I think I am infected

madden101 · April 23, 2012

I think my pc may be infected with RATS or a keylogger. Below is the HiJackThis log. Am my pc infected?

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:31:53 PM, on 4/22/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\Common Files\Motive\BellSouthBrowser.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Program Files (x86)\CheckPoint\SocialGuard\SocialGuard.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Owner\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=15486

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.20.3\bh\zonealarm.dll

O2 - BHO: AVG Do-Not-Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: WeCareReminder - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

O3 - Toolbar: ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.20.3\zonealarmTlbr.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup

O4 - HKLM\..\Run: [MotiveReportAgent] "C:\Program Files (x86)\Common Files\Motive\McciBootStrapper.exe" /url="-url=file://C:\Program Files (x86)\Common Files\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files (x86)\Common Files\Motive\BellSouthBrowser.exe" /hidden

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"

O4 - HKCU\..\Run: [MurGee.com Auto Clicker] C:\Program Files (x86)\Auto Clicker\AutoClicker.exe :silent

O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe"

O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')

O8 - Extra context menu item: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O8 - Extra context menu item: Show RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O9 - Extra 'Tools' menuitem: Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O9 - Extra button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.122.0.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)

O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: ZoneAlarm LTD Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 13253 bytes

MrCharlie · April 23, 2012

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs.

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options)

Post back the report.

MrC

madden101 · April 23, 2012

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Owner at 16:42:35 on 2012-04-23

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2663.800 [GMT -5:00]

.

AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: ZoneAlarm Free Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}

FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\system32\atiesrxx.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\atieclxx.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\windows\system32\taskhost.exe

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\AVG\AVG2012\avgfws.exe

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

C:\windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 7/9/2011 10:31:54 AM

System Uptime: 4/23/2012 1:24:03 PM (3 hours ago)

.

Motherboard: TOSHIBA | | Portable PC

Processor: AMD E-350 Processor | Socket FT1 | 1600/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 285 GiB total, 202.122 GiB free.

D: is CDROM ()

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP105: 4/16/2012 3:34:09 PM - Installed AVG 2012

RP106: 4/16/2012 3:35:25 PM - Installed AVG 2012

RP107: 4/20/2012 8:50:07 PM - Installed Python 2.6.2

RP108: 4/20/2012 11:55:03 PM - Windows Update

RP109: 4/22/2012 3:00:19 AM - Windows Update

RP110: 4/22/2012 11:02:00 PM - Installed ZoneAlarm SocialGuard

RP111: 4/23/2012 12:26:48 AM - Installed Virtual Serial Ports Emulator

RP112: 4/23/2012 12:33:52 AM - Installed 232Analyzer

RP113: 4/23/2012 12:44:33 AM - Removed 232Analyzer

RP114: 4/23/2012 12:45:31 AM - Removed Virtual Serial Ports Emulator

RP115: 4/23/2012 12:41:54 PM - Removed ZoneAlarm SocialGuard

.

==== Installed Programs ======================

.

3DVIA player 5.0

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader X MUI

ASPCA Reminder by We-Care.com v5.0.5.1

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

Auto Clicker v1.1

AutoHotkey 1.0.48.05

Battlefield Play4Free

BellSouth FastAccess DSL Report Agent

BitTorrent

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Combat Arms

D3DX10

Debut Video Capture Software

DragonNest

EA SPORTS online 2008

Fraps (remove only)

Game Booster 3

Google Chrome

Google Update Helper

Java Auto Updater

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Owner [Admin rights]

Mode: Scan -- Date: 04/23/2012 16:59:54

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 10 ¤¤¤

[sUSP PATH] {215CF88C-F28D-4DDB-AFD5-B41522549564}.job @ : C:\Users\Owner\Desktop\Music\mainapp.exe -> FOUND

[sUSP PATH] {2ADF2810-BB7A-43DC-8DB2-DEDBC6B02EF2}.job @ : C:\Users\Owner\Desktop\Music\mainapp.exe -> FOUND

[sUSP PATH] {4C63EC32-F000-4610-ABAD-2CE381E1BB36}.job @ : C:\Users\Owner\Desktop\New folder\iw4mp.exe -> FOUND

[sUSP PATH] {522D6F15-6365-4225-9B3C-746CCE7FD2F0}.job @ : C:\Users\Owner\Desktop\Music\mainapp.exe -> FOUND

[sUSP PATH] {D0C615B2-3A29-49CA-BDDF-D30E309F659C}.job @ : C:\Users\Owner\Desktop\Music\mainapp.exe -> FOUND

[sUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND

[sUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK3265GSXN SATA Disk Device +++++

--- User ---

[MBR] ccf60736590eef2cfd6a7aa695256f66

[bSP] 66145dbfca0f0410ab0749a594446f83 : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 292137 Mo

2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 601370624 | Size: 11607 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

MrCharlie · April 23, 2012

I need to see the complete DDS.txt log, that's only part of it.

MrC

madden101 · April 23, 2012

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Owner at 16:42:35 on 2012-04-23

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2663.800 [GMT -5:00]

.

AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: ZoneAlarm Free Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}

FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\system32\atiesrxx.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\atieclxx.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\windows\system32\taskhost.exe

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\AVG\AVG2012\avgfws.exe

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

C:\windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe

C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\Common Files\Motive\BellSouthBrowser.exe

C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\windows\system32\taskmgr.exe

C:\Program Files (x86)\AVG\AVG2012\avgui.exe

C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe

C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\No-IP\DUC30.exe

C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe

C:\Program Files (x86)\AVG\AVG2012\avgemca.exe

C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

C:\Program Files (x86)\AVG\AVG2012\avgscana.exe

C:\windows\system32\conhost.exe

C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

C:\windows\system32\NOTEPAD.EXE

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\windows\system32\SearchProtocolHost.exe

C:\Users\Owner\Downloads\RogueKiller.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.ask.com/?l=dis&o=15486

uDefault_Page_URL = hxxp://start.toshiba.com/g/

uInternet Settings,ProxyOverride = <local>

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Zonealarm Helper Object: {2a841f7a-a014-4da5-b6d9-8b913dfb7a8c} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.20.3\bh\zonealarm.dll

BHO: AVG Do-Not-Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

TB: ZoneAlarm Security Toolbar: {438fae3e-bdef-44d3-ab8b-0c7c8350df59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.20.3\zonealarmTlbr.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [MurGee.com Auto Clicker] C:\Program Files (x86)\Auto Clicker\AutoClicker.exe :silent

uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [bitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe"

uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup

mRun: [MotiveReportAgent] "C:\Program Files (x86)\Common Files\Motive\McciBootStrapper.exe" /url="-url=file://C:\Program Files (x86)\Common Files\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files (x86)\Common Files\Motive\BellSouthBrowser.exe" /hidden

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Show RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

IE: {DA58ACA7-18A6-403A-93DA-6E4172D43709} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.122.0.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254 192.168.1.254

TCP: Interfaces\{9D0F768F-2622-41D7-AC19-0996448D0D46} : DhcpNameServer = 192.168.1.254 192.168.1.254

TCP: Interfaces\{D7AF05B2-C3EC-4622-B057-BF0FBF6AD876} : DhcpNameServer = 10.0.0.1

TCP: Interfaces\{D7AF05B2-C3EC-4622-B057-BF0FBF6AD876}\36F6D607574756270286F6573756 : DhcpNameServer = 192.168.1.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Zonealarm Helper Object: {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.20.3\bh\zonealarm.dll

BHO-X64: Zonealarm Helper Object - No File

BHO-X64: AVG Do-Not-Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

BHO-X64: AVG Do-Not-Track - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

BHO-X64: RoboForm BHO - No File

BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

BHO-X64: ZoneAlarm Security Engine Registrar - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll

BHO-X64: WeCareReminder - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

TB-X64: ZoneAlarm Security Toolbar: {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.20.3\zonealarmTlbr.dll

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup

mRun-x64: [MotiveReportAgent] "C:\Program Files (x86)\Common Files\Motive\McciBootStrapper.exe" /url="-url=file://C:\Program Files (x86)\Common Files\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files (x86)\Common Files\Motive\BellSouthBrowser.exe" /hidden

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun-x64: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\lnf27lyq.default\

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

FF - plugin: C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.zonealarm.autoRvrt - false

FF - user.js: extensions.zonealarm_i.newTab - false

FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN112709762404876-1600&toolbarId=base&affiliateId=1600&Lan=en&utid=84395b5400000000000068a3c4c35065&q=

FF - user.js: extensions.zonealarm.id - 84395b5400000000000068a3c4c35065

FF - user.js: extensions.zonealarm.instlDay - 15453

FF - user.js: extensions.zonealarm.vrsn - 1.5.20.3

FF - user.js: extensions.zonealarm.vrsni - 1.5.20.3

FF - user.js: extensions.zonealarm_i.vrsnTs - 1.5.20.323:25:04

FF - user.js: extensions.zonealarm.prtnrId - checkpoint

FF - user.js: extensions.zonealarm.prdct - zonealarm

FF - user.js: extensions.zonealarm.aflt - 1600

FF - user.js: extensions.zonealarm_i.smplGrp - none

FF - user.js: extensions.zonealarm.tlbrId - base

FF - user.js: extensions.zonealarm.instlRef - ZLN112709762404876-1600

FF - user.js: extensions.zonealarm.dfltLng - en

FF - user.js: extensions.zonealarm.excTlbr - false

FF - user.js: extensions.zonealarm.admin - false

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\windows\system32\DRIVERS\amd_sata.sys --> C:\windows\system32\DRIVERS\amd_sata.sys [?]

R0 amd_xata;amd_xata;C:\windows\system32\DRIVERS\amd_xata.sys --> C:\windows\system32\DRIVERS\amd_xata.sys [?]

R0 AVGIDSEH;AVGIDSEH;C:\windows\system32\DRIVERS\avgidseha.sys --> C:\windows\system32\DRIVERS\avgidseha.sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]

R1 Avgfwfd;AVG network filter service;C:\windows\system32\DRIVERS\avgfwd6a.sys --> C:\windows\system32\DRIVERS\avgfwd6a.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]

R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]

R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-2-14 2316624]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-2-14 5104992]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2012-3-16 33672]

R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2012-3-16 827520]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-3 652360]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-4-19 2666880]

R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]

R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\avgidsdrivera.sys --> C:\windows\system32\DRIVERS\avgidsdrivera.sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\avgidsfiltera.sys --> C:\windows\system32\DRIVERS\avgidsfiltera.sys [?]

R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]

R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]

R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]

R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]

R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-5-20 51576]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-20 136176]

S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\windows\system32\drivers\BVRPMPR5a64.SYS --> C:\windows\system32\drivers\BVRPMPR5a64.SYS [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-20 136176]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-04-23 20:42:48 -------- d-----w- C:\Users\Owner\AppData\Local\Vitalwerks

2012-04-23 20:41:17 -------- d-----w- C:\Program Files (x86)\No-IP

2012-04-23 18:26:05 -------- d-----w- C:\Users\Owner\AppData\Local\{5F2B411A-65AD-44FC-A2A2-D0FC94FA1291}

2012-04-23 18:25:41 -------- d-----w- C:\Users\Owner\AppData\Local\{ED849DEC-960E-4FB4-8EDC-9E4BD5545263}

2012-04-23 05:27:47 40928 ----a-w- C:\windows\System32\drivers\VSPE.sys

2012-04-23 04:25:01 -------- d-----w- C:\Program Files (x86)\Check Point Software Technologies LTD

2012-04-23 04:24:51 -------- d-----w- C:\Users\Owner\AppData\Roaming\CheckPoint

2012-04-23 04:24:11 -------- d-----w- C:\Program Files\CheckPoint

2012-04-23 04:02:55 -------- d-----w- C:\ProgramData\CheckPoint

2012-04-23 04:02:47 -------- d-----w- C:\Program Files (x86)\CheckPoint

2012-04-23 01:41:48 -------- d-----w- C:\Users\Owner\AppData\Local\{3A0AF9EE-9A40-40B1-9FE2-802EBB1B58F5}

2012-04-23 01:38:38 -------- d-----w- C:\Users\Owner\AppData\Local\{DD70CCD2-ADB1-4E7D-8079-14189E449B4C}

2012-04-23 00:59:57 -------- d-----w- C:\Users\Owner\AppData\Local\{06DA396B-FC6F-4EA9-8DD0-9B40BDEE644B}

2012-04-22 23:45:43 -------- d-----w- C:\Users\Owner\AppData\Local\{7B1577F4-60B4-4429-BDA8-7DDB6D1C9F64}

2012-04-22 19:08:53 -------- d-----w- C:\Users\Owner\AppData\Local\{5275A65C-9D19-4689-9B4F-367ED5C61AE8}

2012-04-22 19:08:40 -------- d-----w- C:\Users\Owner\AppData\Local\{A4C18FA7-52A3-48DC-BE8F-4DA6D0D551F1}

2012-04-22 18:30:16 -------- d-----w- C:\Users\Owner\AppData\Local\{E09E94D6-CE5C-43B4-AA29-A040A9D3605F}

2012-04-22 18:30:01 -------- d-----w- C:\Users\Owner\AppData\Local\{BEC7CABB-A6EC-40A5-A83E-36887861312B}

2012-04-22 15:46:57 -------- d-----w- C:\Users\Owner\AppData\Local\{AA886E85-F7FB-444B-93AA-9DCF34B01B53}

2012-04-22 02:04:54 -------- d-----w- C:\Users\Owner\AppData\Local\{981AF6A0-888C-4C58-9503-FF2EDA0BE115}

2012-04-22 02:04:39 -------- d-----w- C:\Users\Owner\AppData\Local\{DF66BEDC-086F-4511-8A2D-C1B49F0AB4C4}

2012-04-21 14:52:23 -------- d-----w- C:\Users\Owner\AppData\Roaming\Microsoft Corporation

2012-04-21 14:43:22 -------- d-----w- C:\Users\Owner\AppData\Local\{8246F50D-803F-495F-AAEB-F8469A498992}

2012-04-21 13:05:21 -------- d-----w- C:\Users\Owner\AppData\Local\{BCD2F946-F549-42F7-8029-690A5F869377}

2012-04-21 05:06:27 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server

2012-04-21 05:05:54 -------- d-----w- C:\Program Files\Microsoft Synchronization Services

2012-04-21 05:05:53 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition

2012-04-21 05:05:31 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services

2012-04-21 05:04:15 205984 ----a-w- C:\ProgramData\Microsoft\VBExpress\10.0\1033\ResourceCache.dll

2012-04-21 05:01:18 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0

2012-04-21 04:59:51 -------- d-----w- C:\Program Files\Microsoft Visual Studio 10.0

2012-04-21 04:59:51 -------- d-----w- C:\Program Files\Microsoft Help Viewer

2012-04-21 01:59:10 -------- d-----w- C:\Users\Owner\.idlerc

2012-04-21 01:51:46 354304 ----a-w- C:\windows\SysWow64\pythoncom26.dll

2012-04-21 01:51:46 110592 ----a-w- C:\windows\SysWow64\pywintypes26.dll

2012-04-21 01:51:00 -------- d-----w- C:\Python26

2012-04-20 20:14:48 -------- d-----w- C:\Users\Owner\AppData\Local\{92E9E669-CE11-4494-8BF7-BB01A2CEF57E}

2012-04-19 22:41:20 -------- d-----w- C:\Program Files (x86)\TeamViewer

2012-04-19 20:06:45 -------- d-----w- C:\Users\Owner\AppData\Local\{E74E98C2-75A8-4D25-8089-BB79FDD735FF}

2012-04-19 19:58:37 -------- d-----w- C:\Users\Owner\AppData\Local\{BD9A6A73-FAE8-4ECF-BAFD-5FFDC33523E9}

2012-04-19 19:56:53 0 ----a-w- C:\windows\SysWow64\sho5910.tmp

2012-04-18 22:11:41 -------- d-----w- C:\Users\Owner\AppData\Local\{2AF7A797-72E2-4CCC-8869-F080424D47DB}

2012-04-18 19:50:32 -------- d-----w- C:\Users\Owner\AppData\Local\{A08FFD9F-8A12-42F0-A195-128CC7CCB756}

2012-04-18 11:49:00 -------- d-----w- C:\Users\Owner\AppData\Local\{A11760AA-C019-4F46-8BF0-327BD97C5ACF}

2012-04-17 23:28:10 -------- d-----w- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com

2012-04-17 23:27:33 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2012-04-17 23:27:33 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2012-04-17 22:58:38 -------- d-----w- C:\Users\Owner\AppData\Local\{CB575660-3FCC-46C8-BADE-B709DBAC9E3F}

2012-04-17 21:11:23 -------- d-----w- C:\Users\Owner\AppData\Local\{E16EE2D7-F549-4FC9-86D5-53A3DE73B2BE}

2012-04-17 21:11:08 -------- d-----w- C:\Users\Owner\AppData\Local\{CC2AC5A0-EB75-4EAA-B615-4FA9FB1E0903}

2012-04-17 21:09:18 0 ----a-w- C:\windows\SysWow64\sho66FF.tmp

2012-04-17 03:52:10 -------- d-----w- C:\Users\Owner\AppData\Local\{8945B2E8-7B85-4B11-8023-29577813461E}

2012-04-16 20:38:57 -------- d-----w- C:\Users\Owner\AppData\Roaming\AVG2012

2012-04-16 20:37:54 -------- d-----w- C:\windows\SysWow64\drivers\AVG

2012-04-16 20:36:34 -------- d--h--w- C:\$AVG

2012-04-16 20:36:33 -------- d-----w- C:\windows\System32\drivers\AVG

2012-04-16 20:36:33 -------- d-----w- C:\ProgramData\AVG2012

2012-04-16 20:35:04 -------- d-----w- C:\Program Files (x86)\AVG

2012-04-16 20:11:23 -------- d-----w- C:\Users\Owner\AppData\Local\{6DE1E4EA-1CDA-4607-B015-127F86F17F0F}

2012-04-16 19:50:31 -------- d-----w- C:\Users\Owner\AppData\Local\{34E59460-B4DC-4878-9C33-B27CB623689D}

2012-04-16 12:01:38 -------- d--h--w- C:\ProgramData\Common Files

2012-04-16 12:00:02 -------- d-----w- C:\ProgramData\MFAData

2012-04-14 13:04:56 -------- d-----w- C:\Users\Owner\AppData\Local\{A2756D97-973D-4BD2-8BB5-0737C365E3D3}

2012-04-13 19:55:12 -------- d-----w- C:\Users\Owner\AppData\Local\{ED7E1A81-6AD4-4925-B076-809F81274362}

2012-04-13 19:53:02 -------- d-----w- C:\Users\Owner\AppData\Local\{C4E764C6-4194-4BCA-8A89-2C11AB69E679}

2012-04-13 11:55:14 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2968C53-1442-48D6-8885-6B85FE2A930E}\mpengine.dll

2012-04-13 11:50:02 -------- d-----w- C:\Users\Owner\AppData\Local\{C65615EE-B275-4EFC-A169-2AA1D0B3EFD8}

2012-04-13 11:49:01 -------- d-----w- C:\Users\Owner\AppData\Local\{0659D896-B3AA-42CD-B528-68D8A1C6F2AC}

2012-04-11 08:33:17 -------- d-----w- C:\Users\Owner\AppData\Local\{17643B54-6946-4742-8FED-273DFD9DDFDE}

2012-04-11 08:05:42 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe

2012-04-11 08:05:41 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2012-04-11 08:05:40 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2012-04-11 08:01:21 81408 ----a-w- C:\windows\System32\imagehlp.dll

2012-04-11 08:01:21 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys

2012-04-11 08:01:20 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll

2012-04-11 08:01:18 5120 ----a-w- C:\windows\SysWow64\wmi.dll

2012-04-11 08:01:18 5120 ----a-w- C:\windows\System32\wmi.dll

2012-04-11 08:01:18 220672 ----a-w- C:\windows\System32\wintrust.dll

2012-04-11 08:01:18 172544 ----a-w- C:\windows\SysWow64\wintrust.dll

2012-04-10 11:55:35 -------- d-----w- C:\Users\Owner\AppData\Local\{4BDF571E-C2CF-417D-8A9E-9526E70BF024}

2012-04-09 19:50:35 -------- d-----w- C:\Users\Owner\AppData\Local\{1B578F52-5C3C-49FC-9757-4AF7B1C7FFE3}

2012-04-09 02:11:44 -------- d-----w- C:\Users\Owner\AppData\Local\{4671EF11-47C2-45E5-9A04-557B0D0BDD4D}

2012-04-08 04:28:12 -------- d-----w- C:\Users\Owner\AppData\Roaming\Runscanner.net

2012-04-08 04:16:22 -------- d-----w- C:\Program Files (x86)\NirSoft

2012-04-07 13:09:10 -------- d-----w- C:\Users\Owner\AppData\Local\{FD467F0B-7795-417E-8BF6-EB6B8150383D}

2012-04-06 13:56:59 -------- d-----w- C:\Users\Owner\AppData\Local\{41D98AA9-0BB9-4100-BA29-81BC0BFF8109}

2012-04-05 11:54:12 -------- d-----w- C:\Users\Owner\AppData\Local\{31610338-B6E8-491D-8264-0B39A9D0C0FB}

2012-04-04 11:50:41 -------- d-----w- C:\Users\Owner\AppData\Local\{1540D50A-CDBE-4C0C-91A4-CE6F670C7ACD}

2012-04-03 19:50:36 -------- d-----w- C:\Users\Owner\AppData\Local\{2876F6B2-5645-4A36-92AD-F3AD7B360DC3}

2012-04-02 03:40:10 -------- d-----w- C:\Users\Owner\AppData\Local\{8F98AC17-2ABA-4F14-B22E-8B0009C8A75A}

2012-04-01 15:39:43 -------- d-----w- C:\Users\Owner\AppData\Local\{63A99D62-E908-4367-ACEA-9B3A571418C7}

2012-04-01 02:48:28 -------- d-----w- C:\Users\Owner\AppData\Local\{E7A1A5AB-A39F-4EF4-B8D7-2D9A52B602EA}

2012-03-31 12:44:42 -------- d-----w- C:\Users\Owner\AppData\Local\{C5653183-3BB7-402F-9B64-DBDDBA4B9724}

2012-03-30 23:52:36 -------- d-----w- C:\Users\Owner\AppData\Local\{4399CA5C-AC37-4E12-8F4C-EBDE13E75E60}

2012-03-30 11:52:07 -------- d-----w- C:\Users\Owner\AppData\Local\{A5EB98DE-85B4-4F5B-B37C-993C9570943E}

2012-03-28 23:44:42 -------- d-----w- C:\Users\Owner\AppData\Local\{3FDF767B-56CB-46FC-BF63-0AB175EE2DBE}

2012-03-28 23:44:28 -------- d-----w- C:\Users\Owner\AppData\Local\{ED1F2689-31EE-483F-83AE-6336371E4A96}

2012-03-28 11:43:55 -------- d-----w- C:\Users\Owner\AppData\Local\{2824CE42-0BE1-4C1E-A2B6-AFA3E5C39357}

2012-03-28 11:43:42 -------- d-----w- C:\Users\Owner\AppData\Local\{2D8D3A90-DA3A-40DF-A99F-29A255983872}

2012-03-27 19:52:42 -------- d-----w- C:\Users\Owner\AppData\Local\{8384C705-B3C0-49E3-BCF3-0A8B32835D42}

2012-03-27 19:52:30 -------- d-----w- C:\Users\Owner\AppData\Local\{67CBB391-F344-4A00-A4B0-8349C47F105D}

2012-03-27 04:06:48 -------- d-----w- C:\Users\Owner\AppData\Local\{DE7876C0-3CC9-4DF6-8C32-1A249557B138}

2012-03-27 04:06:34 -------- d-----w- C:\Users\Owner\AppData\Local\{3525DAD3-7723-4DE3-9761-46ADE6FF6F1E}

2012-03-26 16:05:56 -------- d-----w- C:\Users\Owner\AppData\Local\{39D6F97E-877D-407D-A788-61B794C2CAAC}

2012-03-26 16:05:44 -------- d-----w- C:\Users\Owner\AppData\Local\{15CA683A-D587-4A93-A174-7B6387A3FA96}

2012-03-26 02:46:39 -------- d-----w- C:\Users\Owner\AppData\Local\{BAD689C9-7377-4485-AFA7-5771703912BE}

2012-03-25 14:46:03 -------- d-----w- C:\Users\Owner\AppData\Local\{7A286C7A-3843-4B7A-8A79-4929CA8C9783}

2012-03-25 14:45:51 -------- d-----w- C:\Users\Owner\AppData\Local\{D7069C75-AD3D-4789-ACCB-386EDE4AC01C}

2012-03-25 02:03:01 -------- d-----w- C:\Users\Owner\AppData\Local\{AE921033-12C5-4E1C-8D08-978ABD97B04D}

2012-03-25 02:02:47 -------- d-----w- C:\Users\Owner\AppData\Local\{1ADDB779-820B-4447-BE4B-E330343B698A}

.

==================== Find3M ====================

.

2012-03-19 23:28:15 234768 ----a-w- C:\windows\SysWow64\PnkBstrB.xtr

2012-03-19 23:28:15 234768 ----a-w- C:\windows\SysWow64\PnkBstrB.exe

2012-03-04 12:15:43 75136 ----a-w- C:\windows\SysWow64\PnkBstrA.exe

2012-02-28 06:56:48 2311168 ----a-w- C:\windows\System32\jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:\windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\windows\System32\inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:\windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-02-23 14:18:36 279656 ------w- C:\windows\System32\MpSigStub.exe

2012-02-22 10:25:50 382032 ----a-w- C:\windows\System32\drivers\avgtdia.sys

2012-02-22 10:25:32 289872 ----a-w- C:\windows\System32\drivers\avgldx64.sys

2012-02-17 12:58:09 0 ----a-w- C:\windows\SysWow64\sho1FB0.tmp

2012-02-17 06:38:26 1031680 ----a-w- C:\windows\System32\rdpcore.dll

2012-02-17 05:34:22 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58:24 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys

2012-02-17 04:57:32 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys

2012-02-10 06:36:07 1544192 ----a-w- C:\windows\System32\DWrite.dll

2012-02-10 05:38:43 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll

2012-02-04 02:21:43 0 ----a-w- C:\windows\SysWow64\sho3997.tmp

2012-02-03 04:34:34 3145728 ----a-w- C:\windows\System32\win32k.sys

2012-02-02 05:22:30 17 ----a-w- C:\windows\SysWow64\sho795C.tmp

2012-01-31 09:46:48 36944 ----a-w- C:\windows\System32\drivers\avgrkx64.sys

2012-01-29 06:12:49 0 ----a-w- C:\windows\SysWow64\sho4368.tmp

2012-01-25 06:38:39 77312 ----a-w- C:\windows\System32\rdpwsx.dll

2012-01-25 06:38:38 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll

2012-01-25 06:33:30 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe

.

============= FINISH: 16:44:41.26 ===============