seventech

Honorary Members

View Profile See their activity

Posts
55
Joined
October 13, 2012
Last visited
October 19, 2012

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by seventech

1st time noob with 10 regsitry hits, please help decipher

seventech replied to seventech's topic in Resolved Malware Removal Logs

Malwarebytes Anti-Malware (PRO) 1.65.0.1400 www.malwarebytes.org Database version: v2012.10.13.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 BT :: BT12-HP [administrator] Protection: Enabled 10/13/2012 7:50:05 PM mbam-log-2012-10-13 (19-50-05).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 202428 Time elapsed: 24 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
- October 14, 2012
- 70 replies
1st time noob with 10 regsitry hits, please help decipher

seventech replied to seventech's topic in Resolved Malware Removal Logs

yes I understand its a bad deal with P2P. not sure what happened. i thought my last moments were a bad click on a p2p site with no script OFF. I know it had to be that. I CERTINALY APPRECAITE YOUR TIME, PATINCE AND EXPERTISE. Q?>> Let me carry on and follow, do I need to delete the quarintined files?
- October 14, 2012
- 70 replies
1st time noob with 10 regsitry hits, please help decipher

seventech replied to seventech's topic in Resolved Malware Removal Logs

system seems fine after is booted the 2nd time, no need for safe mode this 2nd time around WHATS NEXT?
- October 14, 2012
- 70 replies
1st time noob with 10 regsitry hits, please help decipher

seventech replied to seventech's topic in Resolved Malware Removal Logs

ComboFix 12-10-13.04 - BT 10/13/2012 19:27:38.2.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16384.13656 [GMT -6:00] Running from: c:\users\BT\Desktop\ComboFix.exe Command switches used :: c:\users\BT\Desktop\CFScript.txt AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-09-14 to 2012-10-14 ))))))))))))))))))))))))))))))) . . 2012-10-14 01:31 . 2012-10-14 01:31 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-13 17:09 . 2012-10-13 17:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-10-13 17:09 . 2012-09-07 23:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-10-13 17:03 . 2012-10-13 17:03 -------- d-----w- c:\windows\system32\oodag 2012-10-13 16:59 . 2012-10-13 16:59 -------- d-----w- c:\program files\OO Software 2012-10-13 16:58 . 2012-10-13 16:58 -------- d-----w- c:\programdata\OO Software 2012-10-13 16:56 . 2012-10-13 16:56 -------- d-----w- c:\program files (x86)\KeePass Password Safe 2 2012-10-07 15:31 . 2012-10-07 15:31 -------- d-----w- c:\program files (x86)\MediaFire 2012-10-03 05:18 . 2012-10-03 05:18 -------- dc----w- c:\windows\system32\DRVSTORE 2012-10-03 05:18 . 2012-08-21 19:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-10-03 05:17 . 2012-10-03 05:17 -------- d-----w- c:\program files\iPod 2012-10-03 05:17 . 2012-10-03 05:18 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-10-03 05:17 . 2012-10-03 05:18 -------- d-----w- c:\program files\iTunes 2012-10-03 05:17 . 2012-10-03 05:18 -------- d-----w- c:\program files (x86)\iTunes 2012-10-03 05:17 . 2012-10-03 05:17 -------- d-----w- c:\programdata\Apple Computer 2012-10-03 05:16 . 2012-10-03 05:16 -------- d-----w- c:\program files\Common Files\Apple 2012-10-03 05:16 . 2012-10-03 05:16 -------- d-----w- c:\program files\Bonjour 2012-10-03 05:16 . 2012-10-03 05:16 -------- d-----w- c:\program files (x86)\Bonjour 2012-10-02 21:41 . 2012-10-02 21:41 4873072 ----a-w- c:\windows\system32\ooscrsav.scr 2012-10-02 21:41 . 2012-10-02 21:41 256368 ----a-w- c:\windows\system32\oodbs.exe 2012-10-02 21:41 . 2012-10-02 21:41 537456 ----a-w- c:\windows\system32\oodssrs.dll 2012-10-02 21:40 . 2012-10-02 21:40 10096 ----a-w- c:\windows\system32\oodbsrs.dll 2012-10-01 21:56 . 2012-10-01 21:56 -------- d-----w- c:\windows\system32\drivers\NISx64\1309000.009 2012-09-30 15:05 . 2012-09-30 15:05 -------- d-----w- C:\Collections_2012 2012-09-30 15:04 . 2012-09-30 15:04 -------- d-----w- C:\Video_DL 2012-09-30 09:01 . 2012-09-30 09:01 -------- d-----w- c:\program files (x86)\MSXML 4.0 2012-09-30 02:16 . 2012-09-30 02:16 -------- d-----w- c:\program files (x86)\ImgBurn 2012-09-30 00:44 . 2012-09-30 00:44 -------- d-----w- c:\program files (x86)\Sony Setup 2012-09-30 00:31 . 2012-09-30 00:31 -------- d-----w- c:\program files (x86)\Sony 2012-09-28 23:11 . 2012-10-01 01:17 -------- d-----w- C:\PFS8.1 PE_TMP 2012-09-28 23:09 . 2012-09-28 23:09 -------- d-----w- c:\programdata\Panasonic 2012-09-28 22:58 . 2012-10-01 01:10 -------- d-----w- C:\BT 2012 VIDEO 2012-09-28 22:58 . 2007-06-22 06:10 501912 ----a-w- c:\windows\SysWow64\PICSDK2.dll 2012-09-28 22:58 . 2006-10-31 06:10 71840 ----a-w- c:\windows\SysWow64\EPPicMgr.dll 2012-09-28 22:58 . 2006-10-31 06:10 120992 ----a-w- c:\windows\SysWow64\EpPicPrt.dll 2012-09-28 22:58 . 2006-10-20 06:10 80024 ----a-w- c:\windows\SysWow64\PICSDK.dll 2012-09-28 22:58 . 2006-10-20 06:10 108704 ----a-w- c:\windows\SysWow64\PICEntry.dll 2012-09-28 22:56 . 2012-09-28 22:56 -------- d-----w- c:\program files (x86)\Common Files\Panasonic 2012-09-28 22:56 . 2012-09-28 23:08 -------- d-----w- c:\program files (x86)\Panasonic 2012-09-28 22:56 . 2012-09-28 22:56 -------- d-----w- c:\program files\Microsoft Synchronization Services 2012-09-28 22:56 . 2012-09-28 22:56 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2012-09-28 22:56 . 2012-09-28 22:56 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services 2012-09-28 22:23 . 2012-10-03 05:17 -------- d-----w- c:\program files (x86)\Common Files\Apple 2012-09-28 22:23 . 2012-10-03 05:17 -------- d-----w- c:\programdata\Apple 2012-09-28 22:23 . 2012-09-28 22:23 -------- d-----w- c:\program files (x86)\Apple Software Update 2012-09-28 22:17 . 2012-09-28 22:17 -------- d-----w- c:\users\Public\CyberLink 2012-09-28 21:38 . 2012-09-28 21:38 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2012-09-28 21:38 . 2012-09-28 21:42 -------- d-----w- c:\programdata\Seagate 2012-09-28 21:38 . 2012-09-28 21:38 971360 ----a-w- c:\windows\system32\drivers\timntr.sys 2012-09-28 21:37 . 2012-09-28 21:37 210016 ----a-w- c:\windows\system32\drivers\vididr.sys 2012-09-28 21:37 . 2012-09-28 21:37 141920 ----a-w- c:\windows\system32\drivers\vsflt53.sys 2012-09-28 21:37 . 2012-09-28 21:37 275552 ----a-w- c:\windows\system32\drivers\snapman.sys 2012-09-28 21:37 . 2012-09-28 21:37 -------- d-----w- c:\program files (x86)\Common Files\Acronis 2012-09-28 21:37 . 2012-09-28 21:42 -------- d-----w- c:\program files (x86)\Seagate 2012-09-28 21:37 . 2012-09-28 21:37 -------- d-----w- c:\program files (x86)\Common Files\Seagate 2012-09-26 03:14 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-09-25 13:07 . 2012-10-13 23:37 -------- d-----w- C:\Torr 2012-09-25 02:43 . 2012-09-25 02:43 -------- d-----w- c:\program files (x86)\SMPlayer 2012-09-25 02:42 . 2012-09-26 17:00 321384 ----a-w- c:\windows\SysWow64\Sendori.dll 2012-09-25 02:41 . 2012-09-26 23:29 -------- d-----w- c:\programdata\Sendori 2012-09-25 02:41 . 2012-09-26 23:29 -------- d-----w- c:\program files (x86)\Sendori 2012-09-25 02:41 . 2012-10-13 22:17 -------- d-----w- c:\program files (x86)\OApps 2012-09-24 04:39 . 2012-09-24 04:39 -------- d-----w- c:\program files (x86)\CD Wave 2012-09-24 04:39 . 2009-02-07 18:34 258352 ----a-w- c:\windows\SysWow64\unicows.dll 2012-09-24 04:20 . 2012-09-24 04:20 -------- d-----w- c:\programdata\Malwarebytes 2012-09-24 04:16 . 2012-09-24 04:16 -------- d-----w- c:\program files (x86)\VideoLAN 2012-09-23 15:31 . 2012-09-23 15:31 -------- d-----w- c:\program files (x86)\Amazon 2012-09-23 15:16 . 2012-09-23 15:17 -------- d-----w- c:\programdata\Recovery 2012-09-23 14:40 . 2012-09-23 14:40 -------- d-----w- c:\program files (x86)\SystemRequirementsLab 2012-09-23 14:40 . 2012-09-23 14:40 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-09-23 14:40 . 2012-09-23 14:39 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-09-23 14:40 . 2012-09-23 14:39 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-23 14:40 . 2012-09-23 14:39 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-23 14:39 . 2012-09-23 14:39 -------- d-----w- c:\program files (x86)\Java 2012-09-23 14:39 . 2012-09-23 14:39 -------- d-----w- c:\programdata\McAfee 2012-09-23 14:17 . 2012-10-08 04:56 -------- d-----w- c:\program files\CCleaner 2012-09-22 20:30 . 2012-10-14 00:17 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2012-09-22 19:52 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll 2012-09-20 12:59 . 2012-10-10 09:01 65309168 ----a-w- c:\windows\system32\MRT.exe 2012-09-18 12:49 . 2012-09-18 12:50 -------- d-----w- c:\program files (x86)\foobar2000 2012-09-17 09:38 . 2012-09-17 09:38 -------- d-----w- c:\windows\SysWow64\Wat 2012-09-17 09:38 . 2012-09-17 09:38 -------- d-----w- c:\windows\system32\Wat 2012-09-17 09:09 . 2012-09-17 09:09 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-09-17 09:09 . 2012-09-17 09:09 -------- d-----r- c:\program files (x86)\Skype 2012-09-17 09:05 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-09-17 09:05 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-09-17 09:05 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-09-17 09:05 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2012-09-17 09:05 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-09-17 03:10 . 2012-09-17 03:11 -------- d-----w- c:\program files\WinRAR 2012-09-16 15:41 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys 2012-09-16 15:41 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll 2012-09-16 15:41 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-09-16 02:34 . 2012-09-16 02:34 -------- d-----w- c:\program files (x86)\Conduit 2012-09-16 02:33 . 2012-09-16 02:33 -------- d-----w- c:\program files (x86)\uTorrent 2012-09-15 22:49 . 2012-09-15 22:55 -------- d-----w- c:\programdata\VirtualizedApplications 2012-09-15 18:27 . 2012-09-16 16:47 -------- d-----w- c:\windows\system32\drivers\NISx64\1308000.00E 2012-09-15 18:22 . 2012-09-15 18:22 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared 2012-09-15 16:15 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-09-15 16:15 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-09-15 16:15 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-09-15 16:12 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-09-15 16:12 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-09-15 16:12 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-09-15 16:12 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-09-15 16:12 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-09-15 16:12 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-09-15 16:12 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-09-15 16:12 . 2012-06-02 21:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-09-15 16:12 . 2012-06-02 21:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-09-15 16:00 . 2012-10-14 00:02 -------- d-----w- C:\COLLECTIONS 2012-09-15 15:54 . 2012-09-17 09:13 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client 2012-09-15 15:54 . 2012-09-15 15:54 -------- d-----w- c:\program files\Microsoft Office 2012-09-15 15:43 . 2012-10-07 20:07 -------- d-----w- c:\users\BT 2012-09-15 15:43 . 2012-09-15 15:43 -------- d-----w- c:\program files (x86)\Microsoft Mathematics . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-03 04:20 . 2012-09-06 20:39 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-03 04:20 . 2012-09-06 20:39 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-09-15 16:41 . 2011-03-29 01:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-09-06 20:49 . 2012-09-06 20:49 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2012-09-06 20:21 . 2012-09-06 20:21 296320 ----a-w- c:\windows\system32\drivers\volsnap.sys 2012-09-06 20:21 . 2012-09-06 20:21 96768 ----a-w- c:\windows\system32\fsutil.exe 2012-09-06 20:21 . 2012-09-06 20:21 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS 2012-09-06 20:21 . 2012-09-06 20:21 74240 ----a-w- c:\windows\SysWow64\fsutil.exe 2012-09-06 20:21 . 2012-09-06 20:21 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys 2012-09-06 20:21 . 2012-09-06 20:21 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys 2012-09-06 20:21 . 2012-09-06 20:21 2565632 ----a-w- c:\windows\system32\esent.dll 2012-09-06 20:21 . 2012-09-06 20:21 189824 ----a-w- c:\windows\system32\drivers\storport.sys 2012-09-06 20:21 . 2012-09-06 20:21 1699328 ----a-w- c:\windows\SysWow64\esent.dll 2012-09-06 20:21 . 2012-09-06 20:21 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys 2012-09-06 20:21 . 2012-09-06 20:21 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys 2012-09-06 20:21 . 2012-09-06 20:21 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys 2012-09-06 20:20 . 2012-09-06 20:20 515584 ----a-w- c:\windows\system32\timedate.cpl 2012-09-06 20:20 . 2012-09-06 20:20 478720 ----a-w- c:\windows\SysWow64\timedate.cpl 2012-09-06 20:20 . 2012-09-06 20:20 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll 2012-09-06 20:20 . 2012-09-06 20:20 634880 ----a-w- c:\windows\system32\msvcrt.dll 2012-09-06 20:20 . 2012-09-06 20:20 498688 ----a-w- c:\windows\system32\drivers\afd.sys 2012-09-06 20:20 . 2012-09-06 20:20 1731920 ----a-w- c:\windows\system32\ntdll.dll 2012-09-06 20:20 . 2012-09-06 20:20 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll 2012-09-06 20:20 . 2012-09-06 20:20 509952 ----a-w- c:\windows\system32\ntshrui.dll 2012-09-06 20:20 . 2012-09-06 20:20 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll 2012-09-06 20:19 . 2012-09-06 20:19 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-09-06 20:19 . 2012-09-06 20:19 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-09-06 20:19 . 2012-09-06 20:19 1572864 ----a-w- c:\windows\system32\quartz.dll 2012-09-06 20:19 . 2012-09-06 20:19 1328128 ----a-w- c:\windows\SysWow64\quartz.dll 2012-09-06 20:19 . 2012-09-06 20:19 43520 ----a-w- c:\windows\system32\csrsrv.dll 2012-09-06 20:19 . 2012-09-06 20:19 723456 ----a-w- c:\windows\system32\EncDec.dll 2012-09-06 20:19 . 2012-09-06 20:19 534528 ----a-w- c:\windows\SysWow64\EncDec.dll 2012-09-06 20:19 . 2012-09-06 20:19 395776 ----a-w- c:\windows\system32\webio.dll 2012-09-06 20:19 . 2012-09-06 20:19 314880 ----a-w- c:\windows\SysWow64\webio.dll 2012-09-06 20:19 . 2012-09-06 20:19 31232 ----a-w- c:\windows\system32\lsass.exe 2012-09-06 20:19 . 2012-09-06 20:19 29184 ----a-w- c:\windows\system32\sspisrv.dll 2012-09-06 20:19 . 2012-09-06 20:19 28160 ----a-w- c:\windows\system32\secur32.dll 2012-09-06 20:19 . 2012-09-06 20:19 1447936 ----a-w- c:\windows\system32\lsasrv.dll 2012-09-06 20:19 . 2012-09-06 20:19 136192 ----a-w- c:\windows\system32\sspicli.dll 2012-09-06 20:19 . 2012-09-06 20:19 77312 ----a-w- c:\windows\system32\packager.dll 2012-09-06 20:19 . 2012-09-06 20:19 67072 ----a-w- c:\windows\SysWow64\packager.dll 2012-09-06 20:19 . 2012-09-06 20:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax 2012-09-06 20:19 . 2012-09-06 20:19 613888 ----a-w- c:\windows\system32\psisdecd.dll 2012-09-06 20:19 . 2012-09-06 20:19 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll 2012-09-06 20:19 . 2012-09-06 20:19 108032 ----a-w- c:\windows\system32\psisrndr.ax 2012-09-06 20:18 . 2012-09-06 20:18 861696 ----a-w- c:\windows\system32\oleaut32.dll 2012-09-06 20:18 . 2012-09-06 20:18 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2012-09-06 20:18 . 2012-09-06 20:18 331776 ----a-w- c:\windows\system32\oleacc.dll 2012-09-06 20:18 . 2012-09-06 20:18 233472 ----a-w- c:\windows\SysWow64\oleacc.dll 2012-09-06 20:18 . 2012-09-06 20:18 199680 ----a-w- c:\windows\system32\xmllite.dll 2012-09-06 20:18 . 2012-09-06 20:18 86016 ----a-w- c:\windows\SysWow64\odbccu32.dll 2012-09-06 20:18 . 2012-09-06 20:18 81920 ----a-w- c:\windows\SysWow64\odbccr32.dll 2012-09-06 20:18 . 2012-09-06 20:18 319488 ----a-w- c:\windows\SysWow64\odbcjt32.dll 2012-09-06 20:18 . 2012-09-06 20:18 212992 ----a-w- c:\windows\system32\odbctrac.dll 2012-09-06 20:18 . 2012-09-06 20:18 163840 ----a-w- c:\windows\SysWow64\odbctrac.dll 2012-09-06 20:18 . 2012-09-06 20:18 163840 ----a-w- c:\windows\system32\odbccp32.dll 2012-09-06 20:18 . 2012-09-06 20:18 122880 ----a-w- c:\windows\SysWow64\odbccp32.dll 2012-09-06 20:18 . 2012-09-06 20:18 106496 ----a-w- c:\windows\system32\odbccu32.dll 2012-09-06 20:18 . 2012-09-06 20:18 106496 ----a-w- c:\windows\system32\odbccr32.dll 2012-09-06 20:18 . 2012-09-06 20:18 64512 ----a-w- c:\windows\SysWow64\devobj.dll 2012-09-06 20:18 . 2012-09-06 20:18 44544 ----a-w- c:\windows\SysWow64\devrtl.dll 2012-09-06 20:18 . 2012-09-06 20:18 404480 ----a-w- c:\windows\system32\umpnpmgr.dll 2012-09-06 20:18 . 2012-09-06 20:18 252928 ----a-w- c:\windows\SysWow64\drvinst.exe 2012-09-06 20:18 . 2012-09-06 20:18 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll 2012-09-06 20:18 . 2012-09-06 20:18 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe 2012-09-06 20:18 . 2012-09-06 20:18 778752 ----a-w- c:\windows\system32\mssvp.dll 2012-09-06 20:18 . 2012-09-06 20:18 75264 ----a-w- c:\windows\system32\msscntrs.dll 2012-09-06 20:18 . 2012-09-06 20:18 666624 ----a-w- c:\windows\SysWow64\mssvp.dll 2012-09-06 20:18 . 2012-09-06 20:18 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll 2012-09-06 20:18 . 2012-09-06 20:18 591872 ----a-w- c:\windows\system32\SearchIndexer.exe 2012-09-06 20:18 . 2012-09-06 20:18 491520 ----a-w- c:\windows\system32\mssph.dll 2012-09-06 20:18 . 2012-09-06 20:18 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe 2012-09-06 20:18 . 2012-09-06 20:18 337408 ----a-w- c:\windows\SysWow64\mssph.dll 2012-09-06 20:18 . 2012-09-06 20:18 288256 ----a-w- c:\windows\system32\mssphtb.dll 2012-09-06 20:18 . 2012-09-06 20:18 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe 2012-09-06 20:18 . 2012-09-06 20:18 2315776 ----a-w- c:\windows\system32\tquery.dll 2012-09-06 20:18 . 2012-09-06 20:18 2223616 ----a-w- c:\windows\system32\mssrch.dll 2012-09-06 20:18 . 2012-09-06 20:18 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll 2012-09-06 20:18 . 2012-09-06 20:18 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe 2012-09-06 20:18 . 2012-09-06 20:18 1549312 ----a-w- c:\windows\SysWow64\tquery.dll 2012-09-06 20:18 . 2012-09-06 20:18 1401344 ----a-w- c:\windows\SysWow64\mssrch.dll 2012-09-06 20:18 . 2012-09-06 20:18 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe 2012-09-06 20:18 . 2012-09-06 20:18 976896 ----a-w- c:\windows\system32\inetcomm.dll 2012-09-06 20:18 . 2012-09-06 20:18 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll 2012-09-06 20:18 . 2012-09-06 20:18 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2012-09-06 20:18 . 2012-09-06 20:18 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2012-09-06 20:18 . 2012-09-06 20:18 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2012-09-06 20:18 . 2012-09-06 20:18 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2012-09-06 20:18 . 2012-09-06 20:18 467456 ----a-w- c:\windows\system32\drivers\srv.sys 2012-09-06 20:18 . 2012-09-06 20:18 410112 ----a-w- c:\windows\system32\drivers\srv2.sys 2012-09-06 20:18 . 2012-09-06 20:18 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys 2012-09-06 20:18 . 2012-09-06 20:18 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2012-09-06 20:18 . 2012-09-06 20:18 7936 ----a-w- c:\windows\system32\drivers\usbd.sys 2012-09-06 20:18 . 2012-09-06 20:18 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys 2012-09-06 20:18 . 2012-09-06 20:18 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys 2012-09-06 20:18 . 2012-09-06 20:18 325120 ----a-w- c:\windows\system32\drivers\usbport.sys 2012-09-06 20:18 . 2012-09-06 20:18 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2012-09-06 20:18 . 2012-09-06 20:18 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys 2012-09-06 20:18 . 2012-09-06 20:18 2871808 ----a-w- c:\windows\explorer.exe 2012-09-06 20:18 . 2012-09-06 20:18 2616320 ----a-w- c:\windows\SysWow64\explorer.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}] 2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\BT\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\BT\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\BT\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2011-12-05 291096] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928] "PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2012-04-04 684024] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "Sendori Tray"="c:\program files (x86)\Sendori\SendoriTray.exe" [2012-09-26 82792] "DiscWizardMonitor.exe"="c:\program files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe" [2011-06-30 2638152] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776] "KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2012-10-04 1912832] . c:\users\BT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\BT\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-26 26924984] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ O&O Defrag Tray.lnk - c:\windows\Installer\{EAD525A8-13CD-400E-A01D-E4492BBB0FEC}\DefragIcon.exe [2012-10-13 292878] PHOTOfunSTUDIO 8.1 PE.lnk - c:\program files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2012-9-28 229000] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe [2012-02-14 193816] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 RaMediaServer;Ralink UPnP Media Server;c:\program files (x86)\Ralink\Common\RaMediaServer.exe [2011-08-19 625728] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-05-21 276288] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-13 115168] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-17 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys [2011-12-05 16152] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856] S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-09-28 210016] S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys [2012-09-28 141920] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-15 169624] S2 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe [2012-09-26 118632] S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-08-16 16384] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 FreeAgentGoFlex Service;Seagate Drive Settings Service;c:\program files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe [2011-02-10 91432] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072] S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe [2012-06-16 138272] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2012-10-02 2552176] S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2012-04-04 1134584] S2 RalinkRegistryWriter64;RalinkRegistryWriter64;c:\program files (x86)\Ralink\Common\RaRegistry64.exe [2012-01-13 447488] S2 Service Sendori;Service Sendori;c:\program files (x86)\Sendori\Sendori.Service.exe [2012-09-26 15208] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2011-06-30 1191408] S2 sndappv2;sndappv2;c:\program files (x86)\Sendori\sndappv2.exe [2012-09-26 3569512] S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe [2012-02-14 240408] S3 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-09-05 1385120] S3 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [2012-06-07 167072] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-09-16 138912] S3 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20121012.001\IDSvia64.sys [2012-09-14 513184] S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys [2011-12-05 355096] S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys [2011-12-05 785688] S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-09-19 108656] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928] S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECIx64.sys [2012-04-11 60184] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2012-03-06 1857600] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS [2011-08-15 451192] S3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [2012-05-22 1129120] S3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [2012-04-18 190072] S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1308000.00E\SYMNETS.SYS [2012-04-18 405624] . . Contents of the 'Scheduled Tasks' folder . 2012-10-09 c:\windows\Tasks\HPCeeScheduleForBT.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\BT\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\BT\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\BT\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\BT\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-03-30 1425408] "BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2012-03-30 37888] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608] "HPSYSDRV"="c:\program files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE" [2008-11-20 62768] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-21 170304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-21 398656] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-21 440128] "Seagate Scheduler2 Service"="c:\program files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe" [2011-06-30 395152] "OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2012-10-02 7060848] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local;<local> TCP: DhcpNameServer = 192.168.0.1 205.171.3.25 TCP: Interfaces\{1B56ABDA-6052-4E6D-8967-B10D06669149}: NameServer = 216.146.35.240,216.146.36.240,192.168.0.1,205.171.3.25 FF - ProfilePath - c:\users\BT\AppData\Roaming\Mozilla\Firefox\Profiles\2aaesapi.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.blabbermouth.net/|http://www.denverpost.com/|http://www.9news.com/|http://www.youtube.com/ FF - ExtSQL: 2012-09-22 11:41; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn FF - ExtSQL: 2012-09-22 13:52; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn FF - ExtSQL: 2012-09-22 14:36; firegestures@xuldev.org; c:\users\BT\AppData\Roaming\Mozilla\Firefox\Profiles\2aaesapi.default\extensions\firegestures@xuldev.org.xpi FF - ExtSQL: 2012-09-22 14:36; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\BT\AppData\Roaming\Mozilla\Firefox\Profiles\2aaesapi.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi FF - ExtSQL: 2012-09-22 14:36; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\BT\AppData\Roaming\Mozilla\Firefox\Profiles\2aaesapi.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF - ExtSQL: 2012-09-22 14:40; {d62bb6fa-7192-47fd-b640-ad8855c444f3}; c:\users\BT\AppData\Roaming\Mozilla\Firefox\Profiles\2aaesapi.default\extensions\{d62bb6fa-7192-47fd-b640-ad8855c444f3}.xpi FF - ExtSQL: 2012-09-24 20:41; plugin@selectionlinks.com; c:\users\BT\AppData\Roaming\Mozilla\Firefox\Profiles\2aaesapi.default\extensions\plugin@selectionlinks.com FF - ExtSQL: 2012-10-12 23:00; openinie@wittersworld.com; c:\users\BT\AppData\Roaming\Mozilla\Firefox\Profiles\2aaesapi.default\extensions\openinie@wittersworld.com.xpi user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0); . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) WebBrowser-{7473B6BD-4691-4744-A82B-7854EB3D70B6} - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher] "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG16.00.00.01PROFESSIONAL"="FE8CD8D0DC9866CA70103654B078419B736D244B80F564BD4D691B0B218CE944AA6350FAC66D54D6FEB29C6209EA5CD03819B554406B076AB93AA9172B6E9CF431B2BA2DE6AADAA1B6AF81E63A2A885FBCA0DF86A70ACD45FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6171C11EC38DE3D8EDD5E5BE2F6E667FEBC9E127BECC74C8FC4B0BFFA267877943B2D34153B327B169C24A7BE85E9BB1603D4A010CD231E0A849F18CE9AADF048E175218A6D07D1CA432119030381A53D0856E8602B4526E0A39A5ABE32987BB810F77883D304E90D45808286C5B1853D51266E0B4938825AED5AFB88D31D0D9FB2085842C837B4AC5354CB313AD66698F1B281BA43C5F751F34B583B6E1140CDFB31445CA9A6C40EDF6241BD4FC3F3E8BA1FD7F03C2DE9320C8D2C3D743F5426E2AF243BDAC954A822A594BBF93BFE5DC6C30C01579F6402CE761C47D8E72C9E2276C21EC10D3D89144D598C31797CB6702D19123D4314D4198D2CE518BC4EC4B6A8CF1549CF80D1763B0968EF2806C85897E22099B14B568C8F4879AE66E5B5E323DE86616640344C86FD59366A57FDE2FAADFBA0F9FEC30EEDBEB71F7EC1262EEF67ACFA19C6F85C78793E08545253B87B2348829DCA70C7CCC1286C94D45D615345948CA2FEFDB191204AEDEE7CDAC4F54FFC7B136B412583662824AB36B40B41B52112B578B11C827B037138FCB7B77926E546C3C231579FA9E8D03AA19EFC635E070A73E7992EB275C32420212606CAFAA3230D58CE56E1E7ED062DF31CCC98465076F525CD3E3C613C180D5BF0676008285842533C57BEE492D76132C457F0D7DADEC7AA7A68ED706EE5553E7A59E4EABD2E298330DADEC58060AA01443732E3D84C6919DF8CCABDB12AC805389939247D707BD974201E953ABE50AD5AD1D61DCE4FCF36D1CC87C3AF82280A33AD701BD8F0E6EDE6AC0DC315138DA4D9C98B1A19F9E1E6B99012E4E814A6D008DD529692820FF6F9C9EFA0B882107B290D315762E1FB38928205E32E056E7D6836DA45447F08D5B405C0632138FC6744475E342E22EE5BEC92B56AA7039CD79A07B739D7C3DC89312F2BA7A1E1E9443BEADCF3525B7DA3EDF2A9834EBBC2CC76E34EE50EB08BBA1C5D0FE9DCAF618F30AFA9BDF62D6007CD1C9B20F364E4EE6A263626F9AA06B1BAE7828E4CD7636D5A0D769C9CC0C3A35749F915B8337CF1F66739388499B15B60ED4CD93C9563248643A801923E4739EBF7671A9565752F320B583CE8E9E94CF84EE9F7CEA3471F9254D93D00D67EAA00EC394C53B93324443347B6B50E7BB882308CF677476B6CF106D6895EBBF2801CADFBAB90F388EFEAC8EB935179A8FA8FFB17C77FC29DBFAC61A202FAA39E66DA076D1D425C4058" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-10-13 19:32:15 ComboFix-quarantined-files.txt 2012-10-14 01:32 ComboFix2.txt 2012-10-14 00:28 . Pre-Run: 648,024,756,224 bytes free Post-Run: 647,725,682,688 bytes free . - - End Of File - - BB94BF8A7F3CF28BCA76757BBAA99498
- October 14, 2012
- 70 replies
1st time noob with 10 regsitry hits, please help decipher

seventech replied to seventech's topic in Resolved Malware Removal Logs

ok got it running now, on box2 again
- October 14, 2012
- 70 replies
1st time noob with 10 regsitry hits, please help decipher

seventech replied to seventech's topic in Resolved Malware Removal Logs

whew, thats was scary! wish I knew root cause? maybe when I turned OFF no script with firefox, it let something in perhaps?
- October 14, 2012
- 70 replies
1st time noob with 10 regsitry hits, please help decipher

seventech replied to seventech's topic in Resolved Malware Removal Logs

combo fix log ComboFix 12-10-13.04 - BT 10/13/2012 18:12:48.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16384.9774 [GMT -6:00] Running from: c:\users\BT\Downloads\ComboFix.exe AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-09-14 to 2012-10-14 ))))))))))))))))))))))))))))))) . . 2012-10-14 00:16 . 2012-10-14 00:16 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-13 17:09 . 2012-10-13 17:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-10-13 17:09 . 2012-09-07 23:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-10-13 17:03 . 2012-10-13 17:03 -------- d-----w- c:\windows\system32\oodag 2012-10-13 16:59 . 2012-10-13 16:59 -------- d-----w- c:\program files\OO Software 2012-10-13 16:58 . 2012-10-13 16:58 -------- d-----w- c:\programdata\OO Software 2012-10-13 16:56 . 2012-10-13 16:56 -------- d-----w- c:\program files (x86)\KeePass Password Safe 2 2012-10-07 15:31 . 2012-10-07 15:31 -------- d-----w- c:\program files (x86)\MediaFire 2012-10-03 05:18 . 2012-10-03 05:18 -------- dc----w- c:\windows\system32\DRVSTORE 2012-10-03 05:18 . 2012-08-21 19:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-10-03 05:17 . 2012-10-03 05:17 -------- d-----w- c:\program files\iPod 2012-10-03 05:17 . 2012-10-03 05:18 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-10-03 05:17 . 2012-10-03 05:18 -------- d-----w- c:\program files\iTunes 2012-10-03 05:17 . 2012-10-03 05:18 -------- d-----w- c:\program files (x86)\iTunes 2012-10-03 05:17 . 2012-10-03 05:17 -------- d-----w- c:\programdata\Apple Computer 2012-10-03 05:16 . 2012-10-03 05:16 -------- d-----w- c:\program files\Common Files\Apple 2012-10-03 05:16 . 2012-10-03 05:16 -------- d-----w- c:\program files\Bonjour 2012-10-03 05:16 . 2012-10-03 05:16 -------- d-----w- c:\program files (x86)\Bonjour 2012-10-02 21:41 . 2012-10-02 21:41 4873072 ----a-w- c:\windows\system32\ooscrsav.scr 2012-10-02 21:41 . 2012-10-02 21:41 256368 ----a-w- c:\windows\system32\oodbs.exe 2012-10-02 21:41 . 2012-10-02 21:41 537456 ----a-w- c:\windows\system32\oodssrs.dll 2012-10-02 21:40 . 2012-10-02 21:40 10096 ----a-w- c:\windows\system32\oodbsrs.dll 2012-10-01 21:56 . 2012-10-01 21:56 -------- d-----w- c:\windows\system32\drivers\NISx64\1309000.009 2012-09-30 15:05 . 2012-09-30 15:05 -------- d-----w- C:\Collections_2012 2012-09-30 15:04 . 2012-09-30 15:04 -------- d-----w- C:\Video_DL 2012-09-30 09:01 . 2012-09-30 09:01 -------- d-----w- c:\program files (x86)\MSXML 4.0 2012-09-30 02:16 . 2012-09-30 02:16 -------- d-----w- c:\program files (x86)\ImgBurn 2012-09-30 00:44 . 2012-09-30 00:44 -------- d-----w- c:\program files (x86)\Sony Setup 2012-09-30 00:31 . 2012-09-30 00:31 -------- d-----w- c:\program files (x86)\Sony 2012-09-28 23:11 . 2012-10-01 01:17 -------- d-----w- C:\PFS8.1 PE_TMP 2012-09-28 23:09 . 2012-09-28 23:09 -------- d-----w- c:\programdata\Panasonic 2012-09-28 22:58 . 2012-10-01 01:10 -------- d-----w- C:\BT 2012 VIDEO 2012-09-28 22:58 . 2007-06-22 06:10 501912 ----a-w- c:\windows\SysWow64\PICSDK2.dll 2012-09-28 22:58 . 2006-10-31 06:10 71840 ----a-w- c:\windows\SysWow64\EPPicMgr.dll 2012-09-28 22:58 . 2006-10-31 06:10 120992 ----a-w- c:\windows\SysWow64\EpPicPrt.dll 2012-09-28 22:58 . 2006-10-20 06:10 80024 ----a-w- c:\windows\SysWow64\PICSDK.dll 2012-09-28 22:58 . 2006-10-20 06:10 108704 ----a-w- c:\windows\SysWow64\PICEntry.dll 2012-09-28 22:56 . 2012-09-28 22:56 -------- d-----w- c:\program files (x86)\Common Files\Panasonic 2012-09-28 22:56 . 2012-09-28 23:08 -------- d-----w- c:\program files (x86)\Panasonic 2012-09-28 22:56 . 2012-09-28 22:56 -------- d-----w- c:\program files\Microsoft Synchronization Services 2012-09-28 22:56 . 2012-09-28 22:56 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2012-09-28 22:56 . 2012-09-28 22:56 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services 2012-09-28 22:23 . 2012-10-03 05:17 -------- d-----w- c:\program files (x86)\Common Files\Apple 2012-09-28 22:23 . 2012-10-03 05:17 -------- d-----w- c:\programdata\Apple 2012-09-28 22:23 . 2012-09-28 22:23 -------- d-----w- c:\program files (x86)\Apple Software Update 2012-09-28 22:17 . 2012-09-28 22:17 -------- d-----w- c:\users\Public\CyberLink 2012-09-28 21:38 . 2012-09-28 21:38 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2012-09-28 21:38 . 2012-09-28 21:42 -------- d-----w- c:\programdata\Seagate 2012-09-28 21:38 . 2012-09-28 21:38 971360 ----a-w- c:\windows\system32\drivers\timntr.sys 2012-09-28 21:37 . 2012-09-28 21:37 210016 ----a-w- c:\windows\system32\drivers\vididr.sys 2012-09-28 21:37 . 2012-09-28 21:37 141920 ----a-w- c:\windows\system32\drivers\vsflt53.sys 2012-09-28 21:37 . 2012-09-28 21:37 275552 ----a-w- c:\windows\system32\drivers\snapman.sys 2012-09-28 21:37 . 2012-09-28 21:37 -------- d-----w- c:\program files (x86)\Common Files\Acronis 2012-09-28 21:37 . 2012-09-28 21:42 -------- d-----w- c:\program files (x86)\Seagate 2012-09-28 21:37 . 2012-09-28 21:37 -------- d-----w- c:\program files (x86)\Common Files\Seagate 2012-09-26 03:14 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-09-25 13:07 . 2012-10-13 23:37 -------- d-----w- C:\Torr 2012-09-25 02:43 . 2012-09-25 02:43 -------- d-----w- c:\program files (x86)\SMPlayer 2012-09-25 02:42 . 2012-09-26 17:00 321384 ----a-w- c:\windows\SysWow64\Sendori.dll 2012-09-25 02:41 . 2012-09-26 23:29 -------- d-----w- c:\programdata\Sendori 2012-09-25 02:41 . 2012-09-26 23:29 -------- d-----w- c:\program files (x86)\Sendori 2012-09-25 02:41 . 2012-10-13 22:17 -------- d-----w- c:\program files (x86)\OApps 2012-09-24 04:39 . 2012-09-24 04:39 -------- d-----w- c:\program files (x86)\CD Wave 2012-09-24 04:39 . 2009-02-07 18:34 258352 ----a-w- c:\windows\SysWow64\unicows.dll 2012-09-24 04:20 . 2012-09-24 04:20 -------- d-----w- c:\programdata\Malwarebytes 2012-09-24 04:16 . 2012-09-24 04:16 -------- d-----w- c:\program files (x86)\VideoLAN 2012-09-23 15:31 . 2012-09-23 15:31 -------- d-----w- c:\program files (x86)\Amazon 2012-09-23 15:16 . 2012-09-23 15:17 -------- d-----w- c:\programdata\Recovery 2012-09-23 14:40 . 2012-09-23 14:40 -------- d-----w- c:\program files (x86)\SystemRequirementsLab 2012-09-23 14:40 . 2012-09-23 14:40 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-09-23 14:40 . 2012-09-23 14:39 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-09-23 14:40 . 2012-09-23 14:39 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-23 14:40 . 2012-09-23 14:39 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-23 14:39 . 2012-09-23 14:39 -------- d-----w- c:\program files (x86)\Java 2012-09-23 14:39 . 2012-09-23 14:39 -------- d-----w- c:\programdata\McAfee 2012-09-23 14:17 . 2012-10-08 04:56 -------- d-----w- c:\program files\CCleaner 2012-09-22 20:30 . 2012-10-14 00:17 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2012-09-22 19:52 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll 2012-09-20 12:59 . 2012-10-10 09:01 65309168 ----a-w- c:\windows\system32\MRT.exe 2012-09-18 12:49 . 2012-09-18 12:50 -------- d-----w- c:\program files (x86)\foobar2000 2012-09-17 09:38 . 2012-09-17 09:38 -------- d-----w- c:\windows\SysWow64\Wat 2012-09-17 09:38 . 2012-09-17 09:38 -------- d-----w- c:\windows\system32\Wat 2012-09-17 09:09 . 2012-09-17 09:09 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-09-17 09:09 . 2012-09-17 09:09 -------- d-----r- c:\program files (x86)\Skype 2012-09-17 09:05 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-09-17 09:05 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-09-17 09:05 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-09-17 09:05 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2012-09-17 09:05 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-09-17 03:10 . 2012-09-17 03:11 -------- d-----w- c:\program files\WinRAR 2012-09-16 15:41 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys 2012-09-16 15:41 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll 2012-09-16 15:41 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-09-16 02:34 . 2012-09-16 02:34 -------- d-----w- c:\program files (x86)\Conduit 2012-09-16 02:33 . 2012-09-16 02:33 -------- d-----w- c:\program files (x86)\uTorrent 2012-09-15 22:49 . 2012-09-15 22:55 -------- d-----w- c:\programdata\VirtualizedApplications 2012-09-15 18:27 . 2012-09-16 16:47 -------- d-----w- c:\windows\system32\drivers\NISx64\1308000.00E 2012-09-15 18:22 . 2012-09-15 18:22 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared 2012-09-15 16:15 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-09-15 16:15 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-09-15 16:15 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-09-15 16:12 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-09-15 16:12 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-09-15 16:12 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-09-15 16:12 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-09-15 16:12 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-09-15 16:12 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-09-15 16:12 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-09-15 16:12 . 2012-06-02 21:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-09-15 16:12 . 2012-06-02 21:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-09-15 16:00 . 2012-10-14 00:02 -------- d-----w- C:\COLLECTIONS 2012-09-15 15:54 . 2012-09-17 09:13 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client 2012-09-15 15:54 . 2012-09-15 15:54 -------- d-----w- c:\program files\Microsoft Office 2012-09-15 15:43 . 2012-10-07 20:07 -------- d-----w- c:\users\BT 2012-09-15 15:43 . 2012-09-15 15:43 -------- d-----w- c:\program files (x86)\Microsoft Mathematics . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-03 04:20 . 2012-09-06 20:39 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-03 04:20 . 2012-09-06 20:39 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-09-15 16:41 . 2011-03-29 01:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-09-06 20:49 . 2012-09-06 20:49 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2012-09-06 20:21 . 2012-09-06 20:21 296320 ----a-w- c:\windows\system32\drivers\volsnap.sys 2012-09-06 20:21 . 2012-09-06 20:21 96768 ----a-w- c:\windows\system32\fsutil.exe 2012-09-06 20:21 . 2012-09-06 20:21 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS 2012-09-06 20:21 . 2012-09-06 20:21 74240 ----a-w- c:\windows\SysWow64\fsutil.exe 2012-09-06 20:21 . 2012-09-06 20:21 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys 2012-09-06 20:21 . 2012-09-06 20:21 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys 2012-09-06 20:21 . 2012-09-06 20:21 2565632 ----a-w- c:\windows\system32\esent.dll 2012-09-06 20:21 . 2012-09-06 20:21 189824 ----a-w- c:\windows\system32\drivers\storport.sys 2012-09-06 20:21 . 2012-09-06 20:21 1699328 ----a-w- c:\windows\SysWow64\esent.dll 2012-09-06 20:21 . 2012-09-06 20:21 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys 2012-09-06 20:21 . 2012-09-06 20:21 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys 2012-09-06 20:21 . 2012-09-06 20:21 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys 2012-09-06 20:20 . 2012-09-06 20:20 515584 ----a-w- c:\windows\system32\timedate.cpl 2012-09-06 20:20 . 2012-09-06 20:20 478720 ----a-w- c:\windows\SysWow64\timedate.cpl 2012-09-06 20:20 . 2012-09-06 20:20 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll 2012-09-06 20:20 . 2012-09-06 20:20 634880 ----a-w- c:\windows\system32\msvcrt.dll 2012-09-06 20:20 . 2012-09-06 20:20 498688 ----a-w- c:\windows\system32\drivers\afd.sys 2012-09-06 20:20 . 2012-09-06 20:20 1731920 ----a-w- c:\windows\system32\ntdll.dll 2012-09-06 20:20 . 2012-09-06 20:20 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll 2012-09-06 20:20 . 2012-09-06 20:20 509952 ----a-w- c:\windows\system32\ntshrui.dll 2012-09-06 20:20 . 2012-09-06 20:20 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll 2012-09-06 20:19 . 2012-09-06 20:19 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-09-06 20:19 . 2012-09-06 20:19 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-09-06 20:19 . 2012-09-06 20:19 1572864 ----a-w- c:\windows\system32\quartz.dll 2012-09-06 20:19 . 2012-09-06 20:19 1328128 ----a-w- c:\windows\SysWow64\quartz.dll 2012-09-06 20:19 . 2012-09-06 20:19 43520 ----a-w- c:\windows\system32\csrsrv.dll 2012-09-06 20:19 . 2012-09-06 20:19 723456 ----a-w- c:\windows\system32\EncDec.dll 2012-09-06 20:19 . 2012-09-06 20:19 534528 ----a-w- c:\windows\SysWow64\EncDec.dll 2012-09-06 20:19 . 2012-09-06 20:19 395776 ----a-w- c:\windows\system32\webio.dll 2012-09-06 20:19 . 2012-09-06 20:19 314880 ----a-w- c:\windows\SysWow64\webio.dll 2012-09-06 20:19 . 2012-09-06 20:19 31232 ----a-w- c:\windows\system32\lsass.exe 2012-09-06 20:19 . 2012-09-06 20:19 29184 ----a-w- c:\windows\system32\sspisrv.dll 2012-09-06 20:19 . 2012-09-06 20:19 28160 ----a-w- c:\windows\system32\secur32.dll 2012-09-06 20:19 . 2012-09-06 20:19 1447936 ----a-w- c:\windows\system32\lsasrv.dll 2012-09-06 20:19 . 2012-09-06 20:19 136192 ----a-w- c:\windows\system32\sspicli.dll 2012-09-06 20:19 . 2012-09-06 20:19 77312 ----a-w- c:\windows\system32\packager.dll 2012-09-06 20:19 . 2012-09-06 20:19 67072 ----a-w- c:\windows\SysWow64\packager.dll 2012-09-06 20:19 . 2012-09-06 20:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax 2012-09-06 20:19 . 2012-09-06 20:19 613888 ----a-w- c:\windows\system32\psisdecd.dll 2012-09-06 20:19 . 2012-09-06 20:19 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll 2012-09-06 20:19 . 2012-09-06 20:19 108032 ----a-w- c:\windows\system32\psisrndr.ax 2012-09-06 20:18 . 2012-09-06 20:18 861696 ----a-w- c:\windows\system32\oleaut32.dll 2012-09-06 20:18 . 2012-09-06 20:18 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2012-09-06 20:18 . 2012-09-06 20:18 331776 ----a-w- c:\windows\system32\oleacc.dll 2012-09-06 20:18 . 2012-09-06 20:18 233472 ----a-w- c:\windows\SysWow64\oleacc.dll 2012-09-06 20:18 . 2012-09-06 20:18 199680 ----a-w- c:\windows\system32\xmllite.dll 2012-09-06 20:18 . 2012-09-06 20:18 86016 ----a-w- c:\windows\SysWow64\odbccu32.dll 2012-09-06 20:18 . 2012-09-06 20:18 81920 ----a-w- c:\windows\SysWow64\odbccr32.dll 2012-09-06 20:18 . 2012-09-06 20:18 319488 ----a-w- c:\windows\SysWow64\odbcjt32.dll 2012-09-06 20:18 . 2012-09-06 20:18 212992 ----a-w- c:\windows\system32\odbctrac.dll 2012-09-06 20:18 . 2012-09-06 20:18 163840 ----a-w- c:\windows\SysWow64\odbctrac.dll 2012-09-06 20:18 . 2012-09-06 20:18 163840 ----a-w- c:\windows\system32\odbccp32.dll 2012-09-06 20:18 . 2012-09-06 20:18 122880 ----a-w- c:\windows\SysWow64\odbccp32.dll 2012-09-06 20:18 . 2012-09-06 20:18 106496 ----a-w- c:\windows\system32\odbccu32.dll 2012-09-06 20:18 . 2012-09-06 20:18 106496 ----a-w- c:\windows\system32\odbccr32.dll 2012-09-06 20:18 . 2012-09-06 20:18 64512 ----a-w- c:\windows\SysWow64\devobj.dll 2012-09-06 20:18 . 2012-09-06 20:18 44544 ----a-w- c:\windows\SysWow64\devrtl.dll 2012-09-06 20:18 . 2012-09-06 20:18 404480 ----a-w- c:\windows\system32\umpnpmgr.dll 2012-09-06 20:18 . 2012-09-06 20:18 252928 ----a-w- c:\windows\SysWow64\drvinst.exe 2012-09-06 20:18 . 2012-09-06 20:18 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll 2012-09-06 20:18 . 2012-09-06 20:18 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe 2012-09-06 20:18 . 2012-09-06 20:18 778752 ----a-w- c:\windows\system32\mssvp.dll 2012-09-06 20:18 . 2012-09-06 20:18 75264 ----a-w- c:\windows\system32\msscntrs.dll 2012-09-06 20:18 . 2012-09-06 20:18 666624 ----a-w- c:\windows\SysWow64\mssvp.dll 2012-09-06 20:18 . 2012-09-06 20:18 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll 2012-09-06 20:18 . 2012-09-06 20:18 591872 ----a-w- c:\windows\system32\SearchIndexer.exe 2012-09-06 20:18 . 2012-09-06 20:18 491520 ----a-w- c:\windows\system32\mssph.dll 2012-09-06 20:18 . 2012-09-06 20:18 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe 2012-09-06 20:18 . 2012-09-06 20:18 337408 ----a-w- c:\windows\SysWow64\mssph.dll 2012-09-06 20:18 . 2012-09-06 20:18 288256 ----a-w- c:\windows\system32\mssphtb.dll 2012-09-06 20:18 . 2012-09-06 20:18 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe 2012-09-06 20:18 . 2012-09-06 20:18 2315776 ----a-w- c:\windows\system32\tquery.dll 2012-09-06 20:18 . 2012-09-06 20:18 2223616 ----a-w- c:\windows\system32\mssrch.dll 2012-09-06 20:18 . 2012-09-06 20:18 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll 2012-09-06 20:18 . 2012-09-06 20:18 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe 2012-09-06 20:18 . 2012-09-06 20:18 1549312 ----a-w- c:\windows\SysWow64\tquery.dll 2012-09-06 20:18 . 2012-09-06 20:18 1401344 ----a-w- c:\windows\SysWow64\mssrch.dll 2012-09-06 20:18 . 2012-09-06 20:18 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe 2012-09-06 20:18 . 2012-09-06 20:18 976896 ----a-w- c:\windows\system32\inetcomm.dll 2012-09-06 20:18 . 2012-09-06 20:18 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll 2012-09-06 20:18 . 2012-09-06 20:18 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2012-09-06 20:18 . 2012-09-06 20:18 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2012-09-06 20:18 . 2012-09-06 20:18 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2012-09-06 20:18 . 2012-09-06 20:18 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2012-09-06 20:18 . 2012-09-06 20:18 467456 ----a-w- c:\windows\system32\drivers\srv.sys 2012-09-06 20:18 . 2012-09-06 20:18 410112 ----a-w- c:\windows\system32\drivers\srv2.sys 2012-09-06 20:18 . 2012-09-06 20:18 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys 2012-09-06 20:18 . 2012-09-06 20:18 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2012-09-06 20:18 . 2012-09-06 20:18 7936 ----a-w- c:\windows\system32\drivers\usbd.sys 2012-09-06 20:18 . 2012-09-06 20:18 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys 2012-09-06 20:18 . 2012-09-06 20:18 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys 2012-09-06 20:18 . 2012-09-06 20:18 325120 ----a-w- c:\windows\system32\drivers\usbport.sys 2012-09-06 20:18 . 2012-09-06 20:18 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2012-09-06 20:18 . 2012-09-06 20:18 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys 2012-09-06 20:18 . 2012-09-06 20:18 2871808 ----a-w- c:\windows\explorer.exe 2012-09-06 20:18 . 2012-09-06 20:18 2616320 ----a-w- c:\windows\SysWow64\explorer.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}] 2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\BT\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\BT\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\BT\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2011-12-05 291096] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928] "PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2012-04-04 684024] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "Sendori Tray"="c:\program files (x86)\Sendori\SendoriTray.exe" [2012-09-26 82792] "DiscWizardMonitor.exe"="c:\program files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe" [2011-06-30 2638152] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776] "KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2012-10-04 1912832] . c:\users\BT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\BT\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-26 26924984] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ O&O Defrag Tray.lnk - c:\windows\Installer\{EAD525A8-13CD-400E-A01D-E4492BBB0FEC}\DefragIcon.exe [2012-10-13 292878] PHOTOfunSTUDIO 8.1 PE.lnk - c:\program files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2012-9-28 229000] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 RaMediaServer;Ralink UPnP Media Server;c:\program files (x86)\Ralink\Common\RaMediaServer.exe [2011-08-19 625728] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe [2012-02-14 240408] R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-05-21 276288] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-13 115168] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-17 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys [2011-12-05 16152] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856] S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-09-28 210016] S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys [2012-09-28 141920] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-15 169624] S2 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe [2012-09-26 118632] S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe [2012-02-14 193816] S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-08-16 16384] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 FreeAgentGoFlex Service;Seagate Drive Settings Service;c:\program files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe [2011-02-10 91432] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072] S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe [2012-06-16 138272] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2012-10-02 2552176] S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2012-04-04 1134584] S2 RalinkRegistryWriter64;RalinkRegistryWriter64;c:\program files (x86)\Ralink\Common\RaRegistry64.exe [2012-01-13 447488] S2 Service Sendori;Service Sendori;c:\program files (x86)\Sendori\Sendori.Service.exe [2012-09-26 15208] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2011-06-30 1191408] S2 sndappv2;sndappv2;c:\program files (x86)\Sendori\sndappv2.exe [2012-09-26 3569512] S3 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-09-05 1385120] S3 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [2012-06-07 167072] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-09-16 138912] S3 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20121012.001\IDSvia64.sys [2012-09-14 513184] S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys [2011-12-05 355096] S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys [2011-12-05 785688] S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-09-19 108656] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928] S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECIx64.sys [2012-04-11 60184] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2012-03-06 1857600] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS [2011-08-15 451192] S3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [2012-05-22 1129120] S3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [2012-04-18 190072] S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1308000.00E\SYMNETS.SYS [2012-04-18 405624] . . Contents of the 'Scheduled Tasks' folder . 2012-10-09 c:\windows\Tasks\HPCeeScheduleForBT.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\BT\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\BT\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\BT\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\BT\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-03-30 1425408] "BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2012-03-30 37888] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608] "HPSYSDRV"="c:\program files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE" [2008-11-20 62768] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-21 170304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-21 398656] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-21 440128] "Seagate Scheduler2 Service"="c:\program files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe" [2011-06-30 395152] "OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2012-10-02 7060848] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local;<local> TCP: DhcpNameServer = 192.168.0.1 205.171.3.25 TCP: Interfaces\{1B56ABDA-6052-4E6D-8967-B10D06669149}: NameServer = 216.146.35.240,216.146.36.240,192.168.0.1,205.171.3.25 FF - ProfilePath - c:\users\BT\AppData\Roaming\Mozilla\Firefox\Profiles\2aaesapi.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.blabbermouth.net/|http://www.denverpost.com/|http://www.9news.com/|http://www.youtube.com/ FF - ExtSQL: 2012-09-22 11:41; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn FF - ExtSQL: 2012-09-22 13:52; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn FF - ExtSQL: 2012-09-22 14:36; firegestures@xuldev.org; c:\users\BT\AppData\Roaming\Mozilla\Firefox\Profiles\2aaesapi.default\extensions\firegestures@xuldev.org.xpi FF - ExtSQL: 2012-09-22 14:36; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\BT\AppData\Roaming\Mozilla\Firefox\Profiles\2aaesapi.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi FF - ExtSQL: 2012-09-22 14:36; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\BT\AppData\Roaming\Mozilla\Firefox\Profiles\2aaesapi.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF - ExtSQL: 2012-09-22 14:40; {d62bb6fa-7192-47fd-b640-ad8855c444f3}; c:\users\BT\AppData\Roaming\Mozilla\Firefox\Profiles\2aaesapi.default\extensions\{d62bb6fa-7192-47fd-b640-ad8855c444f3}.xpi FF - ExtSQL: 2012-09-24 20:41; plugin@selectionlinks.com; c:\users\BT\AppData\Roaming\Mozilla\Firefox\Profiles\2aaesapi.default\extensions\plugin@selectionlinks.com FF - ExtSQL: 2012-10-12 23:00; openinie@wittersworld.com; c:\users\BT\AppData\Roaming\Mozilla\Firefox\Profiles\2aaesapi.default\extensions\openinie@wittersworld.com.xpi user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0); . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) HKLM_Wow6432Node-ActiveSetup-{438363A8-F486-4C37-834C-4955773CB3D3} - msiexec WebBrowser-{7473B6BD-4691-4744-A82B-7854EB3D70B6} - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher] "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG16.00.00.01PROFESSIONAL"="FE8CD8D0DC9866CA70103654B078419B736D244B80F564BD4D691B0B218CE944AA6350FAC66D54D6FEB29C6209EA5CD03819B554406B076AB93AA9172B6E9CF431B2BA2DE6AADAA1B6AF81E63A2A885FBCA0DF86A70ACD45FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6171C11EC38DE3D8EDD5E5BE2F6E667FEBC9E127BECC74C8FC4B0BFFA267877943B2D34153B327B169C24A7BE85E9BB1603D4A010CD231E0A849F18CE9AADF048E175218A6D07D1CA432119030381A53D0856E8602B4526E0A39A5ABE32987BB810F77883D304E90D45808286C5B1853D51266E0B4938825AED5AFB88D31D0D9FB2085842C837B4AC5354CB313AD66698F1B281BA43C5F751F34B583B6E1140CDFB31445CA9A6C40EDF6241BD4FC3F3E8BA1FD7F03C2DE9320C8D2C3D743F5426E2AF243BDAC954A822A594BBF93BFE5DC6C30C01579F6402CE761C47D8E72C9E2276C21EC10D3D89144D598C31797CB6702D19123D4314D4198D2CE518BC4EC4B6A8CF1549CF80D1763B0968EF2806C85897E22099B14B568C8F4879AE66E5B5E323DE86616640344C86FD59366A57FDE2FAADFBA0F9FEC30EEDBEB71F7EC1262EEF67ACFA19C6F85C78793E08545253B87B2348829DCA70C7CCC1286C94D45D615345948CA2FEFDB191204AEDEE7CDAC4F54FFC7B136B412583662824AB36B40B41B52112B578B11C827B037138FCB7B77926E546C3C231579FA9E8D03AA19EFC635E070A73E7992EB275C32420212606CAFAA3230D58CE56E1E7ED062DF31CCC98465076F525CD3E3C613C180D5BF0676008285842533C57BEE492D76132C457F0D7DADEC7AA7A68ED706EE5553E7A59E4EABD2E298330DADEC58060AA01443732E3D84C6919DF8CCABDB12AC805389939247D707BD974201E953ABE50AD5AD1D61DCE4FCF36D1CC87C3AF82280A33AD701BD8F0E6EDE6AC0DC315138DA4D9C98B1A19F9E1E6B99012E4E814A6D008DD529692820FF6F9C9EFA0B882107B290D315762E1FB38928205E32E056E7D6836DA45447F08D5B405C0632138FC6744475E342E22EE5BEC92B56AA7039CD79A07B739D7C3DC89312F2BA7A1E1E9443BEADCF3525B7DA3EDF2A9834EBBC2CC76E34EE50EB08BBA1C5D0FE9DCAF618F30AFA9BDF62D6007CD1C9B20F364E4EE6A263626F9AA06B1BAE7828E4CD7636D5A0D769C9CC0C3A35749F915B8337CF1F66739388499B15B60ED4CD93C9563248643A801923E4739EBF7671A9565752F320B583CE8E9E94CF84EE9F7CEA3471F9254D93D00D67EAA00EC394C53B93324443347B6B50E7BB882308CF677476B6CF106D6895EBBF2801CADFBAB90F388EFEAC8EB935179A8FA8FFB17C77FC29DBFAC61A202FAA39E66DA076D1D425C4058" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Ralink\Common\RaRegistry.exe c:\program files (x86)\Sendori\SendoriUp.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe . ************************************************************************** . Completion time: 2012-10-13 18:28:11 - machine was rebooted ComboFix-quarantined-files.txt 2012-10-14 00:28 . Pre-Run: 647,411,646,464 bytes free Post-Run: 647,591,124,992 bytes free . - - End Of File - - 07B9163DC709B3F962C801D7395226D5
- October 14, 2012
- 70 replies
1st time noob with 10 regsitry hits, please help decipher

seventech replied to seventech's topic in Resolved Malware Removal Logs

. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 9/15/2012 9:43:31 AM System Uptime: 10/12/2012 10:55:42 PM (13 hours ago) . Motherboard: PEGATRON CORPORATION | | 2AD5 Processor: Intel® Core i7-3770 CPU @ 3.40GHz | | 3401/29285mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 911 GiB total, 601.918 GiB free. D: is FIXED (NTFS) - 20 GiB total, 2.487 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable J: is FIXED (NTFS) - 2794 GiB total, 2120.655 GiB free. K: is FIXED (NTFS) - 2794 GiB total, 2794.219 GiB free. R: is FIXED (NTFS) - 1397 GiB total, 345.929 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP26: 10/10/2012 3:00:13 AM - Windows Update RP27: 10/13/2012 10:58:56 AM - Installed O&O Defrag Professional . ==== Installed Programs ====================== . µTorrent 4 Elements II Adobe AIR Adobe Community Help Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop Elements 10 Amazon MP3 Downloader 1.0.17 Apple Application Support Apple Software Update Bejeweled 3 Bing Bar Blackhawk Striker 2 Blio Bubble Wrap CD Wave Editor 1.98 Chuzzle Deluxe Cradle of Rome 2 D3DX10 DirectX for Managed Code Update (Summer 2004) Dora's World Adventure Dropbox Elements 10 Organizer Escape the Emerald Star Facebook Farm Frenzy Farmscapes FATE Final Drive Fury foobar2000 v1.1.15 Golden Trails 2: The Lost Legacy Collector's Edition Hewlett-Packard ACLM.NET v1.1.2.0 Hoyle Card Games HP Calendar HP Clock HP Customer Experience Enhancements HP Games HP LinkUp HP Magic Canvas HP Magic Canvas Tutorials HP Notes HP Odometer HP RSS HP Setup HP Support Assistant HP Support Information HP TouchSmart Background - Beats HP TouchSmart RecipeBox HP Update HP Weather ImgBurn Intel® Management Engine Components Intel® OpenCL CPU Runtime Intel® Processor Graphics Intel® USB 3.0 eXtensible Host Controller Driver Java 7 Update 7 Java Auto Updater Jewel Match 3 Jewel Quest Mysteries: The Seventh Gate Collector's Edition John Deere Drive Green Junk Mail filter update KeePass Password Safe 2.20.1 LabelPrint Luxor HD Mah Jong Medley Malwarebytes Anti-Malware version 1.65.0.1400 Mesh Runtime Metric Converter Microsoft Mathematics Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mortimer Beckett and the Crimson Thief Premium Edition Mozilla Firefox 15.0.1 (x86 en-US) Mozilla Firefox 16.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) My Farm Life 2 Norton Internet Security Norton Online Backup opensource PDF Complete Corporate Edition Penguins! PHOTOfunSTUDIO 8.1 PE Plants vs. Zombies - Game of the Year PlayReady PC Runtime x86 Poker Superstars III Polar Bowler Polar Golfer Power2Go PRE10STI64Installer PSE10 STI Installer Ralink 802.11n Wireless LAN Card Recovery Manager Remote Graphics Receiver Roads of Rome 3 Seagate DiscWizard Seagate Drive Settings Installer SeaTools for Windows Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) SelectionLinks Sendori Skype™ 5.10 SmartSound Common Data SmartSound Sonicfire Pro 5 SMPlayer 0.6.9 Sony Sound Forge Audio Studio 9.0 Spot System Requirements Lab for Intel Tales of Lagoona Tap Tap Bear Torchlight TSHostedAppLauncher Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update Installer for WildTangent Games App uTorrentControl_v2 Toolbar Virtual Villagers 4 - The Tree of Life VLC media player 2.0.3 WildTangent Games App (HP Games) Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Youda Fisherman Zuma's Revenge . ==== Event Viewer Messages From Past Week ======== . 10/8/2012 6:05:52 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 10/8/2012 6:05:52 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535. 10/13/2012 12:12:56 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3. 10/12/2012 10:56:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect. 10/10/2012 6:31:46 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000fe (0x0000000000000008, 0x0000000000000006, 0x0000000000000006, 0xfffffa80119eb010). A dump was saved in: C:\windows\Minidump\101012-26566-01.dmp. Report Id: 101012-26566-01. 10/10/2012 2:31:35 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. . ==== End Of File ===========================
- October 14, 2012
- 70 replies
1st time noob with 10 regsitry hits, please help decipher

seventech replied to seventech's topic in Resolved Malware Removal Logs

ok back on infected pc, wasnt able to get to f8 (safe) but had a second instance of IE (thnaks facebook). here's the first log
- October 14, 2012
- 70 replies
1st time noob with 10 regsitry hits, please help decipher

seventech replied to seventech's topic in Resolved Malware Removal Logs

I can try safe mode, tried to go over the network and it wont take my log/pass. is it f8 to get into safe?
- October 14, 2012
- 70 replies
1st time noob with 10 regsitry hits, please help decipher

seventech replied to seventech's topic in Resolved Malware Removal Logs

somethings alot worse now, I cant get to explorer and its asking to remove, it took away ie and now firefox. can get to files/folers or to malwarebytes
- October 14, 2012
- 70 replies
1st time noob with 10 regsitry hits, please help decipher

seventech replied to seventech's topic in Resolved Malware Removal Logs

yikes, now I got errors on both mozilla and ie. illrgal operation regitry key marked for deletion. not sure if I need to go into qurantine and retore something?
- October 14, 2012
- 70 replies
1st time noob with 10 regsitry hits, please help decipher

seventech replied to seventech's topic in Resolved Malware Removal Logs

preparing log, do not run any programs until this has finished
- October 14, 2012
- 70 replies
1st time noob with 10 regsitry hits, please help decipher

seventech replied to seventech's topic in Resolved Malware Removal Logs

ok, on my 2nd PC as when I started combo fix, the firefox window disappeared or crashed, look liks pc rebooted.let me log on
- October 14, 2012
- 70 replies
1st time noob with 10 regsitry hits, please help decipher

seventech replied to seventech's topic in Resolved Malware Removal Logs

FOR AOME REson I xcan zip, cna I copy/paste? sorry dumb question, where's the attch function/button on this forum window?> UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT
- October 14, 2012
- 70 replies
1st time noob with 10 regsitry hits, please help decipher

seventech replied to seventech's topic in Resolved Malware Removal Logs

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-10-13 17:21:52 ----------------------------- 17:21:52.032 OS Version: Windows x64 6.1.7601 Service Pack 1 17:21:52.032 Number of processors: 8 586 0x3A09 17:21:52.032 ComputerName: BT12-HP UserName: BT 17:21:52.052 Initialze error 1 17:21:58.550 AVAST engine defs: 12101301 17:22:01.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 17:22:01.171 Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 3 17:22:01.186 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2 17:22:01.186 Disk 1 Vendor: ST3000DM CC4C Size: 2861588MB BusType: 3 17:22:01.186 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-3 17:22:01.186 Disk 2 Vendor: ST3000DM CC4C Size: 2861588MB BusType: 3 17:22:01.218 Disk 0 MBR read successfully 17:22:01.218 Disk 0 MBR scan 17:22:01.218 Disk 0 unknown MBR code 17:22:01.233 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1 17:22:01.233 Disk 0 scanning C:\windows\system32\drivers 17:22:01.233 Service scanning 17:22:01.857 Modules scanning 17:22:01.857 Disk 0 trace - called modules: 17:22:01.857 ntoskrnl.exe CLASSPNP.SYS disk.sys vsflt53.sys ACPI.sys iaStor.sys hal.dll 17:22:01.873 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d9a2790] 17:22:01.873 3 CLASSPNP.SYS[fffff88000cc143f] -> nt!IofCallDriver -> [0xfffffa800d897e30] 17:22:01.873 5 vsflt53.sys[fffff88000e64cfd] -> nt!IofCallDriver -> [0xfffffa800d870950] 17:22:01.888 7 ACPI.sys[fffff88000fb27a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800d9a1050] 17:22:01.888 AVAST engine scan C:\windows 17:22:01.904 AVAST engine scan C:\windows\system32 17:22:01.904 AVAST engine scan C:\windows\system32\drivers 17:22:01.904 AVAST engine scan C:\Users\BT 17:22:01.920 AVAST engine scan C:\ProgramData 17:22:01.920 Scan finished successfully 17:22:09.977 Disk 0 MBR has been saved successfully to "C:\MBR.dat" 17:22:09.977 The log file has been saved successfully to "C:\aswMBR2.txt"
- October 13, 2012
- 70 replies
1st time noob with 10 regsitry hits, please help decipher

seventech replied to seventech's topic in Resolved Malware Removal Logs

Malwarebytes Anti-Malware (PRO) 1.65.0.1400 www.malwarebytes.org Database version: v2012.10.13.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 BT :: BT12-HP [administrator] Protection: Enabled 10/13/2012 4:31:03 PM mbam-log-2012-10-13 (16-31-03).txt Scan type: Full scan (C:\|D:\|F:\|G:\|H:\|I:\|J:\|K:\|Q:\|R:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 209461 Time elapsed: 48 minute(s), 34 second(s) [aborted] Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 8 HKCR\AppID\{186E19A3-B909-4F48-B687-BB81EB8BC7CE} (Trojan.BHO) -> Quarantined and deleted successfully. HKCR\CLSID\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} (Trojan.BHO) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} (Trojan.BHO) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} (Trojan.BHO) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} (Trojan.BHO) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} (Trojan.BHO) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} (Trojan.BHO) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} (Trojan.BHO) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
- October 13, 2012
- 70 replies
1st time noob with 10 regsitry hits, please help decipher

seventech replied to seventech's topic in Resolved Malware Removal Logs

i didnt have problems earlier this week and did a restore point on my new system. and then made a set of win7 backup files on a usb stick, then today installed some new software: O&O Defrag Malwarebytes KeePass
- October 13, 2012
- 70 replies
1st time noob with 10 regsitry hits, please help decipher

seventech replied to seventech's topic in Resolved Malware Removal Logs

running malwarebytes again now and going to remove as suggested.
- October 13, 2012
- 70 replies
1st time noob with 10 regsitry hits, please help decipher

seventech replied to seventech's topic in Resolved Malware Removal Logs

did you want me to give yout the attach file that goes with the DDS post I made? aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-10-13 16:23:03 ----------------------------- 16:23:03.596 OS Version: Windows x64 6.1.7601 Service Pack 1 16:23:03.596 Number of processors: 8 586 0x3A09 16:23:03.596 ComputerName: BT12-HP UserName: BT 16:23:03.706 Initialze error 1 16:24:54.122 AVAST engine defs: 12101301 16:28:10.851 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 16:28:10.851 Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 3 16:28:10.866 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2 16:28:10.866 Disk 1 Vendor: ST3000DM CC4C Size: 2861588MB BusType: 3 16:28:10.866 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-3 16:28:10.866 Disk 2 Vendor: ST3000DM CC4C Size: 2861588MB BusType: 3 16:28:10.882 Disk 0 MBR read successfully 16:28:10.882 Disk 0 MBR scan 16:28:10.897 Disk 0 unknown MBR code 16:28:10.897 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1 16:28:10.897 Disk 0 scanning C:\windows\system32\drivers 16:28:10.897 Service scanning 16:28:11.443 Modules scanning 16:28:11.443 Disk 0 trace - called modules: 16:28:11.443 ntoskrnl.exe CLASSPNP.SYS disk.sys vsflt53.sys ACPI.sys iaStor.sys hal.dll 16:28:11.443 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d9a2790] 16:28:11.443 3 CLASSPNP.SYS[fffff88000cc143f] -> nt!IofCallDriver -> [0xfffffa800d897e30] 16:28:11.459 5 vsflt53.sys[fffff88000e64cfd] -> nt!IofCallDriver -> [0xfffffa800d870950] 16:28:11.459 7 ACPI.sys[fffff88000fb27a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800d9a1050] 16:28:11.459 AVAST engine scan C:\windows 16:28:11.459 AVAST engine scan C:\windows\system32 16:28:11.459 AVAST engine scan C:\windows\system32\drivers 16:28:11.475 AVAST engine scan C:\Users\BT 16:28:11.475 AVAST engine scan C:\ProgramData 16:28:11.475 Scan finished successfully 16:28:21.693 Disk 0 MBR has been saved successfully to "C:\MBR.dat" 16:28:21.693 The log file has been saved successfully to "C:\aswMBR.txt"
- October 13, 2012
- 70 replies
1st time noob with 10 regsitry hits, please help decipher

seventech replied to seventech's topic in Resolved Malware Removal Logs

since my last post I went to the auto shop and now on my return had a malwarebytes message saying I got a trojan.bho and a pup.fct.plugin (googlechrome) but I dont use chrome. i did try it but I didnt like it tyring the asmMBR now
- October 13, 2012
- 70 replies
1st time noob with 10 regsitry hits, please help decipher

seventech posted a topic in Resolved Malware Removal Logs

. DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2 Run by BT at 11:53:00 on 2012-10-13 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16384.12565 [GMT -6:00] . AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\WLANExt.exe C:\windows\system32\conhost.exe C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe C:\Program Files (x86)\PDF Complete\pdfsvc.exe C:\Program Files (x86)\Ralink\Common\RaRegistry.exe C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe C:\windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Sendori\SendoriSvc.exe C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Sendori\Sendori.Service.exe C:\windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Sendori\SendoriUp.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\WUDFHost.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\IDT\WDM\Beats64.exe C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Sendori\SendoriTray.exe C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe C:\Users\BT\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\windows\system32\DllHost.exe c:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe C:\Program Files (x86)\uTorrent\uTorrent.exe C:\Program Files (x86)\Sendori\sndappv2.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files (x86)\foobar2000\foobar2000.exe C:\Program Files\OO Software\Defrag\oodag.exe C:\Program Files\OO Software\Defrag\oodtray.exe C:\Program Files\OO Software\Defrag\oodcnt.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\windows\system32\DllHost.exe C:\windows\system32\DllHost.exe C:\windows\SysWOW64\cmd.exe C:\windows\system32\conhost.exe C:\windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local;<local> uURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll mURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll mWinlogon: Userinit=userinit.exe, BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLL BHO: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: SelectionLinks: {f90a5a0d-cd98-49cc-9aa7-9cd11c7478bf} - C:\Program Files (x86)\OApps\bho.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll" TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll TB: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe" mRun: [DiscWizardMonitor.exe] "C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent StartupFolder: C:\Users\BT\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\BT\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\O&ODEF~1.LNK - C:\windows\Installer\{EAD525A8-13CD-400E-A01D-E4492BBB0FEC}\DefragIcon.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PHOTOF~1.LNK - C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll LSP: C:\windows\system32\Sendori.dll TCP: DhcpNameServer = 192.168.0.1 205.171.3.25 TCP: Interfaces\{1B56ABDA-6052-4E6D-8967-B10D06669149} : NameServer = 216.146.35.240,216.146.36.240,192.168.0.1,205.171.3.25 TCP: Interfaces\{1B56ABDA-6052-4E6D-8967-B10D06669149} : DhcpNameServer = 192.168.0.1 205.171.3.25 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll mASetup: {438363A8-F486-4C37-834C-4955773CB3D3} - msiexec /fu {438363A8-F486-4C37-834C-4955773CB3D3} /qn BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll BHO-X64: Norton Identity Protection - No File BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLL BHO-X64: Norton Vulnerability Protection - No File BHO-X64: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll BHO-X64: uTorrentControl_v2 - No File BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO-X64: SelectionLinks: {F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} - C:\Program Files (x86)\OApps\bho.dll BHO-X64: BHO_PROJECT - No File TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll" TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll TB-X64: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll mRun-x64: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun-x64: [(Default)] mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe" mRun-x64: [DiscWizardMonitor.exe] "C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\BT\AppData\Roaming\Mozilla\Firefox\Profiles\2aaesapi.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.blabbermouth.net/|http://www.denverpost.com/|http://www.9news.com/|http://www.youtube.com/ FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\windows\SysWOW64\npmproxy.dll . ---- FIREFOX POLICIES ---- user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0); ============= SERVICES / DRIVERS =============== . R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\windows\system32\drivers\iusb3hcs.sys --> C:\windows\system32\drivers\iusb3hcs.sys [?] R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?] R0 vididr;Acronis Virtual Disk;C:\windows\system32\DRIVERS\vididr.sys --> C:\windows\system32\DRIVERS\vididr.sys [?] R0 vidsflt53;Acronis Disk Storage Filter (53);C:\windows\system32\DRIVERS\vsflt53.sys --> C:\windows\system32\DRIVERS\vsflt53.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-14 169624] R2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2012-9-26 118632] R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-8-16 16384] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 FreeAgentGoFlex Service;Seagate Drive Settings Service;C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe [2011-2-10 91432] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072] R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-16 682040] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-13 399432] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-13 676936] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe [2012-9-15 138272] R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568] R2 OODefragAgent;O&O Defrag;C:\Program Files\OO Software\Defrag\oodag.exe [2012-10-2 2552176] R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-9-6 1134584] R2 RalinkRegistryWriter;RalinkRegistryWriter;C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [2012-9-6 372736] R2 RalinkRegistryWriter64;RalinkRegistryWriter64;C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [2012-9-6 447488] R2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2012-9-26 15208] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2011-6-30 1191408] R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2012-9-26 3569512] R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.EXE [2012-2-13 240408] R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-10-1 1385120] R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys --> C:\windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [?] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-9-15 138912] R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20121012.001\IDSviA64.sys [2012-10-12 513184] R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\windows\system32\drivers\iusb3hub.sys --> C:\windows\system32\drivers\iusb3hub.sys [?] R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\windows\system32\drivers\iusb3xhc.sys --> C:\windows\system32\drivers\iusb3xhc.sys [?] R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?] R3 MEIx64;Intel® Management Engine Interface ;C:\windows\system32\drivers\HECIx64.sys --> C:\windows\system32\drivers\HECIx64.sys [?] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\windows\system32\DRIVERS\netr28x.sys --> C:\windows\system32\DRIVERS\netr28x.sys [?] R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?] R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?] R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?] R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 SymDS;Symantec Data Store;C:\windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS --> C:\windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS [?] R3 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS --> C:\windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [?] R3 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS --> C:\windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [?] R3 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\NISx64\1308000.00E\SYMNETS.SYS --> C:\windows\system32\Drivers\NISx64\1308000.00E\SYMNETS.SYS [?] S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.EXE [2012-2-13 193816] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 RaMediaServer;Ralink UPnP Media Server;C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [2012-9-6 625728] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-5-21 276288] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-9-22 115168] S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-10-13 17:09:03 25928 ----a-w- C:\windows\System32\drivers\mbam.sys 2012-10-13 17:09:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-10-13 17:03:50 -------- d-----w- C:\windows\System32\oodag 2012-10-13 17:02:08 -------- d-----w- C:\Users\BT\AppData\Roaming\KeePass 2012-10-13 17:00:25 -------- d-----w- C:\Users\BT\AppData\Local\O&O 2012-10-13 16:59:45 -------- d-----w- C:\Program Files\OO Software 2012-10-13 16:58:14 -------- d-----w- C:\ProgramData\OO Software 2012-10-13 16:56:33 -------- d-----w- C:\Program Files (x86)\KeePass Password Safe 2 2012-10-10 08:14:25 1659760 ----a-w- C:\windows\System32\drivers\ntfs.sys 2012-10-07 15:31:38 -------- d-----w- C:\Program Files (x86)\MediaFire 2012-10-03 05:18:21 -------- d-----w- C:\Users\BT\AppData\Local\Apple Computer 2012-10-03 05:18:14 33240 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys 2012-10-03 05:17:47 -------- d-----w- C:\Program Files\iPod 2012-10-03 05:17:46 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-10-03 05:17:46 -------- d-----w- C:\Program Files\iTunes 2012-10-03 05:17:46 -------- d-----w- C:\Program Files (x86)\iTunes 2012-10-03 05:16:46 -------- d-----w- C:\Program Files\Bonjour 2012-10-03 05:16:46 -------- d-----w- C:\Program Files (x86)\Bonjour 2012-10-03 04:22:01 -------- d-----w- C:\Users\BT\AppData\Roaming\IDT 2012-10-02 21:41:42 4873072 ----a-w- C:\windows\System32\ooscrsav.scr 2012-10-02 21:41:26 256368 ----a-w- C:\windows\System32\oodbs.exe 2012-10-02 21:41:02 537456 ----a-w- C:\windows\System32\oodssrs.dll 2012-10-02 21:40:56 10096 ----a-w- C:\windows\System32\oodbsrs.dll 2012-10-01 21:56:22 737952 ----a-w- C:\windows\System32\drivers\NISx64\1309000.009\srtsp64.sys 2012-10-01 21:56:22 451192 ----a-r- C:\windows\System32\drivers\NISx64\1309000.009\symds64.sys 2012-10-01 21:56:22 405624 ----a-w- C:\windows\System32\drivers\NISx64\1309000.009\symnets.sys 2012-10-01 21:56:22 37536 ----a-w- C:\windows\System32\drivers\NISx64\1309000.009\srtspx64.sys 2012-10-01 21:56:22 1129120 ----a-w- C:\windows\System32\drivers\NISx64\1309000.009\symefa64.sys 2012-10-01 21:56:21 190072 ----a-w- C:\windows\System32\drivers\NISx64\1309000.009\ironx64.sys 2012-10-01 21:56:21 167072 ----a-w- C:\windows\System32\drivers\NISx64\1309000.009\ccsetx64.sys 2012-10-01 21:56:16 -------- d-----w- C:\windows\System32\drivers\NISx64\1309000.009 2012-09-30 23:29:11 -------- d-----w- C:\Users\BT\AppData\Local\Ilivid Player 2012-09-30 18:01:45 -------- d-----w- C:\Users\BT\AppData\Local\CrashDumps 2012-09-30 15:05:44 -------- d-----w- C:\Collections_2012 2012-09-30 15:04:28 -------- d-----w- C:\Video_DL 2012-09-30 09:01:33 -------- d-----w- C:\Program Files (x86)\MSXML 4.0 2012-09-30 00:44:09 -------- d-----w- C:\Program Files (x86)\Sony Setup 2012-09-30 00:36:39 -------- d-----w- C:\Users\BT\AppData\Local\Sony 2012-09-30 00:31:34 -------- d-----w- C:\Program Files (x86)\Sony 2012-09-28 23:11:32 -------- d-----w- C:\PFS8.1 PE_TMP 2012-09-28 23:09:24 -------- d-----w- C:\ProgramData\Panasonic 2012-09-28 22:58:43 -------- d-----w- C:\BT 2012 VIDEO 2012-09-28 22:58:34 -------- d-----w- C:\Users\BT\AppData\Local\Panasonic 2012-09-28 22:58:27 80024 ----a-w- C:\windows\SysWow64\PICSDK.dll 2012-09-28 22:58:27 71840 ----a-w- C:\windows\SysWow64\EPPicMgr.dll 2012-09-28 22:58:27 501912 ----a-w- C:\windows\SysWow64\PICSDK2.dll 2012-09-28 22:58:27 120992 ----a-w- C:\windows\SysWow64\EpPicPrt.dll 2012-09-28 22:58:27 108704 ----a-w- C:\windows\SysWow64\PICEntry.dll 2012-09-28 22:56:12 -------- d-----w- C:\Program Files (x86)\Common Files\Panasonic 2012-09-28 22:56:08 -------- d-----w- C:\Program Files\Microsoft Synchronization Services 2012-09-28 22:56:08 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition 2012-09-28 22:56:06 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services 2012-09-28 22:23:56 -------- d-----w- C:\Users\BT\AppData\Local\Apple 2012-09-28 21:39:26 -------- d-----w- C:\Users\BT\AppData\Local\Downloaded Installations 2012-09-28 21:38:31 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard 2012-09-28 21:38:10 -------- d-----w- C:\ProgramData\Seagate 2012-09-28 21:38:02 971360 ----a-w- C:\windows\System32\drivers\timntr.sys 2012-09-28 21:37:54 210016 ----a-w- C:\windows\System32\drivers\vididr.sys 2012-09-28 21:37:53 141920 ----a-w- C:\windows\System32\drivers\vsflt53.sys 2012-09-28 21:37:51 275552 ----a-w- C:\windows\System32\drivers\snapman.sys 2012-09-28 21:37:46 -------- d-----w- C:\Program Files (x86)\Seagate 2012-09-28 21:37:46 -------- d-----w- C:\Program Files (x86)\Common Files\Seagate 2012-09-26 06:24:36 -------- d-----r- C:\Users\BT\Dropbox 2012-09-26 06:22:50 -------- d-----w- C:\Users\BT\AppData\Roaming\Dropbox 2012-09-26 03:14:41 245760 ----a-w- C:\windows\System32\OxpsConverter.exe 2012-09-25 13:07:53 -------- d-----w- C:\Torr 2012-09-25 02:43:17 -------- d-----w- C:\Program Files (x86)\SMPlayer 2012-09-25 02:42:00 321384 ----a-w- C:\windows\SysWow64\Sendori.dll 2012-09-25 02:41:57 -------- d-----w- C:\ProgramData\Sendori 2012-09-25 02:41:56 -------- d-----w- C:\Program Files (x86)\Sendori 2012-09-25 02:41:27 -------- d-----w- C:\Program Files (x86)\OApps 2012-09-24 04:39:48 258352 ----a-w- C:\windows\SysWow64\unicows.dll 2012-09-24 04:39:48 -------- d-----w- C:\Program Files (x86)\CD Wave 2012-09-24 04:20:41 -------- d-----w- C:\Users\BT\AppData\Roaming\Malwarebytes 2012-09-24 04:20:30 -------- d-----w- C:\ProgramData\Malwarebytes 2012-09-24 04:16:31 -------- d-----w- C:\Program Files (x86)\VideoLAN 2012-09-23 16:18:57 -------- d-----w- C:\Users\BT\dwhelper 2012-09-23 15:31:18 -------- d-----w- C:\Program Files (x86)\Amazon 2012-09-23 15:16:47 -------- d-----w- C:\ProgramData\Recovery 2012-09-23 14:40:53 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab 2012-09-23 14:40:22 821736 ----a-w- C:\windows\SysWow64\npDeployJava1.dll 2012-09-23 14:40:22 746984 ----a-w- C:\windows\SysWow64\deployJava1.dll 2012-09-23 14:40:09 95208 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-23 14:17:34 -------- d-----w- C:\Program Files\CCleaner 2012-09-22 20:37:19 -------- d-----w- C:\Users\BT\AppData\Local\Macromedia 2012-09-22 20:30:51 -------- d-----w- C:\Users\BT\AppData\Local\Mozilla 2012-09-22 20:30:41 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service 2012-09-22 19:52:15 230400 ----a-w- C:\windows\System32\Spool\prtprocs\x64\hpzppw71.dll 2012-09-19 04:16:43 -------- d-----w- C:\Users\BT\AppData\Local\SeagateMenu 2012-09-18 12:50:11 -------- d-----w- C:\Users\BT\AppData\Roaming\foobar2000 2012-09-18 12:49:59 -------- d-----w- C:\Program Files (x86)\foobar2000 2012-09-17 09:38:48 -------- d-----w- C:\windows\SysWow64\Wat 2012-09-17 09:38:48 -------- d-----w- C:\windows\System32\Wat 2012-09-17 09:09:57 -------- d-----r- C:\Program Files (x86)\Skype 2012-09-17 09:05:11 81408 ----a-w- C:\windows\System32\imagehlp.dll 2012-09-17 09:05:11 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys 2012-09-17 09:05:11 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll 2012-09-17 09:05:10 5120 ----a-w- C:\windows\SysWow64\wmi.dll 2012-09-17 09:05:10 5120 ----a-w- C:\windows\System32\wmi.dll 2012-09-17 00:31:54 -------- d-----w- C:\Users\BT\AppData\Roaming\HP Support Assistant 2012-09-16 16:26:14 -------- d-----w- C:\Users\BT\AppData\Roaming\HpUpdate 2012-09-16 15:41:02 90624 ----a-w- C:\windows\System32\drivers\bowser.sys 2012-09-16 15:41:00 1544704 ----a-w- C:\windows\System32\DWrite.dll 2012-09-16 15:41:00 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll 2012-09-16 15:31:15 -------- d-----w- C:\Users\BT\AppData\Local\Deployment 2012-09-16 15:31:15 -------- d-----w- C:\Users\BT\AppData\Local\Apps 2012-09-16 02:34:33 -------- d-----w- C:\Users\BT\AppData\Local\Google 2012-09-16 02:34:33 -------- d-----w- C:\Users\BT\AppData\Local\CRE 2012-09-16 02:34:27 -------- d-----w- C:\Program Files (x86)\Conduit 2012-09-16 02:34:24 -------- d-----w- C:\Users\BT\AppData\Local\Conduit 2012-09-16 02:34:22 -------- d-----w- C:\Program Files (x86)\uTorrentControl_v2 2012-09-16 02:33:51 -------- d-----w- C:\Program Files (x86)\uTorrent 2012-09-16 02:33:19 -------- d-----w- C:\Users\BT\AppData\Roaming\uTorrent 2012-09-15 22:49:19 -------- d-----w- C:\ProgramData\VirtualizedApplications 2012-09-15 18:27:42 737952 ----a-w- C:\windows\System32\drivers\NISx64\1308000.00E\srtsp64.sys 2012-09-15 18:27:42 451192 ----a-r- C:\windows\System32\drivers\NISx64\1308000.00E\symds64.sys 2012-09-15 18:27:42 405624 ----a-w- C:\windows\System32\drivers\NISx64\1308000.00E\symnets.sys 2012-09-15 18:27:42 37536 ----a-w- C:\windows\System32\drivers\NISx64\1308000.00E\srtspx64.sys 2012-09-15 18:27:42 190072 ----a-w- C:\windows\System32\drivers\NISx64\1308000.00E\ironx64.sys 2012-09-15 18:27:42 167072 ----a-w- C:\windows\System32\drivers\NISx64\1308000.00E\ccsetx64.sys 2012-09-15 18:27:42 1129120 ----a-w- C:\windows\System32\drivers\NISx64\1308000.00E\symefa64.sys 2012-09-15 18:27:39 -------- d-----w- C:\windows\System32\drivers\NISx64\1308000.00E 2012-09-15 18:22:32 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared 2012-09-15 16:15:55 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll 2012-09-15 16:15:55 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys 2012-09-15 16:15:55 1031680 ----a-w- C:\windows\System32\rdpcore.dll 2012-09-15 16:12:07 2622464 ----a-w- C:\windows\System32\wucltux.dll 2012-09-15 16:12:05 99840 ----a-w- C:\windows\System32\wudriver.dll 2012-09-15 16:12:04 36864 ----a-w- C:\windows\System32\wuapp.exe 2012-09-15 16:12:04 186752 ----a-w- C:\windows\System32\wuwebv.dll 2012-09-15 16:00:32 -------- d-----w- C:\COLLECTIONS 2012-09-15 15:59:25 -------- d-----w- C:\Users\BT\hpremote 2012-09-15 15:55:00 -------- d-----w- C:\Users\BT\AppData\Roaming\SoftGrid Client 2012-09-15 15:55:00 -------- d-----w- C:\Users\BT\AppData\Local\SoftGrid Client 2012-09-15 15:54:39 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client 2012-09-15 15:54:35 -------- d-----w- C:\Users\BT\AppData\Roaming\TP 2012-09-15 15:54:19 -------- d-----w- C:\Users\BT\AppData\Local\Diagnostics 2012-09-15 15:52:16 -------- dc----w- C:\Users\BT\AppData\Local\MigWiz 2012-09-15 15:48:50 -------- d-----w- C:\Users\BT\AppData\Local\PDFC 2012-09-15 15:48:49 -------- d-----w- C:\Users\BT\AppData\Local\Adobe 2012-09-15 15:48:22 -------- d-----w- C:\Users\BT\AppData\Local\VirtualStore 2012-09-15 15:44:13 -------- d-----w- C:\Users\BT\AppData\Local\TouchSmartData . ==================== Find3M ==================== . 2012-10-03 04:20:46 73136 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-03 04:20:46 696240 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2012-09-14 19:19:29 2048 ----a-w- C:\windows\System32\tzres.dll 2012-09-14 18:28:53 2048 ----a-w- C:\windows\SysWow64\tzres.dll 2012-09-06 20:49:13 175736 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS 2012-09-06 20:21:13 296320 ----a-w- C:\windows\System32\drivers\volsnap.sys 2012-09-06 20:21:02 96768 ----a-w- C:\windows\System32\fsutil.exe 2012-09-06 20:21:02 74240 ----a-w- C:\windows\SysWow64\fsutil.exe 2012-09-06 20:21:02 410496 ----a-w- C:\windows\System32\drivers\iaStorV.sys 2012-09-06 20:21:02 27008 ----a-w- C:\windows\System32\drivers\amdxata.sys 2012-09-06 20:21:02 2565632 ----a-w- C:\windows\System32\esent.dll 2012-09-06 20:21:02 189824 ----a-w- C:\windows\System32\drivers\storport.sys 2012-09-06 20:21:02 1699328 ----a-w- C:\windows\SysWow64\esent.dll 2012-09-06 20:21:02 166272 ----a-w- C:\windows\System32\drivers\nvstor.sys 2012-09-06 20:21:02 148352 ----a-w- C:\windows\System32\drivers\nvraid.sys 2012-09-06 20:21:02 107904 ----a-w- C:\windows\System32\drivers\amdsata.sys 2012-09-06 20:20:51 515584 ----a-w- C:\windows\System32\timedate.cpl 2012-09-06 20:20:51 478720 ----a-w- C:\windows\SysWow64\timedate.cpl 2012-09-06 20:20:47 690688 ----a-w- C:\windows\SysWow64\msvcrt.dll 2012-09-06 20:20:47 634880 ----a-w- C:\windows\System32\msvcrt.dll 2012-09-06 20:20:29 498688 ----a-w- C:\windows\System32\drivers\afd.sys 2012-09-06 20:20:25 1731920 ----a-w- C:\windows\System32\ntdll.dll 2012-09-06 20:20:25 1292080 ----a-w- C:\windows\SysWow64\ntdll.dll 2012-09-06 20:20:13 509952 ----a-w- C:\windows\System32\ntshrui.dll 2012-09-06 20:20:13 442880 ----a-w- C:\windows\SysWow64\ntshrui.dll 2012-09-06 20:18:58 861696 ----a-w- C:\windows\System32\oleaut32.dll 2012-09-06 20:17:58 476160 ----a-w- C:\windows\System32\XpsGdiConverter.dll 2012-09-06 20:16:11 91648 ----a-w- C:\windows\System32\SetIEInstalledDate.exe 2012-08-30 18:03:45 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe 2012-08-30 17:12:02 3968880 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12:02 3914096 ----a-w- C:\windows\SysWow64\ntoskrnl.exe 2012-08-24 18:05:07 220160 ----a-w- C:\windows\System32\wintrust.dll 2012-08-24 16:57:48 172544 ----a-w- C:\windows\SysWow64\wintrust.dll 2012-08-24 10:31:32 2312704 ----a-w- C:\windows\System32\jscript9.dll 2012-08-24 10:21:18 1392128 ----a-w- C:\windows\System32\wininet.dll 2012-08-24 10:20:11 1494528 ----a-w- C:\windows\System32\inetcpl.cpl 2012-08-24 10:14:45 173056 ----a-w- C:\windows\System32\ieUnatt.exe 2012-08-24 10:13:29 599040 ----a-w- C:\windows\System32\vbscript.dll 2012-08-24 10:09:42 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2012-08-24 06:59:17 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- C:\windows\SysWow64\wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- C:\windows\SysWow64\vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2012-08-22 18:12:50 1913200 ----a-w- C:\windows\System32\drivers\tcpip.sys 2012-08-22 18:12:40 950128 ----a-w- C:\windows\System32\drivers\ndis.sys 2012-08-22 18:12:40 376688 ----a-w- C:\windows\System32\drivers\netio.sys 2012-08-22 18:12:33 288624 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS 2012-08-21 19:01:20 125872 ----a-w- C:\windows\System32\GEARAspi64.dll 2012-08-21 19:01:20 106928 ----a-w- C:\windows\SysWow64\GEARAspi.dll 2012-08-20 18:48:44 362496 ----a-w- C:\windows\System32\wow64win.dll 2012-08-20 18:48:44 243200 ----a-w- C:\windows\System32\wow64.dll 2012-08-20 18:48:44 13312 ----a-w- C:\windows\System32\wow64cpu.dll 2012-08-20 18:48:43 215040 ----a-w- C:\windows\System32\winsrv.dll 2012-08-20 18:48:37 16384 ----a-w- C:\windows\System32\ntvdm64.dll 2012-08-20 18:48:35 424448 ----a-w- C:\windows\System32\KernelBase.dll 2012-08-20 18:46:22 338432 ----a-w- C:\windows\System32\conhost.exe 2012-08-20 17:40:21 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll 2012-08-20 17:38:44 44032 ----a-w- C:\windows\apppatch\acwow64.dll 2012-08-20 17:38:26 25600 ----a-w- C:\windows\SysWow64\setup16.exe 2012-08-20 17:37:19 5120 ----a-w- C:\windows\SysWow64\wow32.dll 2012-08-20 17:37:18 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll 2012-08-20 15:38:21 7680 ----a-w- C:\windows\SysWow64\instnm.exe 2012-08-20 15:38:20 2048 ----a-w- C:\windows\SysWow64\user.exe 2012-08-20 15:33:28 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-08-20 15:33:28 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 15:33:28 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 15:33:28 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-08-11 00:56:03 715776 ----a-w- C:\windows\System32\kerberos.dll 2012-08-10 23:56:14 542208 ----a-w- C:\windows\SysWow64\kerberos.dll 2012-08-02 17:58:52 574464 ----a-w- C:\windows\System32\d3d10level9.dll 2012-08-02 16:57:20 490496 ----a-w- C:\windows\SysWow64\d3d10level9.dll 2012-07-18 18:15:06 3148800 ----a-w- C:\windows\System32\win32k.sys . ============= FINISH: 11:53:33.46 =============== http://forums.malwar...howtopic=117281
- October 13, 2012
- 70 replies

Events

Profiles

Forums

Everything posted by seventech

Important Information