Jump to content

hjc1710

Honorary Members
  • Posts

    32
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I guess my final question is: Do you think it would be safe to move my old Chrome bookmarks to the new Chrome install? Or should I scrap them?
  2. Thanks for the tip! So I should run that program on its own, in Windows 7, before I hook up the drive. Then, plug in the drive via USB, and run the program on that USB drive. Then, finally plug in the cleaned HDD via IDE or SATA?
  3. Sorry for the delay and silence guys. Anyway, my motherboard is fried (12V voltage regulators aren't working properly). This means I'd have to also upgrade my CPU, so I'm just going to basically rebuild and upgrade my computer. This process involves reinstalling Win7 to an SSD no matter what (that's one of the things I've been wanting to do for awhile and one of my major upgrade points), so that sort of solves the problem. I guess my final question would be: Would connecting my old, infected HDD to my motherboard, not as the primary HDD, but just as a HDD, spread the virus to my new install of Win7 on the other drive? I plan on connecting the old HDD, and another one to my mobo when I get everything setup on the SSD and transferring everything important off the infected HDD to the other one, then I'm going to completely reformat the infected HDD. Thoughts? Would you guys use this approach to rescue your old files? Do you know of programs that could help me or safer methods? I do have an external HDD enclosure that connects to USB, and a laptop with Linux on it, so I could take everything through Linux, it would just take a lot longer.
  4. So, another status update. I got my PSU yesterday and installed it... and I'm still having major issues. The comp either boots up and hits a blue screen before loading Windows or loads Windows, runs for 10 minutes, then it loses power, tries to restart itself, fails, and won't turn on again for a few more minutes. Actively trying hard to solve it though, did a lot of troubleshooting today and doing more tomorrow.
  5. My new PSU will be here tomorrow. It was the issue and was dead.
  6. I'm pretty sure its my PSU. Whenever I plug it in, the red light that indicates its getting power doesn't turn on anymore. I'm thinking maybe the Voltage may have been switched to EU ones during the move, but haven't been able to confirm it or fix it yet. I intend to continue working on this and trying to squash this malware after its fixed though.
  7. About the same, the redirects are still happening on Chrome, but they're infrequent now. However, my PC's power supply isn't cooperating so I can't run any more tests or anything.
  8. Clearly a multipost... my bad. Really wish I could delete posts here... I have so many misposts (more so than any other forum and I feel bad). Anyway, happy birthday! Have fun!
  9. Just Google Chrome. I deleted one Malware, the others were archives and the recommended action was skip. Status: Disinfected (events: 2) 7/20/2012 3:43:43 PM Disinfected malware Constructor.Win32.IDL.gv C:\Documents and Settings\Hayden\Desktop\downloads\scrappack.zip Medium 7/20/2012 3:43:43 PM Disinfected malware Constructor.Win32.IDL.gv C:\Documents and Settings\Hayden\Desktop\downloads\scrappack.zip/scrappack/secretword/secretword.exe Medium Status: Deleted (events: 1) 7/20/2012 10:59:08 PM Deleted Trojan program Rootkit.Boot.Wistler.a C:\TDSSKiller_Quarantine\07.07.2012_17.35.30\mbr0000\mbr0000\tsk0000.dta High Status: Detected (events: 1) 7/20/2012 8:51:57 PM Detected Trojan program Rootkit.Boot.Wistler.a C:\TDSSKiller_Quarantine\07.07.2012_17.35.30\mbr0000\mbr0000\tsk0001.dta//mbr High
  10. Just Google Chrome. I deleted one Malware, the others were archives and the recommended action was skip. Status: Disinfected (events: 2) 7/20/2012 3:43:43 PM Disinfected malware Constructor.Win32.IDL.gv C:\Documents and Settings\Hayden\Desktop\downloads\scrappack.zip Medium 7/20/2012 3:43:43 PM Disinfected malware Constructor.Win32.IDL.gv C:\Documents and Settings\Hayden\Desktop\downloads\scrappack.zip/scrappack/secretword/secretword.exe Medium Status: Deleted (events: 1) 7/20/2012 10:59:08 PM Deleted Trojan program Rootkit.Boot.Wistler.a C:\TDSSKiller_Quarantine\07.07.2012_17.35.30\mbr0000\mbr0000\tsk0000.dta High Status: Detected (events: 1) 7/20/2012 8:51:57 PM Detected Trojan program Rootkit.Boot.Wistler.a C:\TDSSKiller_Quarantine\07.07.2012_17.35.30\mbr0000\mbr0000\tsk0001.dta//mbr High
  11. Just Google Chrome. I deleted one Malware, the others were archives and the recommended action was skip. Status: Disinfected (events: 2) 7/20/2012 3:43:43 PM Disinfected malware Constructor.Win32.IDL.gv C:\Documents and Settings\Hayden\Desktop\downloads\scrappack.zip Medium 7/20/2012 3:43:43 PM Disinfected malware Constructor.Win32.IDL.gv C:\Documents and Settings\Hayden\Desktop\downloads\scrappack.zip/scrappack/secretword/secretword.exe Medium Status: Deleted (events: 1) 7/20/2012 10:59:08 PM Deleted Trojan program Rootkit.Boot.Wistler.a C:\TDSSKiller_Quarantine\07.07.2012_17.35.30\mbr0000\mbr0000\tsk0000.dta High Status: Detected (events: 1) 7/20/2012 8:51:57 PM Detected Trojan program Rootkit.Boot.Wistler.a C:\TDSSKiller_Quarantine\07.07.2012_17.35.30\mbr0000\mbr0000\tsk0001.dta//mbr High
  12. Damn, so close. The frequency of redirects has dropped significantly. But I'm still getting them, about 1 in 10 tries though. Any further thoughts?
  13. ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=b57bf98d5d3ce043848583f49f8ed049 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-07-17 11:34:52 # local_time=2012-07-17 06:34:52 (-0600, Central Daylight Time) # country="United States" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=1029 16777213 100 93 0 85482730 0 0 # compatibility_mode=5893 16776573 100 94 0 94056589 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=805444 # found=2 # cleaned=2 # scan_time=11753 C:\Qoobox\Quarantine\C\Users\Hayden\AppData\Local\Adobe\28050\ofonmws.dll.vir a variant of Win32/Kryptik.AIGG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Hayden\AppData\Roaming\Uniblue\RegistryBooster 2010\_temp\ub.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  14. --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 97792 ----a-w- c:\users\Hayden\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 97792 ----a-w- c:\users\Hayden\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 97792 ----a-w- c:\users\Hayden\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 97792 ----a-w- c:\users\Hayden\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-06-15 110360] "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "Cm108Sound"="c:\windows\Syswow64\cm108.dll" [2010-10-13 8757248] . ------- Supplementary Scan ------- . uStart Page = mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local;192.168.*.* IE: &Verzenden naar OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm IE: Open Client to monitor &2 - c:\windows\web\AOpenClient.htm Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 192.168.1.254 DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/PluginSetup.cab FF - ProfilePath - c:\users\Hayden\AppData\Roaming\Mozilla\Firefox\Profiles\om1tisbe.default\ . - - - - ORPHANS REMOVED - - - - . WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file) . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsDepSvc] "ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-645954481-4171391755-2920796181-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (S-1-5-21-645954481-4171391755-2920796181-1000) @Denied: (2) (LocalSystem) "Progid"="ThunderbirdEML" . [HKEY_USERS\S-1-5-21-645954481-4171391755-2920796181-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_USERS\S-1-5-21-645954481-4171391755-2920796181-1000\Software\SecuROM\License information*] "datasecu"=hex:97,d2,c9,85,02,71,88,e1,fc,ae,42,fe,02,8d,8e,24,19,8e,34,38,98, bf,29,19,59,bb,61,f1,77,18,e7,bc,4a,35,98,08,f1,6c,21,76,ba,c6,fb,cc,72,f4,\ "rkeysecu"=hex:79,fe,52,e1,00,f1,26,9b,6e,10,c9,f7,ce,d0,27,3d . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*] "value"="?\07\00\0f\17/\00?" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}] @Denied: (A) (Everyone) "Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0] "Key"="ActionsPane" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\xampp\filezillaftp\filezillaserver.exe c:\program files (x86)\Windows Media Player\wmplayer.exe c:\windows\SysWOW64\rundll32.exe c:\users\Hayden\AppData\Roaming\Tonido\tonido.exe c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\program files (x86)\Motorola Mobility\MotoCast\MotoCast.exe c:\program files (x86)\AVG\AVG9\avgtray.exe c:\windows\SysWOW64\Ctxfihlp.exe c:\windows\SysWOW64\CTXFISPI.EXE c:\xampp\mysql\bin\mysqld.exe c:\program files (x86)\full phat\Snarl\extensions\AudioMon\snarl-audiomon.exe c:\program files (x86)\Citrix\GoToMeeting\952\g2mcomm.exe c:\program files (x86)\Citrix\GoToMeeting\952\g2mlauncher.exe c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files (x86)\AVG\AVG9\avgcsrvx.exe c:\program files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe c:\program files\Logitech Gaming Software\plugins\LCDAppletsColor-8.00.048\Applets\x86\LCDMovieViewer.exe c:\program files\Logitech Gaming Software\plugins\LCDAppletsColor-8.00.048\Applets\x86\LCDWebCam.exe c:\program files\Logitech Gaming Software\plugins\LCDAppletsMono-8.00.048\Applets\x86\LCDMedia.exe c:\users\Hayden\Desktop\downloads\SirReal\LCDSirReal.exe c:\program files\Logitech Gaming Software\plugins\LCDAppletsColor-8.00.048\Applets\x86\LCDYT.exe c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe c:\program files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe . ************************************************************************** . Completion time: 2012-07-16 05:36:19 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-16 10:36 ComboFix2.txt 2012-07-13 23:57 ComboFix3.txt 2012-07-12 01:30 ComboFix4.txt 2012-07-08 00:33 . Pre-Run: 85,684,477,952 bytes free Post-Run: 85,416,562,688 bytes free . - - End Of File - - 54132E7D0C011EDA25571CC59EA91497
  15. This forum hates me... Take 2. ComboFix 12-07-13.03 - Hayden 07/16/2012 4:51.4.8 - x64 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.12279.7905 [GMT -5:00] Running from: c:\users\Hayden\Desktop\ComboFix.exe Command switches used :: c:\users\Hayden\Desktop\CFScript.txt AV: AVG Anti-Virus *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Hayden\AppData\Local\blekkotb_031 c:\users\Hayden\AppData\Local\blekkotb_031\catalog.list c:\users\Hayden\AppData\Local\blekkotb_031\data\120713163606-f.list c:\users\Hayden\AppData\Local\blekkotb_031\data\temp.zip . . ((((((((((((((((((((((((( Files Created from 2012-06-16 to 2012-07-16 ))))))))))))))))))))))))))))))) . . 2012-07-16 10:10 . 2012-07-16 10:11 -------- d-----w- c:\users\Hayden\AppData\Local\blekkotb_031 2012-07-16 10:06 . 2012-07-16 10:06 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp 2012-07-16 10:06 . 2012-07-16 10:06 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-16 10:06 . 2012-07-16 10:06 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp 2012-07-15 21:27 . 2012-07-15 21:27 -------- d-----w- c:\users\Hayden\temp 2012-07-15 21:27 . 2012-07-15 22:32 -------- d-----w- c:\users\Hayden\AppData\Roaming\TeamViewer 2012-07-12 18:10 . 2012-07-09 03:57 17928 ----a-w- c:\windows\system32\nitrolocalui2.dll 2012-07-12 18:10 . 2012-04-12 03:55 29712 ----a-w- c:\windows\system32\nitrolocalmon2.dll 2012-07-12 18:10 . 2012-07-15 23:53 -------- d-----w- c:\program files\Common Files\Nitro PDF 2012-07-12 18:10 . 2012-07-12 18:10 -------- d-----w- c:\program files (x86)\Common Files\Nitro PDF 2012-07-12 18:09 . 2012-07-15 23:53 -------- d-----w- c:\program files (x86)\Nitro PDF 2012-07-10 23:48 . 2012-07-10 23:48 -------- d-----w- c:\programdata\ATI 2012-07-10 23:47 . 2012-07-10 23:47 -------- d-----w- c:\program files (x86)\AMD APP 2012-07-10 23:00 . 2012-07-10 23:00 -------- d-----w- C:\_OTL 2012-07-09 22:27 . 2012-07-09 22:27 -------- d-----w- c:\program files (x86)\KeePass Password Safe 2 2012-07-07 22:36 . 2012-07-07 22:36 -------- d-----w- C:\TDSSKiller_Quarantine 2012-07-07 18:57 . 2012-07-07 18:57 -------- d-----w- c:\users\Hayden\AppData\Roaming\Malwarebytes 2012-07-07 18:56 . 2012-07-12 06:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-07-07 18:56 . 2012-07-07 18:56 -------- d-----w- c:\programdata\Malwarebytes 2012-07-07 18:56 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-07 06:02 . 2012-07-07 06:02 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll 2012-07-07 06:02 . 2012-07-07 06:02 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll 2012-07-06 19:18 . 2012-07-11 00:43 -------- d-----w- C:\subsonic 2012-07-06 19:18 . 2012-07-06 19:18 -------- d-----w- c:\program files (x86)\Subsonic 2012-07-02 18:01 . 2012-07-02 18:01 -------- d-----w- c:\users\Hayden\.pdfsam 2012-07-02 16:17 . 2012-07-02 16:17 -------- d-----w- c:\program files (x86)\pdfsam 2012-07-02 16:07 . 2012-07-04 20:37 -------- d-----w- c:\users\Hayden\AppData\Roaming\ParmisPDF 2012-07-02 15:49 . 2012-07-16 00:50 -------- d-----w- c:\users\Hayden\AppData\Roaming\PrimoPDF 2012-07-02 15:48 . 2012-07-12 18:09 -------- d-----w- c:\users\Hayden\AppData\Roaming\OpenCandy 2012-07-02 15:48 . 2011-02-28 22:37 95008 ----a-w- c:\windows\system32\Primomonnt.dll 2012-07-02 05:32 . 2012-07-02 05:32 -------- d-----w- c:\program files (x86)\Maxis 2012-07-01 07:33 . 2012-07-01 07:33 -------- d-----w- c:\users\Hayden\AppData\Roaming\EAC 2012-07-01 07:33 . 2012-07-01 07:33 -------- d-----w- c:\program files (x86)\Exact Audio Copy 2012-07-01 07:32 . 2012-07-01 07:32 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor 2012-06-27 22:19 . 2012-07-11 01:44 -------- d-----w- c:\users\Hayden\AppData\Roaming\Nitro PDF 2012-06-27 22:18 . 2012-07-02 15:51 -------- d-----w- c:\programdata\Nitro PDF 2012-06-27 19:50 . 2012-06-27 20:00 -------- d-----w- c:\users\Hayden\.cpan 2012-06-25 00:35 . 2012-06-25 00:35 -------- d-----w- c:\programdata\phpDesigner 2012-06-20 01:45 . 2012-06-20 01:45 -------- d-----w- c:\program files (x86)\Motorola Media Link . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-25 02:47 . 2012-06-25 02:47 69640 ----a-w- c:\windows\SysWow64\NLSSRV32.EXE 2012-06-18 08:12 . 2012-07-14 09:13 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{64F715D4-D5D8-42C8-9209-8D5798168556}\mpengine.dll 2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2012-06-11 18:50 . 2012-06-11 18:50 187392 ----a-w- c:\windows\system32\clinfo.exe 2012-06-11 18:50 . 2012-06-11 18:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll 2012-06-11 18:50 . 2012-06-11 18:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll 2012-06-11 18:50 . 2012-06-11 18:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll 2012-06-11 18:50 . 2012-06-11 18:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll 2012-06-11 18:50 . 2012-06-11 18:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll 2012-06-11 18:49 . 2012-06-11 18:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll 2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll 2012-06-11 18:29 . 2011-10-26 02:16 24826368 ----a-w- c:\windows\system32\atio6axx.dll 2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll 2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe 2012-06-11 17:24 . 2011-12-06 03:17 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll 2012-06-11 17:23 . 2011-10-26 02:04 1090560 ----a-w- c:\windows\system32\aticfx64.dll 2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll 2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe 2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe 2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll 2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll 2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll 2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll 2012-06-11 17:16 . 2012-06-11 17:16 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll 2012-06-11 17:01 . 2012-06-11 17:01 6914560 ----a-w- c:\windows\system32\atidxx64.dll 2012-06-11 16:51 . 2012-06-11 16:51 4246528 ----a-w- c:\windows\system32\atiumd6a.dll 2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll 2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll 2012-06-11 16:45 . 2011-12-06 02:33 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll 2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll 2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll 2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll 2012-06-11 16:43 . 2011-12-06 02:28 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll 2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll 2012-06-11 16:36 . 2012-06-11 16:36 6605824 ----a-w- c:\windows\system32\atiumd64.dll 2012-06-11 16:27 . 2011-10-26 01:22 539136 ----a-w- c:\windows\system32\atiadlxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2012-06-11 16:26 . 2011-10-26 01:22 17920 ----a-w- c:\windows\system32\atig6pxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll 2012-06-11 16:26 . 2011-10-26 01:22 41984 ----a-w- c:\windows\system32\atig6txx.dll 2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2012-06-11 16:25 . 2010-11-26 02:16 54784 ----a-w- c:\windows\system32\atiuxp64.dll 2012-06-11 16:25 . 2012-06-11 16:25 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2012-06-11 16:25 . 2012-06-11 16:25 45056 ----a-w- c:\windows\system32\atiu9p64.dll 2012-06-11 16:24 . 2010-11-26 02:15 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll 2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll 2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll 2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll 2012-05-31 17:25 . 2009-10-30 23:04 279656 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((( SnapShot_2012-07-12_01.06.01 ))))))))))))))))))))))))))))))))))))))))) . + 2009-10-30 23:27 . 2012-07-16 10:15 94352 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-07-16 10:15 31822 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2009-10-30 22:49 . 2012-07-16 10:15 16026 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-645954481-4171391755-2920796181-1000_UserData.bin + 2012-07-12 18:10 . 2012-04-12 03:55 83472 c:\windows\system32\spool\drivers\x64\NitroReaderUI2.dll + 2012-07-12 18:10 . 2012-04-12 03:55 45584 c:\windows\system32\spool\drivers\x64\NitroReaderGraphics2.dll + 2009-10-31 00:26 . 2012-07-13 09:10 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-10-31 00:26 . 2012-07-11 00:47 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2012-07-10 23:27 . 2012-07-13 09:10 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2012-07-10 23:27 . 2012-07-11 00:47 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-07-13 09:10 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-07-11 00:47 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-10-30 22:48 . 2012-07-16 10:14 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-10-30 22:48 . 2012-07-12 01:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-10-30 22:48 . 2012-07-12 01:10 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-10-30 22:48 . 2012-07-16 10:14 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-10-30 22:48 . 2012-07-12 01:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-10-30 22:48 . 2012-07-16 10:14 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-10-30 22:48 . 2012-07-16 10:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-10-30 22:48 . 2012-07-12 01:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-10-30 22:48 . 2012-07-16 10:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-10-30 22:48 . 2012-07-12 01:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2012-07-12 01:04 . 2012-07-12 01:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-07-16 10:08 . 2012-07-16 10:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-07-16 10:08 . 2012-07-16 10:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-07-12 01:04 . 2012-07-12 01:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-07-02 15:48 . 2011-02-28 22:37 738080 c:\windows\system32\spool\drivers\x64\3\pscript5.dll + 2012-07-02 15:48 . 2011-02-28 22:37 241952 c:\windows\system32\spool\drivers\x64\3\ps5ui.dll + 2009-07-14 05:01 . 2012-07-16 10:07 515388 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-07-12 01:02 515388 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2010-01-23 09:16 . 2012-07-12 01:02 1350152 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2010-01-23 09:16 . 2012-07-16 10:07 1350152 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2009-07-14 02:34 . 2012-07-15 06:42 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat - 2009-07-14 02:34 . 2012-07-11 10:16 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat + 2010-02-26 09:22 . 2012-07-16 10:07 24521432 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-645954481-4171391755-2920796181-1000-12288.dat + 2012-04-30 21:43 . 2012-04-30 21:43 45831680 c:\windows\Installer\27a2bc1.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\Hayden\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\Hayden\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\Hayden\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\Hayden\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448] "AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120] "Xvid"="c:\program files (x86)\XviD\CheckUpdate.exe" [2011-01-17 8192] "Snarl"="c:\program files (x86)\full phat\Snarl\snarl.exe" [2011-05-25 925696] "Tonido"="c:\users\Hayden\AppData\Roaming\Tonido\launcher.exe" [2011-11-14 100864] "MusicManager"="c:\users\Hayden\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-06-01 13806592] "GoToMeeting"="c:\program files (x86)\Citrix\GoToMeeting\952\g2mstart.exe" [2012-05-25 39816] "Spotify Web Helper"="c:\users\Hayden\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-30 932528] "MotoCast"="c:\program files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2012-06-20 2051] "GoogleChromeAutoLaunch_7BA29E3153B77E65C37077A2469120EB"="c:\users\Hayden\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-07-10 1250328] "HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-10-03 393216] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "AVG9_TRAY"="c:\progra~2\AVG\AVG9\avgtray.exe" [2012-01-26 2077536] "VolPanel"="c:\program files (x86)\Creative\Volume Panel\VolPanlu.exe" [2008-08-06 233576] "CTxfiHlp"="CTXFIHLP.EXE" [2009-07-14 24576] "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-05-03 217256] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] "KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2012-05-01 1895424] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MotoCast"="c:\program files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2012-06-20 2051] . c:\users\Hayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ CurseClientStartup.ccip [2010-12-7 0] Dropbox.lnk - c:\users\Hayden\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-6-13 1014112] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336] Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-8-21 102912] Subsonic.lnk - c:\program files (x86)\Subsonic\subsonic-agent.exe [2011-12-6 206336] UltraMon.lnk - c:\windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico [2010-8-23 29310] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "HideShutdownScripts"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "MaxRecentDocs"= 99 (0x63) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2011-09-10 18432] R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [x] R2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-02 67400] R2 MSSQL$MSSQL;SQL Server (MSSQL);c:\program files\Microsoft SQL Server\MSSQL10_50.MSSQL\MSSQL\Binn\sqlservr.exe [2010-04-03 61913952] R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-10-31 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-10-31 79360] R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-07-08 230488] R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-07-08 1445976] R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-07-08 95320] R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-07 113120] R3 MSSQLFDLauncher$MSSQL;SQL Full-text Filter Daemon Launcher (MSSQL);c:\program files\Microsoft SQL Server\MSSQL10_50.MSSQL\MSSQL\Binn\fdlauncher.exe [2010-04-03 32096] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2012-05-29 19952] R3 SQLAgent$MSSQL;SQL Server Agent (MSSQL);c:\program files\Microsoft SQL Server\MSSQL10_50.MSSQL\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 428384] R3 SSMO3v2Filter;MMO3v2 Mouse;c:\windows\system32\drivers\MO3v2Driver.sys [2010-11-22 23040] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712] R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM10864.sys [2010-08-13 1310720] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-10 1255736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464] R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [2009-07-14 10752] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744] R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 313696] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 AvgRkx64;avgrkx64.sys;c:\windows\System32\Drivers\avgrkx64.sys [2010-03-29 56008] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-12 503352] S1 AvgLdx64;AVG AVI Loader Driver x64;c:\windows\System32\Drivers\avgldx64.sys [2010-06-22 269904] S1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;c:\windows\System32\Drivers\avgmfx64.sys [2011-09-13 35664] S1 AvgTdiA;AVG Network Redirector x64;c:\windows\System32\Drivers\avgtdia.sys [2011-05-06 317520] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-12-19 224048] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-12-19 130864] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616] S2 avg9emc;AVG E-mail Scanner;c:\program files (x86)\AVG\AVG9\avgemc.exe [2010-07-21 921952] S2 avg9wd;AVG WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2010-06-22 308136] S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-06-05 87400] S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2011-11-08 14216] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-06-05 116632] S2 MSOLAP$MSSQL;SQL Server Analysis Services (MSSQL);c:\program files\Microsoft SQL Server\MSAS10_50.MSSQL\OLAP\bin\msmdsrv.exe [2010-04-03 54568288] S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-04-12 204304] S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE [2012-06-25 69640] S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2011-09-02 65657] S2 ReportServer$MSSQL;SQL Server Reporting Services (MSSQL);c:\program files\Microsoft SQL Server\MSRS10_50.MSSQL\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2010-04-03 2175328] S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512] S2 WDDMService.exe;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-08-17 116224] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760] S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-07-08 230488] S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-07-08 1445976] S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-07-08 95320] S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2010-05-22 66728] S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-07-08 1612888] S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2010-12-12 22408] S3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys [2009-07-01 30728] S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2010-12-12 16008] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-12-19 146736] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-12-19 165680] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-645954481-4171391755-2920796181-1000Core.job - c:\users\Hayden\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-30 22:52] . 2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-645954481-4171391755-2920796181-1000UA.job - c:\users\Hayden\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-30 22:52] . .
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.