14 23:25 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-14 23:25 . 2012-11-14 23:25 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-14 23:25 . 2012-11-14 23:25 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-14 23:25 . 2012-11-14 23:25 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-14 23:25 . 2012-11-14 23:25 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-14 23:25 . 2012-11-14 23:25 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-14 23:25 . 2012-11-14 23:25 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-14 23:24 . 2012-11-14 23:24 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-14 23:24 . 2012-11-14 23:24 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-14 23:24 . 2012-11-14 23:24 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-14 23:03 . 2012-11-14 23:03 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-14 23:03 . 2012-11-14 23:03 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-11-14 23:03 . 2012-11-14 23:03 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-14 23:03 . 2012-11-14 23:03 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-11-14 23:02 . 2012-11-14 23:02 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-14 23:02 . 2012-11-14 23:02 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-14 23:02 . 2012-11-14 23:02 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2012-11-14 23:02 . 2012-11-14 23:02 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-14 23:02 . 2012-11-14 23:02 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-14 23:02 . 2012-11-14 23:02 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-14 23:02 . 2012-11-14 23:02 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-11-14 23:02 . 2012-11-14 23:02 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-14 23:02 . 2012-11-14 23:02 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-11-14 23:02 . 2012-11-14 23:02 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-14 23:02 . 2012-11-14 23:02 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-11-14 23:02 . 2012-11-14 23:02 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-11-14 23:01 . 2012-11-14 23:01 62976 ----a-w- c:\windows\system32\TSWbPrxy.exe
2012-11-14 23:01 . 2012-11-14 23:01 54272 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2012-11-14 23:01 . 2012-11-14 23:01 4916224 ----a-w- c:\windows\SysWow64\mstscax.dll
2012-11-14 23:01 . 2012-11-14 23:01 37376 ----a-w- c:\windows\SysWow64\tsgqec.dll
2012-11-14 23:01 . 2012-11-14 23:01 3174912 ----a-w- c:\windows\system32\rdpcorets.dll
2012-11-14 23:01 . 2012-11-14 23:01 269312 ----a-w- c:\windows\SysWow64\aaclient.dll
2012-11-14 23:01 . 2012-11-14 23:01 243200 ----a-w- c:\windows\system32\rdpudd.dll
2012-11-14 23:01 . 2012-11-14 23:01 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2012-11-14 23:01 . 2012-11-14 23:01 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2012-11-14 23:01 . 2012-11-14 23:01 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2012-11-14 23:01 . 2012-11-14 23:01 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2012-11-14 23:01 . 2012-11-14 23:01 1123840 ----a-w- c:\windows\system32\mstsc.exe
2012-11-14 23:01 . 2012-11-14 23:01 1048064 ----a-w- c:\windows\SysWow64\mstsc.exe
2012-11-14 23:01 . 2012-11-14 23:01 57856 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2012-11-14 23:01 . 2012-11-14 23:01 5773824 ----a-w- c:\windows\system32\mstscax.dll
2012-11-14 23:01 . 2012-11-14 23:01 46592 ----a-w- c:\windows\SysWow64\MsRdpWebAccess.dll
2012-11-14 23:01 . 2012-11-14 23:01 44032 ----a-w- c:\windows\system32\tsgqec.dll
2012-11-14 23:01 . 2012-11-14 23:01 43520 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2012-11-14 23:01 . 2012-11-14 23:01 384000 ----a-w- c:\windows\system32\wksprt.exe
2012-11-14 23:01 . 2012-11-14 23:01 322560 ----a-w- c:\windows\system32\aaclient.dll
2012-11-14 23:01 . 2012-11-14 23:01 18432 ----a-w- c:\windows\system32\wksprtPS.dll
2012-11-14 23:01 . 2012-11-14 23:01 16896 ----a-w- c:\windows\SysWow64\wksprtPS.dll
2012-11-14 23:01 . 2012-11-14 23:01 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2012-11-14 23:01 . 2012-11-14 23:01 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2012-11-14 23:00 . 2012-11-14 23:00 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-11-14 23:00 . 2012-11-14 23:00 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-11-14 23:00 . 2012-11-14 23:00 340992 ----a-w- c:\windows\system32\schannel.dll
2012-11-14 23:00 . 2012-11-14 23:00 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-11-14 23:00 . 2012-11-14 23:00 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-11-14 23:00 . 2012-11-14 23:00 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-11-14 23:00 . 2012-11-14 23:00 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-11-14 14:59 . 2012-11-14 15:00 4589880 ----a-w- c:\windows\uninst.exe
2012-11-09 05:45 . 2012-12-12 20:00 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 20:00 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-02 140640]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-01-28 295072]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Bomgar_Cleanup_ZD874224505"="rd" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="%Service%"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
.
R1 SASDIFSV;SASDIFSV;c:\users\Darlene\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\Darlene\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Canon IJ Wireless Setup Assistant;Canon IJ Wireless Setup Assistant Service;c:\users\Darlene\Desktop\CanonAPChkTool_win210en\CNMNPHLP.EXE [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-12-03 82816]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-14 19456]
R3 SRS_HDAL_Service;HD Audio Lab;c:\windows\system32\drivers\SRS_HDAL_amd64.sys [2010-11-15 533280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-11-14 57856]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-28 1255736]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-11-30 52856]
S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DD02010.021\ccSetx64.sys [2012-08-20 168096]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-08-06 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-02-12 292864]
S3 HP8207_8307;HP-HP8207_8307;c:\windows\system32\DRIVERS\HP8207_8307.sys [2010-02-04 15360]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-25 138752]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys [2009-05-07 63264]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys [2009-05-07 49696]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2012-03-27 398112]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-31 17:43 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 23:24]
.
2012-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-13 02:43]
.
2012-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-13 02:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2009-08-06 828960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 69.174.176.2 69.174.176.3 8.8.8.8
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
FF - ProfilePath - c:\users\Darlene\AppData\Roaming\Mozilla\Firefox\Profiles\9j309dhz.default\
FF - ExtSQL: 2013-01-24 17:44; {F04D2D30-776C-4d02-8627-8E4385ECA58D}; c:\programdata\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.1.33\coFFPlgn
FF - ExtSQL: 2013-01-24 17:55; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn
FF - ExtSQL: 2013-01-24 20:57; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
Notify-igfxcui - (no file)
AddRemove-NST - c:\program files (x86)\NortonInstaller\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST\LicenseType\2013.2.1.33\InstStub.exe
.
.
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
.
**************************************************************************
.
Completion time: 2013-02-03 14:10:08 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-03 19:10
ComboFix2.txt 2013-02-03 01:56
.
Pre-Run: 190,278,926,336 bytes free
Post-Run: 189,954,613,248 bytes free
.
- - End Of File - - 45A84E2D2B51C3851ACB57927447574A
  • 0

Advertisements

#47
emeraldnzl
Posted 03 February 2013 - 01:30 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello again darlinbassmaster,

  • Close all windows and open OTL again.
  • Click Run Scan and let the program run uninterrupted
  • It will produce a log for you. Post the log here.

  • 0

#48
darlinbassmaster
Posted 03 February 2013 - 02:12 PM

darlinbassmaster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
OTL logfile created on: 2/3/2013 3:00:45 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Darlene\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16438)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 68.11% Memory free
5.73 Gb Paging File | 4.77 Gb Available in Paging File | 83.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.79 Gb Total Space | 177.03 Gb Free Space | 80.18% Space Free | Partition Type: NTFS

Computer Name: DARLENE-PC | User Name: Darlene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2013/02/01 20:48:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Darlene\Downloads\OTL.exe
PRC - [2013/01/28 13:08:55 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/07/27 15:51:38 | 000,823,224 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012/07/27 12:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/04/02 09:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/03/02 18:52:00 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2009/08/07 07:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/08/07 07:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/06/04 08:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
PRC - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/11/20 08:25:18 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
SRV:64bit: - [2009/08/05 23:30:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
SRV:64bit: - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2007/02/12 03:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV - [2013/01/08 18:24:37 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 12:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 07:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/11/20 07:17:42 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/29 21:57:59 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/13 15:13:04 | 000,238,328 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/08/07 07:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/07/13 20:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 08:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/04/28 22:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/14 18:01:23 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/11/14 18:01:22 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/20 15:50:10 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSTx64\7DD02010.021\ccSetx64.sys -- (ccSet_NST)
DRV:64bit: - [2012/03/27 09:48:00 | 000,398,112 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2012/03/21 06:43:02 | 002,808,832 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/03 05:48:23 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/15 14:29:02 | 000,533,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SRS_HDAL_amd64.sys -- (SRS_HDAL_Service)
DRV:64bit: - [2010/02/04 15:20:26 | 000,015,360 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HP8207_8307.sys -- (HP8207_8307)
DRV:64bit: - [2009/11/29 22:14:21 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/09/02 18:54:20 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/07 07:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/18 07:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/14 21:47:26 | 000,668,672 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/25 15:13:10 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009/05/07 01:29:16 | 000,049,696 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdx64.sys -- (O2SDRDR)
DRV:64bit: - [2009/05/07 01:20:08 | 000,063,264 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdx64.sys -- (O2MDRDR)
DRV:64bit: - [2009/04/28 22:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2009/02/12 09:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/12 09:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/12 09:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/03/28 10:25:30 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\OEM\factory\int15.sys -- (int15.sys)
DRV:64bit: - [2006/06/17 17:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/08/16 07:59:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramDataMozilla\Extensions\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/25 10:39:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/01/24 22:38:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Darlene\AppData\Roaming\Mozilla\Extensions
[2013/01/25 10:39:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/01/16 15:11:06 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/01/16 15:10:30 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/01/16 15:10:30 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: A Youtube Downloader Free NPAPI (Enabled) = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\difjeglapnfioclmlgbfkepgjnmhjnnb\3.0.0.0_0\A Youtube Downloader Free-np.dll
CHR - plugin: Norton Identity Safe (Enabled) = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob\2013.2.1.33_0\npcoplgn.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: MeadCo's Neptune (Enabled) = C:\PROGRA~2\MEADCO~1\npmeadax.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U37 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

O1 HOSTS File: ([2013/02/03 14:05:19 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} http://www.addonchat.com/404.html (Web Browser Applet Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (Reg Error: Value error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Reg Error: Value error.)
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcp...opAntiVirus.dll (Reg Error: Value error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} http://utilities.pcp...DiskMD3Ctrl.dll (diskhealth Class)
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} http://zone.msn.com/...tz.cab99160.cab (MSN Games – Hearts)
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} http://support.gatew...rvest/gwCID.CAB (compid Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../PCPitStop2.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.174.176.2 69.174.176.3 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4B6E206-29AC-483C-9139-F700421DDDAB}: DhcpNameServer = 69.174.176.2 69.174.176.3 8.8.8.8
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\mhtml - No CLSID value found
O18 - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 60 Days ==========

[2013/02/03 14:10:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/02/03 14:05:20 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/02/02 20:45:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/02/02 20:45:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/02/02 20:45:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/02/02 20:45:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/02/01 15:04:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/02/01 15:00:30 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZSoft
[2013/02/01 15:00:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZSoft
[2013/01/31 15:29:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/01/31 15:29:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/01/31 15:23:33 | 000,000,000 | ---D | C] -- C:\Rbackup
[2013/01/31 13:38:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect Uninstaller
[2013/01/31 13:38:56 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller
[2013/01/30 21:16:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/30 16:20:50 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 5
[2013/01/30 13:13:14 | 000,000,000 | ---D | C] -- C:\Users\Darlene\FrostWire
[2013/01/30 13:13:10 | 000,000,000 | ---D | C] -- C:\Users\Darlene\.frostwire5
[2013/01/30 13:12:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FrostWire 5
[2013/01/29 21:00:31 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\Apps
[2013/01/28 18:20:24 | 000,000,000 | ---D | C] -- C:\Users\Darlene\Documents\comp.info
[2013/01/28 13:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013/01/28 10:22:24 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Roaming\Malwarebytes
[2013/01/28 10:22:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/28 10:22:05 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/28 10:22:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/28 10:21:48 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\Programs
[2013/01/26 14:42:17 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Roaming\WinISO Computing
[2013/01/26 14:42:17 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\WinISO Computing
[2013/01/26 14:42:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinISO Computing
[2013/01/25 00:07:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\1402010.016
[2013/01/24 22:38:44 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Roaming\Mozilla
[2013/01/24 22:38:44 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\Mozilla
[2013/01/24 22:38:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/01/24 22:38:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/01/24 18:58:38 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Swift Sound
[2013/01/24 18:53:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2013/01/24 17:52:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2013/01/24 17:37:01 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NSTx64\7DD02010.021\ccSetx64.sys
[2013/01/24 17:34:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSTx64
[2013/01/24 17:34:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSTx64\7DD02010.021
[2013/01/24 17:33:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
[2013/01/24 17:33:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Identity Safe
[2013/01/24 14:22:45 | 000,000,000 | ---D | C] -- C:\_945401_
[2013/01/24 14:20:43 | 000,000,000 | ---D | C] -- C:\_823657_
[2013/01/24 13:54:21 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Roaming\SpeedyPC Software
[2013/01/24 13:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2013/01/24 13:36:54 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/01/24 13:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\ClickIT
[2013/01/23 22:32:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2013/01/23 20:03:36 | 000,000,000 | ---D | C] -- C:\Windows\tasks\TaskDisabled
[2013/01/23 19:59:32 | 000,000,000 | ---D | C] -- C:\Users\Darlene\Documents\Visual Studio 2005
[2013/01/23 19:59:31 | 000,000,000 | ---D | C] -- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2013/01/23 19:54:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEPPEX2
[2013/01/23 19:54:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonEPP
[2013/01/23 19:30:05 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Uninstall Information
[2013/01/23 19:22:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 6
[2013/01/23 15:13:36 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Roaming\WiseDrivers
[2013/01/23 15:06:59 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Roaming\RegGenie
[2013/01/23 14:00:29 | 000,000,000 | ---D | C] -- C:\CAT-Logs
[2013/01/23 13:31:15 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Roaming\PCCUStubInstaller
[2013/01/21 19:40:55 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\VS Revo Group
[2013/01/17 19:04:27 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Roaming\GlarySoft
[2013/01/17 17:23:25 | 000,000,000 | ---D | C] -- C:\ProgramData\RegInOut
[2013/01/14 21:32:30 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Roaming\DriverCure
[2013/01/14 18:31:07 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2013/01/14 18:28:43 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/01/14 18:28:43 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/01/14 18:28:43 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/01/14 18:28:43 | 000,718,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/01/14 18:28:43 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/01/14 18:28:43 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/01/14 18:28:43 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/01/14 18:28:43 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/01/14 18:28:43 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/01/14 18:28:43 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/01/14 18:28:43 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/01/14 18:28:43 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/01/14 18:28:43 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/01/14 18:28:43 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/01/14 18:28:43 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/01/14 18:28:43 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/01/14 18:28:43 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/01/14 18:28:43 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/01/14 18:28:43 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/01/14 18:28:43 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/01/14 18:28:43 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/01/14 18:28:43 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/01/14 18:28:43 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/01/14 18:28:43 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/01/14 18:28:43 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/01/14 18:28:43 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/01/14 18:28:43 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/01/14 18:28:43 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/01/14 18:28:43 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/01/14 18:28:43 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/01/14 18:28:43 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/01/14 18:28:42 | 003,966,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/01/14 18:28:42 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/01/14 18:28:42 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/01/14 18:28:42 | 000,905,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/01/14 18:28:42 | 000,854,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/01/14 18:28:42 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/01/14 18:28:42 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/01/14 18:28:42 | 000,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/01/14 18:28:42 | 000,531,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/01/14 18:28:42 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/01/14 18:28:42 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/01/14 18:28:42 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/01/14 18:28:42 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/01/14 18:28:42 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/01/14 18:28:42 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/01/14 18:28:42 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/01/14 18:28:42 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/01/14 18:28:42 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/01/14 18:28:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/01/14 18:28:42 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/01/14 18:28:42 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/01/14 18:28:42 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/01/14 18:28:42 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/01/14 18:28:42 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/01/14 18:28:42 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/01/14 18:28:42 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/01/14 18:28:42 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/01/14 18:28:42 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/01/14 18:28:42 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/01/14 18:28:42 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/01/14 18:28:42 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/01/14 18:28:42 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/01/14 18:28:42 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/01/14 18:28:42 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/01/14 18:28:42 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/01/14 18:28:42 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/01/14 18:28:42 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/01/14 18:27:28 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/01/14 18:27:28 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/01/14 18:27:28 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/01/14 18:27:28 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/01/14 18:27:28 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/01/14 18:27:28 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/01/14 18:27:28 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/01/14 18:27:28 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/01/14 18:27:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/01/14 18:27:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/01/14 18:27:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/01/14 18:27:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/01/14 18:27:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/01/14 18:27:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/01/14 18:27:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/01/14 18:27:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/01/14 18:27:28 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/01/14 18:27:28 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/01/14 18:27:27 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/01/14 18:27:27 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013/01/14 18:27:27 | 002,434,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/01/14 18:27:27 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013/01/14 18:27:27 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/01/14 18:27:27 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013/01/14 18:27:27 | 001,643,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/01/14 18:27:27 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/01/14 18:27:27 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/01/14 18:27:27 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013/01/14 18:27:27 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013/01/14 18:27:27 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/01/14 18:27:27 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/01/14 18:27:27 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/01/14 18:27:27 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/01/14 18:27:27 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/01/14 18:27:27 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013/01/14 18:27:27 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013/01/14 18:27:27 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013/01/14 18:27:27 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013/01/14 18:27:27 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013/01/14 18:27:27 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013/01/14 18:27:27 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013/01/12 18:31:04 | 000,000,000 | ---D | C] -- C:\ProgramData\RegAce
[2013/01/12 17:35:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart Driver Updater
[2013/01/12 17:02:03 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/01/12 17:01:47 | 000,000,000 | ---D | C] -- C:\JRT
[2013/01/12 16:52:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/01/09 22:03:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/01/09 16:36:48 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/01/09 16:36:48 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/01/09 16:36:47 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/01/09 16:36:47 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/01/09 16:36:47 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/01/09 16:36:47 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/01/09 16:36:47 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/01/09 16:36:47 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/01/09 16:36:47 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/01/09 16:36:47 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/01/09 16:36:47 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/01/09 16:36:47 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 16:36:47 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 16:36:47 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 16:36:47 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 16:36:47 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/01/09 16:36:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 16:36:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 16:36:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 16:36:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 16:36:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 16:36:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 16:36:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 16:36:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 16:36:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 16:36:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 16:36:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 16:36:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 16:36:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 16:36:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 16:36:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 16:36:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 16:36:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 16:36:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 16:36:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 16:36:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 16:36:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 16:36:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 16:36:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 16:36:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 16:36:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 16:36:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 16:36:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 16:36:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 16:36:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 16:36:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 16:36:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 16:36:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 16:36:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 16:36:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 16:36:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 16:36:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 16:36:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 16:36:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 16:36:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 16:36:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 16:36:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 16:36:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 16:36:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 16:36:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 16:36:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 16:36:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 16:36:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 16:36:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 16:36:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 16:36:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 16:36:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 16:36:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 16:36:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/01/09 16:36:32 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/01/09 16:36:32 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/01/09 16:36:10 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/01/09 16:36:10 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/01/09 16:35:59 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013/01/09 16:35:59 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013/01/09 16:35:59 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013/01/09 16:35:59 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013/01/09 16:35:59 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013/01/09 16:35:59 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013/01/09 16:35:59 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013/01/09 16:35:59 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013/01/09 16:35:59 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013/01/09 16:35:59 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013/01/09 16:35:59 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013/01/09 16:35:59 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013/01/09 16:35:59 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013/01/09 16:35:59 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013/01/09 16:35:59 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013/01/09 16:35:59 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013/01/09 16:35:59 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013/01/09 16:35:59 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013/01/09 16:35:59 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013/01/09 16:35:59 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013/01/09 16:35:59 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013/01/09 16:35:59 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013/01/09 16:35:59 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013/01/09 16:35:59 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013/01/09 16:35:58 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013/01/09 16:35:58 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013/01/09 16:35:58 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013/01/09 16:35:58 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013/01/09 16:35:58 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013/01/09 16:35:58 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013/01/09 16:35:58 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013/01/09 16:35:58 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013/01/09 16:34:33 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013/01/08 18:24:17 | 015,739,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/01/05 19:54:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\N360_BACKUP
[2013/01/05 08:14:50 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\NPE
[2012/12/31 13:23:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\GroupPolicy
[2012/12/31 13:23:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\GroupPolicy
[2012/12/21 23:07:01 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/21 23:07:01 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/21 23:07:01 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/21 23:07:01 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/12 14:59:46 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012/12/12 14:59:45 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2010/12/03 05:48:23 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Darlene\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 60 Days ==========

[2013/02/03 15:04:19 | 000,009,920 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/03 15:04:19 | 000,009,920 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/03 14:59:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/03 14:58:53 | 2309,689,344 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/03 14:54:52 | 000,065,494 | ---- | M] () -- C:\Users\Darlene\Desktop\29587_555712101106532_1493114945_n.jpg
[2013/02/03 14:23:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/03 14:05:19 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/02/03 13:44:01 | 000,001,174 | ---- | M] () -- C:\Users\Darlene\Desktop\ComboFix.exe - Shortcut.lnk
[2013/01/31 15:30:08 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/01/31 13:39:05 | 000,000,042 | ---- | M] () -- C:\Windows\SysWow64\AK083E209605E394C.lie
[2013/01/28 13:10:02 | 000,201,424 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2013/01/28 13:09:22 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2013/01/28 13:09:22 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2013/01/25 12:17:38 | 000,874,788 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/25 12:17:38 | 000,729,538 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/25 12:17:38 | 000,145,542 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/25 10:18:20 | 001,649,712 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\Cat.DB
[2013/01/25 10:17:48 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\VT20130115.021
[2013/01/24 14:00:12 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\SBRC.dat
[2013/01/24 14:00:12 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\SBFC.dat
[2013/01/23 15:44:45 | 000,429,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/15 18:49:06 | 000,026,432 | ---- | M] (IObit) -- C:\Windows\SysNative\RegistryDefragBootTime.exe
[2013/01/14 21:10:44 | 000,000,036 | ---- | M] () -- C:\Users\Darlene\AppData\Roaming\mbam.context.scan
[2013/01/14 18:28:43 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/01/14 18:28:43 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/01/14 18:28:43 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/01/14 18:28:43 | 000,718,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/01/14 18:28:43 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/01/14 18:28:43 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/01/14 18:28:43 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/01/14 18:28:43 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/01/14 18:28:43 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/01/14 18:28:43 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/01/14 18:28:43 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/01/14 18:28:43 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/01/14 18:28:43 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/01/14 18:28:43 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/01/14 18:28:43 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/01/14 18:28:43 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/01/14 18:28:43 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/01/14 18:28:43 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/01/14 18:28:43 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/01/14 18:28:43 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/01/14 18:28:43 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/01/14 18:28:43 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/01/14 18:28:43 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/01/14 18:28:43 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/01/14 18:28:43 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/01/14 18:28:43 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/01/14 18:28:43 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/01/14 18:28:43 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/01/14 18:28:43 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/01/14 18:28:43 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/01/14 18:28:43 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/01/14 18:28:43 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/01/14 18:28:42 | 003,966,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/01/14 18:28:42 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/01/14 18:28:42 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/01/14 18:28:42 | 000,905,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/01/14 18:28:42 | 000,854,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/01/14 18:28:42 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/01/14 18:28:42 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/01/14 18:28:42 | 000,593,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/01/14 18:28:42 | 000,531,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/01/14 18:28:42 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/01/14 18:28:42 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/01/14 18:28:42 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/01/14 18:28:42 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/01/14 18:28:42 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/01/14 18:28:42 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/01/14 18:28:42 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/01/14 18:28:42 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/01/14 18:28:42 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/01/14 18:28:42 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/01/14 18:28:42 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/01/14 18:28:42 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/01/14 18:28:42 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/01/14 18:28:42 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/01/14 18:28:42 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/01/14 18:28:42 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/01/14 18:28:42 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/01/14 18:28:42 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/01/14 18:28:42 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/01/14 18:28:42 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/01/14 18:28:42 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/01/14 18:28:42 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/01/14 18:28:42 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/01/14 18:28:42 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/01/14 18:28:42 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/01/14 18:28:42 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/01/14 18:28:42 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/01/14 18:28:42 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/01/14 18:28:42 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/01/14 18:27:28 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013/01/14 18:27:28 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/01/14 18:27:28 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/01/14 18:27:28 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/01/14 18:27:28 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/01/14 18:27:28 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/01/14 18:27:28 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/01/14 18:27:28 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/01/14 18:27:28 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/01/14 18:27:28 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/01/14 18:27:28 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/01/14 18:27:28 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/01/14 18:27:28 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/01/14 18:27:28 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/01/14 18:27:28 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/01/14 18:27:28 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/01/14 18:27:28 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/01/14 18:27:28 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/01/14 18:27:28 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/01/14 18:27:27 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/01/14 18:27:27 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013/01/14 18:27:27 | 002,434,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/01/14 18:27:27 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013/01/14 18:27:27 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/01/14 18:27:27 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013/01/14 18:27:27 | 001,643,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/01/14 18:27:27 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/01/14 18:27:27 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/01/14 18:27:27 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013/01/14 18:27:27 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/01/14 18:27:27 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/01/14 18:27:27 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/01/14 18:27:27 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/01/14 18:27:27 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/01/14 18:27:27 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013/01/14 18:27:27 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013/01/14 18:27:27 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013/01/14 18:27:27 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013/01/14 18:27:27 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013/01/14 18:27:27 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013/01/14 18:27:27 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013/01/08 18:24:35 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/08 18:24:35 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/08 18:24:17 | 015,739,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/01/04 12:16:16 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NSTx64\7DD02010.021\isolate.ini
[2013/01/01 21:25:38 | 000,152,461 | ---- | M] () -- C:\Windows\wininit.ini
[2012/12/16 12:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/16 09:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/16 09:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/16 09:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/07 08:20:16 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2012/12/07 08:15:31 | 002,746,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2012/12/07 07:26:17 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2012/12/07 07:20:43 | 002,576,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2012/12/07 06:20:04 | 000,030,720 | ---- | M] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2012/12/07 06:20:03 | 000,043,520 | ---- | M] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2012/12/07 06:20:03 | 000,023,552 | ---- | M] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2012/12/07 06:20:01 | 000,045,568 | ---- | M] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2012/12/07 06:20:01 | 000,044,544 | ---- | M] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2012/12/07 06:20:01 | 000,020,480 | ---- | M] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2012/12/07 06:20:00 | 000,020,480 | ---- | M] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2012/12/07 06:19:59 | 000,020,480 | ---- | M] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2012/12/07 06:19:58 | 000,046,592 | ---- | M] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2012/12/07 06:19:57 | 000,040,960 | ---- | M] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2012/12/07 06:19:57 | 000,021,504 | ---- | M] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2012/12/07 06:19:57 | 000,015,360 | ---- | M] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2012/12/07 06:19:56 | 000,055,296 | ---- | M] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2012/12/07 06:19:55 | 000,051,712 | ---- | M] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2012/12/07 05:46:42 | 000,043,520 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2012/12/07 05:46:42 | 000,030,720 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2012/12/07 05:46:41 | 000,045,568 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2012/12/07 05:46:41 | 000,044,544 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2012/12/07 05:46:41 | 000,023,552 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2012/12/07 05:46:41 | 000,020,480 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2012/12/07 05:46:40 | 000,020,480 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2012/12/07 05:46:39 | 000,046,592 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2012/12/07 05:46:39 | 000,020,480 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2012/12/07 05:46:38 | 000,021,504 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2012/12/07 05:46:37 | 000,040,960 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2012/12/07 05:46:37 | 000,015,360 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2012/12/07 05:46:36 | 000,055,296 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2012/12/07 05:46:36 | 000,051,712 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\esrb.rs

========== Files Created - No Company Name ==========

[2013/02/03 14:55:13 | 000,065,494 | ---- | C] () -- C:\Users\Darlene\Desktop\29587_555712101106532_1493114945_n.jpg
[2013/02/03 13:44:01 | 000,001,174 | ---- | C] () -- C:\Users\Darlene\Desktop\ComboFix.exe - Shortcut.lnk
[2013/02/02 20:45:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/02/02 20:45:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/02/02 20:45:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/02 20:45:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/02/02 20:45:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/31 15:30:02 | 000,002,124 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/01/31 13:39:05 | 000,000,042 | ---- | C] () -- C:\Windows\SysWow64\AK083E209605E394C.lie
[2013/01/25 10:17:48 | 001,649,712 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\Cat.DB
[2013/01/25 10:17:48 | 000,014,818 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\VT20130115.021
[2013/01/24 17:34:06 | 000,000,853 | R--- | C] () -- C:\Windows\SysNative\drivers\NSTx64\7DD02010.021\ccSetx64.inf
[2013/01/24 17:34:01 | 000,007,611 | R--- | C] () -- C:\Windows\SysNative\drivers\NSTx64\7DD02010.021\ccsetx64.cat
[2013/01/24 17:34:01 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSTx64\7DD02010.021\isolate.ini
[2013/01/24 14:00:00 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\SBRC.dat
[2013/01/24 14:00:00 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\SBFC.dat
[2013/01/23 22:46:00 | 015,937,536 | ---- | C] () -- C:\Users\Darlene\SYSTEM
[2013/01/23 22:45:18 | 070,270,976 | ---- | C] () -- C:\Users\Darlene\SOFTWARE
[2013/01/23 14:46:25 | 000,299,544 | ---- | C] () -- C:\Windows\RegGenieOnUninstall.exe
[2013/01/23 12:17:56 | 000,429,768 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/14 21:10:44 | 000,000,036 | ---- | C] () -- C:\Users\Darlene\AppData\Roaming\mbam.context.scan
[2013/01/14 21:07:47 | 000,001,424 | ---- | C] () -- C:\Users\Darlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/01/14 18:28:43 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/01/14 18:28:42 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/11/07 19:30:39 | 000,000,125 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012/10/17 09:29:17 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-DARLENE-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2012/10/15 16:40:46 | 000,000,218 | ---- | C] () -- C:\Windows\iepreview.ini
[2012/10/08 17:43:34 | 000,000,000 | ---- | C] () -- C:\Users\Darlene\AppData\Local\Preferences
[2012/02/23 12:32:34 | 000,000,024 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011/05/12 14:23:51 | 000,001,940 | ---- | C] () -- C:\Users\Darlene\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/04/27 17:53:01 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/03/10 13:38:13 | 000,000,880 | ---- | C] () -- C:\Users\Darlene\.recently-used.xbel
[2010/12/03 05:48:23 | 000,007,859 | ---- | C] () -- C:\Users\Darlene\AppData\Roaming\pcouffin.cat
[2010/12/03 05:48:23 | 000,001,167 | ---- | C] () -- C:\Users\Darlene\AppData\Roaming\pcouffin.inf
[2010/07/07 15:33:26 | 000,009,728 | ---- | C] () -- C:\Users\Darlene\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/04 17:33:28 | 000,002,464 | ---- | C] () -- C:\Users\Darlene\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/01/18 13:21:20 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\Canneverbe Limited
[2012/10/27 12:51:07 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\Canon
[2011/07/13 17:57:21 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\ChemTable Software
[2013/01/14 21:32:30 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\DriverCure
[2013/01/17 19:04:27 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\GlarySoft
[2011/03/10 13:38:13 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\gtk-2.0
[2013/01/23 20:19:02 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\IObit
[2011/07/15 20:22:46 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\NCH Swift Sound
[2013/01/23 13:31:15 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\PCCUStubInstaller
[2011/07/15 19:33:41 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\Pmcc
[2012/02/20 12:34:35 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\Product_RM
[2013/01/23 15:06:59 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\RegGenie
[2013/01/24 13:54:21 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\SpeedyPC Software
[2010/02/04 17:33:29 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\Template
[2011/09/21 15:12:11 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\Tific
[2011/06/05 14:53:42 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\TomTom
[2013/01/27 18:08:20 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\uTorrent
[2009/11/29 07:16:08 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\WildTangent
[2013/01/26 14:42:17 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\WinISO Computing
[2013/01/23 19:43:26 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\WiseDrivers

========== Purity Check ==========



< End of report >
  • 0

#49
emeraldnzl
Posted 03 February 2013 - 02:55 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello darlinbassmaster,

Please close Firefox and relaunch it. That should reset some changes.

After that

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

Driver::
ccSet_NST

File::
C:\Windows\SysNative\drivers\NSTx64\7DD02010.021\ccSetx64.sys

FCopy::
C:\Windows\SysNative\RegistryDefragBootTime.exe

Folder::
C:\Users\Darlene\AppData\Roaming\IObit

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt. Please post that here for further review.
  • 0

#50
darlinbassmaster
Posted 03 February 2013 - 03:29 PM

darlinbassmaster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
ComboFix 13-02-03.03 - Darlene 02/03/2013 16:18:12.7.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2937.1719 [GMT -5:00]
Running from: c:\users\Darlene\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-01-03 to 2013-02-03 )))))))))))))))))))))))))))))))
.
.
2013-02-03 21:24 . 2013-02-03 21:24 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-02-03 21:24 . 2013-02-03 21:24 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-02-03 21:24 . 2013-02-03 21:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-03 18:41 . 2013-01-08 02:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D82C1901-A311-4658-BEA3-F666CB7CAB01}\mpengine.dll
2013-02-01 22:25 . 2013-01-08 02:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-01 20:00 . 2013-02-01 20:00 -------- d-----w- c:\program files (x86)\ZSoft
2013-01-31 20:30 . 2013-01-31 20:30 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6DAAF024-3AA8-4D76-BC99-1FF2E72CCF41}\gapaengine.dll
2013-01-31 20:29 . 2013-01-31 20:29 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-01-31 20:29 . 2013-01-31 20:30 -------- d-----w- c:\program files\Microsoft Security Client
2013-01-31 20:23 . 2013-01-31 20:23 -------- d-----w- C:\Rbackup
2013-01-31 18:38 . 2013-01-31 20:23 -------- d-----w- c:\program files\Perfect Uninstaller
2013-01-31 02:16 . 2013-01-31 02:16 -------- d-----w- C:\_OTL
2013-01-30 18:13 . 2013-01-30 18:14 -------- d-----w- c:\users\Darlene\FrostWire
2013-01-30 18:13 . 2013-01-30 21:46 -------- d-----w- c:\users\Darlene\.frostwire5
2013-01-30 18:12 . 2013-01-30 21:49 -------- d-----w- c:\program files (x86)\FrostWire 5
2013-01-30 02:00 . 2013-01-30 02:00 -------- d-----w- c:\users\Darlene\AppData\Local\Apps
2013-01-28 15:22 . 2013-01-28 15:22 -------- d-----w- c:\users\Darlene\AppData\Roaming\Malwarebytes
2013-01-28 15:22 . 2013-01-28 15:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-28 15:22 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-28 15:21 . 2013-01-28 15:21 -------- d-----w- c:\users\Darlene\AppData\Local\Programs
2013-01-26 19:42 . 2013-01-26 19:42 -------- d-----w- c:\users\Darlene\AppData\Roaming\WinISO Computing
2013-01-26 19:42 . 2013-01-26 19:42 -------- d-----w- c:\users\Darlene\AppData\Local\WinISO Computing
2013-01-26 19:42 . 2013-01-27 23:21 -------- d-----w- c:\program files (x86)\WinISO Computing
2013-01-25 03:38 . 2013-01-25 03:38 -------- d-----w- c:\users\Darlene\AppData\Local\Mozilla
2013-01-24 23:58 . 2013-01-24 23:58 -------- d-----w- c:\programdata\NCH Swift Sound
2013-01-24 23:53 . 2013-01-24 23:53 -------- d-----w- c:\programdata\Canneverbe Limited
2013-01-24 22:52 . 2013-01-25 15:20 -------- d-----w- c:\windows\system32\drivers\N360x64
2013-01-24 22:34 . 2013-01-24 22:34 -------- d-----w- c:\windows\system32\drivers\NSTx64
2013-01-24 22:33 . 2013-01-31 02:16 -------- d-----w- c:\program files (x86)\Norton Identity Safe
2013-01-24 19:22 . 2013-01-24 19:22 -------- d-----w- C:\_945401_
2013-01-24 19:20 . 2013-01-24 19:20 -------- d-----w- C:\_823657_
2013-01-24 18:54 . 2013-01-24 18:54 -------- d-----w- c:\users\Darlene\AppData\Roaming\SpeedyPC Software
2013-01-24 18:53 . 2013-01-26 04:37 -------- d-----w- c:\programdata\SpeedyPC Software
2013-01-24 18:19 . 2013-01-24 18:19 -------- d-----w- c:\programdata\ClickIT
2013-01-24 03:32 . 2013-01-27 23:36 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2013-01-24 00:59 . 2013-01-24 00:59 -------- d-----w- c:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-01-24 00:54 . 2013-01-24 00:54 -------- d--h--w- c:\programdata\CanonIJEPPEX2
2013-01-24 00:54 . 2013-01-24 00:54 -------- d--h--w- c:\programdata\CanonEPP
2013-01-23 20:13 . 2013-01-24 00:43 -------- d-----w- c:\users\Darlene\AppData\Roaming\WiseDrivers
2013-01-23 20:06 . 2013-01-23 20:06 -------- d-----w- c:\users\Darlene\AppData\Roaming\RegGenie
2013-01-23 19:46 . 2011-03-08 08:30 299544 ----a-w- c:\windows\RegGenieOnUninstall.exe
2013-01-23 19:00 . 2013-01-23 19:04 -------- d-----w- C:\CAT-Logs
2013-01-23 18:31 . 2013-01-23 18:31 -------- d-----w- c:\users\Darlene\AppData\Roaming\PCCUStubInstaller
2013-01-22 00:40 . 2013-01-22 00:40 -------- d-----w- c:\users\Darlene\AppData\Local\VS Revo Group
2013-01-18 00:04 . 2013-01-18 00:04 -------- d-----w- c:\users\Darlene\AppData\Roaming\GlarySoft
2013-01-17 22:23 . 2013-01-17 22:23 -------- d-----w- c:\programdata\RegInOut
2013-01-16 01:33 . 2012-11-14 03:51 19450880 ----a-w- c:\windows\system32\mshtml.dll
2013-01-16 01:33 . 2012-11-14 03:25 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-01-16 01:33 . 2012-11-14 01:14 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-01-15 02:32 . 2013-01-15 02:32 -------- d-----w- c:\users\Darlene\AppData\Roaming\DriverCure
2013-01-14 23:31 . 2012-11-09 05:46 28672 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-01-14 23:27 . 2013-01-14 23:27 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-12 23:31 . 2013-01-12 23:50 -------- d-----w- c:\programdata\RegAce
2013-01-12 22:35 . 2013-01-12 22:40 -------- d-----w- c:\program files (x86)\Smart Driver Updater
2013-01-12 22:02 . 2013-01-12 22:02 -------- d-----w- c:\windows\ERUNT
2013-01-12 22:01 . 2013-01-12 22:01 -------- d-----w- C:\JRT
2013-01-12 21:52 . 2013-02-01 22:05 -------- d-----w- c:\program files\CCleaner
2013-01-10 03:03 . 2013-01-10 03:03 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-01-09 21:35 . 2012-12-07 13:20 441856 ----a-w- c:\windows\system32\Wpc.dll
2013-01-09 21:34 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-09 21:34 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-08 23:24 . 2013-01-08 23:24 15739912 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-01-06 00:54 . 2013-01-06 00:54 -------- d-----w- c:\windows\SysWow64\N360_BACKUP
2013-01-05 13:14 . 2013-01-27 20:56 -------- d-----w- c:\users\Darlene\AppData\Local\NPE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-30 10:53 . 2009-11-29 15:04 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-28 18:08 . 2009-10-20 08:01 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-01-28 18:08 . 2009-10-20 08:01 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-01-15 23:49 . 2012-11-14 22:59 26432 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2013-01-10 03:11 . 2009-12-06 23:50 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-08 23:24 . 2012-04-04 22:06 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-08 23:24 . 2011-05-17 18:17 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-16 17:11 . 2012-12-22 04:07 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 04:07 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 04:07 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 04:07 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-11-30 04:45 . 2013-01-09 21:36 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-29 21:18 . 2012-11-29 21:18 18944 ----a-r- c:\users\Darlene\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
2012-11-14 23:27 . 2012-11-14 23:27 154624 ----a-w- c:\windows\SysWow64\iisRtl.dll
2012-11-14 23:27 . 2012-11-14 23:27 8192 ----a-w- c:\windows\SysWow64\iisrstap.dll
2012-11-14 23:27 . 2012-11-14 23:27 60928 ----a-w- c:\windows\system32\ahadmin.dll
2012-11-14 23:27 . 2012-11-14 23:27 55296 ----a-w- c:\windows\system32\admwprox.dll
2012-11-14 23:27 . 2012-11-14 23:27 50688 ----a-w- c:\windows\SysWow64\admwprox.dll
2012-11-14 23:27 . 2012-11-14 23:27 26624 ----a-w- c:\windows\SysWow64\ahadmin.dll
2012-11-14 23:27 . 2012-11-14 23:27 192000 ----a-w- c:\windows\system32\iisRtl.dll
2012-11-14 23:27 . 2012-11-14 23:27 16896 ----a-w- c:\windows\system32\iisreset.exe
2012-11-14 23:27 . 2012-11-14 23:27 15360 ----a-w- c:\windows\SysWow64\iisreset.exe
2012-11-14 23:27 . 2012-11-14 23:27 14848 ----a-w- c:\windows\system32\wamregps.dll
2012-11-14 23:27 . 2012-11-14 23:27 10752 ----a-w- c:\windows\SysWow64\wamregps.dll
2012-11-14 23:26 . 2012-11-14 23:26 11264 ----a-w- c:\windows\system32\iisrstap.dll
2012-11-14 23:26 . 2012-11-14 23:26 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 23:26 . 2012-11-14 23:26 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-14 23:25 . 2012-11-14 23:25 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-14 23:25 . 2012-11-14 23:25 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-14 23:25 . 2012-11-14 23:25 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-14 23:25 . 2012-11-14 23:25 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-14 23:25 . 2012-11-14 23:25 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-14 23:25 . 2012-11-14 23:25 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-14 23:25 . 2012-11-14 23:25 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-14 23:24 . 2012-11-14 23:24 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-14 23:24 . 2012-11-14 23:24 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-14 23:24 . 2012-11-14 23:24 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-14 23:03 . 2012-11-14 23:03 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-14 23:03 . 2012-11-14 23:03 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-11-14 23:03 . 2012-11-14 23:03 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-14 23:03 . 2012-11-14 23:03 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-11-14 23:02 . 2012-11-14 23:02 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-14 23:02 . 2012-11-14 23:02 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-14 23:02 . 2012-11-14 23:02 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2012-11-14 23:02 . 2012-11-14 23:02 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-14 23:02 . 2012-11-14 23:02 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-14 23:02 . 2012-11-14 23:02 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-14 23:02 . 2012-11-14 23:02 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-11-14 23:02 . 2012-11-14 23:02 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-14 23:02 . 2012-11-14 23:02 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-11-14 23:02 . 2012-11-14 23:02 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-14 23:02 . 2012-11-14 23:02 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-11-14 23:02 . 2012-11-14 23:02 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-11-14 23:01 . 2012-11-14 23:01 62976 ----a-w- c:\windows\system32\TSWbPrxy.exe
2012-11-14 23:01 . 2012-11-14 23:01 54272 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2012-11-14 23:01 . 2012-11-14 23:01 4916224 ----a-w- c:\windows\SysWow64\mstscax.dll
2012-11-14 23:01 . 2012-11-14 23:01 37376 ----a-w- c:\windows\SysWow64\tsgqec.dll
2012-11-14 23:01 . 2012-11-14 23:01 3174912 ----a-w- c:\windows\system32\rdpcorets.dll
2012-11-14 23:01 . 2012-11-14 23:01 269312 ----a-w- c:\windows\SysWow64\aaclient.dll
2012-11-14 23:01 . 2012-11-14 23:01 243200 ----a-w- c:\windows\system32\rdpudd.dll
2012-11-14 23:01 . 2012-11-14 23:01 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2012-11-14 23:01 . 2012-11-14 23:01 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2012-11-14 23:01 . 2012-11-14 23:01 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2012-11-14 23:01 . 2012-11-14 23:01 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2012-11-14 23:01 . 2012-11-14 23:01 1123840 ----a-w- c:\windows\system32\mstsc.exe
2012-11-14 23:01 . 2012-11-14 23:01 1048064 ----a-w- c:\windows\SysWow64\mstsc.exe
2012-11-14 23:01 . 2012-11-14 23:01 57856 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2012-11-14 23:01 . 2012-11-14 23:01 5773824 ----a-w- c:\windows\system32\mstscax.dll
2012-11-14 23:01 . 2012-11-14 23:01 46592 ----a-w- c:\windows\SysWow64\MsRdpWebAccess.dll
2012-11-14 23:01 . 2012-11-14 23:01 44032 ----a-w- c:\windows\system32\tsgqec.dll
2012-11-14 23:01 . 2012-11-14 23:01 43520 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2012-11-14 23:01 . 2012-11-14 23:01 384000 ----a-w- c:\windows\system32\wksprt.exe
2012-11-14 23:01 . 2012-11-14 23:01 322560 ----a-w- c:\windows\system32\aaclient.dll
2012-11-14 23:01 . 2012-11-14 23:01 18432 ----a-w- c:\windows\system32\wksprtPS.dll
2012-11-14 23:01 . 2012-11-14 23:01 16896 ----a-w- c:\windows\SysWow64\wksprtPS.dll
2012-11-14 23:01 . 2012-11-14 23:01 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2012-11-14 23:01 . 2012-11-14 23:01 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2012-11-14 23:00 . 2012-11-14 23:00 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-11-14 23:00 . 2012-11-14 23:00 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-11-14 23:00 . 2012-11-14 23:00 340992 ----a-w- c:\windows\system32\schannel.dll
2012-11-14 23:00 . 2012-11-14 23:00 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-11-14 23:00 . 2012-11-14 23:00 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-11-14 23:00 . 2012-11-14 23:00 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-11-14 23:00 . 2012-11-14 23:00 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-11-14 14:59 . 2012-11-14 15:00 4589880 ----a-w- c:\windows\uninst.exe
2012-11-09 05:45 . 2012-12-12 20:00 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 20:00 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-02 140640]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-01-28 295072]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Bomgar_Cleanup_ZD874224505"="rd" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="%Service%"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
.
R1 SASDIFSV;SASDIFSV;c:\users\Darlene\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\Darlene\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Canon IJ Wireless Setup Assistant;Canon IJ Wireless Setup Assistant Service;c:\users\Darlene\Desktop\CanonAPChkTool_win210en\CNMNPHLP.EXE [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-12-03 82816]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-14 19456]
R3 SRS_HDAL_Service;HD Audio Lab;c:\windows\system32\drivers\SRS_HDAL_amd64.sys [2010-11-15 533280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-11-14 57856]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-28 1255736]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-11-30 52856]
S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DD02010.021\ccSetx64.sys [2012-08-20 168096]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-08-06 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-02-12 292864]
S3 HP8207_8307;HP-HP8207_8307;c:\windows\system32\DRIVERS\HP8207_8307.sys [2010-02-04 15360]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-25 138752]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys [2009-05-07 63264]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys [2009-05-07 49696]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2012-03-27 398112]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-31 17:43 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 23:24]
.
2012-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-13 02:43]
.
2012-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-13 02:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2009-08-06 828960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 69.174.176.2 69.174.176.3 8.8.8.8
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
FF - ProfilePath - c:\users\Darlene\AppData\Roaming\Mozilla\Firefox\Profiles\9j309dhz.default\
FF - ExtSQL: 2013-01-24 17:44; {F04D2D30-776C-4d02-8627-8E4385ECA58D}; c:\programdata\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.1.33\coFFPlgn
FF - ExtSQL: 2013-01-24 17:55; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn
FF - ExtSQL: 2013-01-24 20:57; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
Notify-igfxcui - (no file)
AddRemove-NST - c:\program files (x86)\NortonInstaller\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST\LicenseType\2013.2.1.33\InstStub.exe
AddRemove-ZSoft Uninstaller - c:\users\Darlene\Desktop\Uninstaller\uninst.exe
.
.
.
Completion time: 2013-02-03 16:26:34
ComboFix-quarantined-files.txt 2013-02-03 21:26
ComboFix2.txt 2013-02-03 19:10
ComboFix3.txt 2013-02-03 01:56
.
Pre-Run: 189,967,519,744 bytes free
Post-Run: 189,880,229,888 bytes free
.
- - End Of File - - 4BD784267A2CC20AB565BBC7D9123976
  • 0

#51
emeraldnzl
Posted 03 February 2013 - 03:42 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hmm... something not working exactly right there.

Not to worry let's try this:

Please run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
DRV:64bit: - [2012/08/20 15:50:10 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSTx64\7DD02010.021\ccSetx64.sys -- (ccSet_NST)

:Files
C:\Users\Darlene\AppData\Roaming\IObit

:Commands
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.The log is saved in the same location as OTL.
After that

Please use the System File Checker tool (SFC.exe) to check your system and replace files where necessary.

To do this, follow these steps:
  • To do this, click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.
  • If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.
  • Type the following command, and then press ENTER:
    sfc /scannow Please note that there is a single space between sfc and /scannow.
The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions.

Come back and tell me how your machine is now.
  • 0

#52
darlinbassmaster
Posted 03 February 2013 - 05:41 PM

darlinbassmaster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
It seems to be running okay except the add remove programs is not running and the Windows install is not working either. I did not see the malware or Virus message when I rebooted after the scan. I received the same message I did before saying the program was removed did I want to removes it from the list and then gave me an error, :confused:
  • 0

#53
emeraldnzl
Posted 03 February 2013 - 08:15 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello darlinbassmaster,

It seems to be running okay except the add remove programs is not running and the Windows install is not working either.


Please download Fixit for problems with Windows installer/uninstaller

Come back and tell me how it went. :)

After that

We have some other options if necessary and we need to clear away the tools we have been using once we are happy with your machine.
  • 0

#54
darlinbassmaster
Posted 04 February 2013 - 09:25 AM

darlinbassmaster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
I did not have any luck it says it was not installed correctly, I will say that was not my fault since I had the fix it tool install it. Number 1 reason I get fed up with Windows.. lol
  • 0

#55
emeraldnzl
Posted 04 February 2013 - 01:29 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

I did not have any luck it says it was not installed correctly


What exactly wasn't installed correctly? The installer?
  • 0

Advertisements

#56
darlinbassmaster
Posted 04 February 2013 - 02:23 PM

darlinbassmaster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
I go to my Control Panel and try to open the Add and Remove programs, and uninstall or install a program and I get errors. I did as you suggested and it tells me the program Windows Installer was not Installed correctly. The Control Panel itself does not seem to be working correctly in any area with the selection buttons. If I push a button it does not seem to work Is there a way to correct this The whole control panel.?
  • 0

#57
emeraldnzl
Posted 04 February 2013 - 02:47 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

I go to my Control Panel and try to open the Add and Remove programs, and uninstall or install a program and I get errors. I did as you suggested and it tells me the program Windows Installer was not Installed correctly. The Control Panel itself does not seem to be working correctly in any area with the selection buttons. If I push a button it does not seem to work Is there a way to correct this The whole control panel.?


Sometime ago, after trouble getting rid of a program, I installed a well known free uninstaller. It worked fine in getting rid of the program but after that, no matter what I did, my windows uninstaller wouldn't work properly. It wasn't until I uninstalled the freeware one and spent some time repairing windows that things got back to normal. I think some damage had been done to the registry part of Windows uninstaller.

I am not saying that that is your problem but I wouldn't be surprised if it isn't at least part of it.

Up to you but I would try uninstalling any freeware uninstallers you have and then attempt a fix again.

This time use this one and tick Repair MSI (Windows Installer) as well:

Download Windows Repair (all in one) from here.

Install the program then run

Posted Image

Go to step 3 and allow it to run SFC
Posted Image


On the start repairs tab click start
Posted Image

Select the following items and tick restart system when finished
Posted Image

After that come back and tell me if that has made a difference.
  • 0

#58
darlinbassmaster
Posted 04 February 2013 - 03:09 PM

darlinbassmaster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
sounds good!
  • 0

#59
emeraldnzl
Posted 04 February 2013 - 03:11 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Look forward to hearing how you get on. :)
  • 0

#60
darlinbassmaster
Posted 04 February 2013 - 04:03 PM

darlinbassmaster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
for some reason I am unable to install it. Says it cannot create a shortcut. and will not install.. :angry: sorry I am as I said previous having health( a headache for the past year! )issues and frustrated with that so it takes little at times for me to get angry
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP