Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

All downloads reportedly contain a vrius [Solved]


  • This topic is locked This topic is locked

#46
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi Ed,

The infection present on your computer has junction points set on system folders which are essentially blocking access to them. As the name suggests, they are a junction for the data and anything trying to access these folders is being redirected elsewhere on your system - it's actually the reason that SFC failed to complete. The scans Essexboy ran were trying to look for files with junction points set on them by using a custom OTL scan using the /JN switch (for junctions) and we hoped that this would show the junctions but it failed to detect them:

< c:\windows\*. /JN >
[2006/11/02 14:01:23 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006/11/02 14:01:23 | 000,032,558 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2008/02/13 01:21:29 | 000,000,322 | ---- | C] () -- C:\Windows\Tasks\Security Platform Backup Schedule.job
[2010/12/03 15:21:58 | 000,000,322 | ---- | C] () -- C:\Windows\Tasks\Embedded Security Backup Schedule.job
[2012/04/18 18:06:27 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012/09/03 19:20:41 | 000,000,874 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012/09/03 19:20:44 | 000,000,878 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< C:\Windows\winsxs\*. /JN >

< C:\Program Files\Windows Defender\*. /JN >

< C:\Program Files\Microsoft Security Client\*. /JN >

< C:\Program Files\Microsoft Security Client\Drivers\*. /JN >

< C:\Program Files\Microsoft Security Client\Backup\*. /JN >

< C:\Program Files\Microsoft Security Client\en-us\*. /JN >

Fortunately for you, there are plenty of other tools out there for working with junctions.

Please download junction.exe (SysInternals) from this link and copy and paste it into C:\Windows\system32\

http://technet.micro...ernals/bb896768

Batch File

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

  • Click on the Start Posted Image button and in the search box, type Notepad and click on it
  • Copy (Ctrl+C) all of the text in the following box and paste (Ctrl+V) it into Notepad
    junction.exe -d C:\Program Files\Windows Defender
    junction.exe -d C:\Program Files\Windows Defender\en-US\systemprofile
    junction.exe -d C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local
    junction.exe -d C:\Program Files\Windows Defender\en-US\systemprofile\Documents
    junction.exe -d C:\Windows\winsxs\x86_security-malware-windows-defender-events_31bf3856ad364e35_6.0.6000.16386_none_b3613e39beae266f
    junction.exe -d C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6000.16386_none_5585eece5b4407f1
    junction.exe -d C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5
    junction.exe -d C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5
    DIR C:\ /S /A:L > %USERPROFILE%\Desktop\JunctionPoints.txt
    START JunctionPoints.txt
    EXIT
    
  • Go to File > Save As... and save it to your Desktop named fix.bat. Make sure you change the Save as type to All Files (*.*)
  • Locate fix.bat on your Desktop and right click then select Run as administrator

Once again, post the contents of JunctionPoints.txt please!

  • Re-run AVPTool
  • Select the Manual Disinfection tab and press Script execution
    Posted Image
  • Where it states Insert text script in the following box copy the below script and press Run script
    Copy from Begin until End
    Posted Image
    begin
    SetAVZGuardStatus(True);
    SearchRootkit(true, true);
     DeleteFile('C:\Windows\system32\DRIVERS\2768321drv.sys');
     BC_DeleteFile('C:\Windows\system32\DRIVERS\2768321drv.sys');
     DeleteFile('C:\Windows\system32\system');
     BC_DeleteFile('C:\Windows\system32\system');
    BC_Activate;
    BC_ImportDeletedList;
    BC_ImportAll;
    ExecuteSysClean;
    RebootWindows(true);
    end.

  • Your system will reboot on completion, if it does not please do so yourself
  • On completion please run another analysis scan and attach the zip file


Also, I know it's a long shot but do you have any idea what file you downloaded caused this infection? No worries if not though.

Tom
  • 0

Advertisements


#47
edsmith323

edsmith323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Tom

I received the original Internet security worm from visiting a site to do with excel formula's a forum site I believe. I'm not sure I actually downloaded a file, rather than the worm just appearing.

Running the scans now and post the results in due course
  • 0

#48
edsmith323

edsmith323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Junction Points lol

Volume in drive C has no label.
Volume Serial Number is 7378-680D

Directory of C:\

02/11/2006 14:02 <JUNCTION> Documents and Settings [c:\Users]
0 File(s) 0 bytes

Directory of C:\Program Files\Windows Defender

02/11/2006 13:42 <SYMLINKD> en-US [c:\windows\system32\config]
02/11/2006 13:34 <SYMLINK> MpAsDesc.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpClient.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpCmdRun.exe [c:\windows\system32\config]
02/11/2006 13:35 <SYMLINK> MpEvMsg.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpOAV.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpRtMon.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpRtPlug.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpSigDwn.dll [c:\windows\system32\config]
11/04/2009 07:27 <SYMLINK> MpSoftEx.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpSvc.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MSASCui.exe [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MsMpCom.dll [c:\windows\system32\config]
02/11/2006 13:34 <SYMLINK> MsMpLics.dll [c:\windows\system32\config]
02/11/2006 13:34 <SYMLINK> MsMpRes.dll [c:\windows\system32\config]
14 File(s) 4,344,192 bytes

Directory of C:\Program Files\Windows Defender\en-US\systemprofile

15/05/2009 17:10 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
15/05/2009 17:10 <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
31/07/2012 14:39 <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
31/07/2012 14:39 <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
31/07/2012 14:39 <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
31/07/2012 14:39 <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
31/07/2012 14:39 <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
31/07/2012 14:39 <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
31/07/2012 14:39 <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes

Directory of C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local

15/05/2009 17:10 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
15/05/2009 17:10 <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
15/05/2009 17:10 <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes

Directory of C:\Program Files\Windows Defender\en-US\systemprofile\Documents

31/07/2012 14:39 <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
31/07/2012 14:39 <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
31/07/2012 14:39 <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes

Directory of C:\ProgramData

02/11/2006 14:02 <JUNCTION> Application Data [c:\ProgramData]
02/11/2006 14:02 <JUNCTION> Desktop [c:\Users\Public\Desktop]
02/11/2006 14:02 <JUNCTION> Documents [c:\Users\Public\Documents]
02/11/2006 14:02 <JUNCTION> Favorites [c:\Users\Public\Favorites]
02/11/2006 14:02 <JUNCTION> Start Menu [c:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006 14:02 <JUNCTION> Templates [c:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes

Directory of C:\Users

02/11/2006 14:02 <SYMLINKD> All Users [c:\ProgramData]
02/11/2006 14:02 <JUNCTION> Default User [c:\Users\Default]
0 File(s) 0 bytes

Directory of C:\Users\All Users

02/11/2006 14:02 <JUNCTION> Application Data [c:\ProgramData]
02/11/2006 14:02 <JUNCTION> Desktop [c:\Users\Public\Desktop]
02/11/2006 14:02 <JUNCTION> Documents [c:\Users\Public\Documents]
02/11/2006 14:02 <JUNCTION> Favorites [c:\Users\Public\Favorites]
02/11/2006 14:02 <JUNCTION> Start Menu [c:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006 14:02 <JUNCTION> Templates [c:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes

Directory of C:\Users\Default

02/11/2006 14:02 <JUNCTION> Application Data [c:\Users\Default\AppData\Roaming]
02/11/2006 14:02 <JUNCTION> Local Settings [c:\Users\Default\AppData\Local]
02/11/2006 14:02 <JUNCTION> My Documents [c:\Users\Default\Documents]
02/11/2006 14:02 <JUNCTION> NetHood [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/11/2006 14:02 <JUNCTION> PrintHood [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/11/2006 14:02 <JUNCTION> Recent [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
02/11/2006 14:02 <JUNCTION> SendTo [c:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
02/11/2006 14:02 <JUNCTION> Start Menu [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
02/11/2006 14:02 <JUNCTION> Templates [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes

Directory of C:\Users\Default\AppData\Local

02/11/2006 14:02 <JUNCTION> Application Data [c:\Users\Default\AppData\Local]
02/11/2006 14:02 <JUNCTION> History [c:\Users\Default\AppData\Local\Microsoft\Windows\History]
02/11/2006 14:02 <JUNCTION> Temporary Internet Files [c:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes

Directory of C:\Users\Default\Documents

02/11/2006 14:02 <JUNCTION> My Music [c:\Users\Default\Music]
02/11/2006 14:02 <JUNCTION> My Pictures [c:\Users\Default\Pictures]
02/11/2006 14:02 <JUNCTION> My Videos [c:\Users\Default\Videos]
0 File(s) 0 bytes

Directory of C:\Users\Ed

12/02/2008 21:17 <JUNCTION> Application Data [C:\Users\Ed\AppData\Roaming]
12/02/2008 21:17 <JUNCTION> Cookies [C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Cookies]
12/02/2008 21:17 <JUNCTION> Local Settings [C:\Users\Ed\AppData\Local]
12/02/2008 21:17 <JUNCTION> My Documents [C:\Users\Ed\Documents]
12/02/2008 21:17 <JUNCTION> NetHood [C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/02/2008 21:17 <JUNCTION> PrintHood [C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/02/2008 21:17 <JUNCTION> Recent [C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Recent]
12/02/2008 21:17 <JUNCTION> SendTo [C:\Users\Ed\AppData\Roaming\Microsoft\Windows\SendTo]
12/02/2008 21:17 <JUNCTION> Start Menu [C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu]
12/02/2008 21:17 <JUNCTION> Templates [C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes

Directory of C:\Users\Ed\AppData\Local

12/02/2008 21:17 <JUNCTION> Application Data [C:\Users\Ed\AppData\Local]
12/02/2008 21:17 <JUNCTION> History [C:\Users\Ed\AppData\Local\Microsoft\Windows\History]
12/02/2008 21:17 <JUNCTION> Temporary Internet Files [C:\Users\Ed\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes

Directory of C:\Users\Ed\Documents

12/02/2008 21:17 <JUNCTION> My Music [C:\Users\Ed\Music]
12/02/2008 21:17 <JUNCTION> My Pictures [C:\Users\Ed\Pictures]
12/02/2008 21:17 <JUNCTION> My Videos [C:\Users\Ed\Videos]
0 File(s) 0 bytes

Directory of C:\Users\Public\Documents

02/11/2006 14:02 <JUNCTION> My Music [c:\Users\Public\Music]
02/11/2006 14:02 <JUNCTION> My Pictures [c:\Users\Public\Pictures]
02/11/2006 14:02 <JUNCTION> My Videos [c:\Users\Public\Videos]
0 File(s) 0 bytes

Directory of C:\Windows\System32\config\systemprofile

15/05/2009 17:10 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
15/05/2009 17:10 <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
31/07/2012 14:39 <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
31/07/2012 14:39 <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
31/07/2012 14:39 <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
31/07/2012 14:39 <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
31/07/2012 14:39 <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
31/07/2012 14:39 <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
31/07/2012 14:39 <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes

Directory of C:\Windows\System32\config\systemprofile\AppData\Local

15/05/2009 17:10 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
15/05/2009 17:10 <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
15/05/2009 17:10 <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes

Directory of C:\Windows\System32\config\systemprofile\Documents

31/07/2012 14:39 <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
31/07/2012 14:39 <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
31/07/2012 14:39 <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes

Directory of C:\Windows\winsxs\x86_security-malware-windows-defender-events_31bf3856ad364e35_6.0.6000.16386_none_b3613e39beae266f

02/11/2006 13:35 <SYMLINK> MpEvMsg.dll [c:\windows\system32\config]
1 File(s) 65,640 bytes

Directory of C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6000.16386_none_5585eece5b4407f1

02/11/2006 13:34 <SYMLINK> MpAsDesc.dll [c:\windows\system32\config]
02/11/2006 13:34 <SYMLINK> MsMpLics.dll [c:\windows\system32\config]
02/11/2006 13:34 <SYMLINK> MsMpRes.dll [c:\windows\system32\config]
3 File(s) 681,784 bytes

Directory of C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5

02/11/2006 13:34 <SYMLINK> MpAsDesc.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpClient.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpCmdRun.exe [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpOAV.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpRtMon.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpRtPlug.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpSigDwn.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpSvc.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MSASCui.exe [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MsMpCom.dll [c:\windows\system32\config]
02/11/2006 13:34 <SYMLINK> MsMpLics.dll [c:\windows\system32\config]
02/11/2006 13:34 <SYMLINK> MsMpRes.dll [c:\windows\system32\config]
12 File(s) 3,765,552 bytes

Directory of C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411

02/11/2006 13:34 <SYMLINK> MpAsDesc.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpClient.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpCmdRun.exe [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpOAV.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpRtMon.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpRtPlug.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpSigDwn.dll [c:\windows\system32\config]
11/04/2009 07:27 <SYMLINK> MpSoftEx.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpSvc.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MSASCui.exe [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MsMpCom.dll [c:\windows\system32\config]
02/11/2006 13:34 <SYMLINK> MsMpLics.dll [c:\windows\system32\config]
02/11/2006 13:34 <SYMLINK> MsMpRes.dll [c:\windows\system32\config]
13 File(s) 4,278,552 bytes

Total Files Listed:
43 File(s) 13,135,720 bytes
80 Dir(s) 29,330,739,200 bytes free
  • 0

#49
edsmith323

edsmith323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Tom

Kasperky log attached

Attached Files


  • 0

#50
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi Ed,

Batch File

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

  • Click on the Start Posted Image button and in the search box, type Notepad and click on it
  • Copy (Ctrl+C) all of the text in the following box and paste (Ctrl+V) it into Notepad
    fsutil reparsepoint delete "C:\Program Files\Windows Defender\"
    fsutil reparsepoint delete "C:\Program Files\Windows Defender\en-US"
    fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpAsDesc.dll"
    fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpClient.dll"
    fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpCmdRun.exe"
    fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpEvMsg.dll"
    fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpOAV.dll"
    fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpRtMon.dll"
    fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpRtPlug.dll"
    fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpSigDwn.dll"
    fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpSoftEx.dll"
    fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpSvc.dll"
    fsutil reparsepoint delete "C:\Program Files\Windows Defender\MSASCui.exe"
    fsutil reparsepoint delete "C:\Program Files\Windows Defender\MsMpCom.dll"
    fsutil reparsepoint delete "C:\Program Files\Windows Defender\MsMpLics.dll"
    fsutil reparsepoint delete "C:\Program Files\Windows Defender\MsMpRes.dll"
    fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender-events_31bf3856ad364e35_6.0.6000.16386_none_b3613e39beae266f\MpEvMsg.dll"
    fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6000.16386_none_5585eece5b4407f1\MpAsDesc.dll"
    fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6000.16386_none_5585eece5b4407f1\MsMpLics.dll"
    fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6000.16386_none_5585eece5b4407f1\MsMpRes.dll"
    fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpAsDesc.dll"
    fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpClient.dll"
    fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpCmdRun.exe"
    fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpOAV.dll"
    fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpRtMon.dll"
    fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpRtPlug.dll"
    fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpSigDwn.dll"
    fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpSvc.dll"
    fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MSASCui.exe"
    fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MsMpCom.dll"
    fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MsMpLics.dll"
    fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MsMpRes.dll"
    fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpAsDesc.dll"
    fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpClient.dll"
    fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpCmdRun.exe"
    fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpOAV.dll"
    fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpRtMon.dll"
    fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpRtPlug.dll"
    fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpSigDwn.dll"
    fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpSoftEx.dll"
    fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpSvc.dll"
    fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MSASCui.exe"
    fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MsMpCom.dll"
    fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MsMpLics.dll"
    fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MsMpRes.dll"
    CD \
    DIR /S /A:L > %USERPROFILE%\Desktop\JunctionPoints.txt
    START JunctionPoints.txt
    EXIT
    
    
  • Go to File > Save As... and save it to your Desktop named fix.bat. Make sure you change the Save as type to All Files (*.*)
  • Locate fix.bat on your Desktop and right click then select Run as administrator

Post JunctionPoints.txt when finished, as before please!

Combofix Script

  • Close all open Windows and disable all anti-virus and anti-malware software to prevent them inhibiting Combofix in any way. If you are unsure how to do this, see THIS
  • Copy (Ctrl+C) all of the text in the following box and paste (Ctrl+V) it into Notepad
    File::
    C:\Windows\system32\DRIVERS\2768321drv.sys
    
    
  • Go to File > Save As... and save it to your Desktop named CFScript.txt.

    Posted Image
  • Referring to the picture above, drag CFScript.txt into ComboFix.exe

    When finished, it will produce a log that can be found at C:\ComboFix.txt. Copy and paste the contents of this into your next post please.

Tom
  • 0

#51
edsmith323

edsmith323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
junction points

Volume in drive C has no label.
Volume Serial Number is 7378-680D

Directory of C:\

02/11/2006 14:02 <JUNCTION> Documents and Settings [c:\Users]
0 File(s) 0 bytes

Directory of C:\ProgramData

02/11/2006 14:02 <JUNCTION> Application Data [c:\ProgramData]
02/11/2006 14:02 <JUNCTION> Desktop [c:\Users\Public\Desktop]
02/11/2006 14:02 <JUNCTION> Documents [c:\Users\Public\Documents]
02/11/2006 14:02 <JUNCTION> Favorites [c:\Users\Public\Favorites]
02/11/2006 14:02 <JUNCTION> Start Menu [c:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006 14:02 <JUNCTION> Templates [c:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes

Directory of C:\Users

02/11/2006 14:02 <SYMLINKD> All Users [c:\ProgramData]
02/11/2006 14:02 <JUNCTION> Default User [c:\Users\Default]
0 File(s) 0 bytes

Directory of C:\Users\All Users

02/11/2006 14:02 <JUNCTION> Application Data [c:\ProgramData]
02/11/2006 14:02 <JUNCTION> Desktop [c:\Users\Public\Desktop]
02/11/2006 14:02 <JUNCTION> Documents [c:\Users\Public\Documents]
02/11/2006 14:02 <JUNCTION> Favorites [c:\Users\Public\Favorites]
02/11/2006 14:02 <JUNCTION> Start Menu [c:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006 14:02 <JUNCTION> Templates [c:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes

Directory of C:\Users\Default

02/11/2006 14:02 <JUNCTION> Application Data [c:\Users\Default\AppData\Roaming]
02/11/2006 14:02 <JUNCTION> Local Settings [c:\Users\Default\AppData\Local]
02/11/2006 14:02 <JUNCTION> My Documents [c:\Users\Default\Documents]
02/11/2006 14:02 <JUNCTION> NetHood [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/11/2006 14:02 <JUNCTION> PrintHood [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/11/2006 14:02 <JUNCTION> Recent [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
02/11/2006 14:02 <JUNCTION> SendTo [c:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
02/11/2006 14:02 <JUNCTION> Start Menu [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
02/11/2006 14:02 <JUNCTION> Templates [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes

Directory of C:\Users\Default\AppData\Local

02/11/2006 14:02 <JUNCTION> Application Data [c:\Users\Default\AppData\Local]
02/11/2006 14:02 <JUNCTION> History [c:\Users\Default\AppData\Local\Microsoft\Windows\History]
02/11/2006 14:02 <JUNCTION> Temporary Internet Files [c:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes

Directory of C:\Users\Default\Documents

02/11/2006 14:02 <JUNCTION> My Music [c:\Users\Default\Music]
02/11/2006 14:02 <JUNCTION> My Pictures [c:\Users\Default\Pictures]
02/11/2006 14:02 <JUNCTION> My Videos [c:\Users\Default\Videos]
0 File(s) 0 bytes

Directory of C:\Users\Ed

12/02/2008 21:17 <JUNCTION> Application Data [C:\Users\Ed\AppData\Roaming]
12/02/2008 21:17 <JUNCTION> Cookies [C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Cookies]
12/02/2008 21:17 <JUNCTION> Local Settings [C:\Users\Ed\AppData\Local]
12/02/2008 21:17 <JUNCTION> My Documents [C:\Users\Ed\Documents]
12/02/2008 21:17 <JUNCTION> NetHood [C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/02/2008 21:17 <JUNCTION> PrintHood [C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/02/2008 21:17 <JUNCTION> Recent [C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Recent]
12/02/2008 21:17 <JUNCTION> SendTo [C:\Users\Ed\AppData\Roaming\Microsoft\Windows\SendTo]
12/02/2008 21:17 <JUNCTION> Start Menu [C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu]
12/02/2008 21:17 <JUNCTION> Templates [C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes

Directory of C:\Users\Ed\AppData\Local

12/02/2008 21:17 <JUNCTION> Application Data [C:\Users\Ed\AppData\Local]
12/02/2008 21:17 <JUNCTION> History [C:\Users\Ed\AppData\Local\Microsoft\Windows\History]
12/02/2008 21:17 <JUNCTION> Temporary Internet Files [C:\Users\Ed\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes

Directory of C:\Users\Ed\Documents

12/02/2008 21:17 <JUNCTION> My Music [C:\Users\Ed\Music]
12/02/2008 21:17 <JUNCTION> My Pictures [C:\Users\Ed\Pictures]
12/02/2008 21:17 <JUNCTION> My Videos [C:\Users\Ed\Videos]
0 File(s) 0 bytes

Directory of C:\Users\Public\Documents

02/11/2006 14:02 <JUNCTION> My Music [c:\Users\Public\Music]
02/11/2006 14:02 <JUNCTION> My Pictures [c:\Users\Public\Pictures]
02/11/2006 14:02 <JUNCTION> My Videos [c:\Users\Public\Videos]
0 File(s) 0 bytes

Directory of C:\Windows\System32\config\systemprofile

15/05/2009 17:10 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
15/05/2009 17:10 <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
31/07/2012 14:39 <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
31/07/2012 14:39 <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
31/07/2012 14:39 <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
31/07/2012 14:39 <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
31/07/2012 14:39 <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
31/07/2012 14:39 <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
31/07/2012 14:39 <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes

Directory of C:\Windows\System32\config\systemprofile\AppData\Local

15/05/2009 17:10 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
15/05/2009 17:10 <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
15/05/2009 17:10 <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes

Directory of C:\Windows\System32\config\systemprofile\Documents

31/07/2012 14:39 <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
31/07/2012 14:39 <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
31/07/2012 14:39 <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes

Total Files Listed:
0 File(s) 0 bytes
64 Dir(s) 26,181,095,424 bytes free
  • 0

#52
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi Ed,

Thanks for the log. fsutil did a great job of removing those junctions! There's no rush but just in case you've forgotten, or missed it, can you run the ComboFix script and post the log please?

Tom
  • 0

#53
edsmith323

edsmith323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
I tried earlier but my Anitvirus turned back on after the reboot and quashed combofix.

I'll try again with it completely disabled and post the results when its finished
  • 0

#54
edsmith323

edsmith323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Combofix log

ComboFix 13-05-20.01 - Ed 20/05/2013 17:57:14.4.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.44.1033.18.2943.1486 [GMT 1:00]
Running from: c:\users\Ed\Downloads\ComboFix.exe
Command switches used :: c:\users\Ed\Desktop\cfscript.txt
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\DRIVERS\2768321drv.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\Ed\AppData\Roaming\chrtmp
c:\windows\ST6UNST.000
c:\windows\system32\DRIVERS\2768321drv.sys
c:\windows\wininit.ini
.
-- Previous Run --
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\userinit.exe
.
--------
.
.
((((((((((((((((((((((((( Files Created from 2013-04-20 to 2013-05-20 )))))))))))))))))))))))))))))))
.
.
2013-05-20 17:09 . 2013-05-20 17:10 -------- d-----w- c:\users\Ed\AppData\Local\temp
2013-05-20 17:09 . 2013-05-20 17:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-20 16:50 . 2013-05-20 16:54 -------- d-----w- C:\32788R22FWJFW
2013-05-19 18:54 . 2013-05-16 23:56 133208 ----a-w- c:\windows\system32\drivers\04207671.sys
2013-05-19 18:20 . 2010-09-07 14:39 150392 ----a-w- c:\windows\system32\junction.exe
2013-05-19 14:25 . 2013-05-16 23:56 133208 ----a-w- c:\windows\system32\drivers\50375998.sys
2013-05-17 16:32 . 2013-05-17 16:32 -------- d-----w- c:\programdata\Kaspersky Lab
2013-05-16 15:29 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-16 15:11 . 2013-04-15 14:20 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-16 15:11 . 2013-04-13 10:56 37376 ----a-w- c:\windows\system32\cdd.dll
2013-05-15 16:27 . 2013-05-15 16:27 0 ----a-w- c:\windows\system32\REND164.tmp
2013-05-15 16:27 . 2013-05-15 16:27 0 ----a-w- c:\windows\system32\REND163.tmp
2013-05-15 16:27 . 2013-05-15 16:27 0 ----a-w- c:\windows\system32\REND162.tmp
2013-05-14 17:50 . 2013-05-14 17:50 -------- d-----w- c:\users\Ed\AppData\Roaming\HPAppData
2013-05-13 21:50 . 2013-05-13 21:50 -------- d-----w- C:\_OTL
2013-05-11 10:37 . 2013-05-11 10:37 209472 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2013-05-09 20:20 . 2013-05-09 20:20 -------- d-----w- c:\program files\ESET
2013-05-07 20:15 . 2013-05-07 20:15 -------- d-----w- c:\users\Ed\AppData\Local\MicroVision Applications
2013-05-07 18:21 . 2013-05-07 18:44 -------- d-----w- c:\users\Ed\AppData\Local\Sony
2013-05-07 18:21 . 2013-05-07 18:22 -------- d-----w- c:\programdata\Sony
2013-05-07 15:46 . 2013-05-07 15:46 -------- d-----w- C:\$AVG
2013-05-07 15:43 . 2013-05-07 15:43 -------- d-----w- c:\program files\AVG
2013-05-07 14:42 . 2013-05-19 14:33 -------- d-----w- c:\users\Ed\AppData\Roaming\vlc
2013-05-07 14:41 . 2013-05-07 14:41 -------- d-----w- c:\program files\VideoLAN
2013-04-29 16:40 . 2013-04-29 16:43 -------- d-----w- c:\program files\Morley-IAS by Honeywell
2013-04-25 12:35 . 2013-04-25 12:36 -------- d-----w- c:\windows\VMUVC
2013-04-25 12:32 . 2008-07-01 10:12 398720 ----a-w- c:\windows\system32\drivers\vvftUVC.sys
2013-04-25 12:32 . 2008-09-02 16:47 94208 ----a-w- c:\windows\system32\VvFtCtrl.dll
2013-04-25 12:32 . 2008-07-01 10:16 188416 ----a-w- c:\windows\system32\vvftUVC.ax
2013-04-25 12:31 . 2008-02-29 09:11 11776 ----a-w- c:\windows\system32\VMUVC.dll
2013-04-25 12:31 . 2009-04-29 15:01 516096 ----a-w- c:\windows\system32\VMUVC.ax
2013-04-25 12:31 . 2007-04-12 21:59 73728 ----a-w- c:\windows\system32\exvmuvc.ax
2013-04-25 12:31 . 2010-01-12 16:42 252928 ----a-w- c:\windows\system32\drivers\VMUVC.sys
2013-04-25 12:31 . 2008-09-18 15:28 98304 ----a-w- c:\windows\system32\VMCtrl.ax
2013-04-25 12:31 . 2013-04-25 12:31 -------- d-----w- c:\program files\Vimicro Corporation
2013-04-25 09:28 . 2013-03-03 19:07 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-24 15:46 . 2013-04-24 15:46 -------- d-----w- c:\users\Public\DebugData
2013-04-24 13:44 . 2013-04-24 15:46 -------- d-----w- c:\program files\Texecom
2013-04-22 17:31 . 2013-04-22 17:31 -------- d-----w- c:\users\Ed\AppData\Local\Cisco
2013-04-22 17:15 . 2013-04-22 17:15 -------- d-----w- c:\program files\Cisco
2013-04-22 17:15 . 2013-04-22 17:15 -------- d-----w- c:\programdata\Cisco
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-19 17:51 . 2013-05-19 17:49 123960 ----a-w- C:\NEW MALWARE.zip
2013-05-15 18:38 . 2012-04-18 17:06 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-15 18:38 . 2011-06-07 19:10 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 13:01 . 2011-08-04 06:43 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-04 13:50 . 2012-07-23 22:12 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-29 01:53 . 2013-03-29 01:53 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-03-23 01:09 . 2013-03-23 01:09 354656 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2013-03-21 02:08 . 2013-03-21 02:08 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2013-03-14 16:31 . 2012-09-03 18:28 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-14 16:31 . 2012-06-08 12:49 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-14 16:31 . 2010-06-03 08:47 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-11 13:25 . 2013-04-14 18:49 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-11 13:25 . 2013-04-14 18:49 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-09 03:45 . 2013-04-14 18:49 49152 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-09 01:28 . 2013-04-14 18:49 64000 ----a-w- c:\windows\system32\smss.exe
2013-03-08 03:53 . 2013-04-14 18:49 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-03-08 03:52 . 2013-04-14 18:49 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-03-01 09:32 . 2013-03-01 09:32 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-02-28 15:29 . 2010-07-26 12:04 249856 ------w- c:\windows\Setup1.exe
2013-02-28 15:29 . 2010-07-26 12:04 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MSSOverlay]
@="{b75ab0c8-03d5-4592-9821-a48d54d66b14}"
[HKEY_CLASSES_ROOT\CLSID\{b75ab0c8-03d5-4592-9821-a48d54d66b14}]
2006-08-11 13:51 69632 ----a-w- c:\windows\System32\MssShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-11-08 1116920]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-07-06 11227136]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2010-04-13 358456]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2010-01-18 24832]
"IFXSPMGT"="c:\program files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" [2009-07-19 1107232]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2004-04-06 61440]
"USBToolTip"="c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2004-04-23 192512]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-04-15 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2007-12-20 135168]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-04-28 4408368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2008-02-15 44168]
.
c:\users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ed\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
_uninst_04207671.lnk - c:\users\Ed\AppData\Local\temp\_uninst_04207671.bat [N/A]
_uninst_50375998.lnk - c:\users\Ed\AppData\Local\temp\_uninst_50375998.bat [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-3-29 719664]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-2-12 192512]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\HEWLET~1\IAM\Bin\APSHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux7"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 09:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2007-05-31 09:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3383664648-3697021102-3418656205-1006]
"EnableNotificationsRef"=dword:00000001
.
S0 04207671;04207671;c:\windows\system32\DRIVERS\04207671.sys [x]
S0 50375998;50375998;c:\windows\system32\DRIVERS\50375998.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LPDService REG_MULTI_SZ LPDSVC
rsmsvcs REG_MULTI_SZ ntmssvc
ipripsvc REG_MULTI_SZ iprip
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Cognizance REG_MULTI_SZ ASBroker
Bioscrypt REG_MULTI_SZ ASChannel
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-18 14:48 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 18:38]
.
2013-05-20 c:\windows\Tasks\Embedded Security Backup Schedule.job
- c:\program files\Hewlett-Packard\Embedded Security Software\SpBackupWz.exe [2009-07-19 21:09]
.
2013-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-03 18:20]
.
2013-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-03 18:20]
.
2013-05-20 c:\windows\Tasks\Security Platform Backup Schedule.job
- c:\program files\Hewlett-Packard\Embedded Security Software\SpBackupWz.exe [2009-07-19 21:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.co.uk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=none&bd=smb&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
Trusted Zone: cslconnect.com\cslvpn
TCP: DhcpNameServer = 192.168.0.1
Handler: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} - c:\program files\Microsoft\SMIME Client (2010)\mimectl.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-20 18:10
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-05-20 18:16:33
ComboFix-quarantined-files.txt 2013-05-20 17:16
ComboFix2.txt 2013-05-06 12:04
.
Pre-Run: 26,658,369,536 bytes free
Post-Run: 26,501,132,288 bytes free
.
- - End Of File - - 719A512875C12AD6400A4B53B8A0177F
  • 0

#55
edsmith323

edsmith323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Tom

That has fixed the downloading the issue! Thank you so much!!!!!!

How does the combofix log look??

Ed
  • 0

Advertisements


#56
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi Ed,

Glad to hear it! The Combofix log hasn't shown anything of particular interest but I am fortunate to have got hold of a sample of the actual dropper and have infected my VM. I monitored the changes made as the infection was loaded and it has revealed a few things which I would like to double check.

Combofix Script

  • Close all open Windows and disable all anti-virus and anti-malware software to prevent them inhibiting Combofix in any way. If you are unsure how to do this, see THIS
  • Copy (Ctrl+C) all of the text in the following box and paste (Ctrl+V) it into Notepad
    DirLook::
    C:\$Recycle.Bin\S-1-5-21-3912186507-1004824649-1322595488-1000\$51dc324928ac831b0379c5a2436eaddf\
    
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]
    "AutoStart"=""
    
    
  • Go to File > Save As... and save it to your Desktop named CFScript.txt.

    Posted Image
  • Referring to the picture above, drag CFScript.txt into ComboFix.exe

    When finished, it will produce a log that can be found at C:\ComboFix.txt. Copy and paste the contents of this into your next post please.


Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

OTL

  • Run OTL.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
When the scan completes, it will open a log, OTL.txt, post this in your next reply please.

Tom
  • 0

#57
edsmith323

edsmith323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
CF Log
ComboFix 13-05-21.01 - Ed 21/05/2013 17:39:37.5.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.44.1033.18.2943.1344 [GMT 1:00]
Running from: c:\users\Ed\Downloads\ComboFix.exe
Command switches used :: c:\users\Ed\Desktop\cfscript.txt
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-04-21 to 2013-05-21 )))))))))))))))))))))))))))))))
.
.
2013-05-21 16:53 . 2013-05-21 16:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-21 06:29 . 2013-05-21 06:29 -------- d-----w- c:\program files\EMET
2013-05-20 17:16 . 2013-05-21 16:53 -------- d-----w- c:\users\Ed\AppData\Local\temp
2013-05-20 16:50 . 2013-05-21 16:36 -------- d-----w- C:\32788R22FWJFW
2013-05-19 18:54 . 2013-05-16 23:56 133208 ----a-w- c:\windows\system32\drivers\04207671.sys
2013-05-19 18:20 . 2010-09-07 14:39 150392 ----a-w- c:\windows\system32\junction.exe
2013-05-19 14:25 . 2013-05-16 23:56 133208 ----a-w- c:\windows\system32\drivers\50375998.sys
2013-05-17 16:32 . 2013-05-17 16:32 -------- d-----w- c:\programdata\Kaspersky Lab
2013-05-16 15:29 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-16 15:11 . 2013-04-15 14:20 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-16 15:11 . 2013-04-13 10:56 37376 ----a-w- c:\windows\system32\cdd.dll
2013-05-15 16:27 . 2013-05-15 16:27 0 ----a-w- c:\windows\system32\REND164.tmp
2013-05-15 16:27 . 2013-05-15 16:27 0 ----a-w- c:\windows\system32\REND163.tmp
2013-05-15 16:27 . 2013-05-15 16:27 0 ----a-w- c:\windows\system32\REND162.tmp
2013-05-14 17:50 . 2013-05-14 17:50 -------- d-----w- c:\users\Ed\AppData\Roaming\HPAppData
2013-05-13 21:50 . 2013-05-13 21:50 -------- d-----w- C:\_OTL
2013-05-11 10:37 . 2013-05-11 10:37 209472 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2013-05-09 20:20 . 2013-05-09 20:20 -------- d-----w- c:\program files\ESET
2013-05-07 20:15 . 2013-05-07 20:15 -------- d-----w- c:\users\Ed\AppData\Local\MicroVision Applications
2013-05-07 18:21 . 2013-05-07 18:44 -------- d-----w- c:\users\Ed\AppData\Local\Sony
2013-05-07 18:21 . 2013-05-07 18:22 -------- d-----w- c:\programdata\Sony
2013-05-07 15:46 . 2013-05-07 15:46 -------- d-----w- C:\$AVG
2013-05-07 15:43 . 2013-05-07 15:43 -------- d-----w- c:\program files\AVG
2013-05-07 14:42 . 2013-05-20 20:17 -------- d-----w- c:\users\Ed\AppData\Roaming\vlc
2013-05-07 14:41 . 2013-05-07 14:41 -------- d-----w- c:\program files\VideoLAN
2013-04-29 16:40 . 2013-04-29 16:43 -------- d-----w- c:\program files\Morley-IAS by Honeywell
2013-04-25 12:35 . 2013-04-25 12:36 -------- d-----w- c:\windows\VMUVC
2013-04-25 12:32 . 2008-07-01 10:12 398720 ----a-w- c:\windows\system32\drivers\vvftUVC.sys
2013-04-25 12:32 . 2008-09-02 16:47 94208 ----a-w- c:\windows\system32\VvFtCtrl.dll
2013-04-25 12:32 . 2008-07-01 10:16 188416 ----a-w- c:\windows\system32\vvftUVC.ax
2013-04-25 12:31 . 2008-02-29 09:11 11776 ----a-w- c:\windows\system32\VMUVC.dll
2013-04-25 12:31 . 2009-04-29 15:01 516096 ----a-w- c:\windows\system32\VMUVC.ax
2013-04-25 12:31 . 2007-04-12 21:59 73728 ----a-w- c:\windows\system32\exvmuvc.ax
2013-04-25 12:31 . 2010-01-12 16:42 252928 ----a-w- c:\windows\system32\drivers\VMUVC.sys
2013-04-25 12:31 . 2008-09-18 15:28 98304 ----a-w- c:\windows\system32\VMCtrl.ax
2013-04-25 12:31 . 2013-04-25 12:31 -------- d-----w- c:\program files\Vimicro Corporation
2013-04-25 09:28 . 2013-03-03 19:07 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-24 15:46 . 2013-04-24 15:46 -------- d-----w- c:\users\Public\DebugData
2013-04-24 13:44 . 2013-04-24 15:46 -------- d-----w- c:\program files\Texecom
2013-04-22 17:31 . 2013-04-22 17:31 -------- d-----w- c:\users\Ed\AppData\Local\Cisco
2013-04-22 17:15 . 2013-04-22 17:15 -------- d-----w- c:\program files\Cisco
2013-04-22 17:15 . 2013-04-22 17:15 -------- d-----w- c:\programdata\Cisco
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-19 17:51 . 2013-05-19 17:49 123960 ----a-w- C:\NEW MALWARE.zip
2013-05-15 18:38 . 2012-04-18 17:06 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-15 18:38 . 2011-06-07 19:10 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 13:01 . 2011-08-04 06:43 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-04 13:50 . 2012-07-23 22:12 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-29 01:53 . 2013-03-29 01:53 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-03-23 01:09 . 2013-03-23 01:09 354656 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2013-03-21 02:08 . 2013-03-21 02:08 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2013-03-14 16:31 . 2012-09-03 18:28 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-14 16:31 . 2012-06-08 12:49 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-14 16:31 . 2010-06-03 08:47 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-11 13:25 . 2013-04-14 18:49 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-11 13:25 . 2013-04-14 18:49 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-09 03:45 . 2013-04-14 18:49 49152 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-09 01:28 . 2013-04-14 18:49 64000 ----a-w- c:\windows\system32\smss.exe
2013-03-08 03:53 . 2013-04-14 18:49 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-03-08 03:52 . 2013-04-14 18:49 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-03-01 09:32 . 2013-03-01 09:32 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-02-28 15:29 . 2010-07-26 12:04 249856 ------w- c:\windows\Setup1.exe
2013-02-28 15:29 . 2010-07-26 12:04 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\$recycle.bin\S-1-5-21-3912186507-1004824649-1322595488-1000\$51dc324928ac831b0379c5a2436eaddf ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MSSOverlay]
@="{b75ab0c8-03d5-4592-9821-a48d54d66b14}"
[HKEY_CLASSES_ROOT\CLSID\{b75ab0c8-03d5-4592-9821-a48d54d66b14}]
2006-08-11 13:51 69632 ----a-w- c:\windows\System32\MssShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-11-08 1116920]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-07-06 11227136]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2010-04-13 358456]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2010-01-18 24832]
"IFXSPMGT"="c:\program files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" [2009-07-19 1107232]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2004-04-06 61440]
"USBToolTip"="c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2004-04-23 192512]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-04-15 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2007-12-20 135168]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-04-28 4408368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"EMET Notifier"="c:\program files\EMET\EMET_notifier.exe" [2012-05-09 152152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2008-02-15 44168]
.
c:\users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ed\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
_uninst_04207671.lnk - c:\users\Ed\AppData\Local\temp\_uninst_04207671.bat [N/A]
_uninst_50375998.lnk - c:\users\Ed\AppData\Local\temp\_uninst_50375998.bat [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-3-29 719664]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-2-12 192512]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\HEWLET~1\IAM\Bin\APSHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux7"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 09:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2007-05-31 09:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3383664648-3697021102-3418656205-1006]
"EnableNotificationsRef"=dword:00000001
.
S0 04207671;04207671;c:\windows\system32\DRIVERS\04207671.sys [x]
S0 50375998;50375998;c:\windows\system32\DRIVERS\50375998.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LPDService REG_MULTI_SZ LPDSVC
rsmsvcs REG_MULTI_SZ ntmssvc
ipripsvc REG_MULTI_SZ iprip
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Cognizance REG_MULTI_SZ ASBroker
Bioscrypt REG_MULTI_SZ ASChannel
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-18 14:48 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 18:38]
.
2013-05-21 c:\windows\Tasks\Embedded Security Backup Schedule.job
- c:\program files\Hewlett-Packard\Embedded Security Software\SpBackupWz.exe [2009-07-19 21:09]
.
2013-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-03 18:20]
.
2013-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-03 18:20]
.
2013-05-21 c:\windows\Tasks\Security Platform Backup Schedule.job
- c:\program files\Hewlett-Packard\Embedded Security Software\SpBackupWz.exe [2009-07-19 21:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.co.uk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=none&bd=smb&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
Trusted Zone: cslconnect.com\cslvpn
TCP: DhcpNameServer = 192.168.0.1
Handler: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} - c:\program files\Microsoft\SMIME Client (2010)\mimectl.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-21 17:53
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(7732)
c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll
c:\users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
c:\windows\system32\MssShellExt.dll
c:\windows\system32\btmmhook.dll
c:\program files\Hewlett-Packard\File Sanitizer\HPPMDesktopIcon.dll
.
Completion time: 2013-05-21 17:57:22
ComboFix-quarantined-files.txt 2013-05-21 16:57
ComboFix2.txt 2013-05-20 17:16
ComboFix3.txt 2013-05-06 12:04
.
Pre-Run: 25,440,276,480 bytes free
Post-Run: 25,286,717,440 bytes free
.
- - End Of File - - 43AFCB50B28FB392691CC4DE422E61CC
  • 0

#58
edsmith323

edsmith323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
FSS Log

Farbar Service Scanner Version: 14-04-2013
Ran by Ed (administrator) on 21-05-2013 at 19:08:40
Running from "C:\Users\Ed\Desktop"
Windows Vista ™ Business Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-02-13 21:29] - [2013-01-04 12:28] - 0905576 ____A (Microsoft Corporation) 74E2D020C47BB2B2FCCBA29A518A7EB4

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#59
edsmith323

edsmith323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
OTL Log

OTL logfile created on: 21/05/2013 19:10:44 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ed\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 43.98% Memory free
5.62 Gb Paging File | 3.82 Gb Available in Paging File | 68.12% Paging File free
Paging file location(s): c:\pagefile.sys 2877 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.99 Gb Total Space | 23.62 Gb Free Space | 16.88% Space Free | Partition Type: NTFS
Drive E: | 1.55 Gb Total Space | 1.31 Gb Free Space | 84.21% Space Free | Partition Type: NTFS
Drive F: | 7.51 Gb Total Space | 0.75 Gb Free Space | 10.01% Space Free | Partition Type: NTFS

Computer Name: ED-PC | User Name: Ed | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/06 21:17:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ed\Desktop\OTL.exe
PRC - [2013/04/29 00:58:42 | 004,408,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/04/04 03:15:08 | 001,117,232 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/03/28 02:48:36 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/03/18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2013/02/19 04:00:58 | 000,448,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2013/02/13 03:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2013/02/01 13:25:25 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/08/30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010/04/13 10:41:04 | 000,358,456 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2010/03/05 11:08:42 | 000,256,616 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2010/01/18 06:06:06 | 000,078,592 | ---- | M] (Bioscrypt Inc.) -- C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2009/12/17 23:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/11/11 14:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009/07/29 12:43:50 | 001,201,400 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2009/07/19 22:23:38 | 001,107,232 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe
PRC - [2009/07/19 22:21:42 | 000,296,224 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
PRC - [2009/07/19 22:18:10 | 000,214,304 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
PRC - [2009/07/19 21:44:36 | 000,984,352 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IFXTCS.exe
PRC - [2009/07/06 15:35:44 | 000,077,824 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2009/07/06 15:34:58 | 011,227,136 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
PRC - [2009/06/03 16:16:42 | 000,207,400 | ---- | M] (ActivIdentity) -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
PRC - [2009/06/03 16:16:34 | 000,153,640 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2009/06/03 16:13:28 | 000,400,936 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/03/18 16:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008/02/16 00:34:36 | 000,715,912 | ---- | M] () -- C:\Windows\SMINST\Scheduler.exe
PRC - [2008/01/19 08:33:12 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\inetinfo.exe
PRC - [2007/12/20 14:36:50 | 000,135,168 | ---- | M] (Vimicro Corporation) -- C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
PRC - [2007/03/29 14:11:50 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/03/29 14:11:48 | 001,604,400 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2007/02/06 10:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/11/08 10:00:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2004/04/23 11:00:36 | 000,192,512 | ---- | M] (Pinnacle Systems) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
PRC - [2000/06/29 09:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) -- C:\Windows\System32\Crypserv.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/17 10:04:16 | 000,686,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\2bc38488f9988db801a844e2590294a3\System.Security.ni.dll
MOD - [2013/05/17 10:04:15 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3da65115bf9debbf564861f6b123a2e4\System.Configuration.ni.dll
MOD - [2013/05/17 09:59:09 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e9ea3e70247b4aa4a8b260426db3aa6b\System.Windows.Forms.ni.dll
MOD - [2013/04/10 02:38:48 | 002,010,624 | ---- | M] () -- C:\Program Files\ManyCam\Bin\opencv_core220.dll
MOD - [2013/04/10 02:38:48 | 001,241,088 | ---- | M] () -- C:\Program Files\ManyCam\Bin\opencv_imgproc220.dll
MOD - [2013/02/13 22:34:31 | 011,820,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\421cb77e6a4c21f94e3c5ddf766de23b\System.Web.ni.dll
MOD - [2013/02/13 03:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013/02/13 03:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2013/01/10 15:59:04 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll
MOD - [2013/01/10 15:41:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll
MOD - [2013/01/10 15:39:48 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll
MOD - [2013/01/10 15:38:33 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll
MOD - [2013/01/10 15:35:10 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013/01/10 15:34:58 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/02/16 00:34:36 | 000,715,912 | ---- | M] () -- C:\Windows\SMINST\Scheduler.exe
MOD - [2008/02/16 00:34:15 | 000,446,464 | ---- | M] () -- C:\Windows\SMINST\naspp.dll
MOD - [2007/06/28 17:48:42 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2589.34876__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2007/06/28 17:48:41 | 001,671,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2589.34886__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2007/06/28 17:48:41 | 000,688,128 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.2589.35106__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
MOD - [2007/06/28 17:48:41 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2589.34839__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:41 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2589.34900__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2007/06/28 17:48:41 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2589.35144__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2007/06/28 17:48:41 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2589.35129__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:41 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2589.35080__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:41 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2589.34898__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:41 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2589.34860__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:41 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2589.35011__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:40 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2589.35177__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2007/06/28 17:48:09 | 000,344,064 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2589.35093__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:09 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2589.35183__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:09 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2589.35098__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2007/06/28 17:48:09 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2589.34854__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:08 | 000,667,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2589.35024__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:08 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2589.34915__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:08 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2589.34863__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:08 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2589.35114__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2007/06/28 17:48:08 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2589.34907__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:08 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.2589.35169__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:08 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2589.35045__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:08 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2589.35090__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:08 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2589.35020__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:08 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2589.35168__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:08 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2589.35044__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:08 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2589.34921__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:07 | 000,909,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2589.35137__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:07 | 000,651,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.2589.35085__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:07 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2589.35014__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:07 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2589.35069__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:07 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2589.34923__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2007/06/28 17:48:07 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2589.35012__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:07 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2589.35019__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:07 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2589.35066__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:07 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2560.26010__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2007/06/28 17:48:06 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2560.25961__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2007/06/28 17:48:06 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2537.29860__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2007/06/28 17:48:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2560.25959__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2007/06/28 17:48:06 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2560.26040__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2007/06/28 17:48:06 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2560.25964__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2007/06/28 17:48:06 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2560.25982__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2007/06/28 17:48:06 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2560.25974__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2007/06/28 17:48:06 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2560.26001__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2007/06/28 17:48:06 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2560.26002__90ba9c70f846762e\DEM.OS.dll
MOD - [2007/06/28 17:48:06 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2560.25997__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2007/06/28 17:48:06 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2531.19989__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2007/06/28 17:48:06 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2560.26010__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2007/06/28 17:48:06 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2007/06/28 17:48:05 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll
MOD - [2007/06/28 17:48:05 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2560.25971__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2007/06/28 17:48:05 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2560.26000__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2007/06/28 17:48:05 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2560.26012__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2007/06/28 17:48:05 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2560.25999__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2007/06/28 17:48:05 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2560.26012__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2007/06/28 17:48:05 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2560.25999__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2007/06/28 17:48:05 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2560.25973__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2007/06/28 17:48:05 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2560.25968__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2007/06/28 17:48:05 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2007/06/28 17:48:05 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2007/06/28 17:48:05 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2007/06/28 17:48:04 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2560.26001__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2007/06/28 17:48:04 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2560.25998__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2007/06/28 17:48:04 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2560.25998__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2007/06/28 17:48:04 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2560.26000__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2007/06/28 17:48:04 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2007/06/28 17:48:04 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2007/06/28 17:48:04 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2560.25986__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2007/06/28 17:48:04 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2560.25982__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2007/06/28 17:48:04 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2560.26001__90ba9c70f846762e\APM.Foundation.dll
MOD - [2007/06/28 17:48:04 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2560.25960__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2007/06/28 17:48:04 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2531.19989__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2007/06/28 17:48:04 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2560.25970__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2007/06/28 17:47:56 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2589.35208__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2007/06/28 17:47:55 | 000,466,944 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2589.34870__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2007/06/28 17:47:55 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2589.35160__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2007/06/28 17:47:55 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2589.34837__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2007/06/28 17:47:55 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2589.35158__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2007/06/28 17:47:55 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2560.25980__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2007/06/28 17:47:55 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2560.25964__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2007/06/28 17:47:55 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2560.26010__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2007/06/28 17:47:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2560.25982__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2007/06/28 17:47:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2560.25966__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2007/06/28 17:47:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2560.25981__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2007/06/28 17:47:54 | 001,404,928 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2589.34848__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2007/06/28 17:47:54 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2589.34838__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2007/06/28 17:47:54 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2560.25970__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2007/06/28 17:47:54 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2589.34836__90ba9c70f846762e\AEM.Server.dll
MOD - [2007/06/28 17:47:54 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2007/06/28 17:47:54 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2560.26004__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2007/06/28 17:47:54 | 000,019,968 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2589.35160__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2007/03/29 14:02:48 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007/03/29 13:42:38 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
MOD - [2007/02/02 17:01:32 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2006/10/26 17:21:22 | 000,056,056 | ---- | M] () -- C:\Windows\System32\DLAAPI_W.DLL


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2013/05/15 19:38:32 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/04/10 11:07:36 | 001,428,472 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2013/02/01 13:25:25 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/08/30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/04/21 18:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/04/21 18:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/04/13 10:36:32 | 000,045,056 | ---- | M] (Hewlett-Packard Development Company, L.P) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2010/03/05 11:08:42 | 000,256,616 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2010/01/18 05:59:28 | 000,192,768 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2010/01/18 05:59:20 | 000,150,272 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2009/12/20 19:29:15 | 000,266,240 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\CSHelper.exe -- (CSHelper)
SRV - [2009/12/17 23:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/07/29 12:43:50 | 001,201,400 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2009/07/19 22:23:38 | 001,107,232 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe -- (IFXSpMgtSrv)
SRV - [2009/07/19 22:18:10 | 000,214,304 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2009/07/19 21:44:36 | 000,984,352 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IFXTCS.exe -- (IFXTCS)
SRV - [2009/07/06 15:35:44 | 000,077,824 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2009/06/03 16:16:42 | 000,207,400 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)
SRV - [2009/04/11 07:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/05/05 21:45:11 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/03/18 16:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 08:34:43 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC)
SRV - [2008/01/19 08:33:40 | 000,011,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\WMSvc.exe -- (WMSvc)
SRV - [2008/01/19 08:33:12 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (MSFTPSVC)
SRV - [2008/01/19 08:33:12 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/02/06 10:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/02 13:36:35 | 000,029,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\iprip.dll -- (iprip)
SRV - [2000/06/29 09:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Running] -- C:\Users\Ed\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\archlp.sys -- (archlp)
DRV - [2013/05/17 00:56:29 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\50375998.sys -- (50375998)
DRV - [2013/05/17 00:56:29 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\04207671.sys -- (04207671)
DRV - [2013/03/29 02:53:48 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/02/08 04:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/02/08 04:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/02/08 04:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/02/08 04:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/02/08 04:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/01/31 10:50:58 | 000,022,656 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mcaudrv.sys -- (mcaudrv_simple)
DRV - [2012/10/11 04:08:38 | 000,034,432 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcvidrv.sys -- (ManyCam)
DRV - [2012/09/04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/13 18:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011/05/13 18:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010/11/06 13:11:12 | 000,035,008 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2010/03/05 11:09:08 | 000,051,480 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2010/03/05 11:09:00 | 000,013,032 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\Windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2010/03/05 11:08:58 | 000,012,600 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\Windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2010/03/05 11:08:56 | 000,109,288 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2010/02/25 01:03:16 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2010/01/12 17:42:54 | 000,252,928 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMUVC.sys -- (VMUVC)
DRV - [2009/12/17 23:18:50 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2009/11/23 17:42:58 | 000,024,576 | ---- | M] (HTC1124 Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/07/29 13:00:52 | 000,482,176 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/07/19 22:17:36 | 000,039,712 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\psd.sys -- (PersonalSecureDrive)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009/04/29 07:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/04/11 05:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2009/02/17 13:19:00 | 000,057,672 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/02/17 13:17:00 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2008/11/21 22:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/07/01 11:12:32 | 000,398,720 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vvftUVC.sys -- (vvftUVC)
DRV - [2008/04/10 22:33:39 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/01/19 08:42:12 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008/01/19 07:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/07/31 19:45:50 | 000,076,800 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2007/04/10 23:55:28 | 000,140,808 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2007/02/09 00:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/02/02 17:09:42 | 002,385,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/12/13 12:10:18 | 000,030,656 | ---- | M] (Eutron) [Kernel | System | Running] -- C:\Windows\System32\drivers\eusk2par.sys -- (eusk2par)
DRV - [2006/11/02 09:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/11/02 08:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/10/30 12:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2006/10/26 17:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 17:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 17:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 17:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 17:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 17:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 17:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 17:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/11 11:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2004/11/03 18:14:36 | 000,082,768 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slabser.sys -- (slabser)
DRV - [2004/11/03 18:14:36 | 000,051,040 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slabbus.sys -- (slabbus)
DRV - [2004/07/16 16:47:14 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2004/05/05 13:40:38 | 000,019,584 | ---- | M] (Pinnacle Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emAudio.sys -- (emAudio)
DRV - [2004/04/06 14:08:06 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2004/04/06 14:07:58 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2004/04/06 14:07:54 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2004/03/10 15:27:18 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\asapiW2k.sys -- (ASAPIW2k)
DRV - [2001/11/05 09:23:52 | 000,299,923 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sonyhcs.sys -- (sonyhcs)
DRV - [2001/11/05 09:23:14 | 000,006,097 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sonyhcb.sys -- (sonyhcb)
DRV - [2000/02/03 20:53:12 | 000,024,608 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Ckldrv.sys -- (NetworkX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...d=smb&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
IE - HKCU\..\SearchScopes,DefaultScope = {8E02D41C-5924-4816-9490-33CCD28BEB72}
IE - HKCU\..\SearchScopes\{8E02D41C-5924-4816-9490-33CCD28BEB72}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{9F536F17-19AC-43C6-AAE3-0D44B531B5BC}: "URL" = http://search.avg.co...}&ychte=us&nt=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/13 14:36:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/05/10 13:49:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/12/05 08:19:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013/05/15 15:42:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\AVG\AVG2012\Thunderbird\
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/13 14:36:24 | 000,000,000 | ---D | M]

[2010/03/18 19:13:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ed\AppData\Roaming\Mozilla\Extensions
[2009/01/15 21:18:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ed\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/03/18 19:13:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\
CHR - Extension: Gmail = C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/05/20 16:38:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EMET Notifier] C:\Program Files\EMET\EMET_notifier.exe (Microsoft Corporation)
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IFXSPMGT] C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe (Infineon Technologies AG)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\Windows\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [USB2Check] C:\Windows\System32\PCLECoInst.dll (Pinnacle Systems)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems)
O4 - HKLM..\Run: [VMonitorVMUVC] C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe (Vimicro Corporation)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKCU..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\RunOnce: [ST Recovery Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ed\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_04207671.lnk = File not found
O4 - Startup: C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_50375998.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: cslconnect.com ([cslvpn] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553547600} http://fpdownload2.m...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70308F02-798D-4916-8232-B3B115A8F3D4}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\x-owacid2 {5B290518-830E-4C57-A66B-E4F748900C27} - C:\Program Files\Microsoft\SMIME Client (2010)\mimectl.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\HEWLET~1\IAM\Bin\APSHook.dll) - C:\Program Files\Hewlett-Packard\IAM\Bin\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/21 17:55:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/05/21 17:36:06 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/05/21 17:32:37 | 000,354,299 | ---- | C] (Farbar) -- C:\Users\Ed\Desktop\FSS.exe
[2013/05/21 09:56:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/05/21 07:29:38 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Enhanced Mitigation Experience Toolkit
[2013/05/21 07:29:37 | 000,000,000 | ---D | C] -- C:\Program Files\EMET
[2013/05/20 18:16:35 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\temp
[2013/05/20 17:50:54 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2013/05/19 19:54:02 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\04207671.sys
[2013/05/19 19:20:37 | 000,150,392 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Windows\System32\junction.exe
[2013/05/19 18:55:17 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{9DBD2FC9-5B4A-4779-B8C5-FE0FFB134607}
[2013/05/19 15:25:10 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\50375998.sys
[2013/05/17 17:32:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/05/15 14:26:44 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{0C4DD361-8968-4722-9CE3-3D2DD4D91A25}
[2013/05/14 18:50:55 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Roaming\HPAppData
[2013/05/13 22:50:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/05/13 22:29:12 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Ed\Desktop\aswMBR.exe
[2013/05/13 22:29:12 | 000,404,896 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Ed\Desktop\sc-cleaner.exe
[2013/05/12 11:59:21 | 000,000,000 | ---D | C] -- C:\Users\Ed\Desktop\OTL fix
[2013/05/09 21:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/05/09 20:54:54 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{75B79B04-1CC2-48E2-BDFE-607F99AFC55B}
[2013/05/09 07:23:05 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{B3B5D0EF-6FBE-40CA-A4A7-65467DA14B0B}
[2013/05/08 14:18:18 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{5DBDC8C7-F1C4-4376-9275-4064F5BF7E34}
[2013/05/07 21:15:28 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\MicroVision Applications
[2013/05/07 19:45:41 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{B1E17FE6-3F16-4E44-9C7D-0ACC8C4EFB00}
[2013/05/07 19:21:27 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\Sony
[2013/05/07 19:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2013/05/07 18:37:17 | 000,000,000 | ---D | C] -- C:\Users\Ed\Documents\Jess Wedding Music
[2013/05/07 16:46:07 | 000,000,000 | ---D | C] -- C:\$AVG
[2013/05/07 16:43:57 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2013/05/07 15:42:18 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Roaming\vlc
[2013/05/07 15:41:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/05/07 15:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013/05/07 07:45:30 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{12FC7E38-10B8-469F-BB79-62C948A82FC5}
[2013/05/06 21:25:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ed\Desktop\OTL.exe
[2013/05/06 10:07:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/05/06 10:07:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/05/06 10:07:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/05/06 10:04:33 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/05/06 10:03:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/06 09:15:27 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{CB6AB4E8-DF70-4263-A83B-D1BBD563B3AF}
[2013/05/02 14:01:47 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{886EB09B-28FB-4D5A-80EA-52833FD269D5}
[2013/04/29 17:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\Morley-IAS by Honeywell
[2013/04/29 16:12:14 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{D6BB5D0F-9149-4BE7-BFF9-1528D83F040E}
[2013/04/25 13:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vimicro USB2.0 UVC PC Camera
[2013/04/25 13:36:32 | 000,000,000 | ---D | C] -- C:\Users\Ed\Desktop\UVC
[2013/04/25 13:35:37 | 000,000,000 | ---D | C] -- C:\Windows\VMUVC
[2013/04/25 13:32:18 | 000,398,720 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\drivers\vvftUVC.sys
[2013/04/25 13:32:11 | 000,188,416 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\vvftUVC.ax
[2013/04/25 13:32:11 | 000,094,208 | ---- | C] (Vimicro Cooperation) -- C:\Windows\System32\VvFtCtrl.dll
[2013/04/25 13:31:22 | 000,011,776 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\VMUVC.dll
[2013/04/25 13:31:18 | 000,516,096 | ---- | C] (vimicro) -- C:\Windows\System32\VMUVC.ax
[2013/04/25 13:31:17 | 000,073,728 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\exvmuvc.ax
[2013/04/25 13:31:16 | 000,252,928 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\drivers\VMUVC.sys
[2013/04/25 13:31:16 | 000,098,304 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\VMCtrl.ax
[2013/04/25 13:31:14 | 000,000,000 | ---D | C] -- C:\Program Files\Vimicro Corporation
[2013/04/25 12:37:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam
[2013/04/24 14:44:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Texecom
[2013/04/24 14:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\Texecom
[2013/04/22 18:31:22 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\Cisco
[2013/04/22 18:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2013/04/22 18:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2013/04/22 18:15:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/21 18:52:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/21 18:40:34 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/21 18:40:34 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/21 18:37:59 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/21 17:32:37 | 000,354,299 | ---- | M] (Farbar) -- C:\Users\Ed\Desktop\FSS.exe
[2013/05/21 12:00:05 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\Security Platform Backup Schedule.job
[2013/05/21 12:00:05 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\Embedded Security Backup Schedule.job
[2013/05/21 09:56:15 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/05/20 20:52:00 | 000,000,874 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/20 16:40:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/20 16:40:27 | 3086,278,656 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/20 16:38:36 | 000,012,780 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/05/20 16:38:02 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/05/20 15:51:06 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/05/20 07:32:45 | 000,005,764 | ---- | M] () -- C:\Users\Ed\Desktop\fix2.bat
[2013/05/19 19:56:10 | 000,000,835 | ---- | M] () -- C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_04207671.lnk
[2013/05/19 19:21:19 | 000,000,903 | ---- | M] () -- C:\Users\Ed\Desktop\fix1.bat
[2013/05/19 18:51:47 | 000,123,960 | ---- | M] () -- C:\NEW MALWARE.zip
[2013/05/19 15:39:08 | 000,000,098 | ---- | M] () -- C:\Users\Ed\Desktop\fix.bat
[2013/05/19 15:28:27 | 000,000,835 | ---- | M] () -- C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_50375998.lnk
[2013/05/18 21:49:37 | 000,716,846 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/18 21:49:36 | 000,148,114 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/17 09:54:20 | 001,785,704 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/17 01:01:36 | 165,538,512 | ---- | M] () -- C:\Users\Ed\Desktop\setup_11.0.0.1245.x01_2013_05_17_00_57.exe
[2013/05/17 00:56:29 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\50375998.sys
[2013/05/17 00:56:29 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\04207671.sys
[2013/05/15 15:42:51 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/05/15 14:12:46 | 000,002,579 | ---- | M] () -- C:\Users\Public\Desktop\Fire 6.23A.lnk
[2013/05/13 22:48:00 | 000,000,512 | ---- | M] () -- C:\Users\Ed\Desktop\MBR.dat
[2013/05/13 21:47:02 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Ed\Desktop\aswMBR.exe
[2013/05/13 21:41:54 | 000,404,896 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Ed\Desktop\sc-cleaner.exe
[2013/05/10 13:49:37 | 000,001,426 | ---- | M] () -- C:\Users\Ed\Desktop\DivX Movies.lnk
[2013/05/10 13:49:02 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2013/05/10 13:48:02 | 000,000,957 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2013/05/10 13:42:03 | 000,000,000 | ---- | M] () -- C:\END
[2013/05/07 19:49:52 | 000,071,432 | ---- | M] () -- C:\Users\Ed\Documents\Life House - Everything 1st Dance.mp3.sfk
[2013/05/07 19:35:38 | 000,002,396 | ---- | M] () -- C:\Users\Ed\Documents\Register Sound Forge Pro.htm
[2013/05/07 19:22:02 | 000,000,987 | ---- | M] () -- C:\Users\Public\Desktop\Sound Forge Pro 10.0.lnk
[2013/05/07 18:32:10 | 000,013,734 | ---- | M] () -- C:\Users\Ed\Documents\SONY.Sound.Forge.Pro.10.Build.507.(patch-keygen.DI).torrent
[2013/05/07 18:09:08 | 000,002,384 | ---- | M] () -- C:\Users\Ed\Documents\Activate MP3 Plug-In.htm
[2013/05/07 17:54:23 | 000,072,272 | ---- | M] () -- C:\Users\Ed\Documents\Sound 1.mpg.sfk
[2013/05/07 17:54:12 | 005,867,520 | ---- | M] () -- C:\Users\Ed\Documents\Sound 1.mpg
[2013/05/07 17:54:12 | 000,000,032 | ---- | M] () -- C:\Users\Ed\Documents\Sound 1.mpg.sfl
[2013/05/07 15:41:30 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/05/06 21:17:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ed\Desktop\OTL.exe
[2013/05/06 10:20:36 | 000,000,566 | ---- | M] () -- C:\Users\Ed\Desktop\ComboFix.exe - Shortcut.lnk
[2013/05/03 14:15:50 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2013/05/01 16:53:56 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/01 14:56:07 | 000,002,579 | ---- | M] () -- C:\Users\Public\Desktop\Fire 6.21B.lnk
[2013/04/25 12:37:34 | 000,000,906 | ---- | M] () -- C:\Users\Ed\Application Data\Microsoft\Internet Explorer\Quick Launch\ManyCam.lnk
[2013/04/25 12:37:34 | 000,000,882 | ---- | M] () -- C:\Users\Public\Desktop\ManyCam.lnk
[2013/04/24 16:46:13 | 000,000,894 | ---- | M] () -- C:\Users\Public\Desktop\Wintex.lnk
[2013/04/24 14:45:13 | 000,000,011 | ---- | M] () -- C:\Users\Ed\Premier Flasher.conf
[2013/04/24 14:44:23 | 000,001,043 | ---- | M] () -- C:\Users\Public\Desktop\Premier Elite Flasher.lnk
[2013/04/23 07:36:55 | 000,001,995 | ---- | M] () -- C:\Users\Ed\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/22 18:28:15 | 000,001,102 | ---- | M] () -- C:\Users\Ed\Desktop\Cisco AnyConnect VPN Client.lnk
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/20 07:32:45 | 000,005,764 | ---- | C] () -- C:\Users\Ed\Desktop\fix2.bat
[2013/05/19 19:56:10 | 000,000,835 | ---- | C] () -- C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_04207671.lnk
[2013/05/19 19:21:19 | 000,000,903 | ---- | C] () -- C:\Users\Ed\Desktop\fix1.bat
[2013/05/19 18:49:37 | 000,123,960 | ---- | C] () -- C:\NEW MALWARE.zip
[2013/05/19 15:39:08 | 000,000,098 | ---- | C] () -- C:\Users\Ed\Desktop\fix.bat
[2013/05/19 15:28:27 | 000,000,835 | ---- | C] () -- C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_50375998.lnk
[2013/05/18 19:36:07 | 165,538,512 | ---- | C] () -- C:\Users\Ed\Desktop\setup_11.0.0.1245.x01_2013_05_17_00_57.exe
[2013/05/15 15:42:51 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/05/15 15:42:49 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/05/13 22:48:00 | 000,000,512 | ---- | C] () -- C:\Users\Ed\Desktop\MBR.dat
[2013/05/10 13:49:02 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2013/05/10 13:48:02 | 000,000,957 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2013/05/10 13:42:03 | 000,000,000 | ---- | C] () -- C:\END
[2013/05/07 19:48:46 | 000,071,432 | ---- | C] () -- C:\Users\Ed\Documents\Life House - Everything 1st Dance.mp3.sfk
[2013/05/07 19:27:52 | 000,002,396 | ---- | C] () -- C:\Users\Ed\Documents\Register Sound Forge Pro.htm
[2013/05/07 19:22:02 | 000,000,987 | ---- | C] () -- C:\Users\Public\Desktop\Sound Forge Pro 10.0.lnk
[2013/05/07 18:32:10 | 000,013,734 | ---- | C] () -- C:\Users\Ed\Documents\SONY.Sound.Forge.Pro.10.Build.507.(patch-keygen.DI).torrent
[2013/05/07 17:54:12 | 000,072,272 | ---- | C] () -- C:\Users\Ed\Documents\Sound 1.mpg.sfk
[2013/05/07 17:54:12 | 000,000,032 | ---- | C] () -- C:\Users\Ed\Documents\Sound 1.mpg.sfl
[2013/05/07 17:54:06 | 005,867,520 | ---- | C] () -- C:\Users\Ed\Documents\Sound 1.mpg
[2013/05/07 17:29:26 | 000,002,384 | ---- | C] () -- C:\Users\Ed\Documents\Activate MP3 Plug-In.htm
[2013/05/07 16:48:36 | 000,000,842 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/05/07 15:41:30 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/05/06 10:20:36 | 000,000,566 | ---- | C] () -- C:\Users\Ed\Desktop\ComboFix.exe - Shortcut.lnk
[2013/05/06 10:07:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/05/06 10:07:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/05/06 10:07:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/05/06 10:07:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/05/06 10:07:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/05/01 17:01:26 | 3086,278,656 | -HS- | C] () -- C:\hiberfil.sys
[2013/04/29 17:43:18 | 000,002,579 | ---- | C] () -- C:\Users\Public\Desktop\Fire 6.23A.lnk
[2013/04/29 17:40:28 | 000,002,579 | ---- | C] () -- C:\Users\Public\Desktop\Fire 6.21B.lnk
[2013/04/25 12:37:34 | 000,000,906 | ---- | C] () -- C:\Users\Ed\Application Data\Microsoft\Internet Explorer\Quick Launch\ManyCam.lnk
[2013/04/25 12:37:34 | 000,000,882 | ---- | C] () -- C:\Users\Public\Desktop\ManyCam.lnk
[2013/04/24 16:46:13 | 000,000,894 | ---- | C] () -- C:\Users\Public\Desktop\Wintex.lnk
[2013/04/24 14:45:13 | 000,000,011 | ---- | C] () -- C:\Users\Ed\Premier Flasher.conf
[2013/04/24 14:44:23 | 000,001,043 | ---- | C] () -- C:\Users\Public\Desktop\Premier Elite Flasher.lnk
[2013/04/22 18:28:15 | 000,001,102 | ---- | C] () -- C:\Users\Ed\Desktop\Cisco AnyConnect VPN Client.lnk
[2013/02/12 13:52:10 | 000,000,680 | ---- | C] () -- C:\Users\Ed\AppData\Local\d3d9caps.dat
[2012/08/30 23:16:16 | 000,027,520 | ---- | C] () -- C:\Users\Ed\AppData\Local\dt.dat
[2011/10/11 13:23:25 | 000,406,016 | ---- | C] () -- C:\Windows\System32\PSDrvCheck.exe
[2011/10/07 17:23:24 | 000,003,654 | ---- | C] () -- C:\Windows\System32\drivers\Sonyhcp.dll
[2010/07/23 00:11:17 | 000,000,459 | ---- | C] () -- C:\Users\Ed\AppData\Roaming\plugins.xml
[2009/05/19 00:30:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/09/23 09:21:34 | 000,006,144 | ---- | C] () -- C:\Users\Ed\Comms.XG1
[2008/09/23 09:21:34 | 000,006,144 | ---- | C] () -- C:\Users\Ed\Comms.XG0
[2008/09/23 09:21:34 | 000,006,144 | ---- | C] () -- C:\Users\Ed\Comms.X02
[2008/09/23 09:21:34 | 000,006,144 | ---- | C] () -- C:\Users\Ed\Comms.DB
[2008/09/23 09:21:34 | 000,004,096 | ---- | C] () -- C:\Users\Ed\Comms.YG1
[2008/09/23 09:21:34 | 000,004,096 | ---- | C] () -- C:\Users\Ed\Comms.YG0
[2008/09/23 09:21:34 | 000,004,096 | ---- | C] () -- C:\Users\Ed\Comms.Y02
[2008/09/23 09:21:34 | 000,004,096 | ---- | C] () -- C:\Users\Ed\Comms.PX
[2008/09/23 09:21:34 | 000,000,777 | ---- | C] () -- C:\Users\Ed\Comms.VAL
[2008/02/16 00:08:33 | 000,105,984 | ---- | C] () -- C:\Users\Ed\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 13:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/11/23 21:31:23 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\ALK Technologies
[2012/10/15 17:48:25 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\AVG2013
[2009/12/28 12:00:08 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\AVG9
[2008/09/26 23:40:13 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/02/18 01:12:35 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Credential Manager
[2013/05/20 17:27:42 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Dropbox
[2008/02/12 22:53:42 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Hewlett Packard
[2011/12/25 14:15:26 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\HTC
[2008/02/12 22:52:13 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Infineon
[2008/04/29 18:40:02 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\InterVideo
[2010/09/10 00:11:17 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\JAVAUpdate9
[2008/04/24 01:36:34 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Jeyo
[2012/11/23 02:39:24 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\ManyCam
[2011/06/13 23:42:58 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Maxtor Quick Start
[2011/03/25 20:21:02 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Opera
[2010/09/21 19:46:00 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\PandoraRecovery
[2013/05/07 19:49:50 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Publish Providers
[2008/02/16 00:55:43 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\SampleView
[2013/05/07 19:36:20 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Sony
[2009/11/28 20:00:48 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Teleca
[2011/10/25 21:31:37 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Thunderbird
[2009/01/15 21:18:48 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\TomTom
[2009/09/03 16:14:51 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Trusteer
[2013/05/19 15:19:49 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\uTorrent
[2010/11/25 19:01:12 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Windows Live Writer
[2008/02/12 23:02:49 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\{A004037C-8B9A-4390-9074-1D3EEE0A3BDF}

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:C895616B
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
  • 0

#60
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi Ed,

You're all clean :thumbsup:

We just have a little tidying up to do before I can send you on your way:

SFC Scan

  • Click on the Start Posted Image button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • When command prompt opens, copy and paste the following commands into it, press enter after each

    sfc /scannow

    Wait for this to finish before you continue

    copy %windir%\logs\cbs\cbs.log %userprofile%\Desktop\cbs.txt

  • This will create a file, cbs.txt on your Desktop. Please attach this to your next post.

Uninstall ComboFix

  • Hold the Windows Key and press R to bring up the Run dialogue box
  • In this box, type Combofix /Uninstall and press OK
    Notice the space between the x and the /

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

P2P Warning

P2P File sharing programs (uTorrent, Bittorrent, Vuze, Limewire, Kazaa etc.) need to be avoided to reduce the risk of infection. When visiting file sharing sites you usually get more than you intend to, these downloads are commonly laced with infections with varying effects - allowing remote access to your computer and stealing passwords being the most common.

Many underground websites, that host cracks or keygens, can be equally bad. Not only can the downloads be infected, but innocent looking banners can contain malicious flash code that installs malware on your system. These files are also illegal.

Should you continue to use these websites/software after my assistance then there is a very high chance you will get infected again - putting your files and passwords at stake, just ask yourself is it really worth the risk?

System Restore

To manually create a new Restore Point
  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advance System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create
Now we can purge the infected ones
  • Go back to the System and Maintenance page
  • Select Performance Information and Tools
  • On the left select Open Disk Cleanup
  • Select Files from all users and accept the warning if you get one
  • In the drop down box select your main drive i.e. C
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete
You are now done

MVPs HOSTS File

  • Download the MVPs HOSTS File to your desktop
  • Extract the files from the .zip folder
  • Right click on mvps.bat and select Run As Administrator
  • This should open up a command window, follow the on screen instructions
  • Open your start menu, and type cmd
  • Right click on cmd and select Run As Administrator
  • When it opens, type the following:
ipconfig /flushdns

WOT Link Scanning

  • Install WOT (Web Of Trust) from here Safe Browsing Tool - WOT
  • This program provides information about the safety of websites and links that you visit.
  • The ratings can be found below:

    Green - Website is highly rated
    Yellow - Website should be used with caution
    Red - Website should be avoided
  • A complete list of the symbols can be found here
WOT provides colour coded link scanning for websites and allows you to see whether a link you are about to click on is bad - e.g. malicious.

OTL CleanUp

  • Open OTL
  • Click CleanUp
This will remove all of the tools that we have used (and their subsequent logs) from your system, leaving you as good as new.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application.

Upgrading Java :
Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, then click on Remove Java Runtime.
  • Select the Java version you have from the drop down list, and then click on Run Uninstaller
  • Press Yes if it asks to uninstall the product.
  • Allow the uninstaller to remove the installed version.
  • When its finished, go back to JavaRa, and click Back
  • Click on Update Java Runtime and then select Download and install latest version.
  • Press Next
  • Press Java Manual Download.
  • A browser window will open with the Java download page.
  • Click the Windows offline link to download Java.
  • Run the installer.
  • Close JavaRa

Uninstall Software

  • Click on the Start Posted Image button and select Control Panel
  • Click on Programs then click on Uninstall a program
  • You will now see a list of your installed software, double click on the following one by one to uninstall them:

    • Adobe Reader X (10.1.6)
  • Once you have done this, reboot your computer

The latest version of Adobe Reader can be downloaded from here: http://get.adobe.com/uk/reader/

Make sure you untick the box labelled: Yes, install McAfee Security Scan Plus - optional (0.9 MB)

Tom
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP