Jump to content

Leo Ali

Honorary Members
 View Profile  See their activity

  • Posts

    40

  • Joined

  • Last visited

 Content Type 

Everything posted by Leo Ali

  1. Leo Ali
    Sorry for the late reply, couldn't get to the PC until now. Below is the roguekiller log. The link you gave me for the x64 version is dead, I found it on the website but it said that it was an outdated version, 8.8.3. Anyway, the log is pasted below. RogueKiller V8.8.3 _x64_ [Jan 24 2014] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 8.1 (6.3.9200 ) 64 bits versionStarted in : Normal modeUser : Arianna [Admin rights]Mode : Scan -- Date : 02/03/2014 23:04:49| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 7 ¤¤¤[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[sCREENSVR][sUSP PATH] HKCU\[...]\Desktop : SCRNSAVE.EXE (C:\Users\Arianna\Desktop\dds.scr [x]) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 www.007guard.com127.0.0.1 007guard.com127.0.0.1 008i.com127.0.0.1 www.008k.com127.0.0.1 008k.com127.0.0.1 www.00hq.com127.0.0.1 00hq.com127.0.0.1 010402.com127.0.0.1 www.032439.com127.0.0.1 032439.com127.0.0.1 www.0scan.com127.0.0.1 0scan.com127.0.0.1 1000gratisproben.com127.0.0.1 www.1000gratisproben.com127.0.0.1 1001namen.com127.0.0.1 www.1001namen.com127.0.0.1 100888290cs.com127.0.0.1 www.100888290cs.com127.0.0.1 www.100sexlinks.com127.0.0.1 100sexlinks.com[...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) WDC WD5000LPVT-75G33T0 +++++--- User ---[MBR] 6bb154bf63bc4457ed2aa7b98bbcaa7a[bSP] d8c5f97494c02ae719dc42bb325b3d9a : Empty MBR CodePartition table:0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MoUser = LL1 ... OK!User = LL2 ... OK! +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ SCSI) Micron C400 RealSSD mSATA 32GB +++++--- User ---[MBR] 86258291cd2186eaafcd990e917ee018[bSP] efdf24977e4138762f2e847b9a2b349e : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 30531 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_02032014_230449.txt >>
  2. Leo Ali
    Just in case it's easier for you to see the logs, I have attached them also. FRST.txt Addition.txt
  3. Leo Ali
    Avast AV found some trojans in the computer and since then it unexpectedly crashed a few times. I selected the option to delete the viruses found but they keep coming up on the scans. Since then I ran ESET online scanner and it seemed to delete them as they have not come up again, but I feel I have some other trojans/malware remaining. The laptop screen is also dimming as if the adaptive display is turned on, but I checked every option and it seems to be turned off. Logs are pasted below, let me know if the logfile from rogue is necessary. Thanks Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 04Ran by Arianna (administrator) on ARIANNA-DELL on 02-02-2014 20:39:46Running from C:\Users\Arianna\DesktopWindows 8.1 (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe(AMD) C:\Windows\System32\atieclxx.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe(Microsoft Corporation) C:\Windows\System32\StikyNot.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe(Dropbox, Inc.) C:\Users\Arianna\AppData\Roaming\Dropbox\bin\Dropbox.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [3759504 2012-07-20] (Dell Inc.)HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-14] (Synaptics Incorporated)HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-09-05] (IDT, Inc.)HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-06] (AVAST Software)Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-930036279-2066950193-2326160759-1002\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)HKU\S-1-5-21-930036279-2066950193-2326160759-1002\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)HKU\S-1-5-21-930036279-2066950193-2326160759-1002\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [457728 2013-11-14] (Microsoft Corporation)HKU\S-1-5-21-930036279-2066950193-2326160759-1002\...\Policies\Explorer: [NoChangeStartMenu] 0HKU\S-1-5-21-930036279-2066950193-2326160759-1002\...\Policies\Explorer: [NoLogOff] 0Startup: C:\Users\Arianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\Arianna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB5FCCF4BC21FCF01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 192.168.1.1 Chrome: =======CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll ()CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No FileCHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Extension: (myPlex Queue Extension) - C:\Users\Arianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\agmheakklldmclgmkfnncddgkiibboil [2013-11-22]CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Arianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2013-06-23]CHR Extension: (Google Docs) - C:\Users\Arianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-23]CHR Extension: (Google Drive) - C:\Users\Arianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-23]CHR Extension: (YouTube) - C:\Users\Arianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-23]CHR Extension: (Abine TACO) - C:\Users\Arianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\cadbkmipeldjmjfcpcjibfjgflahmphk [2013-06-23]CHR Extension: (X-notifier (for Gmail™,Hotmail,Yahoo,AOL...)) - C:\Users\Arianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfjbkbddpfnoplfhceolpopfoepleco [2013-08-06]CHR Extension: (Google Search) - C:\Users\Arianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-23]CHR Extension: (Reddit Widget [ANTP]) - C:\Users\Arianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpcomccnnochpjdakpakbieihbglblcn [2013-06-23]CHR Extension: (Google Calendar) - C:\Users\Arianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-06-23]CHR Extension: (DoNotTrackMe: Online Privacy Protection) - C:\Users\Arianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2013-06-23]CHR Extension: (Full Screen Weather) - C:\Users\Arianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2013-06-23]CHR Extension: (avast! Ad Blocker) - C:\Users\Arianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\fplhdcjmbpfkejbhngmlngaecbjmoimd [2013-06-23]CHR Extension: (Chuck Anderson) - C:\Users\Arianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegkoiakifeoejnjkbnnojkkdoegeofp [2013-06-23]CHR Extension: (AdBlock) - C:\Users\Arianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-06-23]CHR Extension: (Awesome Weather Widget [ANTP]) - C:\Users\Arianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\goeepbfnllchoihkoiecpkkekbpfiboc [2013-06-23]CHR Extension: (avast! Online Security) - C:\Users\Arianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-06-23]CHR Extension: (Pixlr Editor) - C:\Users\Arianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2013-06-23]CHR Extension: (Dropbox) - C:\Users\Arianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2013-06-23]CHR Extension: (Youtube search widget [aNTP]) - C:\Users\Arianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjiebkkdnganciijgjbfnbbdiblkaaii [2013-06-23]CHR Extension: (Auto HD For YouTube™) - C:\Users\Arianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2013-06-23]CHR Extension: (Google Maps) - C:\Users\Arianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-06-23]CHR Extension: (Bigger Notes [ANTP]) - C:\Users\Arianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\lohbonfeioofpgpcmebnncnmiobojbgk [2013-06-23]CHR Extension: (Google Dictionary (by Google)) - C:\Users\Arianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2013-06-23]CHR Extension: (Awesome New Tab Page™) - C:\Users\Arianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg [2013-06-23]CHR Extension: (Online Calculator) - C:\Users\Arianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnegnogmdmccelhibehpmakmkiibinil [2013-06-23]CHR Extension: (Facebook Notifications) - C:\Users\Arianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo [2013-06-23]CHR Extension: (Google Wallet) - C:\Users\Arianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]CHR Extension: (Gmail) - C:\Users\Arianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-23]CHR HKLM-x32\...\Chrome\Extension: [fplhdcjmbpfkejbhngmlngaecbjmoimd] - C:\Program Files\AVAST Software\Avast\AdBlocker\Chrome\avast-adblocker-chrome.crx [2013-06-23]CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-06] (AVAST Software)R3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [236144 2012-07-13] (CyberLink)S2 HitmanPro37CrusaderBoot; C:\Users\Arianna\Desktop\Maintenance\HitmanPro_x64.exe [10820032 2014-02-01] (SurfRight B.V.)S3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)S3 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.)R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [78648 2014-01-06] (AVAST Software)R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [92544 2013-12-05] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-05] ()R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1034464 2014-01-06] (AVAST Software)R1 aswSP; C:\windows\system32\drivers\aswSP.sys [422216 2014-01-06] (AVAST Software)R3 aswStm; C:\windows\system32\drivers\aswStm.sys [79672 2014-01-06] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-06] ()S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-10-15] (Motorola Solutions, Inc.)R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-01-13] (Microsoft Corporation)S3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)S3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46016 2012-07-25] ()S3 lehidmini; C:\Windows\System32\drivers\leath_hid.sys [39704 2012-07-31] (Atheros)S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-08-31] (Intel Corporation)S3 qca_shb; C:\Windows\System32\drivers\qca_shb.sys [99328 2012-07-31] (Qualcomm Atheros Communications Inc.)S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)R0 rtcrfilt64; C:\Windows\System32\DRIVERS\rtcrfilt64.sys [19600 2012-07-23] (Realtek Semiconductor Corp.)R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-01-13] (Microsoft Corporation)S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-14] (Synaptics Incorporated)R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-14] (Synaptics Incorporated)S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)S3 GENERICDRV; \??\C:\Users\Arianna\Desktop\amifldrv64.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-02 20:39 - 2014-02-02 20:39 - 00017694 _____ () C:\Users\Arianna\Desktop\FRST.txt2014-02-02 20:39 - 2014-02-02 20:39 - 00000000 ____D () C:\FRST2014-02-02 20:30 - 2014-02-02 20:30 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe2014-02-02 20:30 - 2014-02-02 20:30 - 00000690 _____ () C:\WINDOWS\system32\.crusader2014-02-02 20:30 - 2014-02-02 20:30 - 00000372 _____ () C:\WINDOWS\system32\bootdelete.lst2014-02-02 20:30 - 2014-02-02 20:30 - 00000000 ____D () C:\WINDOWS\ERUNT2014-02-02 20:24 - 2014-02-02 20:24 - 02080256 _____ (Farbar) C:\Users\Arianna\Desktop\FRST64.exe2014-02-02 14:44 - 2014-02-02 14:44 - 00004188 _____ () C:\WINDOWS\PFRO.log2014-02-02 14:23 - 2014-02-02 14:23 - 00000000 ____D () C:\Program Files\7-Zip2014-02-02 10:13 - 2014-02-02 14:20 - 00001199 _____ () C:\WINDOWS\setupact.log2014-02-02 10:13 - 2014-02-02 10:13 - 00000262 _____ () C:\WINDOWS\setuperr.log2014-02-02 10:13 - 2014-02-02 10:13 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_iBtFltCoex_01009.Wdf2014-02-02 10:13 - 2014-02-02 10:13 - 00000000 ____D () C:\iBTWU2014-02-02 10:13 - 2013-12-08 19:34 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll2014-02-02 10:13 - 2013-12-08 19:04 - 00980480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll2014-02-02 10:13 - 2013-11-27 10:34 - 03210528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll2014-02-02 10:13 - 2013-11-27 10:27 - 00809872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll2014-02-02 10:13 - 2013-11-27 09:00 - 00663680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll2014-02-02 10:13 - 2013-11-27 08:47 - 02804528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll2014-02-02 10:13 - 2013-11-27 07:02 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys2014-02-02 10:13 - 2013-11-27 05:54 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll2014-02-02 10:13 - 2013-11-27 05:24 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll2014-02-02 10:13 - 2013-11-27 05:08 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll2014-02-02 10:13 - 2013-11-27 04:46 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll2014-02-02 10:13 - 2013-11-27 04:41 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll2014-02-02 10:13 - 2013-11-27 04:17 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll2014-02-02 10:13 - 2013-11-27 04:10 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll2014-02-02 10:13 - 2013-11-27 03:58 - 01503232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll2014-02-02 10:13 - 2013-11-27 03:56 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll2014-02-02 10:13 - 2013-11-27 03:20 - 04106240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll2014-02-02 10:13 - 2013-11-26 23:01 - 00385614 _____ () C:\WINDOWS\system32\ApnDatabase.xml2014-02-02 10:13 - 2013-11-26 08:22 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll2014-02-02 10:13 - 2013-11-26 08:20 - 02131120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll2014-02-02 10:13 - 2013-11-26 08:20 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll2014-02-02 10:13 - 2013-11-26 08:20 - 01374384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll2014-02-02 10:13 - 2013-11-26 06:50 - 01371312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll2014-02-02 10:13 - 2013-11-26 06:44 - 02142936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll2014-02-02 10:13 - 2013-11-26 06:44 - 01204968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll2014-02-02 10:13 - 2013-11-26 05:13 - 04191232 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys2014-02-02 10:13 - 2013-11-26 04:21 - 18577920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll2014-02-02 10:13 - 2013-11-26 03:28 - 13925888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll2014-02-02 10:13 - 2013-11-24 20:45 - 00142680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS2014-02-02 10:13 - 2013-11-24 20:32 - 01119064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys2014-02-02 10:13 - 2013-11-24 18:30 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll2014-02-02 10:13 - 2013-11-24 18:28 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll2014-02-02 10:13 - 2013-11-23 07:47 - 00032088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll2014-02-02 10:13 - 2013-11-23 06:49 - 21196664 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll2014-02-02 10:13 - 2013-11-23 03:19 - 18642504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll2014-02-02 10:13 - 2013-11-23 02:13 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\bi.dll2014-02-02 10:13 - 2013-11-23 02:13 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BtaMPM.sys2014-02-02 10:13 - 2013-11-23 02:08 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys2014-02-02 10:13 - 2013-11-22 23:50 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll2014-02-02 10:13 - 2013-11-22 22:57 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe2014-02-02 10:13 - 2013-11-22 22:48 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe2014-02-02 10:13 - 2013-11-22 22:25 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll2014-02-02 10:13 - 2013-11-22 22:25 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll2014-02-02 10:13 - 2013-11-22 22:19 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll2014-02-02 10:13 - 2013-11-22 22:15 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll2014-02-02 10:13 - 2013-11-21 01:58 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceregistration.dll2014-02-02 10:13 - 2013-11-21 01:26 - 01415680 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll2014-02-02 10:13 - 2013-11-16 00:11 - 00764856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll2014-02-02 10:13 - 2013-11-15 13:19 - 00669344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll2014-02-02 10:13 - 2013-11-15 09:59 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll2014-02-02 10:13 - 2013-11-15 09:25 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll2014-02-02 10:13 - 2013-11-15 09:08 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll2014-02-02 10:13 - 2013-11-15 08:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll2014-02-02 10:13 - 2013-11-05 15:12 - 02551128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys2014-02-02 10:13 - 2013-10-30 19:29 - 00745336 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll2014-02-02 10:13 - 2013-10-30 18:41 - 00552624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll2014-02-02 10:07 - 2013-12-11 02:55 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll2014-02-02 10:05 - 2014-02-02 19:51 - 00214592 _____ () C:\WINDOWS\WindowsUpdate.log2014-02-02 01:46 - 2014-02-02 01:46 - 00000000 ____D () C:\Users\Arianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis2014-02-02 01:33 - 2014-02-02 19:03 - 00000000 ____D () C:\Users\Arianna\Desktop\Maintenance2014-02-02 01:19 - 2014-02-02 01:19 - 00002776 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC2014-02-02 01:19 - 2014-02-02 01:19 - 00000000 ____D () C:\Program Files\CCleaner2014-02-02 01:16 - 2014-02-02 01:16 - 00000000 ____D () C:\SUPERDelete2014-02-02 01:15 - 2014-02-02 01:15 - 00000000 ____D () C:\Users\Arianna\AppData\Roaming\SUPERAntiSpyware.com2014-02-02 01:14 - 2014-02-02 01:15 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware2014-02-02 01:14 - 2014-02-02 01:14 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com2014-02-01 22:32 - 2013-06-23 15:11 - 00449813 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140201-223216.backup2014-02-01 22:14 - 2014-02-02 20:30 - 00000000 ____D () C:\ProgramData\HitmanPro2014-02-01 22:14 - 2014-02-02 19:02 - 00000000 ____D () C:\Program Files\HitmanPro2014-02-01 22:02 - 2014-02-02 01:36 - 00000000 ____D () C:\AdwCleaner2014-02-01 22:02 - 2014-02-01 22:02 - 00000000 ____D () C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs2014-01-29 22:11 - 2014-01-29 22:11 - 00000000 ____D () C:\Program Files\Microsoft Silverlight2014-01-29 22:11 - 2014-01-29 22:11 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight2014-01-29 22:08 - 2014-01-29 22:10 - 13079688 _____ (Microsoft Corporation) C:\Users\Arianna\Desktop\Silverlight_x64.exe2014-01-29 21:52 - 2014-01-29 21:54 - 05685732 _____ (Microsoft Corporation) C:\Users\Arianna\Desktop\C76D.tmp2014-01-29 14:25 - 2014-01-29 14:25 - 00000000 ____D () C:\Users\Arianna\.android2014-01-29 14:25 - 2014-01-29 14:25 - 00000000 _____ () C:\Users\Arianna\daemonprocess.txt2014-01-22 00:09 - 2014-01-10 01:11 - 3347435393 _____ () C:\Users\Arianna\Desktop\Enough.Said.2013.1080p.BluRay.DTS.x264-PublicHD.mkv2014-01-22 00:02 - 2014-01-22 00:02 - 00005175 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_51-b13.log2014-01-22 00:01 - 2014-01-22 01:05 - 923040303 _____ () C:\Users\Arianna\Desktop\Pretty.Little.Liars.S04E16.720p.HDTV.X264-DIMENSION.mkv2014-01-22 00:01 - 2014-01-22 00:01 - 00000000 ____D () C:\ProgramData\McAfee2014-01-16 18:15 - 2014-02-02 14:30 - 00003950 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{98D836B5-FF24-4219-B744-F5CEA708AC75}2014-01-16 18:14 - 2012-09-05 14:40 - 06100480 _____ (IDT, Inc.) C:\WINDOWS\system32\stlang64.dll2014-01-16 18:14 - 2012-09-05 14:40 - 01821184 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNC64.cpl2014-01-16 18:14 - 2012-04-30 03:23 - 01008472 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPOShell64.dll2014-01-16 18:14 - 2012-03-30 13:22 - 00849434 _____ () C:\WINDOWS\system32\W92HDM6BSKULL.mps2014-01-16 18:14 - 2012-03-22 16:55 - 00188383 _____ () C:\WINDOWS\system32\W92HDM6B.mps2014-01-16 18:14 - 2012-01-05 02:58 - 02603864 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\WavesGUILib.dll2014-01-16 18:14 - 2012-01-05 02:58 - 01806168 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioMeters64.exe2014-01-16 18:14 - 2012-01-05 02:58 - 01468760 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioIDT.dll2014-01-16 18:14 - 2011-04-20 04:59 - 00874496 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\imapo64.dll2014-01-16 18:14 - 2011-04-20 04:58 - 00734720 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\imapo32.dll2014-01-16 18:14 - 2010-10-14 15:26 - 00390656 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\imthx64.dll2014-01-16 18:12 - 2012-09-05 14:40 - 00255488 _____ (IDT, Inc.) C:\WINDOWS\system32\st646426.dll2014-01-16 17:53 - 2014-01-16 17:53 - 00000000 ____D () C:\WINDOWS\pss2014-01-16 17:49 - 2014-02-01 22:20 - 00000000 ____D () C:\Users\Arianna\AppData\Local\Deployment2014-01-16 17:49 - 2014-01-16 17:49 - 00000000 ____D () C:\Users\Arianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell2014-01-16 14:26 - 2014-01-27 00:05 - 00000000 ____D () C:\Users\Arianna\Desktop\PCB20992014-01-16 13:25 - 2014-01-06 17:31 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe2014-01-16 13:25 - 2014-01-06 17:31 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl2014-01-15 12:25 - 2013-11-27 10:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll2014-01-15 12:25 - 2013-11-27 06:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe2014-01-15 12:25 - 2013-11-27 05:34 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll2014-01-15 12:25 - 2013-11-27 04:54 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll2014-01-15 12:25 - 2013-11-27 03:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll2014-01-15 12:25 - 2013-11-27 03:45 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll2014-01-15 12:25 - 2013-11-27 03:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll2014-01-15 12:25 - 2013-11-27 03:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll2014-01-15 12:25 - 2013-11-27 03:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll2014-01-15 12:25 - 2013-11-27 03:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll2014-01-15 12:24 - 2013-12-08 19:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll2014-01-13 22:08 - 2014-02-02 01:28 - 00000000 ___DC () C:\WINDOWS\Panther2014-01-13 22:08 - 2014-01-13 22:08 - 00000000 __SHD () C:\Recovery2014-01-13 22:07 - 2014-01-13 22:07 - 23183360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2014-01-13 22:07 - 2014-01-13 22:07 - 17112576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2014-01-13 22:07 - 2014-01-13 22:07 - 12996608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2014-01-13 22:07 - 2014-01-13 22:07 - 11221504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2014-01-13 22:07 - 2014-01-13 22:07 - 05769216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll2014-01-13 22:07 - 2014-01-13 22:07 - 04243968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll2014-01-13 22:07 - 2014-01-13 22:07 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll2014-01-13 22:07 - 2014-01-13 22:07 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll2014-01-13 22:07 - 2014-01-13 22:07 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll2014-01-13 22:07 - 2014-01-13 22:07 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl2014-01-13 22:07 - 2014-01-13 22:07 - 01928192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl2014-01-13 22:07 - 2014-01-13 22:07 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll2014-01-13 22:07 - 2014-01-13 22:07 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll2014-01-13 22:07 - 2014-01-13 22:07 - 01157632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll2014-01-13 22:07 - 2014-01-13 22:07 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll2014-01-13 22:07 - 2014-01-13 22:07 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll2014-01-13 22:07 - 2014-01-13 22:07 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe2014-01-13 22:07 - 2014-01-13 22:07 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll2014-01-13 22:07 - 2014-01-13 22:07 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll2014-01-13 22:07 - 2014-01-13 22:07 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll2014-01-13 22:07 - 2014-01-13 22:07 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll2014-01-13 22:07 - 2014-01-13 22:07 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe2014-01-13 22:07 - 2014-01-13 22:07 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll2014-01-13 22:07 - 2014-01-13 22:07 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll2014-01-13 22:07 - 2014-01-13 22:07 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll2014-01-13 22:07 - 2014-01-13 22:07 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll2014-01-13 22:06 - 2014-01-13 22:06 - 13177344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll2014-01-13 22:06 - 2014-01-13 22:06 - 11674624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll2014-01-13 22:06 - 2014-01-13 22:06 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe2014-01-13 22:06 - 2014-01-13 22:06 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll2014-01-13 22:06 - 2014-01-13 22:06 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll2014-01-13 22:06 - 2014-01-13 22:06 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll2014-01-13 22:06 - 2014-01-13 22:06 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll2014-01-13 22:06 - 2014-01-13 22:06 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll2014-01-13 22:06 - 2014-01-13 22:06 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll2014-01-13 22:06 - 2014-01-13 22:06 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll2014-01-13 22:06 - 2014-01-13 22:06 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll2014-01-13 22:06 - 2014-01-13 22:06 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll2014-01-13 22:06 - 2014-01-13 22:06 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe2014-01-13 22:06 - 2014-01-13 22:06 - 01642016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi2014-01-13 22:06 - 2014-01-13 22:06 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys2014-01-13 22:06 - 2014-01-13 22:06 - 01506680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe2014-01-13 22:06 - 2014-01-13 22:06 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi2014-01-13 22:06 - 2014-01-13 22:06 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe2014-01-13 22:06 - 2014-01-13 22:06 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe2014-01-13 22:06 - 2014-01-13 22:06 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll2014-01-13 22:06 - 2014-01-13 22:06 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll2014-01-13 22:06 - 2014-01-13 22:06 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll2014-01-13 22:06 - 2014-01-13 22:06 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe2014-01-13 22:06 - 2014-01-13 22:06 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll2014-01-13 22:06 - 2014-01-13 22:06 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll2014-01-13 22:06 - 2014-01-13 22:06 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll2014-01-13 22:06 - 2014-01-13 22:06 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll2014-01-13 22:06 - 2014-01-13 22:06 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys2014-01-13 22:06 - 2014-01-13 22:06 - 00372568 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys2014-01-13 22:06 - 2014-01-13 22:06 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll2014-01-13 22:06 - 2014-01-13 22:06 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS2014-01-13 22:06 - 2014-01-13 22:06 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll2014-01-13 22:06 - 2014-01-13 22:06 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll2014-01-13 22:06 - 2014-01-13 22:06 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll2014-01-13 22:06 - 2014-01-13 22:06 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys2014-01-13 22:06 - 2014-01-13 22:06 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys2014-01-13 22:06 - 2014-01-13 22:06 - 00039768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys2014-01-13 22:06 - 2014-01-13 22:06 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll2014-01-13 22:06 - 2014-01-13 22:06 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll2014-01-13 22:05 - 2014-01-13 22:05 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff2014-01-13 22:02 - 2014-01-13 22:02 - 00000000 ____D () C:\Program Files\Reference Assemblies2014-01-13 22:02 - 2014-01-13 22:02 - 00000000 ____D () C:\Program Files\MSBuild2014-01-13 22:02 - 2014-01-13 22:02 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies2014-01-13 22:02 - 2014-01-13 19:23 - 00000000 ____D () C:\Program Files (x86)\MSBuild2014-01-13 22:02 - 2013-08-02 23:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll2014-01-13 22:02 - 2013-08-02 23:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll2014-01-13 22:02 - 2013-08-02 23:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe2014-01-13 22:01 - 2013-08-02 23:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll2014-01-13 22:01 - 2013-08-02 23:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll2014-01-13 22:01 - 2013-08-02 23:48 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe2014-01-13 21:42 - 2014-01-13 21:42 - 00000000 ____D () C:\Users\Arianna\AppData\Roaming\TeamViewer2014-01-13 21:04 - 2014-02-02 20:30 - 00000000 __RDO () C:\Users\Arianna\SkyDrive2014-01-13 21:02 - 2014-01-13 21:02 - 00001444 _____ () C:\Users\Arianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2014-01-13 21:01 - 2014-01-13 21:01 - 00000020 ___SH () C:\Users\Arianna\ntuser.ini2014-01-13 19:33 - 2014-01-13 19:33 - 00022744 _____ () C:\WINDOWS\system32\emptyregdb.dat2014-01-13 19:21 - 2014-01-13 19:21 - 00000000 ____D () C:\Users\Default\AppData\Local\Google2014-01-13 19:21 - 2014-01-13 19:21 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google2014-01-13 19:18 - 2014-01-13 19:18 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate2014-01-13 19:17 - 2014-01-29 14:25 - 00000000 ____D () C:\Users\Arianna2014-01-13 19:17 - 2014-01-13 19:33 - 00028578 _____ () C:\WINDOWS\diagwrn.xml2014-01-13 19:17 - 2014-01-13 19:33 - 00028578 _____ () C:\WINDOWS\diagerr.xml2014-01-13 19:17 - 2014-01-13 19:18 - 00000000 ___RD () C:\Users\Arianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2014-01-13 19:17 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Arianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2014-01-13 19:17 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Arianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility2014-01-13 19:17 - 2013-08-22 10:36 - 00000000 ____D () C:\Users\Arianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2014-01-13 19:11 - 2014-01-13 19:11 - 00000264 _____ () C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job2014-01-13 19:11 - 2014-01-13 19:11 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf2014-01-13 19:11 - 2014-01-13 19:11 - 00000000 ____D () C:\Program Files\Intel2014-01-13 19:11 - 2014-01-13 19:11 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies2014-01-13 19:11 - 2014-01-13 19:11 - 00000000 ____D () C:\Program Files (x86)\Intel2014-01-13 19:11 - 2014-01-13 19:11 - 00000000 ____D () C:\Intel2014-01-13 19:10 - 2014-01-13 19:10 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf2014-01-13 19:10 - 2014-01-13 19:10 - 00000000 ____D () C:\Program Files\Synaptics2014-01-07 20:42 - 2014-01-29 12:40 - 00000000 ____D () C:\Users\Arianna\Desktop\PET33252014-01-06 21:22 - 2014-01-06 21:23 - 00079672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys ==================== One Month Modified Files and Folders ======= 2014-02-02 20:39 - 2014-02-02 20:39 - 00017694 _____ () C:\Users\Arianna\Desktop\FRST.txt2014-02-02 20:39 - 2014-02-02 20:39 - 00000000 ____D () C:\FRST2014-02-02 20:37 - 2013-05-21 13:29 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-930036279-2066950193-2326160759-10022014-02-02 20:30 - 2014-02-02 20:30 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe2014-02-02 20:30 - 2014-02-02 20:30 - 00000690 _____ () C:\WINDOWS\system32\.crusader2014-02-02 20:30 - 2014-02-02 20:30 - 00000372 _____ () C:\WINDOWS\system32\bootdelete.lst2014-02-02 20:30 - 2014-02-02 20:30 - 00000000 ____D () C:\WINDOWS\ERUNT2014-02-02 20:30 - 2014-02-01 22:14 - 00000000 ____D () C:\ProgramData\HitmanPro2014-02-02 20:30 - 2014-01-13 21:04 - 00000000 __RDO () C:\Users\Arianna\SkyDrive2014-02-02 20:24 - 2014-02-02 20:24 - 02080256 _____ (Farbar) C:\Users\Arianna\Desktop\FRST64.exe2014-02-02 20:13 - 2013-06-23 12:43 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2014-02-02 20:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru2014-02-02 19:51 - 2014-02-02 10:05 - 00214592 _____ () C:\WINDOWS\WindowsUpdate.log2014-02-02 19:03 - 2014-02-02 01:33 - 00000000 ____D () C:\Users\Arianna\Desktop\Maintenance2014-02-02 19:02 - 2014-02-01 22:14 - 00000000 ____D () C:\Program Files\HitmanPro2014-02-02 18:44 - 2013-11-14 02:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI2014-02-02 14:46 - 2013-06-23 12:43 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2014-02-02 14:46 - 2013-05-28 21:33 - 00000000 ___RD () C:\Users\Arianna\Dropbox2014-02-02 14:46 - 2013-05-28 21:31 - 00000000 ____D () C:\Users\Arianna\AppData\Roaming\Dropbox2014-02-02 14:45 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2014-02-02 14:45 - 2013-05-21 13:22 - 00000000 ___RD () C:\Users\Arianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-02-02 14:45 - 2013-05-21 13:22 - 00000000 ___RD () C:\Users\Arianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2014-02-02 14:44 - 2014-02-02 14:44 - 00004188 _____ () C:\WINDOWS\PFRO.log2014-02-02 14:44 - 2013-08-22 09:44 - 00484160 _____ () C:\WINDOWS\system32\FNTCACHE.DAT2014-02-02 14:43 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData2014-02-02 14:43 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\MediaViewer2014-02-02 14:43 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\FileManager2014-02-02 14:43 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Camera2014-02-02 14:43 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism2014-02-02 14:43 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\Dism2014-02-02 14:43 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI2014-02-02 14:30 - 2014-01-16 18:15 - 00003950 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{98D836B5-FF24-4219-B744-F5CEA708AC75}2014-02-02 14:23 - 2014-02-02 14:23 - 00000000 ____D () C:\Program Files\7-Zip2014-02-02 14:20 - 2014-02-02 10:13 - 00001199 _____ () C:\WINDOWS\setupact.log2014-02-02 10:13 - 2014-02-02 10:13 - 00000262 _____ () C:\WINDOWS\setuperr.log2014-02-02 10:13 - 2014-02-02 10:13 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_iBtFltCoex_01009.Wdf2014-02-02 10:13 - 2014-02-02 10:13 - 00000000 ____D () C:\iBTWU2014-02-02 01:47 - 2013-05-21 13:21 - 00000000 ____D () C:\Users\Arianna\AppData\Local\VirtualStore2014-02-02 01:46 - 2014-02-02 01:46 - 00000000 ____D () C:\Users\Arianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis2014-02-02 01:36 - 2014-02-01 22:02 - 00000000 ____D () C:\AdwCleaner2014-02-02 01:32 - 2013-06-23 15:09 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-02-02 01:28 - 2014-01-13 22:08 - 00000000 ___DC () C:\WINDOWS\Panther2014-02-02 01:28 - 2013-08-18 17:03 - 00000000 ____D () C:\Users\Arianna\AppData\Roaming\uTorrent2014-02-02 01:19 - 2014-02-02 01:19 - 00002776 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC2014-02-02 01:19 - 2014-02-02 01:19 - 00000000 ____D () C:\Program Files\CCleaner2014-02-02 01:16 - 2014-02-02 01:16 - 00000000 ____D () C:\SUPERDelete2014-02-02 01:15 - 2014-02-02 01:15 - 00000000 ____D () C:\Users\Arianna\AppData\Roaming\SUPERAntiSpyware.com2014-02-02 01:15 - 2014-02-02 01:14 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware2014-02-02 01:14 - 2014-02-02 01:14 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com2014-02-01 22:27 - 2013-06-23 13:21 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster2014-02-01 22:20 - 2014-01-16 17:49 - 00000000 ____D () C:\Users\Arianna\AppData\Local\Deployment2014-02-01 22:02 - 2014-02-01 22:02 - 00000000 ____D () C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs2014-01-30 00:02 - 2013-08-13 22:33 - 00000000 ____D () C:\Users\Arianna\AppData\Roaming\vlc2014-01-29 22:29 - 2013-06-23 12:58 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update2014-01-29 22:11 - 2014-01-29 22:11 - 00000000 ____D () C:\Program Files\Microsoft Silverlight2014-01-29 22:11 - 2014-01-29 22:11 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight2014-01-29 22:10 - 2014-01-29 22:08 - 13079688 _____ (Microsoft Corporation) C:\Users\Arianna\Desktop\Silverlight_x64.exe2014-01-29 21:54 - 2014-01-29 21:52 - 05685732 _____ (Microsoft Corporation) C:\Users\Arianna\Desktop\C76D.tmp2014-01-29 14:25 - 2014-01-29 14:25 - 00000000 ____D () C:\Users\Arianna\.android2014-01-29 14:25 - 2014-01-29 14:25 - 00000000 _____ () C:\Users\Arianna\daemonprocess.txt2014-01-29 14:25 - 2014-01-13 19:17 - 00000000 ____D () C:\Users\Arianna2014-01-29 14:25 - 2013-11-12 21:27 - 00000000 ____D () C:\Users\Arianna\AppData\Local\cache2014-01-29 12:40 - 2014-01-07 20:42 - 00000000 ____D () C:\Users\Arianna\Desktop\PET33252014-01-29 12:25 - 2013-06-16 01:07 - 00416256 ___SH () C:\Users\Arianna\Desktop\Thumbs.db2014-01-27 22:41 - 2013-06-23 12:43 - 00003898 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA2014-01-27 00:05 - 2014-01-16 14:26 - 00000000 ____D () C:\Users\Arianna\Desktop\PCB20992014-01-26 23:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness2014-01-22 01:05 - 2014-01-22 00:01 - 923040303 _____ () C:\Users\Arianna\Desktop\Pretty.Little.Liars.S04E16.720p.HDTV.X264-DIMENSION.mkv2014-01-22 00:02 - 2014-01-22 00:02 - 00005175 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_51-b13.log2014-01-22 00:02 - 2013-10-27 22:15 - 00000000 ____D () C:\ProgramData\Oracle2014-01-22 00:02 - 2013-08-01 14:41 - 00000000 ____D () C:\Program Files (x86)\Java2014-01-22 00:01 - 2014-01-22 00:01 - 00000000 ____D () C:\ProgramData\McAfee2014-01-18 20:16 - 2013-01-09 15:54 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information2014-01-18 20:08 - 2013-05-21 13:21 - 00000000 ____D () C:\Users\Arianna\AppData\Local\Packages2014-01-16 18:14 - 2013-01-09 16:24 - 00000000 ____D () C:\Program Files\IDT2014-01-16 18:12 - 2013-01-09 16:24 - 00000000 ____D () C:\ProgramData\Dell2014-01-16 17:53 - 2014-01-16 17:53 - 00000000 ____D () C:\WINDOWS\pss2014-01-16 17:49 - 2014-01-16 17:49 - 00000000 ____D () C:\Users\Arianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell2014-01-16 15:43 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports2014-01-16 13:23 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\WinStore2014-01-16 13:23 - 2013-08-18 17:22 - 00000000 ____D () C:\WINDOWS\system32\MRT2014-01-16 13:22 - 2013-05-22 20:05 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2014-01-16 13:21 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\restore2014-01-13 22:08 - 2014-01-13 22:08 - 00000000 __SHD () C:\Recovery2014-01-13 22:08 - 2013-08-22 10:36 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template2014-01-13 22:07 - 2014-01-13 22:07 - 23183360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2014-01-13 22:07 - 2014-01-13 22:07 - 17112576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2014-01-13 22:07 - 2014-01-13 22:07 - 12996608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2014-01-13 22:07 - 2014-01-13 22:07 - 11221504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2014-01-13 22:07 - 2014-01-13 22:07 - 05769216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll2014-01-13 22:07 - 2014-01-13 22:07 - 04243968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll2014-01-13 22:07 - 2014-01-13 22:07 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll2014-01-13 22:07 - 2014-01-13 22:07 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll2014-01-13 22:07 - 2014-01-13 22:07 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll2014-01-13 22:07 - 2014-01-13 22:07 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl2014-01-13 22:07 - 2014-01-13 22:07 - 01928192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl2014-01-13 22:07 - 2014-01-13 22:07 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll2014-01-13 22:07 - 2014-01-13 22:07 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll2014-01-13 22:07 - 2014-01-13 22:07 - 01157632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll2014-01-13 22:07 - 2014-01-13 22:07 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll2014-01-13 22:07 - 2014-01-13 22:07 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll2014-01-13 22:07 - 2014-01-13 22:07 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe2014-01-13 22:07 - 2014-01-13 22:07 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll2014-01-13 22:07 - 2014-01-13 22:07 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll2014-01-13 22:07 - 2014-01-13 22:07 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll2014-01-13 22:07 - 2014-01-13 22:07 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll2014-01-13 22:07 - 2014-01-13 22:07 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe2014-01-13 22:07 - 2014-01-13 22:07 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll2014-01-13 22:07 - 2014-01-13 22:07 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll2014-01-13 22:07 - 2014-01-13 22:07 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll2014-01-13 22:07 - 2014-01-13 22:07 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll2014-01-13 22:06 - 2014-01-13 22:06 - 13177344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll2014-01-13 22:06 - 2014-01-13 22:06 - 11674624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll2014-01-13 22:06 - 2014-01-13 22:06 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe2014-01-13 22:06 - 2014-01-13 22:06 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll2014-01-13 22:06 - 2014-01-13 22:06 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll2014-01-13 22:06 - 2014-01-13 22:06 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll2014-01-13 22:06 - 2014-01-13 22:06 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll2014-01-13 22:06 - 2014-01-13 22:06 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll2014-01-13 22:06 - 2014-01-13 22:06 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll2014-01-13 22:06 - 2014-01-13 22:06 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll2014-01-13 22:06 - 2014-01-13 22:06 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll2014-01-13 22:06 - 2014-01-13 22:06 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll2014-01-13 22:06 - 2014-01-13 22:06 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe2014-01-13 22:06 - 2014-01-13 22:06 - 01642016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi2014-01-13 22:06 - 2014-01-13 22:06 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys2014-01-13 22:06 - 2014-01-13 22:06 - 01506680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe2014-01-13 22:06 - 2014-01-13 22:06 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi2014-01-13 22:06 - 2014-01-13 22:06 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe2014-01-13 22:06 - 2014-01-13 22:06 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe2014-01-13 22:06 - 2014-01-13 22:06 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll2014-01-13 22:06 - 2014-01-13 22:06 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll2014-01-13 22:06 - 2014-01-13 22:06 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll2014-01-13 22:06 - 2014-01-13 22:06 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe2014-01-13 22:06 - 2014-01-13 22:06 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll2014-01-13 22:06 - 2014-01-13 22:06 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll2014-01-13 22:06 - 2014-01-13 22:06 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll2014-01-13 22:06 - 2014-01-13 22:06 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll2014-01-13 22:06 - 2014-01-13 22:06 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys2014-01-13 22:06 - 2014-01-13 22:06 - 00372568 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys2014-01-13 22:06 - 2014-01-13 22:06 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll2014-01-13 22:06 - 2014-01-13 22:06 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS2014-01-13 22:06 - 2014-01-13 22:06 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll2014-01-13 22:06 - 2014-01-13 22:06 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll2014-01-13 22:06 - 2014-01-13 22:06 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll2014-01-13 22:06 - 2014-01-13 22:06 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys2014-01-13 22:06 - 2014-01-13 22:06 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys2014-01-13 22:06 - 2014-01-13 22:06 - 00039768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys2014-01-13 22:06 - 2014-01-13 22:06 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll2014-01-13 22:06 - 2014-01-13 22:06 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll2014-01-13 22:05 - 2014-01-13 22:05 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff2014-01-13 22:02 - 2014-01-13 22:02 - 00000000 ____D () C:\Program Files\Reference Assemblies2014-01-13 22:02 - 2014-01-13 22:02 - 00000000 ____D () C:\Program Files\MSBuild2014-01-13 22:02 - 2014-01-13 22:02 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies2014-01-13 21:42 - 2014-01-13 21:42 - 00000000 ____D () C:\Users\Arianna\AppData\Roaming\TeamViewer2014-01-13 21:02 - 2014-01-13 21:02 - 00001444 _____ () C:\Users\Arianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2014-01-13 21:01 - 2014-01-13 21:01 - 00000020 ___SH () C:\Users\Arianna\ntuser.ini2014-01-13 19:35 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache2014-01-13 19:33 - 2014-01-13 19:33 - 00022744 _____ () C:\WINDOWS\system32\emptyregdb.dat2014-01-13 19:33 - 2014-01-13 19:17 - 00028578 _____ () C:\WINDOWS\diagwrn.xml2014-01-13 19:33 - 2014-01-13 19:17 - 00028578 _____ () C:\WINDOWS\diagerr.xml2014-01-13 19:33 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Registration2014-01-13 19:29 - 2013-08-22 10:36 - 00000000 __RSD () C:\WINDOWS\Media2014-01-13 19:29 - 2013-08-22 10:36 - 00000000 __RHD () C:\Users\Public\Libraries2014-01-13 19:23 - 2014-01-13 22:02 - 00000000 ____D () C:\Program Files (x86)\MSBuild2014-01-13 19:23 - 2013-11-23 02:54 - 00000000 ____D () C:\Users\Arianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars2014-01-13 19:23 - 2013-11-14 02:17 - 00000000 ____D () C:\WINDOWS\ShellNew2014-01-13 19:23 - 2013-09-14 20:19 - 00000000 ____D () C:\Users\Arianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plex Media Center2014-01-13 19:23 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep2014-01-13 19:23 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM2014-01-13 19:23 - 2013-05-28 21:32 - 00000000 ____D () C:\Users\Arianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2014-01-13 19:23 - 2013-01-09 16:10 - 00000000 ____D () C:\WINDOWS\en2014-01-13 19:21 - 2014-01-13 19:21 - 00000000 ____D () C:\Users\Default\AppData\Local\Google2014-01-13 19:21 - 2014-01-13 19:21 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google2014-01-13 19:21 - 2013-11-14 02:14 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN2014-01-13 19:21 - 2013-11-14 02:14 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep2014-01-13 19:21 - 2013-11-14 02:14 - 00000000 ____D () C:\WINDOWS\system32\WCN2014-01-13 19:21 - 2013-08-22 10:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker2014-01-13 19:21 - 2013-08-22 10:36 - 00000000 __SHD () C:\Program Files (x86)\Windows Sidebar2014-01-13 19:21 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI2014-01-13 19:21 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz2014-01-13 19:21 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\IME2014-01-13 19:21 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\spool2014-01-13 19:21 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF2014-01-13 19:21 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\MUI2014-01-13 19:21 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\IME2014-01-13 19:21 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Help2014-01-13 19:21 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\SMI2014-01-13 19:21 - 2013-01-09 15:43 - 00000000 ____D () C:\ProgramData\PRICache2014-01-13 19:21 - 2012-07-26 00:37 - 00000000 ____D () C:\Users\Default.migrated2014-01-13 19:20 - 2013-08-22 10:36 - 00000000 __SHD () C:\Program Files\Windows Sidebar2014-01-13 19:20 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared2014-01-13 19:18 - 2014-01-13 19:18 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate2014-01-13 19:18 - 2014-01-13 19:17 - 00000000 ___RD () C:\Users\Arianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2014-01-13 19:18 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery2014-01-13 19:11 - 2014-01-13 19:11 - 00000264 _____ () C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job2014-01-13 19:11 - 2014-01-13 19:11 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf2014-01-13 19:11 - 2014-01-13 19:11 - 00000000 ____D () C:\Program Files\Intel2014-01-13 19:11 - 2014-01-13 19:11 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies2014-01-13 19:11 - 2014-01-13 19:11 - 00000000 ____D () C:\Program Files (x86)\Intel2014-01-13 19:11 - 2014-01-13 19:11 - 00000000 ____D () C:\Intel2014-01-13 19:10 - 2014-01-13 19:10 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf2014-01-13 19:10 - 2014-01-13 19:10 - 00000000 ____D () C:\Program Files\Synaptics2014-01-13 19:09 - 2013-08-22 08:36 - 00000000 __RHD () C:\Users\Default2014-01-13 18:17 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent2014-01-10 01:11 - 2014-01-22 00:09 - 3347435393 _____ () C:\Users\Arianna\Desktop\Enough.Said.2013.1080p.BluRay.DTS.x264-PublicHD.mkv2014-01-07 20:46 - 2013-12-24 22:05 - 00000000 ____D () C:\Users\Arianna\Desktop\New folder2014-01-07 14:57 - 2013-06-23 13:43 - 00000000 ____D () C:\Users\Arianna\Documents\School2014-01-06 21:23 - 2014-01-06 21:22 - 00079672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys2014-01-06 21:22 - 2013-06-23 12:58 - 01034464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys2014-01-06 21:22 - 2013-06-23 12:58 - 00422216 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys2014-01-06 21:22 - 2013-06-23 12:58 - 00334136 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe2014-01-06 21:22 - 2013-06-23 12:58 - 00207904 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys2014-01-06 21:22 - 2013-06-23 12:58 - 00078648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys2014-01-06 21:22 - 2013-06-23 12:57 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr2014-01-06 17:31 - 2014-01-16 13:25 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe2014-01-06 17:31 - 2014-01-16 13:25 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-01 22:55 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2014 04Ran by Arianna at 2014-02-02 20:40:10Running from C:\Users\Arianna\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== µTorrent (HKCU Version: 3.3.2.30303 - BitTorrent Inc.)7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)Adobe Reader XI (11.0.04) (x32 Version: 11.0.04 - Adobe Systems Incorporated)Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)avast! Free Antivirus (x32 Version: 9.0.2011 - Avast Software)Bonjour (Version: 3.0.0.10 - Apple Inc.)Bullzip PDF Printer 9.10.0.1629 (Version: 9.10.0.1629 - Bullzip)CCleaner (Version: 4.10 - Piriform)CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415a - CyberLink Corp.) HiddenCyberLink Media Suite 10 (x32 Version: 10.0.1.1913 - CyberLink Corp.) HiddenCyberLink Media Suite Essentials (x32 Version: 10.0 - CyberLink Corp.)CyberLink Power2Go 8 (x32 Version: 8.0.0.1904 - CyberLink Corp.) HiddenCyberLink PowerDirector 10 (x32 Version: 10.0.1.1904 - CyberLink Corp.) HiddenCyberLink PowerDVD 10 (x32 Version: 10.0.4318.52 - CyberLink Corp.) HiddenD3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDefinition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft)Dell System Detect (HKCU Version: 5.4.0.4 - Dell)Dell Touchpad (Version: 16.2.10.3 - Synaptics Incorporated)Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)Full Tilt Poker (x32 Version: 4.65.0.WIN.FullTilt.COM - )Google Chrome (x32 Version: 32.0.1700.102 - Google Inc.)Google Drive (x32 Version: 1.13.5782.599 - Google, Inc.)Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) HiddenHiJackThis (x32 Version: 1.0.0 - Trend Micro)HitmanPro 3.7 (Version: 3.7.9.212 - SurfRight B.V.)iCloud (Version: 3.1.0.40 - Apple Inc.)IDT Audio (x32 Version: 1.0.6426.0 - IDT)Intel® Processor Graphics (x32 Version: 10.18.10.3379 - Intel Corporation)iTunes (Version: 11.1.3.8 - Apple Inc.)Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) HiddenMalwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Office (x32 Version: 14.0.6120.5004 - Microsoft Corporation)Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) HiddenMicrosoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) HiddenMicrosoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) HiddenMicrosoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) HiddenMicrosoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) HiddenMicrosoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation)Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) HiddenMicrosoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) HiddenMicrosoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319 - Microsoft Corporation)Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenMSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) HiddenMSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) HiddenMy Dell (Version: 3.4.6422.14 - PC-Doctor, Inc.)Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenPhoto Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenPlex (HKCU Version: 0.9.504 - Plex, Inc)Plex Media Server (x32 Version: 0.9.806 - Plex, Inc.)Plex Media Server (x32 Version: 0.9.806 - Plex, Inc.) HiddenPokerStars (x32 Version: - PokerStars)Quickset64 (Version: 11.1.003 - Dell Inc.)QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)Respondus LockDown Browser (x32 Version: 1.02.0001 - Respondus, Inc.)Shared C Run-time for x64 (Version: 10.0.0 - McAfee)Splashtop Streamer (x32 Version: 2.4.5.2 - Splashtop Inc.)Spybot - Search & Destroy (x32 Version: 1.6.2 - Safer Networking Limited)SpywareBlaster 5.0 (x32 Version: 5.0.0 - BrightFort LLC)SUPERAntiSpyware (Version: 5.7.1018 - SUPERAntiSpyware.com)Update for Microsoft Office 2010 (KB2494150) (x32 Version: - Microsoft)Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version: - Microsoft)Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32 Version: - Microsoft)VLC media player 2.0.8 (x32 Version: 2.0.8 - VideoLAN)Widevine Media Optimizer Chrome 6.0.0 (HKCU Version: 6.0.0.12442 - Widevine Technologies)Widevine Media Optimizer Chrome 6.0.0 (x32 Version: 6.0.0.12442 - Widevine Technologies)Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenWindows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation)Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenWindows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden ==================== Restore Points ========================= 19-01-2014 01:16:09 Removed Dell Backup and Recovery22-01-2014 05:01:50 Installed Java 7 Update 5130-01-2014 05:30:26 Windows Update02-02-2014 06:45:29 Installed HiJackThis ==================== Hosts content: ========================== 2012-07-26 00:26 - 2014-02-01 22:32 - 00450712 ____R C:\WINDOWS\system32\Drivers\etc\hosts127.0.0.1 www.007guard.com127.0.0.1 007guard.com127.0.0.1 008i.com127.0.0.1 www.008k.com127.0.0.1 008k.com127.0.0.1 www.00hq.com127.0.0.1 00hq.com127.0.0.1 010402.com127.0.0.1 www.032439.com127.0.0.1 032439.com127.0.0.1 www.0scan.com127.0.0.1 0scan.com127.0.0.1 1000gratisproben.com127.0.0.1 www.1000gratisproben.com127.0.0.1 1001namen.com127.0.0.1 www.1001namen.com127.0.0.1 100888290cs.com127.0.0.1 www.100888290cs.com127.0.0.1 www.100sexlinks.com127.0.0.1 100sexlinks.com127.0.0.1 10sek.com127.0.0.1 www.10sek.com127.0.0.1 www.1-2005-search.com127.0.0.1 1-2005-search.com127.0.0.1 123fporn.info127.0.0.1 www.123fporn.info127.0.0.1 123haustiereundmehr.com127.0.0.1 www.123haustiereundmehr.com127.0.0.1 123moviedownload.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTaskTask: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsListTask: {1457D8DD-BFDE-4B05-86DB-DC3F1FD4CC00} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-09-05] (PC-Doctor, Inc.)Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTaskTask: {22FBEF61-D092-4D16-B3B1-D13FAA79A441} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-14] (Synaptics Incorporated)Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulateTask: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)Task: {39BD9B3C-36CD-4C31-B6B7-ECCB495A020E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)Task: {3DFBEBB8-CECC-4517-8849-E7B6364FC5FF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalanceTask: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play CleanupTask: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance TaskTask: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTaskTask: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryStateTask: {8100600C-D620-4B36-95EC-646CE77B2C37} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-23] (Google Inc.)Task: {815CC084-BD16-403D-905A-2FCB184D2050} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-12-06] (PC-Doctor, Inc.)Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance TaskTask: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTaskTask: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance WorkTask: {A6578277-25ED-4583-9BA6-E756349C0699} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-06] (AVAST Software)Task: {C50EE195-948F-4BC1-A27A-80B98D962366} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-23] (Google Inc.)Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTaskTask: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensingTask: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon SynchronizationTask: {E0EE274A-C262-4655-94D7-0DAB358EC0A2} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exeTask: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRETask: {F6C33560-AA84-4E9A-BA7D-49C63B24F778} - \AmiUpdXp No Task FileTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Loaded Modules (whitelisted) ============= 2013-12-21 00:02 - 2013-12-21 00:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2014-02-02 11:52 - 2014-02-02 04:38 - 02168320 _____ () C:\Program Files\AVAST Software\Avast\defs\14020200\algo.dll2014-02-02 14:45 - 2014-02-02 12:10 - 02168320 _____ () C:\Program Files\AVAST Software\Avast\defs\14020201\algo.dll2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll2013-10-18 18:55 - 2013-10-18 18:55 - 25100288 _____ () C:\Users\Arianna\AppData\Roaming\Dropbox\bin\libcef.dll2013-12-05 02:24 - 2013-12-05 02:24 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2014-01-29 22:26 - 2014-01-23 00:56 - 00715544 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libglesv2.dll2014-01-29 22:26 - 2014-01-23 00:56 - 00100120 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libegl.dll2014-01-29 22:26 - 2014-01-23 00:56 - 04055320 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll2014-01-29 22:26 - 2014-01-23 00:57 - 00399640 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll2014-01-29 22:26 - 2014-01-23 00:55 - 01634584 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\Temp:5C321E34AlternateDataStreams: C:\Users\Arianna\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Could not start eventlog service, could not read events. The requested service has already been started. More help is available by typing NET HELPMSG 2182. ==================== Memory info =========================== Percentage of memory in use: 24%Total physical RAM: 8058.5 MBAvailable physical RAM: 6055.43 MBTotal Pagefile: 9338.5 MBAvailable Pagefile: 7232.01 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.79 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:456.32 GB) (Free:171.46 GB) NTFSDrive d: (WINRETOOLS) (Fixed) (Total:2 GB) (Free:1.28 GB) NTFSDrive g: (DATAPART1) (Fixed) (Total:29.82 GB) (Free:29.67 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 466 GB) (Disk ID: 35663749) Partition: GPT Partition Type========================================================Disk: 1 (MBR Code: Windows 7 or 8) (Size: 30 GB) (Disk ID: 5A3E5162)Partition 1: (Not Active) - (Size=30 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  4. Leo Ali
    I am running windows 8.1, I am unable to run DDS
  5. Leo Ali
    Whats the best way to clean up the system? Aren't those (file missing) results bad?
  6. Leo Ali
    Thank you in advance for your time: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:13:22 AM, on 2/2/2014 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.9600.16384) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Users\Arianna\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Users\Arianna\Desktop\Maintenance\HiJackThis.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: Dropbox.lnk = Arianna\AppData\Roaming\Dropbox\bin\Dropbox.exe O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: *.dell.com O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Product - 2013/01/09 15:02:03 (CLKMSVC10_38F51D56) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9948 bytes
  7. Leo Ali
    I ran the chkdsk C: /f /r and it came back with no errors. I can boot from the disc, but it is in a restarting loop if I just leave the machine running. I'm not exactly sure which version of Vista this is or whether it was updated to SP2. This is a computer that has been sitting for a while after getting its screen repaired about 6 months ago at best buy. I have no backups for the complete PC restore, but I do have a windows disc that I think I can use for a clean install if only the computer would run the installation without restarting in the midst of loading the install disc. I tried both: C:\temp\Windows6.0-KB936330-X86.exe /x:C:\temp and C:\temp\Windows6.0-KB948465-x86.exe /x:C:\temp neither one worked...
  8. Leo Ali
    I tried both sfc /scannow and /verifyonly. both ended with 'windows resource protection could not perform the requested operation'.
  9. Leo Ali
    **UPDATE** I shut off the computer for a bit and tried again, this time it allowed me to run the disc. I tried the fixboot command, it completed successfully, yet no luck. I have not had the blue screen come up through any of this (forgot to answer your question earlier); although a new screen did come up as I had left it in its restarting loop, it is a black screen telling me 'a recent hardware or sofware change might be the cause of windows failing to start'. This was on the bottom of the screen: file: CI.dll status: 0xc00000e9 Info: Windows failed to load because a required file is missing, or corrupt.
  10. Leo Ali
    Hello wildman424 and thank you so much for your help! OK, I tried restoring the computer via recovery disc...no luck as the only restore point given is of today's date, not sure why or how that happened. Next I ran CMD prompt, and renamed crcdisk.sys to .old, ran the chkdsk, restarted with the same problem. I tried running safe-mode and it now hung up on classpnp.sys instead of the crcdisk.sys... I am now stuck and unable to run the last method you gave me because after the 'press any key to boot from cd/dvd' prompt it begins loading the disc, then goes into loading windows normally and gets stuck in its infinite loop of restarts. Not sure what to do from here as I can no longer boot from disc it seems. thanks again
  11. Leo Ali
    Hello, and thank you in advance for any help offered. I have a laptop that begins to boot, but cuts off and restarts upon loading windows (this is a Vista 32-bit OS). I tried running safe mode, in which the computer freezes upon trying to start crcdisk.sys, and then just restarts. I also tried running a recovery disc, chkdsk found no errors, as well as a hardware diagnostic. Upon trying the automated recovery, I received the following: startup repairV2 Problem Signature 01: External Media Problem Signature 02: 6.0.6000.16386.6.0.5001.18000 Problem Signature 03: 3 Problem Signature 04: 65537 Problem Signature 05: unknown Problem Signature 06: NoRootCause Problem Signature 07: 0 Problem Signature 08: 2 Problem Signature 09: WrpRepair Problem Signature 10: 2 OS Version: 6.0.6000.2.0.0.256.1 Locale ID: 1033
  12. Leo Ali
    This PC constantly slows to a crawl then comes back up to speed, it also disconnects from the internet often. I feel this may be due to registry errors, but any help is appreciated. Thank you in advance! Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:03:27 PM, on 1/22/2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16700) Boot mode: Normal Running processes: C:Program Files (x86)Common FilesSeagateSchedule2schedhlp.exe C:Program Files (x86)EvernoteEvernoteEvernoteClipper.exe C:Program Files (x86)SeagateBlackArmorBackupBlackArmorBackupMonitor.exe C:Program Files (x86)SeagateBlackArmorBackupTimounterMonitor.exe C:Program FilesAlwil SoftwareAvast5AvastUI.exe C:Program Files (x86)iTunesiTunesHelper.exe C:UsersLennyHPDesktopMaintenanceHijackThis.exe R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = https://cruisebase.com/abc16/secure/login.asp R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~2SPYBOT~1SDHelper.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre6binjp2ssv.dll O4 - HKLM..Run: [blackArmorBackupMonitor.exe] C:Program Files (x86)SeagateBlackArmorBackupBlackArmorBackupMonitor.exe O4 - HKLM..Run: [AcronisTimounterMonitor] C:Program Files (x86)SeagateBlackArmorBackupTimounterMonitor.exe O4 - HKLM..Run: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe" O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe" O4 - HKLM..Run: [avast5] "C:Program FilesAlwil SoftwareAvast5avastUI.exe" /nogui O4 - HKLM..Run: [QuickTime Task] "C:Program Files (x86)QuickTimeQTTask.exe" -atboottime O4 - HKLM..Run: [iTunesHelper] "C:Program Files (x86)iTunesiTunesHelper.exe" O4 - HKCU..RunOnce: [FlashPlayerUpdate] C:WindowsSysWOW64MacromedFlashFlashUtil10i_Plugin.exe -update plugin O4 - HKUSS-1-5-19..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUSS-1-5-19..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUSS-1-5-20..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUSS-1-5-20..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User 'NETWORK SERVICE') O4 - Global Startup: Evernote Clipper.lnk = ? O8 - Extra context menu item: Add to Evernote 4.0 - res://C:Program Files (x86)EvernoteEvernoteEvernoteIE.dll/204 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~2MICROS~4Office12EXCEL.EXE/3000 O9 - Extra button: @C:Program Files (x86)Windows LiveWriterWindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:Program Files (x86)Windows LiveWriterWindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~2MICROS~4Office12ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~2MICROS~4Office12ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~2MICROS~4Office12REFIEBAR.DLL O9 - Extra button: @C:Program Files (x86)EvernoteEvernoteResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:Program Files (x86)EvernoteEvernoteEvernoteIE.dll/204 (file missing) O9 - Extra 'Tools' menuitem: @C:Program Files (x86)EvernoteEvernoteResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:Program Files (x86)EvernoteEvernoteEvernoteIE.dll/204 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~2SPYBOT~1SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~2SPYBOT~1SDHelper.dll O10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll O10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll O17 - HKLMSystemCCSServicesTcpip..{B27A82AD-788E-41E6-B2F3-B1D698591231}: NameServer = 68.87.74.166,68.87.68.166 O17 - HKLMSystemCCSServicesTcpip..{BF44A33C-7182-426D-8B30-4A2FC3570C82}: NameServer = 68.87.74.166,68.87.68.166 O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:Program Files (x86)Windows LivePhoto GalleryAlbumDownloadProtocolHandler.dll O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:Program FilesAlwil SoftwareAvast5AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:Program FilesAlwil SoftwareAvast5AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:Program FilesAlwil SoftwareAvast5AvastSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:Program Files (x86)BonjourmDNSResponder.exe O23 - Service: CLDTVHNService - Unknown owner - C:Program Files (x86)DirecTVDirecTVKernelDMPCLDTVHNService.exe O23 - Service: @%SystemRoot%system32efssvc.dll,-100 (EFS) - Unknown owner - C:WindowsSystem32lsass.exe (file missing) O23 - Service: @%systemroot%system32fxsresm.dll,-118 (Fax) - Unknown owner - C:Windowssystem32fxssvc.exe (file missing) O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing) O23 - Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) - Unknown owner - C:Windowssystem32lsass.exe (file missing) O23 - Service: NMIndexingService - Unknown owner - C:Program Files (x86)Common FilesAheadLibNMIndexingService.exe (file missing) O23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:Windowssystem32lsass.exe (file missing) O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing) O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:Program Files (x86)Common FilesSeagateSchedule2schedul2.exe O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WindowsSystem32snmptrap.exe (file missing) O23 - Service: @%systemroot%system32spoolsv.exe,-1 (Spooler) - Unknown owner - C:WindowsSystem32spoolsv.exe (file missing) O23 - Service: @%SystemRoot%system32sppsvc.exe,-101 (sppsvc) - Unknown owner - C:Windowssystem32sppsvc.exe (file missing) O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%system32vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:Windowssystem32lsass.exe (file missing) O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing) O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing) O23 - Service: @%SystemRoot%system32WatWatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:Windowssystem32WatWatAdminSvc.exe (file missing) O23 - Service: @%systemroot%system32wbengine.exe,-104 (wbengine) - Unknown owner - C:Windowssystem32wbengine.exe (file missing) O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing) -- End of file - 10047 bytes I should also mention I did a scan with SFC, and it came up with errors. I have the logfile but haven't posted it as it is huge. Please let me know if this would be of use. Thanks
  13. Leo Ali
    All seems fine now, haven't had anymore symptoms as of yet. How common is it to have such errors on your disk and what could they be caused by? Thank you for your help through this.
  14. Leo Ali
    Updated the driver, and the problem seems to fixed, thank you for that. So the rest of my system seems OK to you?
  15. Leo Ali
    Integrated video: "Mobile Intel 4 Series Chipset Family"
  16. Leo Ali
    I did another chkdsk and nothing came up, everything seems OK. My new dilemma seems to be scrambled video in youtube. I tried to play the same video in different browsers, and different videos; some work while others do not. I uninstalled/reinstalled adobe flash plug-in and that didn't help. I have a feeling it is a codec issue, but my question is why would that all of a sudden come up, while I play videos daily and they are usually fine. Screen-shot attached.
  17. Leo Ali
    Did the chkdsk, seemed ok. it didn't come up with any errors. I am just curious, how would you take a screen shot of the chkdsk?
  18. Leo Ali
    No, I do not. The computer did not come with one. There is a way to create a back-up cd when you buy a computer this way right? Is that my only option?
  19. Leo Ali
    Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4510 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 8/30/2010 6:38:39 PM mbam-log-2010-08-30 (18-38-39).txt Scan type: Quick scan Objects scanned: 134351 Time elapsed: 5 minute(s), 42 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS (Ver_10-03-17.01) - NTFSX64 Run by LennyHP at 19:11:16.07 on Mon 08/30/2010 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3003.1733 [GMT -4:00] SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files (x86)\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe C:\Program Files (x86)\Seagate\BlackArmorBackup\TimounterMonitor.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k HsfXAudioService C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Users\LennyHP\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = https://cruisebase.com/abc16/secure/login.asp uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb mLocal Page = c:\windows\syswow64\blank.htm uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File {555d4d79-4bd2-4094-a395-cfc534424a05} mRun: [avast!] "c:\program files\alwil software\avast4\ashDisp.exe" mRun: [<NO NAME>] mRun: [blackArmorBackupMonitor.exe] c:\program files (x86)\seagate\blackarmorbackup\BlackArmorBackupMonitor.exe mRun: [AcronisTimounterMonitor] c:\program files (x86)\seagate\blackarmorbackup\TimounterMonitor.exe mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe" mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime uPolicies-system: WallpaperStyle = 2 mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) dPolicies-system: WallpaperStyle = 2 IE: E&xport to Microsoft Excel - c:\progra~2\micros~4\office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~4\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~4\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files (x86)\common files\lightscribe\LSRunOnce.exe" BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun-x64: [seagate Scheduler2 Service] "c:\program files (x86)\common files\seagate\schedule2\schedhlp.exe" mRun-x64: [igfxTray] c:\windows\system32\igfxtray.exe mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe Hosts: 127.0.0.1 www.spywareinfo.com ================= FIREFOX =================== FF - ProfilePath - c:\users\lennyhp\appdata\roaming\mozilla\firefox\profiles\iavr003f.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?tab=mw&hl=en&source=iglk#restore FF - component: c:\users\lennyhp\appdata\roaming\mozilla\firefox\profiles\iavr003f.default\extensions\optout@dubfire.net\lib\winnt\ff3\AbineComponent.dll FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\users\lennyhp\appdata\roaming\move networks\plugins\npqmp071701000002.dll FF - plugin: c:\users\lennyhp\appdata\roaming\mozilla\firefox\profiles\iavr003f.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-11-7 89680] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-7 22096] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-11-7 65616] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-12-20 138680] R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 27136] R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-8-29 1153368] R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\common files\seagate\schedule2\schedul2.exe [2009-7-23 826352] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-12-20 254040] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-12-20 352920] R3 CAXHWAZL;CAXHWAZL;c:\windows\system32\drivers\CAXHWAZL.sys [2009-6-24 292864] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-9-4 215040] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\drivers\BthAvrcp.sys [2008-7-10 21504] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\netw5v64.sys [2009-6-10 5434368] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-8-17 216064] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-19 50688] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 17920] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-5 1255736] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x64.sys [2009-6-10 389120] =============== Created Last 30 ================ 2010-08-29 19:17:16 423656 ----a-w- c:\windows\syswow64\deployJava1.dll 2010-08-29 19:17:16 153376 ----a-w- c:\windows\syswow64\javaws.exe 2010-08-29 19:17:16 145184 ----a-w- c:\windows\syswow64\javaw.exe 2010-08-29 19:17:16 145184 ----a-w- c:\windows\syswow64\java.exe 2010-08-29 19:03:38 0 d-----w- c:\programdata\Sun 2010-08-29 14:44:37 0 d-----w- c:\programdata\Spybot - Search & Destroy 2010-08-29 14:44:37 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy 2010-08-29 14:41:49 0 d-----w- c:\users\lennyhp\appdata\roaming\Malwarebytes 2010-08-29 14:41:40 24664 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-29 14:41:40 0 d-----w- c:\programdata\Malwarebytes 2010-08-29 14:41:40 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2010-08-25 13:14:59 861184 ----a-w- c:\windows\system32\oleaut32.dll 2010-08-25 13:14:59 571904 ----a-w- c:\windows\syswow64\oleaut32.dll 2010-08-11 03:22:58 0 d-----w- c:\users\lennyhp\Incomplete 2010-08-10 09:15:58 94208 ----a-w- c:\windows\syswow64\QuickTimeVR.qtx 2010-08-10 09:15:58 69632 ----a-w- c:\windows\syswow64\QuickTime.qts 2010-08-03 02:52:03 12867584 ----a-w- c:\windows\syswow64\shell32.dll ==================== Find3M ==================== 2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll 2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll 2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll 2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll 2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll 2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll 2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll 2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll 2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll 2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll 2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll 2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll 2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe 2010-06-19 07:05:01 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-06-19 06:53:18 52224 ----a-w- c:\windows\system32\rtutils.dll 2010-06-19 06:33:29 3955080 ----a-w- c:\windows\syswow64\ntkrnlpa.exe 2010-06-19 06:33:29 3899784 ----a-w- c:\windows\syswow64\ntoskrnl.exe 2010-06-19 06:23:50 37376 ----a-w- c:\windows\syswow64\rtutils.dll 2010-06-19 04:32:34 3122688 ----a-w- c:\windows\system32\win32k.sys 2010-06-17 22:57:20 72080 ----a-w- c:\users\lennyhp\g2mdlhlpx.exe 2010-06-16 06:11:10 340992 ----a-w- c:\windows\system32\schannel.dll 2010-06-16 05:48:35 224256 ----a-w- c:\windows\syswow64\schannel.dll 2010-06-08 06:02:06 1233920 ----a-w- c:\windows\syswow64\msxml3.dll 2010-06-08 05:36:31 1877504 ----a-w- c:\windows\system32\msxml3.dll 2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini 2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 19:12:29.04 ===============
  20. Leo Ali
    This computer seems to be getting MANY errors, applications just crashing, and it starts up extremely slowly. I have a minimal amount of start-up programs, and the computer seems to be running pretty lean based on the process in the task manager. I ran a full scan in MBAM and it came up clean, as well as spybot. I then ran a chkdsk and it took longer than usual to finish, I am not sure if it saves any kind of log but I took a few quick notes, here are a couple of things that it was saying: File records segment unreadeable 34532-34535, corrupt attribute record, it also deleted a few indexes such as MSScntrs.dll, MSScp.dll and something about $I30 of file 12539. A big thank you in advanced to anyone willing to spend some time to check this log out for me. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 3:32:23 PM, on 8/29/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files (x86)\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe C:\Program Files (x86)\Seagate\BlackArmorBackup\TimounterMonitor.exe C:\Users\LennyHP\Desktop\Maintenance\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://cruisebase.com/abc16/secure/login.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe" O4 - HKLM\..\Run: [blackArmorBackupMonitor.exe] C:\Program Files (x86)\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\BlackArmorBackup\TimounterMonitor.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Unknown owner - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8828 bytes
  21. Leo Ali
    Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4417 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 8/10/2010 11:54:58 PM mbam-log-2010-08-10 (23-54-58).txt Scan type: Quick scan Objects scanned: 133055 Time elapsed: 4 minute(s), 19 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Amnesiac (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  22. Leo Ali
    After I did the custom scan Avast AV came up with two 'Virus Found' alerts, I deleted them through that application. OTL logfile created on: 8/2/2010 9:01:17 PM - Run 2 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Lenny\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 68.00% Memory free 8.00 Gb Paging File | 6.00 Gb Available in Paging File | 82.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 287.57 Gb Total Space | 131.67 Gb Free Space | 45.79% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive Z: | 914.26 Gb Total Space | 603.76 Gb Free Space | 66.04% Space Free | Partition Type: NTFS Computer Name: LENNY-TOSHIBA Current User Name: Lenny Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010/08/02 20:45:59 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Lenny\Desktop\OTL.exe PRC - [2010/07/23 22:14:48 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2010/07/23 22:14:48 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2009/11/24 19:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\ashDisp.exe PRC - [2009/11/24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\ashServ.exe PRC - [2009/11/24 19:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\ashMaiSv.exe PRC - [2009/11/24 19:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\ashWebSv.exe PRC - [2009/11/24 19:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\aswUpdSv.exe PRC - [2009/07/23 16:36:58 | 000,963,784 | ---- | M] (Seagate) -- C:\Program Files (x86)\Seagate\BlackArmorBackup\TimounterMonitor.exe PRC - [2009/07/23 16:32:00 | 000,376,272 | ---- | M] (Seagate) -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe PRC - [2009/07/23 16:18:04 | 004,352,960 | ---- | M] (Seagate) -- C:\Program Files (x86)\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe PRC - [2009/07/14 22:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe PRC - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2007/09/02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe ========== Modules (SafeList) ========== MOD - [2010/08/02 20:45:59 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Lenny\Desktop\OTL.exe MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll MOD - [2007/09/02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - File not found [Auto | Stopped] -- C:\windows\SysNative\mousenh32.exe -- (winbackupdumper-id194bEOVSq1JI) SRV:64bit: - [2009/12/07 00:22:14 | 001,793,976 | ---- | M] (UltraVNC) [Auto | Stopped] -- C:\Program Files\UltraVNC\WinVNC.exe -- (uvnc_service) SRV:64bit: - [2009/11/24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Avast4\ashServ.exe -- (avast! Antivirus) SRV:64bit: - [2009/11/24 19:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Avast4\ashMaiSv.exe -- (avast! Mail Scanner) SRV:64bit: - [2009/11/24 19:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Avast4\ashWebSv.exe -- (avast! Web Scanner) SRV:64bit: - [2009/11/24 19:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Avast4\aswUpdSv.exe -- (aswUpdSv) SRV:64bit: - [2009/08/18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV:64bit: - [2009/08/11 19:10:48 | 000,252,272 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service) SRV:64bit: - [2009/08/05 17:20:12 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV:64bit: - [2009/08/04 14:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv) SRV:64bit: - [2009/08/03 21:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service) SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/10/27 10:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService) SRV - [2009/08/17 13:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2009/08/10 22:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService) SRV - [2009/07/23 16:33:16 | 000,826,352 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc) SRV - [2009/07/14 22:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service) SRV - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service) SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\DRIVERS\RtsUCcid.sys -- (USBCCID) DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\DRIVERS\Rts516xIR.sys -- (RtsUIR) DRV:64bit: - [2010/08/01 15:33:17 | 000,012,096 | ---- | M] (UVNC BVBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mv2.sys -- (mv2) DRV:64bit: - [2010/04/26 17:23:08 | 001,103,904 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se) DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010/03/04 13:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/12/20 10:22:42 | 001,581,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm174.sys -- (tdrpman174) Acronis Try&Decide and Restore Points filter (build 174) DRV:64bit: - [2009/12/20 10:22:40 | 000,926,752 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter) DRV:64bit: - [2009/12/20 10:22:32 | 000,237,600 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380) DRV:64bit: - [2009/12/08 19:49:28 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin) DRV:64bit: - [2009/12/08 18:42:10 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2009/11/24 19:50:05 | 000,022,096 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2009/11/24 19:49:56 | 000,065,616 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2009/08/27 11:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/08/07 08:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/08/05 22:04:06 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst) DRV:64bit: - [2009/07/24 18:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64) DRV:64bit: - [2009/07/20 20:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ) DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 17:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009/07/07 11:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk) DRV:64bit: - [2009/06/22 20:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect) DRV:64bit: - [2009/06/19 22:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL) DRV:64bit: - [2009/06/10 17:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009/06/10 16:35:46 | 000,427,008 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8187Se.sys -- (RTL8187Se) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus) DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2008/07/10 19:20:16 | 000,021,504 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp) DRV - [2010/07/29 21:46:05 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\windows\system32\drivers\ixucxbu.sys -- (tzishj) DRV - [2010/07/29 21:40:25 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\windows\system32\drivers\yoevhaol.sys -- (uqtj) DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...A&bmod=TSNA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...A&bmod=TSNA IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...A&bmod=TSNA IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...A&bmod=TSNA IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.yahoo.com" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1 FF - prefs.js..extensions.enabledItems: {C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}:2.3.54 FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2 FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36949 FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0 FF - prefs.js..extensions.enabledItems: optout@dubfire.net:3.02 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76 FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/01/04 22:37:51 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/01 12:46:49 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/24 13:15:45 | 000,000,000 | ---D | M] [2010/01/12 23:27:46 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\Mozilla\Extensions [2010/01/12 23:27:46 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\Mozilla\Extensions\MediaCoder [2010/08/02 17:36:25 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\Mozilla\Firefox\Profiles\tbjxnrj0.default\extensions [2010/07/27 21:17:55 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Lenny\AppData\Roaming\Mozilla\Firefox\Profiles\tbjxnrj0.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2009/12/19 12:10:03 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\Lenny\AppData\Roaming\Mozilla\Firefox\Profiles\tbjxnrj0.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42} [2010/06/26 14:26:25 | 000,000,000 | ---D | M] (Hyperwords) -- C:\Users\Lenny\AppData\Roaming\Mozilla\Firefox\Profiles\tbjxnrj0.default\extensions\{9A752782-D706-479b-98F8-3F66BF921692} [2010/02/22 18:19:33 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\Lenny\AppData\Roaming\Mozilla\Firefox\Profiles\tbjxnrj0.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} [2010/02/11 18:41:37 | 000,000,000 | ---D | M] (Answers) -- C:\Users\Lenny\AppData\Roaming\Mozilla\Firefox\Profiles\tbjxnrj0.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51} [2010/07/12 17:43:48 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Lenny\AppData\Roaming\Mozilla\Firefox\Profiles\tbjxnrj0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/02/22 18:19:34 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\Mozilla\Firefox\Profiles\tbjxnrj0.default\extensions\noia2_option@kk.noia [2010/06/19 20:41:26 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\Mozilla\Firefox\Profiles\tbjxnrj0.default\extensions\optout@dubfire.net [2010/06/19 20:41:08 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\Mozilla\Firefox\Profiles\tbjxnrj0.default\extensions\piclens@cooliris.com [2010/06/19 20:41:08 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\Mozilla\Firefox\Profiles\tbjxnrj0.default\extensions\piclens@cooliris.com-trash [2010/03/13 09:18:48 | 000,004,440 | ---- | M] () -- C:\Users\Lenny\AppData\Roaming\Mozilla\Firefox\Profiles\tbjxnrj0.default\searchplugins\hyperwords.xml [2009/11/27 18:54:02 | 000,004,153 | ---- | M] () -- C:\Users\Lenny\AppData\Roaming\Mozilla\Firefox\Profiles\tbjxnrj0.default\searchplugins\youtube.xml [2010/08/02 17:36:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010/06/13 00:43:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/06/13 00:43:48 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll O1 HOSTS File: ([2010/07/03 01:00:33 | 000,000,698 | ---- | M]) - C:\Windows\SysNative\drivers\etc\HOSTS O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [] File not found O4:64bit: - HKLM..\Run: [seagate Scheduler2 Service] C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\BlackArmorBackup\TimounterMonitor.exe (Seagate) O4 - HKLM..\Run: [avast!] C:\Program Files\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [blackArmorBackupMonitor.exe] C:\Program Files (x86)\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe (Seagate) O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.74.166 68.87.68.166 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30:64bit: - LSA: Security Packages - (livessp) - C:\windows\SysNative\livessp.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\windows\SysWow64\livessp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 90 Days ========== [2010/08/02 20:50:02 | 000,000,000 | ---D | C] -- C:\_OTL [2010/08/02 20:45:54 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Lenny\Desktop\OTL.exe [2010/08/01 15:37:45 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Roaming\UltraVNC [2010/08/01 15:33:25 | 000,026,432 | ---- | C] (UVNC BVBA) -- C:\windows\SysNative\mv2.dll [2010/08/01 15:33:25 | 000,012,096 | ---- | C] (UVNC BVBA) -- C:\windows\SysNative\drivers\mv2.sys [2010/08/01 15:33:17 | 000,000,000 | ---D | C] -- C:\Program Files\UltraVNC [2010/07/29 22:11:06 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Roaming\DiskAid [2010/07/24 21:30:05 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Roaming\EurekaLog [2010/07/24 21:27:52 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Roaming\HamsterSoft [2010/07/24 21:27:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HamsterSoft [2010/07/24 13:10:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010/07/24 13:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010/07/24 13:09:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010/07/14 21:24:19 | 000,000,000 | ---D | C] -- C:\windows\pss [2010/07/05 23:27:01 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\windows\SysWow64\drivers\mcdbus.sys [2010/07/05 23:27:01 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\windows\SysNative\drivers\mcdbus.sys [2010/07/05 23:27:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicDisc [2010/06/29 20:27:04 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Roaming\WinPatrol [2010/06/29 20:26:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BillP Studios [2010/06/28 20:31:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2010/06/28 20:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2010/06/28 20:30:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2010/06/28 20:29:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2010/06/28 20:29:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2010/06/28 20:29:25 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2010/06/28 20:29:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2010/06/22 23:59:23 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro [2010/06/22 23:59:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Pro [2010/06/22 23:59:14 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Roaming\DAEMON Tools Pro [2010/06/17 02:16:05 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Roaming\Abine [2010/06/15 21:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco [2010/06/15 21:05:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco [2010/06/03 18:23:52 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Local\Microsoft Games [2010/05/28 18:08:15 | 000,140,288 | ---- | C] (GnuWin32 <http://gnuwin32.sourceforge.net>) -- C:\windows\SysWow64\pcre3.dll [2010/05/28 18:08:14 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Local\Desktop Cleanup Wizard [2010/05/24 16:24:04 | 000,892,928 | ---- | C] (Free Software Foundation) -- C:\windows\SysWow64\iconv.dll [2010/05/24 16:22:07 | 000,000,000 | ---D | C] -- C:\Users\Lenny\Documents\Aimersoft Video Converter Ultimate [2010/05/24 16:20:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aimersoft Video Converter [2010/05/24 16:20:20 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Roaming\windrvewls2 [2010/05/24 16:11:19 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Roaming\AVS4YOU [2010/05/24 16:10:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia [2010/05/24 16:10:17 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU [2010/05/24 16:10:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU [2010/05/24 16:08:21 | 000,000,000 | ---D | C] -- C:\Users\Lenny\Documents\Any Video Converter [2010/05/24 16:08:04 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Roaming\AnvSoft [2010/05/24 16:08:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnvSoft [2010/05/22 23:48:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PeerGuardian2 [2010/05/22 23:44:25 | 000,000,000 | ---D | C] -- C:\Program Files\PeerGuardian2 [2010/05/22 19:08:10 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Adobe [2010/05/18 21:07:28 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Local\Apps [2010/05/16 12:51:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDFab 7 [2010/05/12 19:50:35 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Roaming\Media Player Classic [2010/05/12 19:49:42 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\windows\SysWow64\lameACM.acm [2010/05/12 19:49:42 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\windows\SysWow64\yv12vfw.dll [2010/05/12 19:49:42 | 000,151,552 | ---- | C] (fccHandler) -- C:\windows\SysWow64\ac3acm.acm [2010/05/12 19:49:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack [2010/05/12 19:46:54 | 000,000,000 | ---D | C] -- C:\Program Files\KLCP64 [2010/05/11 22:51:03 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat [2010/05/11 22:51:02 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat [2010/05/09 23:15:02 | 000,000,000 | ---D | C] -- C:\Users\Lenny\.realobjects [2010/05/07 18:22:46 | 000,000,000 | ---D | C] -- C:\P90X Complete Set [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2010/08/02 21:03:10 | 009,437,184 | -HS- | M] () -- C:\Users\Lenny\ntuser.dat [2010/08/02 20:59:26 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/08/02 20:59:26 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/08/02 20:52:16 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT [2010/08/02 20:52:08 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2010/08/02 20:52:00 | 3117,404,160 | -HS- | M] () -- C:\hiberfil.sys [2010/08/02 20:51:14 | 001,824,499 | -H-- | M] () -- C:\Users\Lenny\AppData\Local\IconCache.db [2010/08/02 20:45:59 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Lenny\Desktop\OTL.exe [2010/08/01 15:33:25 | 000,000,776 | ---- | M] () -- C:\Users\Lenny\Desktop\UltraVNC Viewer.lnk [2010/08/01 15:33:25 | 000,000,759 | ---- | M] () -- C:\Users\Lenny\Desktop\UltraVNC Server.lnk [2010/08/01 15:33:17 | 000,026,432 | ---- | M] (UVNC BVBA) -- C:\windows\SysNative\mv2.dll [2010/08/01 15:33:17 | 000,012,096 | ---- | M] (UVNC BVBA) -- C:\windows\SysNative\drivers\mv2.sys [2010/07/29 21:46:05 | 000,061,440 | ---- | M] () -- C:\windows\SysWow64\drivers\ixucxbu.sys [2010/07/29 21:40:25 | 000,061,440 | ---- | M] () -- C:\windows\SysWow64\drivers\yoevhaol.sys [2010/07/25 15:41:17 | 000,117,760 | ---- | M] () -- C:\Users\Lenny\Desktop\stronglifts-5x5.xls [2010/07/25 14:59:24 | 000,426,288 | ---- | M] () -- C:\Users\Lenny\Desktop\stronglifts-5x5.pdf [2010/07/24 22:21:52 | 000,019,592 | ---- | M] () -- C:\Users\Lenny\Desktop\New York.docx [2010/07/03 01:00:33 | 000,000,698 | ---- | M] () -- C:\windows\SysNative\drivers\etc\HOSTS [2010/07/03 00:09:57 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2010/07/03 00:09:57 | 000,624,178 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2010/07/03 00:09:57 | 000,106,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2010/07/01 19:24:57 | 000,007,606 | ---- | M] () -- C:\Users\Lenny\AppData\Local\Resmon.ResmonCfg [2010/06/29 20:26:10 | 001,005,927 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20100629-202629.backup [2010/06/17 02:20:08 | 000,000,120 | ---- | M] () -- C:\Users\Lenny\webct_upload_applet.properties [2010/06/16 00:41:50 | 000,524,288 | -HS- | M] () -- C:\Users\Lenny\ntuser.dat{1f4a1b88-78ff-11df-a110-001e33fdc1e8}.TMContainer00000000000000000002.regtrans-ms [2010/06/16 00:41:50 | 000,524,288 | -HS- | M] () -- C:\Users\Lenny\ntuser.dat{1f4a1b88-78ff-11df-a110-001e33fdc1e8}.TMContainer00000000000000000001.regtrans-ms [2010/06/16 00:41:50 | 000,065,536 | -HS- | M] () -- C:\Users\Lenny\ntuser.dat{1f4a1b88-78ff-11df-a110-001e33fdc1e8}.TM.blf [2010/06/11 21:41:50 | 000,343,832 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2010/06/07 21:43:31 | 3884,712,092 | ---- | M] () -- C:\Users\Lenny\Documents\TempImage.nrg [2010/05/28 18:08:15 | 000,140,288 | ---- | M] (GnuWin32 <http://gnuwin32.sourceforge.net>) -- C:\windows\SysWow64\pcre3.dll [2010/05/24 16:20:20 | 000,000,002 | ---- | M] () -- C:\Users\Lenny\tenmy.ini [2010/05/24 16:20:19 | 000,135,168 | ---- | M] () -- C:\Users\Lenny\pod332.exe [2010/05/18 21:09:52 | 000,607,013 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20100629-202610.backup [2010/05/13 16:43:43 | 000,267,735 | ---- | M] () -- C:\Users\Lenny\Desktop\6FC0A4B0d01.pdf [2010/05/13 01:07:19 | 3994,761,215 | ---- | M] () -- C:\AVATAR.ISO [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/08/01 15:33:25 | 000,000,776 | ---- | C] () -- C:\Users\Lenny\Desktop\UltraVNC Viewer.lnk [2010/08/01 15:33:25 | 000,000,759 | ---- | C] () -- C:\Users\Lenny\Desktop\UltraVNC Server.lnk [2010/07/29 21:46:05 | 000,061,440 | ---- | C] () -- C:\windows\SysWow64\drivers\ixucxbu.sys [2010/07/29 21:46:05 | 000,000,172 | ---- | C] () -- C:\Program Files (x86)\xmmxgi.txt [2010/07/29 21:40:25 | 000,061,440 | ---- | C] () -- C:\windows\SysWow64\drivers\yoevhaol.sys [2010/07/29 21:40:25 | 000,000,172 | ---- | C] () -- C:\Program Files (x86)\zuzpzxxi.txt [2010/07/25 14:59:24 | 000,426,288 | ---- | C] () -- C:\Users\Lenny\Desktop\stronglifts-5x5.pdf [2010/07/24 15:20:31 | 000,019,592 | ---- | C] () -- C:\Users\Lenny\Desktop\New York.docx [2010/07/01 19:24:57 | 000,007,606 | ---- | C] () -- C:\Users\Lenny\AppData\Local\Resmon.ResmonCfg [2010/06/17 21:18:14 | 971,911,168 | ---- | C] () -- C:\Users\Lenny\Desktop\ADOBE_ACROBAT_9_PRO_EXTENDED.iso [2010/06/17 21:18:06 | 334,888,960 | ---- | C] () -- C:\Users\Lenny\Desktop\ACTIVATION & UPDATES.iso [2010/06/16 00:37:03 | 000,524,288 | -HS- | C] () -- C:\Users\Lenny\ntuser.dat{1f4a1b88-78ff-11df-a110-001e33fdc1e8}.TMContainer00000000000000000002.regtrans-ms [2010/06/16 00:37:03 | 000,524,288 | -HS- | C] () -- C:\Users\Lenny\ntuser.dat{1f4a1b88-78ff-11df-a110-001e33fdc1e8}.TMContainer00000000000000000001.regtrans-ms [2010/06/16 00:37:02 | 000,065,536 | -HS- | C] () -- C:\Users\Lenny\ntuser.dat{1f4a1b88-78ff-11df-a110-001e33fdc1e8}.TM.blf [2010/06/07 21:35:01 | 3884,712,092 | ---- | C] () -- C:\Users\Lenny\Documents\TempImage.nrg [2010/05/24 16:24:04 | 000,675,840 | ---- | C] () -- C:\windows\SysWow64\ac3filter.ax [2010/05/24 16:24:04 | 000,496,640 | ---- | C] () -- C:\windows\SysWow64\xvid.ax [2010/05/24 16:20:20 | 000,000,002 | ---- | C] () -- C:\Users\Lenny\tenmy.ini [2010/05/24 16:20:17 | 000,135,168 | ---- | C] () -- C:\Users\Lenny\pod332.exe [2010/05/13 00:32:20 | 3994,761,215 | ---- | C] () -- C:\AVATAR.ISO [2010/05/12 19:49:43 | 000,165,376 | ---- | C] () -- C:\windows\SysWow64\unrar.dll [2010/05/12 19:49:43 | 000,000,038 | ---- | C] () -- C:\windows\avisplitter.ini [2010/05/12 19:49:42 | 000,881,664 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll [2010/05/12 19:49:42 | 000,205,824 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll [2010/05/12 19:49:42 | 000,000,414 | ---- | C] () -- C:\windows\SysWow64\lame_acm.xml [2010/05/12 19:49:40 | 000,085,504 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll [2010/05/12 19:49:40 | 000,000,547 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll.manifest [2010/05/12 19:46:55 | 000,191,488 | ---- | C] () -- C:\windows\SysNative\unrar.dll [2010/05/12 19:46:55 | 000,100,352 | ---- | C] () -- C:\windows\SysNative\ff_vfw.dll [2010/05/12 12:43:01 | 000,267,735 | ---- | C] () -- C:\Users\Lenny\Desktop\6FC0A4B0d01.pdf [2009/12/08 18:54:29 | 000,000,039 | ---- | C] () -- C:\windows\Irremote.ini [2009/12/08 18:03:21 | 000,000,000 | ---- | C] () -- C:\windows\ToDisc.INI [2009/11/27 17:27:36 | 000,000,013 | RHS- | C] () -- C:\windows\SysWow64\drivers\fbd.sys [2009/10/21 01:48:38 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI [2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll [2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll ========== LOP Check ========== [2010/08/02 20:58:34 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\Abine [2010/05/24 16:08:04 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\AnvSoft [2010/01/12 23:25:01 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\Broad Intelligence [2010/06/22 23:59:14 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\DAEMON Tools Pro [2010/07/29 22:23:50 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\DiskAid [2010/01/03 16:09:03 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\Easy Thumbnails [2010/07/24 21:30:14 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\EurekaLog [2010/03/18 17:09:25 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\Foxit [2010/07/24 21:27:52 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\HamsterSoft [2010/07/26 16:33:12 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\LimeWire [2010/01/04 22:46:49 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\Nokia [2010/01/04 22:39:09 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\PC Suite [2010/06/16 00:35:52 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\Rainmeter [2010/07/06 20:16:33 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\RipIt4Me [2009/12/20 10:47:41 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\Seagate [2009/12/08 18:57:09 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\Simple Star [2009/03/22 19:53:19 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\TOSHIBA [2010/07/29 22:25:20 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\uTorrent [2010/05/16 12:51:32 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\Vso [2009/11/27 17:27:18 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\WinBatch [2010/06/29 18:55:45 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\windrvewls2 [2010/06/29 20:27:05 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\WinPatrol [2009/07/14 01:08:49 | 000,027,162 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C321E34 < End of report >
  23. Leo Ali
    I completed the steps given, upon hitting 'execute' the program gives me the two prompts before restarting, but I get no black pop-up window after the restart and see no avenger.txt logfile in C:/. I ran it twice, the second time as admin.
  24. Leo Ali
    I appreciate your continued help, no problem about the delayed response. Here are the links- wirepots.dll: http://www.virustotal.com/analisis/22a61f3...c4d0-1279935030 wirepots.exe: http://www.virustotal.com/analisis/8f78687...a201-1279935238
  25. Leo Ali
    Sorry for the delayed response. Here are the list of threats found: C:\Users\Lenny\pod332.exe a variant of Win32/Kryptik.FCW trojan C:\Users\Lenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\42YNO55S\pod332[1].exe a variant of Win32/Kryptik.FCW trojan C:\Windows\System32\wirepots.dll Win32/Agent.RID trojan C:\Windows\System32\wirepots.exe Win32/Agent.RID trojan C:\Windows\SysWOW64\wirepots.dll Win32/Agent.RID trojan C:\Windows\SysWOW64\wirepots.exe Win32/Agent.RID trojan
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.