Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

virus [Closed]

Started by topedge , Apr 11 2013 07:27 PM

This topic is locked

#1
topedge

Posted 11 April 2013 - 07:27 PM

Member

Member
83 posts

Hi,
I tried to run OTL but it crashed before it finished. Then I went to the next steps and ran exehelper and rkill. Then I tried to run MBAM but it quit. I ran superantispy and it locked up. Now all I get is a blue screen.
Thanks,
Scott

#2
maliprog

Posted 12 April 2013 - 12:11 AM

Trusted Helper

Malware Removal
6,172 posts

Hello topedge and welcome to my office here at G2G!

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:

Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
Absence of symptoms does not always mean the computer is clean
Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
Please DO NOT run any scans or fix on your own without my direction.
Please read all of my response through at least once before attempting to follow the procedures described.
If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
You must reply within 3 days or your topic will be closed

Step 1

Let's install the free Avast:

AVAST Free

Once you have it installed and it has updated, right click on it and select Open Avast! User Interface then click on Scan Computer, then on
Boot-Time Scan then Schedule Now.

Reboot and let it run a scan. It will take many hours (like overnight) and unfortunately you may need to check back with it once in a while to see if it needs an input from you.

After the scan try to find scan log in

XP –> C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report\aswBoot.txt

Vista/7 –> C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt

and post it here for me.

If the scan hangs that may indicate a hardware problem.

Step 2

Please don't forget to include these items in your reply:

AVAST boot scan log

It would be helpful if you could post each log in separate post using "Add Reply" button

#3
topedge

Posted 12 April 2013 - 06:30 AM

Member

Topic Starter
Member
83 posts

Hi Maliprog,
Thank you for your offer to help. I am not able to boot the machine past the blue screen. Do I copy AVAST onto a cd and put it into the sick computer?

#4
maliprog

Posted 12 April 2013 - 07:21 AM

Trusted Helper

Malware Removal
6,172 posts

Please try restart in safe mode with networking:

If the computer is running, shut down Windows, and then turn off the power
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe mode with networking option is selected.
Press Enter. The computer then begins to start in Safe mode.

If you enter safe mode then try to download AVAST and run boot scan.

#5
topedge

Posted 12 April 2013 - 07:47 AM

Member

Topic Starter
Member
83 posts

I am not able to enter safe mode. I get a blue screen there too.

#6
maliprog

Posted 13 April 2013 - 12:16 AM

Trusted Helper

Malware Removal
6,172 posts

Please print these instruction out so that you know what you are doing

Download OTLPEStd.exe to your desktop
Ensure that you have a blank CD in the drive
Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD
Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here
As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
Your system should now display a Reatogo desktop.
Note : as you are running from CD it is not exactly speedy
Double-click on the OTLPE icon.
Select the Windows folder of the infected drive if it asks for a location
When asked "Do you wish to load the remote registry", select Yes
When asked "Do you wish to load remote user profile(s) for scanning", select Yes
Ensure the box "Automatically Load All Remaining Users" is checked and press OK
OTL should now start.
Drag and drop this attached scan.txt into the Custom scans and fixes box
Press Run Scan to start the scan.
When finished, the file will be saved in drive C:\OTL.txt
Copy this file to your USB drive if you do not have internet connection on this system.
Right click the file and select send to : select the USB drive.
Confirm that it has copied to the USB drive by selecting it
You can backup any files that you wish from this OS
Please post the contents of the C:\OTL.txt file in your reply.

#7
topedge

Posted 13 April 2013 - 08:50 AM

Member

Topic Starter
Member
83 posts

Hi,
When I put that file in I rec'd the following;

windows could not start b/c the following file is missing or corrupt;

windows\system32\config\system

you can attempt to fix using original setup cd.

this machine came installed.

#8
topedge

Posted 13 April 2013 - 02:04 PM

Member

Topic Starter
Member
83 posts

Got it fixed.

#9
topedge

Posted 13 April 2013 - 04:39 PM

Member

Topic Starter
Member
83 posts

This is OTL

OTL logfile created on: 13/04/2013 12:22:14 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = F:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 78.41% Memory free
2.60 Gb Paging File | 2.34 Gb Available in Paging File | 90.01% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.85 Gb Total Space | 93.97 Gb Free Space | 64.43% Space Free | Partition Type: NTFS
Drive F: | 488.60 Mb Total Space | 393.86 Mb Free Space | 80.61% Space Free | Partition Type: FAT

Computer Name: EDGELOW | User Name: Scott | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/13 11:45:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2011/04/27 16:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2009/08/16 18:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - File not found [Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe -- (FTSvc)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Shaw Secure\Common\FSMA32.EXE -- (FSMA)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\system32\\AstSrv.exe -- (Ast Service)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/04/07 16:08:05 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/25 15:11:06 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/01/23 19:58:34 | 000,387,584 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe -- (RIM MDNS)
SRV - [2013/01/23 19:58:32 | 001,161,216 | ---- | M] (Research In Motion Limited) [Auto | Stopped] -- C:\Program Files\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe -- (RIM Tunnel Service)
SRV - [2013/01/18 18:10:18 | 000,577,536 | ---- | M] (Research In Motion Limited) [On_Demand | Stopped] -- C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe -- (Blackberry Device Manager)
SRV - [2011/08/05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011/08/05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011/08/05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011/08/05 12:29:56 | 000,057,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2011/04/27 16:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/11/22 16:50:26 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\nlssrv32.exe -- (nlsX86cc)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/01/05 01:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2005/06/17 07:55:58 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | System | Stopped] -- System32\vsdatant.sys -- (Vsdatant)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vncmirror.sys -- (vncmirror)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CA449608-EB79-4D75-AAE4-D45906A50D79}\MpKsl7126d44d.sys -- (MpKsl7126d44d)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3DC3E2BE-6923-4BB0-A9F6-0B0E5D81C3F9}\MpKsl0c0c62de.sys -- (MpKsl0c0c62de)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [File_System | System | Stopped] -- system32\DRIVERS\klif.sys -- (KLIF)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\kl2.sys -- (kl2)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\kl1.sys -- (KL1)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\fsdfw.sys -- (FSFW)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Program Files\Shaw Secure\Anti-Virus\Win2K\FSrec.sys -- (F-Secure Recognizer)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Shaw Secure\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Program Files\Shaw Secure\Anti-Virus\Win2K\FSfilter.sys -- (F-Secure Filter)
DRV - File not found [Kernel | Boot | Stopped] -- system32\Drivers\fsbts.sys -- (fsbts)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Scott\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013/01/23 19:58:20 | 000,012,800 | ---- | M] (Research in Motion Limited) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rimvndis.sys -- (rimvndis)
DRV - [2010/06/12 06:41:56 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/02/11 06:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/08/11 13:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2006/11/02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/08/04 04:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/06/14 22:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2002/08/01 11:09:36 | 000,095,744 | ---- | M] (IC Media Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbuvt.sys -- (DCamUSBUVT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GPEA_en
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpr...q={searchTerms}
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKCU\..\SearchScopes\{E186E942-95CE-4F90-BD35-813141780A6B}: "URL" = http://www.google.co...ie7&rlz=1I7DELA
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://mysearch.avg....fr&d=2013-04-11 16:24:42&v=15.1.0.2&pid=safeguard&sg=2&sap=hp"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Documents and Settings\Scott\Local Settings\Application Data\Citrix\Plugins\94\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Scott\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\Scott\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Scott\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Scott\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Scott\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\Scott\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Shaw Secure\NRS\[email protected] [2013/04/11 14:16:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/30 09:01:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/07 16:08:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/30 09:02:33 | 000,000,000 | ---D | M]

[2010/08/11 14:09:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Scott\Application Data\Mozilla\Extensions
[2010/08/11 14:09:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Scott\Application Data\Mozilla\Extensions\[email protected]
[2012/11/10 22:34:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\bdehlw3t.default\extensions
[2010/06/25 06:17:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\bdehlw3t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/25 09:27:51 | 000,000,000 | ---D | M] ({PRODUCT-NAME}) -- C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\bdehlw3t.default\extensions\[email protected]
[2012/06/17 12:26:56 | 000,000,000 | ---D | M] (JetMP3) -- C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\bdehlw3t.default\extensions\jetmp3@jetpack
[2012/05/29 20:31:01 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\bdehlw3t.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012/06/17 12:27:10 | 000,179,233 | ---- | M] () (No name found) -- C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\bdehlw3t.default\extensions\[email protected]
[2011/04/04 22:05:07 | 000,002,380 | ---- | M] () -- C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\bdehlw3t.default\searchplugins\search.xml
[2013/02/25 15:09:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/17 16:08:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/09/05 20:14:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/20 12:49:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/04/07 16:08:07 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/08/16 17:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2008/08/16 17:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2008/08/16 17:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2010/09/22 21:38:20 | 000,288,568 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2008/05/21 08:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcm80.dll
[2008/05/21 08:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcp80.dll
[2008/05/21 08:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr80.dll
[2010/09/22 21:38:08 | 000,171,320 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2008/08/16 17:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2012/09/30 09:00:45 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2008/08/16 17:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2013/04/07 16:07:36 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/04/11 16:24:48 | 000,003,723 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml
[2013/04/07 16:07:35 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Scott\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Scott\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Scott\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Scott\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Scott\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Scott\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Documents and Settings\Scott\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Java™ Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: RealArcade Mozilla Plugin (Enabled) = C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Documents and Settings\Scott\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Search = C:\Documents and Settings\Scott\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Documents and Settings\Scott\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/04/11 18:55:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O2 - BHO: (Fantapper) - {8A86D350-37AB-410A-8531-7D1363F317B3} - C:\Program Files\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll File not found
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Shaw Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Shaw Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O4 - HKLM..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash File not found
O4 - HKLM..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW File not found
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden" File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RIM PeerManager] C:\Program Files\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe (Research In Motion Limited)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe File not found
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Scott\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1270667010005 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1270667000083 (MUWebControl Class)
O16 - DPF: {6EBC6744-5383-4213-AD5E-66434ECA1812} http://download.sp.f.../fslauncher.cab (F-Secure Online Scanner Launcher)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://shawsecure.ca...anner/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 75.153.176.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F667839A-1C5E-40D4-8FA4-7C482B080D6B}: DhcpNameServer = 192.168.1.254 75.153.176.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Scott\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Scott\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/04/20 10:32:15 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/04/20 10:32:16 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/13 05:48:08 | 000,000,000 | ---D | C] -- C:\FRST
[2013/04/12 16:44:05 | 000,000,000 | -HSD | C] -- C:\found.006
[2013/04/11 19:18:10 | 000,000,000 | -HSD | C] -- C:\found.005
[2013/04/11 19:00:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com
[2013/04/11 18:48:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2013/04/11 18:48:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2013/04/11 18:48:09 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/04/11 17:45:27 | 001,752,992 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Scott\Desktop\rkill.com
[2013/04/11 17:11:38 | 000,000,000 | -HSD | C] -- C:\found.004
[2013/04/11 16:37:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott\Application Data\AVG2013
[2013/04/11 16:24:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott\Local Settings\Application Data\AVG SafeGuard toolbar
[2013/04/11 16:24:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/04/11 16:24:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
[2013/04/11 16:24:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott\Application Data\AVG SafeGuard toolbar
[2013/04/11 16:24:41 | 000,034,592 | ---- | C] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013/04/11 16:24:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2013/04/11 16:24:36 | 000,000,000 | ---D | C] -- C:\Program Files\AVG SafeGuard toolbar
[2013/04/11 16:22:53 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/04/11 16:22:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013/04/11 16:21:19 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2013/04/11 16:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott\Local Settings\Application Data\MFAData
[2013/04/11 16:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott\Local Settings\Application Data\Avg2013
[2013/04/11 13:36:49 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/04/11 13:30:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\dt Pro
[2013/04/11 13:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\dt Pro
[2013/04/11 11:10:26 | 000,015,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2013/04/10 19:51:29 | 000,000,000 | ---D | C] -- C:\Program Files\dt Pro(2)
[2013/04/10 07:59:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott\Local Settings\Application Data\OEC
[2013/04/10 07:58:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott\Local Settings\Application Data\Daniels
[2013/04/10 07:58:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott\Application Data\Daniels
[2013/04/10 07:57:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott\My Documents\My Custom Indicators
[2013/04/10 07:57:42 | 000,000,000 | ---D | C] -- C:\Program Files\OEC
[2013/04/08 07:22:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott\Local Settings\Application Data\Sun
[2013/04/03 19:05:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott\My Documents\E3P
[2013/03/23 13:13:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott\My Documents\Ninja Indies
[2009/05/27 22:01:37 | 003,902,784 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Scott\gosetup.exe
[2007/12/24 11:30:44 | 025,755,448 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x86-enu.exe
[2007/02/07 19:08:38 | 001,134,168 | ---- | C] (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) -- C:\Program Files\R120895.EXE
[2007/02/04 23:23:41 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2007/02/02 18:55:06 | 019,666,504 | ---- | C] (Apple Computer, Inc.) -- C:\Program Files\QuickTimeInstaller.exe
[2007/02/02 18:49:39 | 036,808,256 | ---- | C] (Apple Computer, Inc.) -- C:\Program Files\iTunesSetup.exe
[2007/01/23 21:14:35 | 020,170,640 | ---- | C] (Skype Technologies S.A. ) -- C:\Program Files\SkypeSetup.exe
[2006/08/24 21:06:51 | 013,736,064 | ---- | C] (Macrovision Corporation) -- C:\Program Files\GoogleEarthWin.exe
[2006/08/14 21:42:45 | 000,218,112 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Program Files\HijackThis.exe
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/13 12:24:48 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2013/04/13 12:19:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/13 08:45:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4ECF8245-347D-4305-934B-B97411273FF9}.job
[2013/04/13 08:37:48 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\wan.pcap
[2013/04/13 08:33:52 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2771394249-4081502383-3354649462-1006.job
[2013/04/13 08:33:46 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/13 08:33:42 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_Scott.job
[2013/04/13 08:32:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/12 11:15:00 | 000,000,360 | RHS- | M] () -- C:\boot.ini
[2013/04/11 18:49:41 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/04/11 18:39:09 | 000,000,116 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\IEBPpBol.htm.part.htm
[2013/04/11 18:07:32 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/04/11 17:42:58 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Scott\Desktop\rkill.com
[2013/04/11 17:41:34 | 000,602,112 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\OTL (1).exe
[2013/04/11 16:24:51 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/04/11 16:24:30 | 000,034,592 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013/04/11 16:14:52 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/11 16:08:09 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2771394249-4081502383-3354649462-1006UA.job
[2013/04/11 16:04:16 | 000,001,905 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\Resume ZoneAlarm Security Install.lnk
[2013/04/11 14:16:16 | 000,504,606 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/04/11 14:16:16 | 000,088,556 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/04/11 13:00:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/11 12:31:01 | 000,000,820 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013/04/11 05:41:32 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/04/10 16:58:09 | 010,285,246 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\CFRN Layout (1).xml
[2013/04/10 12:00:02 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_Scott.job
[2013/04/10 07:58:02 | 000,000,877 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\Sample Trader Excel Add-In.lnk
[2013/04/10 07:57:39 | 000,000,781 | ---- | M] () -- C:\Documents and Settings\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\dt Pro Demo 3.5.lnk
[2013/04/10 07:57:39 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\dt Pro Demo 3.5.lnk
[2013/04/10 07:57:03 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_Scott.job
[2013/04/10 07:43:26 | 010,285,246 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\CFRN Layout.xml
[2013/04/08 18:09:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2013/04/08 07:23:19 | 000,061,304 | ---- | M] () -- C:\Documents and Settings\Scott\g2mdlhlpx.exe
[2013/04/07 12:00:00 | 000,000,944 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2013/04/07 09:08:01 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2771394249-4081502383-3354649462-1006.job
[2013/04/06 22:02:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2771394249-4081502383-3354649462-1006Core.job
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/04/02 12:07:24 | 000,002,302 | ---- | M] () -- C:\Documents and Settings\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/02 12:07:24 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\Google Chrome.lnk
[2013/04/02 04:33:22 | 000,237,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2013/03/19 17:35:08 | 000,035,067 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\CTS3780.pdf
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/11 18:48:18 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/04/11 18:38:59 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\IEBPpBol.htm.part.htm
[2013/04/11 17:41:37 | 000,602,112 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\OTL (1).exe
[2013/04/11 16:24:51 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/04/11 16:04:16 | 000,001,905 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\Resume ZoneAlarm Security Install.lnk
[2013/04/11 15:04:24 | 000,000,390 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2013/04/11 05:41:32 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/04/10 16:58:08 | 010,285,246 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\CFRN Layout (1).xml
[2013/04/10 07:58:02 | 000,000,877 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\Sample Trader Excel Add-In.lnk
[2013/04/10 07:57:39 | 000,000,781 | ---- | C] () -- C:\Documents and Settings\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\dt Pro Demo 3.5.lnk
[2013/04/10 07:57:39 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\dt Pro Demo 3.5.lnk
[2013/04/10 07:43:20 | 010,285,246 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\CFRN Layout.xml
[2013/03/21 11:44:01 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_Scott.job
[2013/03/21 11:44:00 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_Scott.job
[2013/03/21 11:44:00 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_Scott.job
[2013/03/19 17:34:50 | 000,035,067 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\CTS3780.pdf
[2012/09/12 07:40:52 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\NtDirect.dll
[2012/01/12 22:34:50 | 000,138,000 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/10/31 18:12:41 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/10/31 18:12:41 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/09/30 16:12:38 | 000,774,202 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2771394249-4081502383-3354649462-1006-0.dat
[2011/08/16 22:05:18 | 000,258,250 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/08/05 22:29:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\{F714E0AB-56E9-4CEB-A960-7981007EB9B3}
[2011/08/04 22:29:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\{77C02C9F-E03A-4963-87F1-41AFC4A230D4}
[2011/07/19 16:23:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\{CF1EDC07-7C41-47F2-8F5B-C3750231A6D2}
[2011/07/14 16:23:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\{31DA9C12-696D-4956-9080-75D097453A38}
[2011/07/06 16:23:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\{CE4700A8-6A33-466E-A0B4-8093FC8C88A8}
[2011/06/26 16:23:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\{30DE9C03-30A5-4680-9E3A-91C347EF7E21}
[2011/06/23 16:23:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\{CEEBD707-0A4A-44BA-82A7-2ABC7E0B6F7B}
[2011/06/19 16:23:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\{AC51B54C-DA07-42D9-A50E-BC9526C7A2B4}
[2011/06/18 16:23:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\{657AA7DA-396C-4D5F-9B65-5431DF2056F6}
[2011/06/16 16:23:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\{BE491302-237D-435C-BF7D-E6A729D74368}
[2011/06/15 16:23:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\{CD6CB2A7-35CB-42FC-AA1F-C54751B26330}
[2011/06/13 16:23:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\{323FE2A1-8431-4225-84A4-1667BDA81D80}
[2011/06/02 09:18:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\{F0C8E226-264E-451D-8C50-ED1885DFA685}
[2011/05/20 09:18:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\{144B9358-13E1-4DCE-8ACF-2D82B54372F0}
[2011/04/22 08:00:15 | 000,061,304 | ---- | C] () -- C:\Documents and Settings\Scott\g2mdlhlpx.exe
[2011/04/20 11:44:58 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/20 11:44:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/20 11:44:58 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/20 11:44:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/20 11:44:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/03 17:17:56 | 000,000,211 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/06/17 11:20:02 | 000,722,720 | ---- | C] () -- C:\Program Files\unins000.exe
[2010/06/17 11:20:01 | 000,001,076 | ---- | C] () -- C:\Program Files\unins000.dat
[2008/09/15 08:43:00 | 000,559,376 | ---- | C] () -- C:\Program Files\Setup_QuickBooks_SimpleStart_Quicken_2008.exe
[2008/04/17 21:26:17 | 162,198,016 | ---- | C] () -- C:\Program Files\MSQC101ProSubBundle.exe
[2007/12/30 16:35:25 | 003,559,573 | ---- | C] () -- C:\Program Files\MT4.exe
[2007/05/09 21:47:29 | 002,829,933 | ---- | C] () -- C:\Program Files\FOREXPro.zip
[2007/03/18 11:01:36 | 011,776,000 | ---- | C] () -- C:\Program Files\RETV1202ELL.msi
[2007/03/18 10:57:51 | 002,337,011 | ---- | C] () -- C:\Program Files\RETVer1.2.3BetaUpgrade.zip
[2007/03/18 09:01:40 | 006,565,376 | ---- | C] () -- C:\Program Files\ERP2SSV2205.exe
[2007/02/13 22:22:18 | 001,570,920 | ---- | C] () -- C:\Program Files\taskmanager17.exe
[2007/02/02 19:00:36 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/02/04 15:57:10 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Scott\Application Data\PFP120JPR.{PB
[2006/02/04 15:57:10 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Scott\Application Data\PFP120JCM.{PB
[2006/02/04 10:50:33 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/03 22:41:06 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2004/08/10 13:09:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 18:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 192 bytes -> C:\WINDOWS:nlsPreferences

< End of report >

#10
topedge

Posted 13 April 2013 - 04:40 PM

Member

Topic Starter
Member
83 posts

This is FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-04-2013
Ran by SYSTEM at 13-04-2013 11:48:46
Running from F:\
Microsoft Windows XP (X86) OS Language:
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash [x]
HKLM\...\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW [x]
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [421888 2010-03-18] (Apple Inc.)
HKLM\...\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup [249856 2005-06-10] (InstallShield Software Corporation)
HKLM\...\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" [159456 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [997920 2011-06-15] (Microsoft Corporation)
HKLM\...\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot [296096 2012-09-30] (RealNetworks, Inc.)
HKLM\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM\...\Run: [RIM PeerManager] "C:\Program Files\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe" [4169216 2013-01-24] (Research In Motion Limited)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [ZoneAlarm Installer] "C:\Program Files\CheckPoint\Install\Launcher.exe" "C:\Program Files\CheckPoint\Install\Install.exe" /r /c "C:\Program Files\CheckPoint\Install\Install.xml" [x]
HKLM\...\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY [4394032 2013-03-13] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [vProt] "C:\Program Files\AVG SafeGuard toolbar\vprot.exe" [1223344 2013-04-11] (AVG Secure Search)
HKLM\...\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [x]
HKU\Alexis\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [x]
HKU\Alexis\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2007-06-30] (Google Inc.)
HKU\Alexis\...\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [135168 2007-11-13] ( )
HKU\Alexis\...\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [x]
HKU\Alexis\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [1695232 2008-04-14] (Microsoft Corporation)
HKU\Alison\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [x]
HKU\Esther\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [x]
HKU\Scott\...\Run: [Google Update] "C:\Documents and Settings\Scott\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [133104 2009-06-30] (Google Inc.)
HKU\Scott\...\Run: [cdloader] "C:\Documents and Settings\Scott\Application Data\mjusbsp\cdloader2.exe" MAGICJACK [50592 2011-08-23] (magicJack L.P.)
HKU\Scott\...\Policies\system: [DisableCMD] 0
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.1
IMEO\Your Image File Name Here without a path: [Debugger]
Startup: C:\Documents and Settings\Scott\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> B:\Program Files\ERUNT\AUTOBACK.EXE (No File)

==================== Services (Whitelisted) ===================

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE" [116608 2012-07-11] (SUPERAntiSpyware.com)
2 6to4; C:\Windows\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
2 AVGIDSAgent; "C:\Program Files\AVG\AVG2013\avgidsagent.exe" [4937264 2013-02-28] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files\AVG\AVG2013\avgwdsvc.exe" [282624 2013-02-19] (AVG Technologies CZ, s.r.o.)
3 Blackberry Device Manager; "C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe" [577536 2013-01-19] (Research In Motion Limited)
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
2 gupdate1c9886f316d16b0; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [133104 2009-02-06] (Google Inc.)
3 Imapi Helper; "C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe" [163840 2006-01-05] (Alex Feinman)
3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [147456 2004-11-19] (Intel® Corporation)
3 nlsX86cc; "C:\WINDOWS\system32\nlssrv32.exe" [66560 2010-11-22] (Nalpeiron Ltd.)
2 RIM MDNS; "C:\Program Files\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe" [387584 2013-01-24] (Apple Inc.)
2 RIM Tunnel Service; "C:\Program Files\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe" service [1161216 2013-01-24] (Research In Motion Limited)
2 vToolbarUpdater15.1.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe [1008816 2013-04-11] (AVG Secure Search)
3 AppMgmt; C:\Windows\System32\appmgmts.dll [x]
4 Ast Service; C:\WINDOWS\system32\\AstSrv.exe [x]
3 F-Secure Gatekeeper Handler Starter; "C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe" [x]
3 FSDFWD; "C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe" [x]
3 FSMA; "C:\Program Files\Shaw Secure\Common\FSMA32.EXE" [x]
3 FSORSPClient; "C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe" [x]
2 FTSvc; "C:\Program Files\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe" [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [x]
4 NetTcpPortSharing; c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [x]
3 WMZuneComm; "c:\Program Files\Zune\WMZuneComm.exe" [x]
3 ZuneBusEnum; "c:\Program Files\Zune\ZuneBusEnum.exe" [x]
3 ZuneNetworkSvc; "c:\Program Files\Zune\ZuneNss.exe" [x]
3 ZuneWlanCfgSvc; "c:\Program Files\Zune\ZuneWlanCfgSvc.exe" [x]

==================== Drivers (Whitelisted) ====================

3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [1273344 2005-08-04] (ATI Technologies Inc.)
1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-02-27] (AVG Technologies CZ, s.r.o.)
0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-02-08] (AVG Technologies CZ, s.r.o.)
1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-03-01] (AVG Technologies CZ, s.r.o.)
1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [170808 2013-02-08] (AVG Technologies CZ, s.r.o.)
0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [245048 2013-02-08] (AVG Technologies CZ, s.r.o.)
0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-02-08] (AVG Technologies CZ, s.r.o.)
0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-02-08] (AVG Technologies CZ, s.r.o.)
1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-02-14] (AVG Technologies CZ, s.r.o.)
1 avgtp; \??\C:\WINDOWS\system32\drivers\avgtpx86.sys [34592 2013-04-11] (AVG Technologies)
3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
3 DCamUSBUVT; C:\Windows\System32\Drivers\usbuvt.sys [95744 2002-08-01] (IC Media Corporation)
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)
3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2013-04-12] (Malwarebytes Corporation)
1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165648 2011-04-18] (Microsoft Corporation)
3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
3 rimvndis; C:\Windows\System32\Drivers\rimvndis.sys [12800 2013-01-24] (Research in Motion Limited)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
3 SONYPVU1; C:\Windows\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
3 STHDA; C:\Windows\System32\drivers\sthda.sys [180864 2005-06-15] (SigmaTel, Inc.)
3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
1 Tcpip6; C:\Windows\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
2 zumbus; C:\Windows\System32\DRIVERS\zumbus.sys [41472 2011-08-05] (Microsoft Corporation)
4 Abiosdsk; [x]
4 Atdisk; [x]
3 catchme; \??\C:\DOCUME~1\Scott\LOCALS~1\Temp\catchme.sys [x]
1 Changer; [x]
4 F-Secure Filter; \??\C:\Program Files\Shaw Secure\Anti-Virus\Win2K\FSfilter.sys [x]
3 F-Secure Gatekeeper; \??\C:\Program Files\Shaw Secure\Anti-Virus\minifilter\fsgk.sys [x]
1 F-Secure HIPS; \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys [x]
4 F-Secure Recognizer; \??\C:\Program Files\Shaw Secure\Anti-Virus\Win2K\FSrec.sys [x]
0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [x]
0 FSFW; C:\Windows\System32\drivers\fsdfw.sys [x]
1 lbrtfdc; [x]
2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [x]
4 LMIRfsClientNP; [x]
1 MpKslb99459a6; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{959FC6EC-39D3-42D1-8FFD-D433A58F454F}\MpKslb99459a6.sys [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
1 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [x]
4 Simbad; [x]
3 TlntSvr; [x]
3 vncmirror; C:\Windows\System32\DRIVERS\vncmirror.sys [x]
3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [x]
3 WDICA; [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-04-12 22:44 - 2013-04-12 22:44 - 00000000 __SHD C:\found.006
2013-04-12 01:18 - 2013-04-12 01:18 - 00000000 __SHD C:\found.005
2013-04-12 01:00 - 2013-04-12 01:00 - 00000000 ____D C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com
2013-04-12 00:58 - 2013-04-12 00:58 - 00000180 ____A C:\Documents and Settings\Scott\Desktop\avgrep.txt
2013-04-12 00:51 - 2013-04-12 00:51 - 00106496 ____A C:\Windows\Minidump\Mini041113-18.dmp
2013-04-12 00:48 - 2013-04-12 01:00 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-04-12 00:48 - 2013-04-12 00:49 - 00001678 ____A C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-04-12 00:48 - 2013-04-12 00:48 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2013-04-12 00:41 - 2013-04-12 00:40 - 00106496 ____A C:\Windows\Minidump\Mini041113-17.dmp
2013-04-12 00:38 - 2013-04-12 00:39 - 00000116 ____A C:\Documents and Settings\Scott\Desktop\IEBPpBol.htm.part.htm
2013-04-12 00:34 - 2013-04-12 00:34 - 00106496 ____A C:\Windows\Minidump\Mini041113-16.dmp
2013-04-12 00:23 - 2013-04-12 00:22 - 00106496 ____A C:\Windows\Minidump\Mini041113-15.dmp
2013-04-11 23:59 - 2013-04-11 23:59 - 00106496 ____A C:\Windows\Minidump\Mini041113-14.dmp
2013-04-11 23:45 - 2013-04-12 00:53 - 00004254 ____A C:\Documents and Settings\Scott\Desktop\Rkill.txt
2013-04-11 23:45 - 2013-04-11 23:42 - 01752992 ____A (Bleeping Computer, LLC) C:\Documents and Settings\Scott\Desktop\rkill.com
2013-04-11 23:43 - 2013-04-11 23:42 - 00106496 ____A C:\Windows\Minidump\Mini041113-13.dmp
2013-04-11 23:41 - 2013-04-11 23:41 - 00602112 ____A C:\Documents and Settings\Scott\Desktop\OTL (1).exe
2013-04-11 23:14 - 2013-04-11 23:13 - 00106496 ____A C:\Windows\Minidump\Mini041113-12.dmp
2013-04-11 23:11 - 2013-04-11 23:11 - 00000000 __SHD C:\found.004
2013-04-11 22:53 - 2013-04-11 22:53 - 00106496 ____A C:\Windows\Minidump\Mini041113-11.dmp
2013-04-11 22:37 - 2013-04-11 22:37 - 00000000 ____D C:\Documents and Settings\Scott\Application Data\AVG2013
2013-04-11 22:36 - 2013-04-11 22:36 - 00106496 ____A C:\Windows\Minidump\Mini041113-10.dmp
2013-04-11 22:24 - 2013-04-11 22:24 - 00034592 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
2013-04-11 22:24 - 2013-04-11 22:24 - 00000702 ____A C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
2013-04-11 22:24 - 2013-04-11 22:24 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2013-04-11 22:24 - 2013-04-11 22:24 - 00000000 ____D C:\Program Files\AVG SafeGuard toolbar
2013-04-11 22:24 - 2013-04-11 22:24 - 00000000 ____D C:\Documents and Settings\Scott\Local Settings\Application Data\AVG SafeGuard toolbar
2013-04-11 22:24 - 2013-04-11 22:24 - 00000000 ____D C:\Documents and Settings\Scott\Application Data\AVG SafeGuard toolbar
2013-04-11 22:24 - 2013-04-11 22:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
2013-04-11 22:23 - 2013-04-11 22:23 - 00003277 ____A C:\Windows\setupapi.log
2013-04-11 22:22 - 2013-04-11 22:22 - 00000000 ___HD C:\$AVG
2013-04-11 22:22 - 2013-04-11 22:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2013
2013-04-11 22:21 - 2013-04-11 22:21 - 00000000 ____D C:\Program Files\AVG
2013-04-11 22:18 - 2013-04-12 00:58 - 00000000 ____D C:\Documents and Settings\Scott\Local Settings\Application Data\Avg2013
2013-04-11 22:18 - 2013-04-11 22:18 - 00000000 ____D C:\Documents and Settings\Scott\Local Settings\Application Data\MFAData
2013-04-11 22:04 - 2013-04-11 22:04 - 00001905 ____A C:\Documents and Settings\Scott\Desktop\Resume ZoneAlarm Security Install.lnk
2013-04-11 21:37 - 2013-04-11 21:36 - 00106496 ____A C:\Windows\Minidump\Mini041113-09.dmp
2013-04-11 21:04 - 2013-04-13 14:42 - 00000390 ___AH C:\Windows\Tasks\MpIdleTask.job
2013-04-11 20:59 - 2013-04-11 20:59 - 00131072 ____A C:\Windows\Minidump\Mini041113-08.dmp
2013-04-11 20:49 - 2013-04-11 20:49 - 00106496 ____A C:\Windows\Minidump\Mini041113-07.dmp
2013-04-11 20:17 - 2013-04-11 20:17 - 00003560 ____A C:\Windows\FSGKIAIN.log
2013-04-11 20:17 - 2013-04-11 20:17 - 00001854 ____A C:\Windows\fsmsiuninstall.log
2013-04-11 20:17 - 2013-04-11 20:17 - 00001552 ____A C:\Windows\FSLDIN.LOG
2013-04-11 20:17 - 2013-04-11 20:17 - 00001234 ____A C:\Windows\fsdgunst.log
2013-04-11 20:17 - 2013-04-11 20:17 - 00000712 ____A C:\Windows\daasunin.LOG
2013-04-11 20:17 - 2013-04-11 20:17 - 00000581 ____A C:\Windows\HELPINST.LOG
2013-04-11 20:16 - 2013-04-11 20:16 - 00634763 ____A C:\Windows\FSSSINST.log
2013-04-11 20:16 - 2013-04-11 20:16 - 00025886 ____A C:\Windows\fsavunin.log
2013-04-11 20:16 - 2013-04-11 20:16 - 00015512 ____A C:\Windows\FSAUA_UN.LOG
2013-04-11 20:16 - 2013-04-11 20:16 - 00006630 ____A C:\Windows\FSSCINST.log
2013-04-11 20:16 - 2013-04-11 20:16 - 00004822 ____A C:\Windows\fwesinst.log
2013-04-11 20:16 - 2013-04-11 20:16 - 00001568 ____A C:\Windows\FSPSUNI.LOG
2013-04-11 20:16 - 2013-04-11 20:16 - 00000721 ____A C:\Windows\FSGUIINS.LOG
2013-04-11 20:16 - 2013-04-11 20:16 - 00000637 ____A C:\Windows\fstnbins.LOG
2013-04-11 20:16 - 2013-04-11 20:16 - 00000110 ____A C:\Windows\FSAVES_inst.log
2013-04-11 20:15 - 2013-04-11 20:17 - 57180216 ____A C:\Windows\FSISU.log
2013-04-11 20:15 - 2013-04-11 20:17 - 00895665 ____A C:\Windows\FSDEPH.log
2013-04-11 20:15 - 2013-04-11 20:17 - 00606585 ____A C:\Windows\FSUNINST.log
2013-04-11 20:15 - 2013-04-11 20:17 - 00099486 ____A C:\Windows\uninstaller.log
2013-04-11 20:15 - 2013-04-11 20:15 - 00004600 ____A C:\Windows\fwinst.log
2013-04-11 20:15 - 2013-04-11 20:15 - 00002238 ____A C:\Windows\pegasus_inst.log
2013-04-11 20:15 - 2013-04-11 20:15 - 00001768 ____A C:\Windows\FSPCUNIN.LOG
2013-04-11 20:15 - 2013-04-11 20:15 - 00001577 ____A C:\Windows\FSASWUNI.LOG
2013-04-11 20:15 - 2013-04-11 20:15 - 00000878 ____A C:\Windows\FSGEMINST.LOG
2013-04-11 19:59 - 2013-04-11 19:59 - 00106496 ____A C:\Windows\Minidump\Mini041113-06.dmp
2013-04-11 19:49 - 2013-04-11 19:49 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-04-11 19:49 - 2013-04-11 19:49 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2013-04-11 19:48 - 2013-04-11 19:48 - 00131072 ____A C:\Windows\Minidump\Mini041113-05.dmp
2013-04-11 19:38 - 2013-04-11 19:37 - 00122880 ____A C:\Windows\Minidump\Mini041113-04.dmp
2013-04-11 19:36 - 2013-04-12 00:07 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2013-04-11 19:34 - 2013-04-11 19:34 - 00122880 ____A C:\Windows\Minidump\Mini041113-03.dmp
2013-04-11 19:30 - 2013-04-11 19:30 - 00000000 ____D C:\Program Files\dt Pro
2013-04-11 19:12 - 2013-04-11 19:11 - 00131072 ____A C:\Windows\Minidump\Mini041113-02.dmp
2013-04-11 19:08 - 2013-04-11 19:08 - 00131072 ____A C:\Windows\Minidump\Mini041113-01.dmp
2013-04-11 17:10 - 2012-06-02 21:19 - 00015384 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll.mui
2013-04-11 11:41 - 2013-04-11 11:41 - 00001324 ____A C:\Windows\System32\d3d9caps.dat
2013-04-11 01:51 - 2013-04-11 19:30 - 00000000 ____D C:\Program Files\dt Pro(2)
2013-04-10 22:58 - 2013-04-10 22:58 - 10285246 ____A C:\Documents and Settings\Scott\Desktop\CFRN Layout (1).xml
2013-04-10 13:59 - 2013-04-10 13:59 - 00000000 ____D C:\Documents and Settings\Scott\Local Settings\Application Data\OEC
2013-04-10 13:58 - 2013-04-10 13:58 - 00000877 ____A C:\Documents and Settings\Scott\Desktop\Sample Trader Excel Add-In.lnk
2013-04-10 13:58 - 2013-04-10 13:58 - 00000000 ____D C:\Documents and Settings\Scott\Local Settings\Application Data\Daniels
2013-04-10 13:58 - 2013-04-10 13:58 - 00000000 ____D C:\Documents and Settings\Scott\Application Data\Daniels
2013-04-10 13:57 - 2013-04-11 01:51 - 00000000 ____D C:\Documents and Settings\Scott\My Documents\My Custom Indicators
2013-04-10 13:57 - 2013-04-10 13:58 - 00000000 ____D C:\Program Files\OEC
2013-04-10 13:57 - 2013-04-10 13:57 - 00000763 ____A C:\Documents and Settings\Scott\Desktop\dt Pro Demo 3.5.lnk
2013-04-10 13:43 - 2013-04-10 13:43 - 10285246 ____A C:\Documents and Settings\Scott\Desktop\CFRN Layout.xml
2013-04-08 13:22 - 2013-04-08 13:22 - 00000000 ____D C:\Documents and Settings\Scott\Local Settings\Application Data\Sun
2013-04-07 22:15 - 2013-04-07 22:15 - 00049866 ____A C:\Documents and Settings\Scott\My Documents\Customer Calls.xlsx
2013-04-04 01:05 - 2013-04-05 20:46 - 00000000 ____D C:\Documents and Settings\Scott\My Documents\E3P
2013-03-23 19:13 - 2013-03-23 19:14 - 00000000 ____D C:\Documents and Settings\Scott\My Documents\Ninja Indies
2013-03-21 17:44 - 2013-04-13 14:33 - 00000412 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Scott.job
2013-03-21 17:44 - 2013-04-10 18:00 - 00000402 ____A C:\Windows\Tasks\ReclaimerUpdateXML_Scott.job
2013-03-21 17:44 - 2013-04-10 13:57 - 00000406 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_Scott.job

==================== One Month Modified Files and Folders ========

2013-04-13 14:45 - 2011-04-15 20:00 - 00000216 ____A C:\Windows\wiadebug.log
2013-04-13 14:45 - 2011-04-15 19:58 - 01745793 ____A C:\Windows\WindowsUpdate.log
2013-04-13 14:45 - 2007-12-24 17:24 - 00000422 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{4ECF8245-347D-4305-934B-B97411273FF9}.job
2013-04-13 14:45 - 2004-08-10 19:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-13 14:42 - 2013-04-11 21:04 - 00000390 ___AH C:\Windows\Tasks\MpIdleTask.job
2013-04-13 14:40 - 2011-02-13 21:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2013-04-13 14:37 - 2013-02-17 22:26 - 00000024 ____A C:\Windows\System32\wan.pcap
2013-04-13 14:37 - 2011-04-15 20:00 - 00000049 ____A C:\Windows\wiaservc.log
2013-04-13 14:37 - 2004-08-10 19:08 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-04-13 14:37 - 2004-08-10 19:08 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-04-13 14:33 - 2013-03-21 17:44 - 00000412 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Scott.job
2013-04-13 14:33 - 2011-11-28 13:18 - 00000278 ____A C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2771394249-4081502383-3354649462-1006.job
2013-04-13 14:33 - 2009-06-30 23:40 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-04-13 14:33 - 2006-02-04 01:04 - 00000062 __ASH C:\Documents and Settings\Scott\Local Settings\desktop.ini
2013-04-13 14:32 - 2004-08-10 18:51 - 00002206 ____A C:\Windows\System32\wpa.dbl
2013-04-13 11:48 - 2013-04-13 11:48 - 00000000 ____D C:\FRST
2013-04-12 22:44 - 2013-04-12 22:44 - 00000000 __SHD C:\found.006
2013-04-12 17:15 - 2006-01-16 21:10 - 00000360 _RASH C:\boot.ini
2013-04-12 01:18 - 2013-04-12 01:18 - 00000000 __SHD C:\found.005
2013-04-12 01:00 - 2013-04-12 01:00 - 00000000 ____D C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com
2013-04-12 01:00 - 2013-04-12 00:48 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-04-12 00:58 - 2013-04-12 00:58 - 00000180 ____A C:\Documents and Settings\Scott\Desktop\avgrep.txt
2013-04-12 00:58 - 2013-04-11 22:18 - 00000000 ____D C:\Documents and Settings\Scott\Local Settings\Application Data\Avg2013
2013-04-12 00:53 - 2013-04-11 23:45 - 00004254 ____A C:\Documents and Settings\Scott\Desktop\Rkill.txt
2013-04-12 00:51 - 2013-04-12 00:51 - 00106496 ____A C:\Windows\Minidump\Mini041113-18.dmp
2013-04-12 00:51 - 2006-02-04 01:51 - 00000000 ____D C:\Windows\Minidump
2013-04-12 00:49 - 2013-04-12 00:48 - 00001678 ____A C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-04-12 00:48 - 2013-04-12 00:48 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2013-04-12 00:40 - 2013-04-12 00:41 - 00106496 ____A C:\Windows\Minidump\Mini041113-17.dmp
2013-04-12 00:39 - 2013-04-12 00:38 - 00000116 ____A C:\Documents and Settings\Scott\Desktop\IEBPpBol.htm.part.htm
2013-04-12 00:34 - 2013-04-12 00:34 - 00106496 ____A C:\Windows\Minidump\Mini041113-16.dmp
2013-04-12 00:29 - 2008-04-07 21:13 - 00032256 ____A C:\Windows\SchedLgU.Txt
2013-04-12 00:22 - 2013-04-12 00:23 - 00106496 ____A C:\Windows\Minidump\Mini041113-15.dmp
2013-04-12 00:07 - 2013-04-11 19:36 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2013-04-12 00:00 - 2008-09-25 02:32 - 00000178 _ASHC C:\Documents and Settings\Administrator\ntuser.ini
2013-04-11 23:59 - 2013-04-11 23:59 - 00106496 ____A C:\Windows\Minidump\Mini041113-14.dmp
2013-04-11 23:59 - 2008-09-25 02:32 - 00000062 _ASHC C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2013-04-11 23:42 - 2013-04-11 23:45 - 01752992 ____A (Bleeping Computer, LLC) C:\Documents and Settings\Scott\Desktop\rkill.com
2013-04-11 23:42 - 2013-04-11 23:43 - 00106496 ____A C:\Windows\Minidump\Mini041113-13.dmp
2013-04-11 23:41 - 2013-04-11 23:41 - 00602112 ____A C:\Documents and Settings\Scott\Desktop\OTL (1).exe
2013-04-11 23:13 - 2013-04-11 23:14 - 00106496 ____A C:\Windows\Minidump\Mini041113-12.dmp
2013-04-11 23:11 - 2013-04-11 23:11 - 00000000 __SHD C:\found.004
2013-04-11 22:53 - 2013-04-11 22:53 - 00106496 ____A C:\Windows\Minidump\Mini041113-11.dmp
2013-04-11 22:37 - 2013-04-11 22:37 - 00000000 ____D C:\Documents and Settings\Scott\Application Data\AVG2013
2013-04-11 22:36 - 2013-04-11 22:36 - 00106496 ____A C:\Windows\Minidump\Mini041113-10.dmp
2013-04-11 22:24 - 2013-04-11 22:24 - 00034592 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
2013-04-11 22:24 - 2013-04-11 22:24 - 00000702 ____A C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
2013-04-11 22:24 - 2013-04-11 22:24 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2013-04-11 22:24 - 2013-04-11 22:24 - 00000000 ____D C:\Program Files\AVG SafeGuard toolbar
2013-04-11 22:24 - 2013-04-11 22:24 - 00000000 ____D C:\Documents and Settings\Scott\Local Settings\Application Data\AVG SafeGuard toolbar
2013-04-11 22:24 - 2013-04-11 22:24 - 00000000 ____D C:\Documents and Settings\Scott\Application Data\AVG SafeGuard toolbar
2013-04-11 22:24 - 2013-04-11 22:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
2013-04-11 22:24 - 2009-04-05 20:42 - 00000000 ____D C:\Documents and Settings\Scott\Application Data\TuneUp Software
2013-04-11 22:23 - 2013-04-11 22:23 - 00003277 ____A C:\Windows\setupapi.log
2013-04-11 22:22 - 2013-04-11 22:22 - 00000000 ___HD C:\$AVG
2013-04-11 22:22 - 2013-04-11 22:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2013
2013-04-11 22:21 - 2013-04-11 22:21 - 00000000 ____D C:\Program Files\AVG
2013-04-11 22:18 - 2013-04-11 22:18 - 00000000 ____D C:\Documents and Settings\Scott\Local Settings\Application Data\MFAData
2013-04-11 22:14 - 2013-02-18 18:39 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-04-11 22:14 - 2011-04-20 16:43 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-04-11 22:08 - 2009-09-27 18:37 - 00000978 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2771394249-4081502383-3354649462-1006UA.job
2013-04-11 22:08 - 2006-02-04 01:04 - 00000278 ___SH C:\Documents and Settings\Scott\ntuser.ini
2013-04-11 22:04 - 2013-04-11 22:04 - 00001905 ____A C:\Documents and Settings\Scott\Desktop\Resume ZoneAlarm Security Install.lnk
2013-04-11 21:36 - 2013-04-11 21:37 - 00106496 ____A C:\Windows\Minidump\Mini041113-09.dmp
2013-04-11 20:59 - 2013-04-11 20:59 - 00131072 ____A C:\Windows\Minidump\Mini041113-08.dmp
2013-04-11 20:49 - 2013-04-11 20:49 - 00106496 ____A C:\Windows\Minidump\Mini041113-07.dmp
2013-04-11 20:17 - 2013-04-11 20:17 - 00003560 ____A C:\Windows\FSGKIAIN.log
2013-04-11 20:17 - 2013-04-11 20:17 - 00001854 ____A C:\Windows\fsmsiuninstall.log
2013-04-11 20:17 - 2013-04-11 20:17 - 00001552 ____A C:\Windows\FSLDIN.LOG
2013-04-11 20:17 - 2013-04-11 20:17 - 00001234 ____A C:\Windows\fsdgunst.log
2013-04-11 20:17 - 2013-04-11 20:17 - 00000712 ____A C:\Windows\daasunin.LOG
2013-04-11 20:17 - 2013-04-11 20:17 - 00000581 ____A C:\Windows\HELPINST.LOG
2013-04-11 20:17 - 2013-04-11 20:15 - 57180216 ____A C:\Windows\FSISU.log
2013-04-11 20:17 - 2013-04-11 20:15 - 00895665 ____A C:\Windows\FSDEPH.log
2013-04-11 20:17 - 2013-04-11 20:15 - 00606585 ____A C:\Windows\FSUNINST.log
2013-04-11 20:17 - 2013-04-11 20:15 - 00099486 ____A C:\Windows\uninstaller.log
2013-04-11 20:17 - 2008-10-20 15:51 - 00000000 ____D C:\Program Files\Shaw Secure
2013-04-11 20:16 - 2013-04-11 20:16 - 00634763 ____A C:\Windows\FSSSINST.log
2013-04-11 20:16 - 2013-04-11 20:16 - 00025886 ____A C:\Windows\fsavunin.log
2013-04-11 20:16 - 2013-04-11 20:16 - 00015512 ____A C:\Windows\FSAUA_UN.LOG
2013-04-11 20:16 - 2013-04-11 20:16 - 00006630 ____A C:\Windows\FSSCINST.log
2013-04-11 20:16 - 2013-04-11 20:16 - 00004822 ____A C:\Windows\fwesinst.log
2013-04-11 20:16 - 2013-04-11 20:16 - 00001568 ____A C:\Windows\FSPSUNI.LOG
2013-04-11 20:16 - 2013-04-11 20:16 - 00000721 ____A C:\Windows\FSGUIINS.LOG
2013-04-11 20:16 - 2013-04-11 20:16 - 00000637 ____A C:\Windows\fstnbins.LOG
2013-04-11 20:16 - 2013-04-11 20:16 - 00000110 ____A C:\Windows\FSAVES_inst.log
2013-04-11 20:16 - 2008-10-20 15:49 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\f-secure
2013-04-11 20:15 - 2013-04-11 20:15 - 00004600 ____A C:\Windows\fwinst.log
2013-04-11 20:15 - 2013-04-11 20:15 - 00002238 ____A C:\Windows\pegasus_inst.log
2013-04-11 20:15 - 2013-04-11 20:15 - 00001768 ____A C:\Windows\FSPCUNIN.LOG
2013-04-11 20:15 - 2013-04-11 20:15 - 00001577 ____A C:\Windows\FSASWUNI.LOG
2013-04-11 20:15 - 2013-04-11 20:15 - 00000878 ____A C:\Windows\FSGEMINST.LOG
2013-04-11 19:59 - 2013-04-11 19:59 - 00106496 ____A C:\Windows\Minidump\Mini041113-06.dmp
2013-04-11 19:49 - 2013-04-11 19:49 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-04-11 19:49 - 2013-04-11 19:49 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2013-04-11 19:48 - 2013-04-11 19:48 - 00131072 ____A C:\Windows\Minidump\Mini041113-05.dmp
2013-04-11 19:37 - 2013-04-11 19:38 - 00122880 ____A C:\Windows\Minidump\Mini041113-04.dmp
2013-04-11 19:34 - 2013-04-11 19:34 - 00122880 ____A C:\Windows\Minidump\Mini041113-03.dmp
2013-04-11 19:30 - 2013-04-11 19:30 - 00000000 ____D C:\Program Files\dt Pro
2013-04-11 19:30 - 2013-04-11 01:51 - 00000000 ____D C:\Program Files\dt Pro(2)
2013-04-11 19:30 - 2004-08-10 19:02 - 00000000 ____D C:\Windows\Registration
2013-04-11 19:29 - 2012-05-30 11:44 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-04-11 19:11 - 2013-04-11 19:12 - 00131072 ____A C:\Windows\Minidump\Mini041113-02.dmp
2013-04-11 19:08 - 2013-04-11 19:08 - 00131072 ____A C:\Windows\Minidump\Mini041113-01.dmp
2013-04-11 19:00 - 2009-06-30 23:40 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-04-11 18:31 - 2009-02-06 15:24 - 00000820 ____A C:\Windows\Tasks\Google Software Updater.job
2013-04-11 17:40 - 2011-09-30 22:12 - 00774202 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2771394249-4081502383-3354649462-1006-0.dat
2013-04-11 17:40 - 2011-08-17 04:05 - 00258250 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2013-04-11 17:10 - 2004-08-10 18:52 - 00000000 ____D C:\Windows\Help
2013-04-11 11:41 - 2013-04-11 11:41 - 00001324 ____A C:\Windows\System32\d3d9caps.dat
2013-04-11 01:51 - 2013-04-10 13:57 - 00000000 ____D C:\Documents and Settings\Scott\My Documents\My Custom Indicators
2013-04-10 22:58 - 2013-04-10 22:58 - 10285246 ____A C:\Documents and Settings\Scott\Desktop\CFRN Layout (1).xml
2013-04-10 18:00 - 2013-03-21 17:44 - 00000402 ____A C:\Windows\Tasks\ReclaimerUpdateXML_Scott.job
2013-04-10 13:59 - 2013-04-10 13:59 - 00000000 ____D C:\Documents and Settings\Scott\Local Settings\Application Data\OEC
2013-04-10 13:58 - 2013-04-10 13:58 - 00000877 ____A C:\Documents and Settings\Scott\Desktop\Sample Trader Excel Add-In.lnk
2013-04-10 13:58 - 2013-04-10 13:58 - 00000000 ____D C:\Documents and Settings\Scott\Local Settings\Application Data\Daniels
2013-04-10 13:58 - 2013-04-10 13:58 - 00000000 ____D C:\Documents and Settings\Scott\Application Data\Daniels
2013-04-10 13:58 - 2013-04-10 13:57 - 00000000 ____D C:\Program Files\OEC
2013-04-10 13:57 - 2013-04-10 13:57 - 00000763 ____A C:\Documents and Settings\Scott\Desktop\dt Pro Demo 3.5.lnk
2013-04-10 13:57 - 2013-03-21 17:44 - 00000406 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_Scott.job
2013-04-10 13:43 - 2013-04-10 13:43 - 10285246 ____A C:\Documents and Settings\Scott\Desktop\CFRN Layout.xml
2013-04-09 00:09 - 2011-10-29 00:09 - 00000486 ____A C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2013-04-08 13:23 - 2011-04-22 14:00 - 00061304 ____A C:\Documents and Settings\Scott\g2mdlhlpx.exe
2013-04-08 13:22 - 2013-04-08 13:22 - 00000000 ____D C:\Documents and Settings\Scott\Local Settings\Application Data\Sun
2013-04-07 22:15 - 2013-04-07 22:15 - 00049866 ____A C:\Documents and Settings\Scott\My Documents\Customer Calls.xlsx
2013-04-07 22:08 - 2009-06-02 19:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-04-07 18:00 - 2012-05-30 12:03 - 00000944 ____A C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
2013-04-07 15:08 - 2011-11-28 13:18 - 00000286 ____A C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2771394249-4081502383-3354649462-1006.job
2013-04-07 04:02 - 2009-09-27 18:37 - 00000926 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2771394249-4081502383-3354649462-1006Core.job
2013-04-06 13:30 - 2008-09-09 04:04 - 00000000 ____D C:\Documents and Settings\Scott\My Documents\FX
2013-04-05 20:46 - 2013-04-04 01:05 - 00000000 ____D C:\Documents and Settings\Scott\My Documents\E3P
2013-04-04 20:50 - 2011-04-20 16:43 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-04-02 23:02 - 2008-02-10 05:33 - 00000000 ____D C:\Documents and Settings\Scott\Application Data\Mozilla
2013-04-02 18:07 - 2011-03-12 17:49 - 00002284 ____A C:\Documents and Settings\Scott\Desktop\Google Chrome.lnk
2013-04-02 10:33 - 2010-07-19 20:12 - 00237088 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-04-01 17:28 - 2009-05-05 11:52 - 00000000 ____D C:\Documents and Settings\Esther\My Documents\Resume
2013-03-28 22:47 - 2007-11-03 17:51 - 00000000 ____D C:\Documents and Settings\Scott\My Documents\Stocks
2013-03-28 22:45 - 2008-02-03 16:36 - 00000000 ____D C:\Documents and Settings\Scott\My Documents\Scott
2013-03-23 19:14 - 2013-03-23 19:13 - 00000000 ____D C:\Documents and Settings\Scott\My Documents\Ninja Indies
2013-03-20 20:55 - 2011-02-28 19:15 - 00000000 ____D C:\Program Files\Beat the News
2013-03-18 01:39 - 2009-05-05 11:54 - 00000000 ____D C:\Documents and Settings\Esther\My Documents\NL
2013-03-16 21:29 - 2004-08-10 18:57 - 00613692 ____A C:\Windows\System32\PerfStringBackup.INI
2013-03-16 16:07 - 2010-12-06 19:02 - 00000000 ____D C:\Documents and Settings\Scott\My Documents\Elliottician

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2013-04-11 22:22 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1236

RP: -> 2013-04-11 22:21 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1235

RP: -> 2013-04-11 21:51 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1234

RP: -> 2013-04-11 20:56 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1233

RP: -> 2013-04-11 19:27 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1232

RP: -> 2013-04-11 17:16 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1231

RP: -> 2013-04-11 11:52 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1230

RP: -> 2013-04-10 20:01 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1229

RP: -> 2013-04-09 19:52 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1228

RP: -> 2013-04-09 10:41 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1227

RP: -> 2013-04-08 22:57 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1226

RP: -> 2013-04-07 19:51 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1225

RP: -> 2013-04-06 19:51 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1224

RP: -> 2013-04-05 19:57 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1223

RP: -> 2013-04-04 16:07 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1222

RP: -> 2013-04-04 12:37 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1221

RP: -> 2013-04-03 11:40 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1220

RP: -> 2013-04-03 00:54 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1219

RP: -> 2013-04-02 17:49 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1218

RP: -> 2013-04-02 12:36 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1217

RP: -> 2013-04-01 03:21 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1216

RP: -> 2013-03-31 10:47 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1215

RP: -> 2013-03-30 21:11 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1214

RP: -> 2013-03-29 14:31 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1213

RP: -> 2013-03-28 23:06 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1212

RP: -> 2013-03-28 22:53 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1211

RP: -> 2013-03-28 21:15 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1210

RP: -> 2013-03-27 21:12 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1209

RP: -> 2013-03-27 10:27 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1208

RP: -> 2013-03-27 06:03 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1207

RP: -> 2013-03-27 02:49 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1206

RP: -> 2013-03-25 21:12 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1205

RP: -> 2013-03-24 21:11 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1204

RP: -> 2013-03-23 21:13 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1203

RP: -> 2013-03-23 14:21 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1202

RP: -> 2013-03-22 05:16 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1201

RP: -> 2013-03-21 23:09 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1200

RP: -> 2013-03-20 21:11 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1199

RP: -> 2013-03-19 21:11 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1198

RP: -> 2013-03-18 21:16 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1197

RP: -> 2013-03-17 13:01 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1196

RP: -> 2013-03-15 23:20 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1195

RP: -> 2013-03-15 05:25 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1194

RP: -> 2013-03-14 23:21 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1193

RP: -> 2013-03-13 23:20 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1192

RP: -> 2013-03-13 17:35 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1191

RP: -> 2013-03-12 12:45 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1190

RP: -> 2013-03-11 23:20 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1189

RP: -> 2013-03-11 20:40 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1188

RP: -> 2013-03-10 13:32 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1187

RP: -> 2013-03-10 00:20 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1186

RP: -> 2013-03-09 15:11 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1185

RP: -> 2013-03-09 00:22 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1184

RP: -> 2013-03-08 00:20 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1183

RP: -> 2013-03-07 15:22 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1182

RP: -> 2013-03-07 14:14 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1181

RP: -> 2013-03-07 01:27 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1180

RP: -> 2013-03-06 00:25 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1179

RP: -> 2013-03-05 21:57 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1178

RP: -> 2013-03-04 21:34 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1177

RP: -> 2013-03-04 16:31 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1176

RP: -> 2013-03-03 14:31 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1175

RP: -> 2013-03-01 21:33 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1174

RP: -> 2013-03-01 16:06 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1173

RP: -> 2013-02-28 21:34 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1172

RP: -> 2013-02-27 21:35 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1171

RP: -> 2013-02-27 16:20 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1170

RP: -> 2013-02-26 13:49 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1169

RP: -> 2013-02-25 21:10 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1168

RP: -> 2013-02-25 21:08 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1167

RP: -> 2013-02-24 22:02 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1166

RP: -> 2013-02-24 07:09 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1165

RP: -> 2013-02-24 06:13 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1164

RP: -> 2013-02-23 14:57 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1163

RP: -> 2013-02-22 11:42 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1162

RP: -> 2013-02-20 01:05 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1161

RP: -> 2013-02-18 21:59 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1160

RP: -> 2013-02-17 22:40 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1159

RP: -> 2013-02-16 22:17 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1158

RP: -> 2013-02-16 12:47 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1157

RP: -> 2013-02-15 13:16 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1156

RP: -> 2013-02-12 13:17 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1155

RP: -> 2013-02-11 06:14 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1154

RP: -> 2013-02-10 12:47 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1153

RP: -> 2013-02-09 13:04 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1152

RP: -> 2013-02-08 12:47 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1151

RP: -> 2013-02-07 13:13 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1150

RP: -> 2013-02-07 01:42 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1149

RP: -> 2013-02-05 23:04 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1148

RP: -> 2013-02-05 13:46 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1147

RP: -> 2013-02-04 12:47 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1146

RP: -> 2013-02-03 17:39 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1145

RP: -> 2013-02-02 16:05 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1144

RP: -> 2013-02-01 14:49 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1143

RP: -> 2013-01-30 12:47 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1142

RP: -> 2013-01-30 05:13 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1141

RP: -> 2013-01-29 04:33 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1140

RP: -> 2013-01-27 12:46 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1139

RP: -> 2013-01-27 05:32 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1138

RP: -> 2013-01-26 21:26 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1137

RP: -> 2013-01-25 21:15 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1136

RP: -> 2013-01-23 12:46 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1135

RP: -> 2013-01-23 05:22 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1134

RP: -> 2013-01-23 00:41 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1133

RP: -> 2013-01-22 00:37 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1132

RP: -> 2013-01-20 14:44 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1131

RP: -> 2013-01-18 22:40 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1130

RP: -> 2013-01-17 13:11 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1129

RP: -> 2013-01-16 13:13 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1128

RP: -> 2013-01-15 03:52 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1127

RP: -> 2013-01-13 13:03 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1126

RP: -> 2013-01-12 13:06 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1125

RP: -> 2013-01-11 16:42 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1124

RP: -> 2013-01-11 13:28 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1123

==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 2046.1 MB
Available physical RAM: 1708.96 MB
Total Pagefile: 1818.65 MB
Available Pagefile: 1196.86 MB
Total Virtual: 2047.88 MB
Available Virtual: 2008.82 MB

==================== Partitions =============================

1 Drive b: (RamDrive) (Fixed) (Total:0.53 GB) (Free:0.53 GB) NTFS
2 Drive c: () (Fixed) (Total:145.85 GB) (Free:94.03 GB) NTFS ==>[Drive with boot components (Windows XP)]
4 Drive e: (HBCD 15.2) (CDROM) (Total:0.58 GB) (Free:0 GB) CDFS
5 Drive f: (SCOTT) (Fixed) (Total:0.48 GB) (Free:0.38 GB) FAT
6 Drive x: (Mini Xp) (Fixed) (Total:0.23 GB) (Free:0.23 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Disk 1 Online 486 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 55 MB 32 KB
Partition 2 Primary 146 GB 55 MB
Partition 3 Unknown 3177 MB 146 GB
=========================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 FAT Partition 55 MB Healthy
=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 146 GB Healthy
=========================================================

Disk: 0
Partition 3
Type : DB
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT32 Partition 3177 MB Healthy
=========================================================

Partitions of Disk 1:
===============

The disk management services could not complete the operation.

=========================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: AFB3AFB3

Partition 1:
=========
Hex: 00010100DEFE3F063F00000008B70100
Active: NO
Type: DE
Size: 55 MB

Partition 2:
=========
Hex: 8000010707FEFFFF47B7010060523B12
Active: YES
Type: 07 (NTFS)
Size: 146 GB

Partition 3:
=========
Hex: 0000C1FFDBFEFFFFA7093D1255476300
Active: NO
Type: DB
Size: 3 GB

==============================
Partitions of Disk 1:
===============
Disk ID: F554B1D3

Partition 1:
=========
Hex: 800101000637E04620000000E0460F00
Active: YES
Type: 06
Size: 489 MB

==================== End Of Log ============================

#11
maliprog

Posted 14 April 2013 - 11:25 PM

Trusted Helper

Malware Removal
6,172 posts

Hi topedge,

Hehe you worked for my fellow citizen. What a small world.

Can you tell me your current problems.

#12
topedge

Posted 15 April 2013 - 07:20 AM

Member

Topic Starter
Member
83 posts

Thanks Maliprog for your help. I would like you to review the two logs I posted and offer some assistance to clean the machine. I am not able to run spy bot to the end and think some virus may still exist.
Thanks

#13
maliprog

Posted 15 April 2013 - 01:02 PM

Trusted Helper

Malware Removal
6,172 posts

OK. Lets do this scan to see where we stand. Don't forget to post log after the scan.

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post

#14
topedge

Posted 15 April 2013 - 05:53 PM

Member

Topic Starter
Member
83 posts

Hi,
It wouldn't allow me to run. I end up with different blue screen errors. Then it goes to chkdsk.

#15
maliprog

Posted 15 April 2013 - 11:06 PM

Trusted Helper

Malware Removal
6,172 posts

OK. Let's try AVAST now.

Install the free Avast:

AVAST Free

Once you have it installed and it has updated, right click on it and select Open Avast! User Interface then click on Scan Computer, then on
Boot-Time Scan then Schedule Now.

Reboot and let it run a scan. It will take many hours (like overnight) and unfortunately you may need to check back with it once in a while to see if it needs an input from you.

After the scan try to find scan log in

XP –> C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report\aswBoot.txt

Vista/7 –> C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt

and post it here for me.

If the scan hangs that may indicate a hardware problem.