Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Botware rootkit elrawdsk, boot from Win7 (recovered)

Started by Bucpaul36 , Jul 11 2013 12:13 PM

  • This topic is locked This topic is locked

#1
Bucpaul36
Posted 11 July 2013 - 12:13 PM

Bucpaul36

    New Member

  • Member
  • Pip
  • 1 posts
Thank You for your time.

I have a windows 7 64 hp laptop. It doesn't boot from the correct boot file. Instead its from a screen that says ramdisk, windows7(recovered), or Memory test.

Their are new user profiles in the permissions section. Allowing only new users not admin or any other authority. Strange Notepad or Txt files. With characters missing or unreadable.

That I can not delete or move all I can do is alter and save. causing it to error in log when it gets returned to previous state. I believe it was botware, or Mall ware

and Kaskasperkey eventually caught it but only parts I guess. Because I could never get rid of it entirely.

I had used Drive scrubber to erase drive after recovery partition became useless. But my recovery disks were infected but I also found but couldn't effect a hidden section of

the hard drive.

Recovery disks where useless till drive scrubber I thought got it

I have run TDSSkiller, Combofix, MBRcheck and now OTL


Access violations, Security audit Fails,

Please Help me to rid myself of a Chinese curse.

I appreciate your time and your knowledge. I know these things are very valuable to us. Its all I have to market as well.

Thanks Again

OTL logfile created on: 7/11/2013 8:40:28 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jeremybuc\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 49.16% Memory free
7.49 Gb Paging File | 5.52 Gb Available in Paging File | 73.65% Paging File free
Paging file location(s): Reg Error: Value error.

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 595.87 Gb Total Space | 473.96 Gb Free Space | 79.54% Space Free | Partition Type: NTFS
Drive D: | 3.69 Gb Total Space | 0.01 Gb Free Space | 0.14% Space Free | Partition Type: FAT32
Drive G: | 99.34 Mb Total Space | 89.16 Mb Free Space | 89.76% Space Free | Partition Type: FAT32

Computer Name: JEREMYBUC-HP | User Name: Jeremybuc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/11 08:40:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jeremybuc\Downloads\OTL.exe
PRC - [2013/07/09 14:25:30 | 002,240,864 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jeremybuc\Desktop\tdsskiller.exe
PRC - [2013/05/29 11:10:32 | 001,072,664 | ---- | M] (iolo technologies, LLC) -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2013/04/05 12:59:08 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2011/06/14 14:29:22 | 000,587,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2011/06/14 14:29:22 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/06/24 23:32:50 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
PRC - [2010/04/23 19:42:36 | 000,625,416 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/11 07:33:12 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll
MOD - [2013/07/11 07:32:48 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f95e6b6a92e3e28a3b553fe2998dd308\System.Data.ni.dll
MOD - [2013/07/11 07:32:37 | 014,645,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0e4646dbe6eae8f4daf456384fccf456\PresentationFramework.ni.dll
MOD - [2013/07/11 07:32:02 | 012,622,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\a82d4883c22d222f9b438fae352d8c14\PresentationCore.ni.dll
MOD - [2013/07/11 07:31:45 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll
MOD - [2013/07/11 07:31:39 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll
MOD - [2013/07/11 07:31:32 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/05/15 23:33:36 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2013/05/07 08:36:26 | 000,037,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2013/04/15 16:56:17 | 001,253,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
MOD - [2013/01/28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/01/28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/04 19:58:10 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010/11/04 19:58:09 | 000,385,024 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2010/11/04 19:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/02/09 19:58:30 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/02/09 19:58:28 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/02/09 19:58:24 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2010/02/09 19:58:24 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2010/02/09 19:58:22 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2010/02/09 19:58:22 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2010/02/09 19:58:18 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2010/02/09 19:58:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/06/06 00:54:04 | 001,900,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/09/20 01:56:00 | 000,203,264 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/06/18 17:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/06/09 03:06:18 | 000,258,048 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/04/23 19:42:40 | 000,445,192 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2010/02/23 08:38:54 | 002,192,176 | ---- | M] (Validity Sensors, Inc.) [Disabled | Stopped] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2009/03/03 04:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2013/07/11 00:26:33 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/05 02:36:18 | 000,117,144 | ---- | M] (Mozilla Foundation) [Auto | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/27 12:15:06 | 000,173,192 | ---- | M] (Microsoft Corp.) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2013/05/29 11:10:32 | 001,072,664 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2013/03/01 12:11:32 | 000,161,384 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/01/31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/14 14:29:22 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/06/29 21:51:12 | 000,245,232 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe -- (CLKMSVC10_C6F09094)
SRV - [2010/06/12 19:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/04/03 17:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/23 08:19:02 | 001,799,472 | ---- | M] (Validity Sensors, Inc.) [Disabled | Stopped] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2010/01/30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/05/13 15:36:06 | 000,050,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2013/03/25 14:41:46 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2013/03/17 23:36:24 | 000,082,160 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PDFsFilter.sys -- (PDFsFilter)
DRV:64bit: - [2013/03/14 01:00:03 | 000,030,752 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/20 09:42:44 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/08/12 10:13:26 | 000,017,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AQFileRestore.sys -- (AQFileRestore)
DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/20 02:14:16 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/20 01:21:04 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/06/24 23:32:52 | 000,032,880 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/06/09 03:06:18 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/05/06 07:21:00 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/03/22 12:11:12 | 000,049,752 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SBREDrv.sys -- (SBRE)
DRV:64bit: - [2010/02/08 23:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/12/22 03:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/11/27 19:45:06 | 000,295,424 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/08/23 19:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 14:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3D354BA0-4FE3-4B5D-9817-428B6FA11D60}
IE:64bit: - HKLM\..\SearchScopes\{3D354BA0-4FE3-4B5D-9817-428B6FA11D60}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{73F959AD-F98C-4C0A-93B1-E5D93FD64019}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{BDEA083E-F2F5-4ECD-BB1D-93EDF19A0CCC}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE:64bit: - HKLM\..\SearchScopes\{CC472F28-C82F-4882-A095-DF0479CC11E2}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes,DefaultScope = {3D354BA0-4FE3-4B5D-9817-428B6FA11D60}
IE - HKLM\..\SearchScopes\{3D354BA0-4FE3-4B5D-9817-428B6FA11D60}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{73F959AD-F98C-4C0A-93B1-E5D93FD64019}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{BDEA083E-F2F5-4ECD-BB1D-93EDF19A0CCC}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{CC472F28-C82F-4882-A095-DF0479CC11E2}: "URL" = http://search.yahoo....psg&type=HPNTDF

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...=UP74&dt=032113
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A3 41 23 7F 2E 24 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {3D354BA0-4FE3-4B5D-9817-428B6FA11D60}
IE - HKCU\..\SearchScopes\{3D354BA0-4FE3-4B5D-9817-428B6FA11D60}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{73F959AD-F98C-4C0A-93B1-E5D93FD64019}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B84625510-7e5d-11e0-a411-0800200c9a66%7D:1.17
FF - prefs.js..extensions.enabledAddons: %7B6db34f82-ca4a-459e-927e-1f3bdf9e5fcd%7D:0.1
FF - prefs.js..extensions.enabledAddons: lmnPopVideo%40lshai.com:0.6.8
FF - prefs.js..extensions.enabledAddons: hotmailwatcher%40sonthakit:1.61
FF - prefs.js..extensions.enabledAddons: ntortarolo%40hotmail.com:3.3.3
FF - prefs.js..extensions.enabledAddons: cloudmagic%40cloudmagic:3.0.3
FF - prefs.js..extensions.enabledAddons: %7Bf69e22c7-bc50-414a-9269-0f5c344cd94c%7D:7.2
FF - prefs.js..extensions.enabledAddons: %7BDA144265-8D9B-4380-B8F7-9F85E2C37D05%7D:0.7.4.75
FF - prefs.js..extensions.enabledAddons: %7B900ef094-54b8-408b-9765-864c2e28d1ab%7D:1.0.5
FF - prefs.js..extensions.enabledAddons: ops%40secretsocial.com:1.0
FF - prefs.js..extensions.enabledAddons: btpersonas%40brandthunder.com:1.6.3.5
FF - prefs.js..extensions.enabledAddons: afurladvisor%40anchorfree.com:3.09
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2013/03/11 22:36:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/03/23 15:10:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/03/23 15:10:31 | 000,000,000 | ---D | M]

[2013/03/11 11:59:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeremybuc\AppData\Roaming\Mozilla\Extensions
[2013/07/07 00:23:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeremybuc\AppData\Roaming\Mozilla\Firefox\Profiles\jbsbv8m5.default\extensions
[2013/07/05 02:39:28 | 000,000,000 | ---D | M] (Bloody Red) -- C:\Users\Jeremybuc\AppData\Roaming\Mozilla\Firefox\Profiles\jbsbv8m5.default\extensions\{2458abc0-f443-11dd-87af-0800200c9a66}
[2013/03/18 20:17:34 | 000,000,000 | ---D | M] (Pink Fox) -- C:\Users\Jeremybuc\AppData\Roaming\Mozilla\Firefox\Profiles\jbsbv8m5.default\extensions\{e7348bc0-16f6-11de-8c30-0800200c9a66}
[2013/06/28 23:53:54 | 000,000,000 | ---D | M] (Theme Font & Size Changer) -- C:\Users\Jeremybuc\AppData\Roaming\Mozilla\Firefox\Profiles\jbsbv8m5.default\extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}
[2013/07/07 00:23:48 | 000,000,000 | ---D | M] ("Default Theme Engine - Personas Interactive") -- C:\Users\Jeremybuc\AppData\Roaming\Mozilla\Firefox\Profiles\jbsbv8m5.default\extensions\[email protected]
[2013/05/19 09:23:28 | 000,000,000 | ---D | M] (CloudMagic) -- C:\Users\Jeremybuc\AppData\Roaming\Mozilla\Firefox\Profiles\jbsbv8m5.default\extensions\cloudmagic@cloudmagic
[2013/04/24 07:11:47 | 000,230,938 | ---- | M] () (No name found) -- C:\Users\Jeremybuc\AppData\Roaming\Mozilla\Firefox\Profiles\jbsbv8m5.default\extensions\[email protected]
[2013/06/20 12:41:04 | 000,211,117 | ---- | M] () (No name found) -- C:\Users\Jeremybuc\AppData\Roaming\Mozilla\Firefox\Profiles\jbsbv8m5.default\extensions\[email protected]
[2013/03/18 20:06:41 | 000,173,404 | ---- | M] () (No name found) -- C:\Users\Jeremybuc\AppData\Roaming\Mozilla\Firefox\Profiles\jbsbv8m5.default\extensions\[email protected]
[2013/07/07 00:19:36 | 000,171,607 | ---- | M] () (No name found) -- C:\Users\Jeremybuc\AppData\Roaming\Mozilla\Firefox\Profiles\jbsbv8m5.default\extensions\[email protected]
[2013/04/24 06:17:48 | 000,172,045 | ---- | M] () (No name found) -- C:\Users\Jeremybuc\AppData\Roaming\Mozilla\Firefox\Profiles\jbsbv8m5.default\extensions\[email protected]
[2013/07/07 00:15:03 | 000,174,850 | ---- | M] () (No name found) -- C:\Users\Jeremybuc\AppData\Roaming\Mozilla\Firefox\Profiles\jbsbv8m5.default\extensions\[email protected]
[2013/04/24 07:11:47 | 000,039,858 | ---- | M] () (No name found) -- C:\Users\Jeremybuc\AppData\Roaming\Mozilla\Firefox\Profiles\jbsbv8m5.default\extensions\[email protected]
[2013/04/27 01:01:45 | 000,251,147 | ---- | M] () (No name found) -- C:\Users\Jeremybuc\AppData\Roaming\Mozilla\Firefox\Profiles\jbsbv8m5.default\extensions\[email protected]
[2013/07/07 00:23:47 | 000,063,034 | ---- | M] () (No name found) -- C:\Users\Jeremybuc\AppData\Roaming\Mozilla\Firefox\Profiles\jbsbv8m5.default\extensions\[email protected]
[2013/03/21 00:34:40 | 000,010,595 | ---- | M] () (No name found) -- C:\Users\Jeremybuc\AppData\Roaming\Mozilla\Firefox\Profiles\jbsbv8m5.default\extensions\{6db34f82-ca4a-459e-927e-1f3bdf9e5fcd}.xpi
[2013/03/21 00:34:40 | 000,035,796 | ---- | M] () (No name found) -- C:\Users\Jeremybuc\AppData\Roaming\Mozilla\Firefox\Profiles\jbsbv8m5.default\extensions\{84625510-7e5d-11e0-a411-0800200c9a66}.xpi
[2013/07/07 00:23:47 | 000,091,364 | ---- | M] () (No name found) -- C:\Users\Jeremybuc\AppData\Roaming\Mozilla\Firefox\Profiles\jbsbv8m5.default\extensions\{900ef094-54b8-408b-9765-864c2e28d1ab}.xpi
[2013/07/07 00:23:47 | 000,027,434 | ---- | M] () (No name found) -- C:\Users\Jeremybuc\AppData\Roaming\Mozilla\Firefox\Profiles\jbsbv8m5.default\extensions\{DA144265-8D9B-4380-B8F7-9F85E2C37D05}.xpi
[2013/03/18 20:09:13 | 000,001,449 | ---- | M] () -- C:\Users\Jeremybuc\AppData\Roaming\Mozilla\Firefox\Profiles\jbsbv8m5.default\searchplugins\100-search-engines.xml
[2013/04/23 11:37:15 | 000,002,308 | ---- | M] () -- C:\Users\Jeremybuc\AppData\Roaming\Mozilla\Firefox\Profiles\jbsbv8m5.default\searchplugins\askcom.xml
[2013/03/25 16:27:19 | 000,002,355 | ---- | M] () -- C:\Users\Jeremybuc\AppData\Roaming\Mozilla\Firefox\Profiles\jbsbv8m5.default\searchplugins\topsy-search.xml
[2013/07/07 00:57:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/07/05 02:35:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/07/07 00:57:41 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/07/08 16:10:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/07/05 02:36:19 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/07/08 16:10:55 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\[email protected]

O1 HOSTS File: ([2013/07/11 08:11:12 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: blank ([]about in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08E3E17A-628E-4D06-B789-811EE8C53AF1}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/11 07:59:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/07/11 07:59:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/07/11 07:59:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/07/11 07:59:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/11 07:59:21 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/07/11 03:15:48 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/07/11 03:15:47 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/07/11 03:15:46 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/07/11 03:15:46 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/07/11 03:15:46 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/07/11 03:15:46 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/07/11 03:15:46 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/07/11 03:15:46 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/07/11 03:15:45 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/07/11 03:15:45 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/07/11 03:15:45 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/07/11 03:15:44 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/07/11 03:15:43 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/07/11 03:15:43 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/07/11 03:15:42 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/07/11 02:54:45 | 005,087,643 | R--- | C] (Swearware) -- C:\Users\Jeremybuc\Desktop\ComboFix.exe
[2013/07/11 02:41:15 | 000,312,232 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013/07/11 02:41:12 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013/07/11 02:41:12 | 000,188,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013/07/11 02:41:12 | 000,108,968 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013/07/11 01:59:42 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/07/11 01:59:35 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/07/11 01:59:34 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/07/11 01:48:21 | 000,000,000 | ---D | C] -- C:\Users\Jeremybuc\AppData\Roaming\Oracle
[2013/07/11 01:47:18 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013/07/11 01:35:02 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013/07/11 01:35:01 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013/07/11 01:35:00 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/07/11 01:35:00 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/11 01:19:41 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/07/10 16:35:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shark007 Codecs
[2013/07/10 16:35:22 | 000,000,000 | ---D | C] -- C:\Users\Jeremybuc\AppData\Roaming\Shark007
[2013/07/10 16:35:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Shark007
[2013/07/10 16:35:15 | 003,554,304 | ---- | C] (x264vfw project) -- C:\Windows\SysNative\x264vfw.dll
[2013/07/10 16:35:15 | 000,361,472 | ---- | C] (fccHandler) -- C:\Windows\SysNative\aacacm.acm
[2013/07/10 16:35:15 | 000,180,736 | ---- | C] (fccHandler) -- C:\Windows\SysNative\ac3acm.acm
[2013/07/10 16:35:14 | 001,593,696 | ---- | C] (MPC-HC Team) -- C:\Windows\SysNative\VSFilter.dll
[2013/07/10 16:35:14 | 000,124,909 | ---- | C] (Open Source Software community project) -- C:\Windows\SysNative\pthreadGC2.dll
[2013/07/10 16:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\Shark007
[2013/07/09 16:21:08 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/07/09 14:26:32 | 000,207,968 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\13432585.sys
[2013/07/09 14:19:04 | 002,240,864 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jeremybuc\Desktop\tdsskiller.exe
[2013/07/08 14:25:20 | 000,000,000 | ---D | C] -- C:\Users\Jeremybuc\Desktop\video
[2013/07/07 13:26:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Hotspot Shield
[2013/07/07 01:01:59 | 000,000,000 | ---D | C] -- C:\Users\Jeremybuc\AppData\Local\twitter
[2013/07/07 00:57:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
[2013/07/07 00:57:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Hotspot Shield
[2013/07/07 00:57:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hotspot Shield
[2013/07/07 00:57:26 | 000,000,000 | ---D | C] -- C:\Users\Jeremybuc\AppData\Roaming\RealNetworks
[2013/07/07 00:57:26 | 000,000,000 | ---D | C] -- C:\Users\Jeremybuc\AppData\Roaming\Hotspot Shield
[2013/07/07 00:56:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2013/07/07 00:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013/07/07 00:56:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2013/07/07 00:56:11 | 000,201,872 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2013/07/07 00:56:00 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2013/07/07 00:56:00 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2013/07/07 00:55:59 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2013/07/07 00:55:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013/07/07 00:55:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2013/07/07 00:55:11 | 000,000,000 | ---D | C] -- C:\Users\Jeremybuc\AppData\Roaming\Real
[2013/07/07 00:40:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2013/07/07 00:40:32 | 000,000,000 | ---D | C] -- C:\Users\Jeremybuc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TweetDeck
[2013/07/07 00:40:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Twitter
[2013/07/05 04:14:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/07/05 04:13:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/07/05 04:13:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/07/05 04:13:45 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/07/05 02:58:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/07/05 02:58:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013/07/05 02:35:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/06/29 17:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2013/06/29 17:02:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2013/06/29 09:56:04 | 000,000,000 | ---D | C] -- C:\e3dd2965bd9731f04e5db3be
[2013/06/29 00:39:30 | 002,155,688 | ---- | C] (iolo technologies, LLC) -- C:\Windows\SysNative\Incinerator64.dll
[2013/06/29 00:39:28 | 002,097,472 | ---- | C] (iolo technologies, LLC) -- C:\Windows\SysWow64\Incinerator32.dll
[2013/06/28 20:18:00 | 000,000,000 | ---D | C] -- C:\Users\Jeremybuc\Desktop\Corel Auto-Preserve
[2013/06/20 19:09:46 | 000,042,184 | ---- | C] (Anchorfree Inc.) -- C:\Windows\SysNative\drivers\taphss6.sys
[2013/06/20 19:07:16 | 000,046,792 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[2013/06/20 11:47:52 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/06/13 13:36:36 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/06/13 13:36:36 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/06/13 13:23:00 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/06/13 13:23:00 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013/06/13 13:23:00 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013/06/13 13:22:59 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/06/13 13:22:59 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013/06/13 13:22:59 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013/06/13 13:06:10 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013/06/13 13:06:10 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013/06/13 12:54:38 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/06/13 12:54:38 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/06/13 12:52:52 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/03/14 02:56:41 | 091,646,040 | ---- | C] (iolo technologies, LLC ) -- C:\Users\Jeremybuc\SystemMechanicPro.exe
[2012/08/01 16:39:06 | 001,201,944 | ---- | C] (Hewlett-Packard ) -- C:\Users\Jeremybuc\BIOS uefi update.exe
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/11 08:17:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/11 08:11:12 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/07/11 07:56:42 | 005,087,643 | R--- | M] (Swearware) -- C:\Users\Jeremybuc\Desktop\ComboFix.exe
[2013/07/11 07:56:20 | 000,001,184 | ---- | M] () -- C:\Users\Public\Desktop\Install Microsoft Mouse and Keyboard Center.lnk
[2013/07/11 07:24:42 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/11 07:24:42 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/11 07:22:59 | 000,973,016 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/11 07:22:59 | 000,804,292 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/11 07:22:59 | 000,167,780 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/11 07:15:17 | 000,315,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/11 07:15:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/11 07:14:34 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/11 02:42:12 | 000,000,000 | ---- | M] () -- C:\Users\Jeremybuc\Desktop\MBRCheck.exe.v9l14b6.partial
[2013/07/11 02:40:54 | 000,108,968 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013/07/11 02:40:52 | 000,312,232 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013/07/11 02:40:52 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013/07/11 02:40:51 | 000,188,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013/07/11 02:40:50 | 001,093,032 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013/07/11 02:40:50 | 000,972,712 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013/07/11 02:22:09 | 000,014,437 | ---- | M] () -- C:\Users\Jeremybuc\Desktop\hpservice.zip
[2013/07/11 01:59:25 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/07/11 01:59:23 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/07/11 01:59:22 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/07/11 01:59:22 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/07/11 01:59:22 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/07/11 01:59:22 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/07/11 00:26:29 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/07/11 00:26:29 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/07/09 14:26:32 | 000,207,968 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\13432585.sys
[2013/07/09 14:25:30 | 002,240,864 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jeremybuc\Desktop\tdsskiller.exe
[2013/07/09 14:14:38 | 001,835,008 | ---- | M] () -- C:\Users\Jeremybuc\Desktop\tdsskiller.zip
[2013/07/09 10:20:58 | 000,365,055 | ---- | M] () -- C:\Users\Jeremybuc\Documents\f_openadopt.pdf
[2013/07/09 10:12:10 | 000,365,055 | ---- | M] () -- C:\Users\Jeremybuc\Desktop\f_openadopt.pdf
[2013/07/08 16:04:55 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\Hotspot Shield.lnk
[2013/07/07 00:56:57 | 000,001,275 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/07/07 00:56:11 | 000,201,872 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2013/07/07 00:56:00 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2013/07/07 00:56:00 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2013/07/07 00:55:59 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2013/07/07 00:39:48 | 014,643,200 | ---- | M] () -- C:\Users\Jeremybuc\Desktop\TweetDeck.msi
[2013/07/05 04:59:01 | 000,000,022 | ---- | M] () -- C:\Users\Jeremybuc\Desktop\icts.zip
[2013/07/05 04:14:45 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/07/05 02:58:30 | 000,001,856 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/07/02 01:35:37 | 000,008,192 | ---- | M] () -- C:\Users\Jeremybuc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/07/01 21:12:12 | 000,037,795 | ---- | M] () -- C:\Users\Jeremybuc\Desktop\thCATO3I8Y.jpg
[2013/06/29 17:03:56 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2013/06/29 05:06:33 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2013/06/29 00:52:39 | 000,002,356 | ---- | M] () -- C:\Users\Jeremybuc\Desktop\BN21ULDCMAAvxn5.jpg large - Shortcut.lnk
[2013/06/29 00:39:41 | 000,002,282 | ---- | M] () -- C:\Users\Jeremybuc\Desktop\System Mechanic Professional.lnk
[2013/06/28 20:18:03 | 000,245,592 | ---- | M] () -- C:\Users\Jeremybuc\Desktop\telewiring.png
[2013/06/25 13:47:47 | 000,000,861 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013/06/24 20:51:25 | 000,000,017 | ---- | M] () -- C:\Users\Jeremybuc\AppData\Local\resmon.resmoncfg
[2013/06/22 23:16:48 | 000,944,682 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/06/20 19:09:46 | 000,042,184 | ---- | M] (Anchorfree Inc.) -- C:\Windows\SysNative\drivers\taphss6.sys
[2013/06/20 19:07:16 | 000,046,792 | ---- | M] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[2013/06/11 17:43:00 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/06/11 17:42:58 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/06/11 17:42:58 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/06/11 17:42:58 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/06/11 17:42:58 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/06/11 17:26:36 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/06/11 17:25:29 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/06/11 17:25:16 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/06/11 17:25:16 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/06/11 17:25:13 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/06/11 17:25:13 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/06/11 17:25:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/06/11 17:25:13 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/06/11 16:51:45 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/06/11 16:50:58 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/11 07:59:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/07/11 07:59:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/07/11 07:59:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/07/11 07:59:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/07/11 07:59:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/07/11 07:56:20 | 000,001,184 | ---- | C] () -- C:\Users\Public\Desktop\Install Microsoft Mouse and Keyboard Center.lnk
[2013/07/11 02:22:09 | 000,014,437 | ---- | C] () -- C:\Users\Jeremybuc\Desktop\hpservice.zip
[2013/07/10 16:35:17 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2013/07/10 16:35:15 | 000,148,992 | ---- | C] ( ) -- C:\Windows\SysNative\lagarith.dll
[2013/07/10 16:35:14 | 002,231,296 | ---- | C] () -- C:\Windows\SysNative\ac3filter.acm.new
[2013/07/10 16:35:14 | 002,231,296 | ---- | C] () -- C:\Windows\SysNative\ac3filter.acm
[2013/07/10 16:35:14 | 000,580,096 | ---- | C] () -- C:\Windows\SysNative\ac3filter.acm.old
[2013/07/10 16:35:14 | 000,206,336 | ---- | C] () -- C:\Windows\SysNative\unrar64.dll
[2013/07/10 16:35:14 | 000,127,488 | ---- | C] () -- C:\Windows\SysNative\ff_vfw.dll
[2013/07/10 15:29:40 | 000,000,000 | ---- | C] () -- C:\Users\Jeremybuc\Desktop\MBRCheck.exe.v9l14b6.partial
[2013/07/09 13:57:30 | 001,835,008 | ---- | C] () -- C:\Users\Jeremybuc\Desktop\tdsskiller.zip
[2013/07/09 10:20:58 | 000,365,055 | ---- | C] () -- C:\Users\Jeremybuc\Documents\f_openadopt.pdf
[2013/07/09 10:12:10 | 000,365,055 | ---- | C] () -- C:\Users\Jeremybuc\Desktop\f_openadopt.pdf
[2013/07/08 16:04:55 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\Hotspot Shield.lnk
[2013/07/08 14:20:46 | 344,182,784 | ---- | C] () -- C:\Users\Jeremybuc\Documents\MOV07B.MOD
[2013/07/08 14:11:01 | 076,773,376 | ---- | C] () -- C:\Users\Jeremybuc\Desktop\MOV078.MOD
[2013/07/07 00:56:57 | 000,001,275 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/07/07 00:35:27 | 014,643,200 | ---- | C] () -- C:\Users\Jeremybuc\Desktop\TweetDeck.msi
[2013/07/05 04:59:01 | 000,000,022 | ---- | C] () -- C:\Users\Jeremybuc\Desktop\icts.zip
[2013/07/05 04:14:45 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/07/05 02:58:30 | 000,001,856 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/07/01 21:12:27 | 000,037,795 | ---- | C] () -- C:\Users\Jeremybuc\Desktop\thCATO3I8Y.jpg
[2013/06/29 17:03:56 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2013/06/29 05:06:33 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2013/06/29 00:52:39 | 000,002,356 | ---- | C] () -- C:\Users\Jeremybuc\Desktop\BN21ULDCMAAvxn5.jpg large - Shortcut.lnk
[2013/06/28 18:12:58 | 000,245,592 | ---- | C] () -- C:\Users\Jeremybuc\Desktop\telewiring.png
[2013/06/25 13:47:46 | 000,000,861 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013/06/24 20:51:25 | 000,000,017 | ---- | C] () -- C:\Users\Jeremybuc\AppData\Local\resmon.resmoncfg
[2013/03/29 10:21:06 | 000,008,192 | ---- | C] () -- C:\Users\Jeremybuc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/23 15:02:23 | 000,207,019 | ---- | C] () -- C:\Windows\hpoins46.dat
[2013/03/18 22:14:48 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat
[2013/03/15 11:28:30 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2013/03/11 22:09:57 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/03/11 22:01:56 | 000,000,299 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2013/03/11 22:01:56 | 000,000,240 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2013/03/11 19:46:43 | 000,944,682 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 23:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 22:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
  • 0

Advertisements

#2
JSntgRvr
Posted 11 July 2013 - 03:52 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Hi and welcome.

Sounds like a difficult situation. Lets give it a try.

Before we start, please read the following suggestions:

  • Do not download and run tools unless instructed.

    We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.


  • Do not attach logs or use code boxes unless instructed, just copy and paste the text on your reply.

    Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read them in your post.


  • Please read every post completely before doing anything.

    Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

  • Please provide feedback about your experience as we go.

    A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.


NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: Save the instructions in notepad or print them if necessary, so you can have access to these, should you require to go offline during the cleanup process.


---------------------------------------------


Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP