Jump to content

Browser Redirect


Recommended Posts

I've checked my DNS and all is good. When I do a Google search oftentimes when I click on a search result it's redirected to Amazon.com, infomash, etc. I've installed and run the latest versions of Malwarebytes, Spybot Search & Destroy, Lavasoft Adaware, and MS Security Essentials. All come up clean. I've recently uninstalled the Adaware as it bogged down my system on startup. Below is the Hijack This log.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 9:06:23 PM, on 7/9/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16446)

Boot mode: Safe mode with network support

Running processes:

C:\Users\Nick\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O1 - Hosts: ::1 localhost

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [EaseUs Watch] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe"

O4 - HKLM\..\Run: [EaseUs Tray] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe"

O4 - HKLM\..\Run: [Wondershare Helper Compact] "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Google Update] "C:\Users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [cdloader] "C:\Users\Nick\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [30319.01] rundll32.exe "C:\Users\Nick\AppData\Local\ABBYY\30319.01\twsqoly.dll",CreateInstance (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: MobileGo Service.lnk = C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} (Java Plug-in 1.6.0_25) -

O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} -

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: ABBYY FineReader 10 CE Licensing Service (ABBYY.Licensing.FineReader.Corporate.10.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: EaseUS Agent Service (EaseUS Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe

O23 - Service: Guard Agent Service (Guard Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 9352 bytes

Link to post
Share on other sites

  • Staff

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

    [*]Please do not attach logs or use code boxes, just copy and paste the text.

    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

    [*]Please read every post completely before doing anything.

    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

    [*]Please provide feedback about your experience as we go.

    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

DeFogger:

  • Please download
DeFogger to your desktop.
Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK

Do not re-enable these drivers until otherwise instructed.

Security Check

  • Download Security Check by screen317 from
here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:
    dds_scr.gif
    Download DDS and save it to your desktop
Link1
Link2
Link3
Please disable any anti-malware program that will block scripts from running before running DDS.
  • Double-Click on dds.scr and a command window will appear. This is normal.
  • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt

    [*]A window will open instructing you save & post the logs

    [*]Save the logs to a convenient place such as your desktop

    [*]Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following
  1. .logs from DDS
  2. let me know of any problems you may have had

Gringo

Link to post
Share on other sites

For the DeFogger it didn't ask me to reboot. Below are the logs.

Results of screen317's Security Check version 0.99.42

Windows Vista Service Pack 2 x64 (UAC is disabled!)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Disabled!

avast! Antivirus

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Spybot - Search & Destroy

Malwarebytes Anti-Malware version 1.61.0.1400

Java 6 Update 31

Java 6 Update 7

Java version out of Date!

Adobe Flash Player 10 Flash Player out of Date!

Adobe Flash Player 11.3.300.262

Mozilla Firefox (13.0.1)

Google Chrome 19.0.1084.56

Google Chrome 20.0.1132.47

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

Comodo Firewall cmdagent.exe

AVAST Software Avast AvastSvc.exe

AVAST Software Avast AvastUI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1 %

````````````````````End of Log``````````````````````

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Nick at 8:17:33 on 2012-07-10

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.7037.4141 [GMT -5:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe

C:\Windows\System32\rundll32.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe

c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe

c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\System32\vds.exe

C:\Windows\System32\mobsync.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Mail\WinMail.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Nick\Downloads\SecurityCheck.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\ctfmon.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt

mWinlogon: Userinit=userinit.exe,

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm

IE: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{1ADD8C62-A43D-49E7-93B0-4F3BA4D078ED} : DhcpNameServer = 192.168.1.254

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: FDMIECookiesBHO Class: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\9kqhg7vi.default\

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Program Files (x86)\XStandard\Bin\NPXStandard.dll

FF - plugin: C:\Users\Nick\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Nick\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll

.

============= SERVICES / DRIVERS ===============

.

R0 EUBAKUP;EUBAKUP;C:\Windows\system32\drivers\eubakup.sys --> C:\Windows\system32\drivers\eubakup.sys [?]

R0 EUBKMON;EUBKMON;C:\Windows\system32\drivers\EUBKMON.sys --> C:\Windows\system32\drivers\EUBKMON.sys [?]

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]

R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]

R1 EUDSKACS;EUDSKACS;\??\C:\Windows\system32\drivers\eudskacs.sys --> C:\Windows\system32\drivers\eudskacs.sys [?]

R1 EUFDDISK;EUFDDISK;\??\C:\Windows\system32\drivers\EuFdDisk.sys --> C:\Windows\system32\drivers\EuFdDisk.sys [?]

R2 ABBYY.Licensing.FineReader.Corporate.10.0;ABBYY FineReader 10 CE Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe [2009-12-19 814344]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-9 44808]

R2 EaseUS Agent;EaseUS Agent Service;C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2012-6-8 70280]

R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 Guard Agent;Guard Agent Service;C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2012-6-8 24712]

R2 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-4-1 67400]

R2 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys --> C:\Windows\system32\drivers\npf.sys [?]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-5-26 1153368]

R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2011-4-1 450848]

R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

R3 LVUVC64;Logitech QuickCam Pro 9000(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-6 136176]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]

S3 BTWAMPFL;btwampfl;C:\Windows\system32\DRIVERS\btwampfl.sys --> C:\Windows\system32\DRIVERS\btwampfl.sys [?]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2012-6-8 14216]

S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2012-6-8 8456]

S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-6 136176]

S3 massfilter;Mass Storage Filter Driver;C:\Windows\system32\drivers\massfilter.sys --> C:\Windows\system32\drivers\massfilter.sys [?]

S3 massfilter_hs;ZTE HandSet Mass Storage Filter Driver;C:\Windows\system32\drivers\massfilter_hs.sys --> C:\Windows\system32\drivers\massfilter_hs.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-6 113120]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 PCD5SRVC{8AAF211B-043E02A9-05040000};PCD5SRVC{8AAF211B-043E02A9-05040000} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [2008-9-9 25888]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]

S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys --> C:\Windows\system32\DRIVERS\ssadserd.sys [?]

S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);C:\Windows\system32\DRIVERS\vcsvad.sys --> C:\Windows\system32\DRIVERS\vcsvad.sys [?]

S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S3 zghsdiag;ZTE General Handset Diagnostic Port;C:\Windows\system32\DRIVERS\zghsdiag.sys --> C:\Windows\system32\DRIVERS\zghsdiag.sys [?]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-4-19 89920]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]

S4 RsFx0105;RsFx0105 Driver;C:\Windows\system32\DRIVERS\RsFx0105.sys --> C:\Windows\system32\DRIVERS\RsFx0105.sys [?]

S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2012-07-10 03:06:23 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2012-07-10 03:06:23 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2012-07-10 03:06:14 41224 ----a-w- C:\Windows\avastSS.scr

2012-07-10 03:05:57 -------- d-----w- C:\ProgramData\AVAST Software

2012-07-10 03:05:57 -------- d-----w- C:\Program Files\AVAST Software

2012-07-10 01:47:52 -------- d-----w- C:\Users\Nick\AppData\Local\temp

2012-07-10 01:21:15 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C6F8E11F-9184-4C76-B599-4C600844AC8D}\mpengine.dll

2012-07-10 01:18:50 -------- d-----w- C:\ProgramData\GFI Software

2012-07-09 05:27:39 -------- d-----w- C:\sh4ldr

2012-07-09 05:27:39 -------- d-----w- C:\Program Files\Enigma Software Group

2012-07-09 05:26:09 -------- d-----w- C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP

2012-07-09 05:26:06 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2012-07-08 23:07:11 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-07-07 00:08:55 -------- d-----w- C:\Program Files (x86)\Chami

2012-07-06 23:03:57 232448 ----a-w- C:\libtidy.dll

2012-07-05 00:34:23 -------- d-----w- C:\Users\Nick\.idlerc

2012-07-05 00:31:52 -------- d-----w- C:\Python27

2012-07-04 21:23:45 -------- d-----w- C:\Users\Nick\AppData\Local\Wondershare

2012-07-04 21:23:44 -------- d-----w- C:\Program Files (x86)\Common Files\Wondershare

2012-07-04 21:23:36 -------- d-----w- C:\Users\Nick\AppData\Roaming\Wondershare

2012-07-04 21:23:31 -------- d-----w- C:\Program Files (x86)\Wondershare

2012-07-03 21:13:06 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{890F334B-D606-498B-B60C-6E607927B377}\gapaengine.dll

2012-06-26 03:17:42 -------- d-----w- C:\Program Files (x86)\NetMake

2012-06-25 23:20:27 -------- d-----w- C:\Users\Nick\AppData\Local\CCS5

2012-06-25 23:08:18 466944 ----a-w- C:\Windows\SysWow64\wodSFTP.ocx

2012-06-25 22:33:00 -------- d-----w- C:\Program Files (x86)\Windows Script Control

2012-06-25 22:32:55 -------- d-----w- C:\Program Files (x86)\Common Files\e.World

2012-06-24 13:53:18 -------- d-----w- C:\Program Files (x86)\ASPRunnerPro7.1

2012-06-23 23:56:37 -------- d-----w- C:\Users\Nick\AppData\Local\Macromedia

2012-06-23 08:35:59 -------- d-----w- C:\Windows\System32\drivers\UMDF\ko-KR

2012-06-23 08:31:45 1547776 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

2012-06-23 08:31:44 1701888 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2012-06-23 08:31:04 1486848 ----a-w- C:\Program Files\Windows Media Player\setup_wm.exe

2012-06-23 08:31:03 1418752 ----a-w- C:\Program Files (x86)\Windows Media Player\setup_wm.exe

2012-06-23 08:31:02 372736 ----a-w- C:\Windows\System32\unregmp2.exe

2012-06-23 08:31:02 310784 ----a-w- C:\Windows\SysWow64\unregmp2.exe

2012-06-23 08:30:26 1149440 ----a-w- C:\Windows\System32\FntCache.dll

2012-06-23 08:30:25 479744 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2012-06-23 08:30:25 288768 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2012-06-23 08:28:22 1927680 ----a-w- C:\Windows\System32\gameux.dll

2012-06-23 08:28:21 1696256 ----a-w- C:\Windows\SysWow64\gameux.dll

2012-06-23 08:28:17 4240384 ----a-w- C:\Windows\SysWow64\GameUXLegacyGDFs.dll

2012-06-23 08:28:17 32256 ----a-w- C:\Windows\System32\Apphlpdm.dll

2012-06-23 08:28:17 28672 ----a-w- C:\Windows\SysWow64\Apphlpdm.dll

2012-06-23 08:28:16 4240384 ----a-w- C:\Windows\System32\GameUXLegacyGDFs.dll

2012-06-23 08:28:12 984064 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-06-23 08:28:12 132096 ----a-w- C:\Windows\System32\cryptnet.dll

2012-06-23 08:28:12 1267200 ----a-w- C:\Windows\System32\crypt32.dll

2012-06-23 08:28:11 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-06-23 08:28:11 174592 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-06-23 08:28:11 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-06-23 08:24:06 876032 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2012-06-23 08:24:06 1653760 ----a-w- C:\Windows\System32\XpsPrint.dll

2012-06-23 08:16:53 -------- d-----w- C:\Program Files\Microsoft

2012-06-23 07:53:09 -------- d-----w- C:\Users\Nick\AppData\Local\{3485212A-AB11-4E82-8BD9-8EA490C38DAB}

2012-06-21 03:37:17 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-21 03:36:43 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll

2012-06-21 03:36:42 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-21 03:36:32 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-21 03:36:32 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe

2012-06-21 03:36:32 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-21 03:36:32 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll

2012-06-20 13:54:51 49664 ----a-w- C:\Windows\System32\CamCodec.dll

2012-06-20 13:54:51 -------- d-----w- C:\Program Files (x86)\CamStudio 2.6b

2012-06-18 15:04:00 -------- d-----w- C:\Program Files (x86)\PHPRunner6.1

2012-06-18 12:49:43 -------- d-----w- C:\xampp

2012-06-14 19:27:59 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll

2012-06-14 19:27:59 499200 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll

2012-06-14 19:27:59 387584 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll

2012-06-14 19:27:58 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll

2012-06-13 02:16:40 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-06-13 02:13:18 2767360 ----a-w- C:\Windows\System32\win32k.sys

2012-06-12 21:51:40 -------- d-----w- C:\Users\Nick\AppData\Local\GameMaker8.1

2012-06-11 09:19:18 -------- d-----w- C:\Program Files (x86)\Resource Hacker

.

==================== Find3M ====================

.

2012-06-23 23:34:49 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-23 23:34:48 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-08 05:31:07 955848 ----a-w- C:\Windows\System32\npDeployJava1.dll

2012-06-08 05:31:07 839112 ----a-w- C:\Windows\System32\deployJava1.dll

2012-05-29 00:57:58 60 ----a-w- C:\Windows\wpd99.drv

2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-05-17 22:36:54 2468520 ----a-w- C:\Windows\SysWow64\BootMan.exe

2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-05-15 16:13:34 3316736 ----a-w- C:\Windows\System32\BootMan.exe

2012-05-03 22:52:08 25224 ----a-w- C:\Windows\System32\fbnative.exe

2012-05-03 22:52:02 189576 ----a-w- C:\Windows\System32\drivers\EuFdDisk.sys

2012-05-03 22:52:00 48776 ----a-w- C:\Windows\System32\drivers\EUBKMON.sys

2012-05-03 22:51:54 19592 ----a-w- C:\Windows\System32\drivers\eudskacs.sys

2012-05-03 22:51:52 58504 ----a-w- C:\Windows\System32\drivers\eubakup.sys

.

============= FINISH: 8:18:59.59 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 4/15/2011 3:07:34 AM

System Uptime: 7/10/2012 5:12:20 AM (3 hours ago)

.

Motherboard: ECS | | Nettle3

Processor: AMD Phenom 9150e Quad-Core Processor | Socket AM2 | 1800/201mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 437 GiB total, 280.56 GiB free.

D: is FIXED (NTFS) - 13 GiB total, 1.772 GiB free.

E: is FIXED (NTFS) - 146 GiB total, 22.638 GiB free.

F: is CDROM ()

I: is Removable

J: is Removable

K: is CDROM (CDFS)

L: is Removable

M: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

5600

5600_Help

5600Trb

ABC2Win Beta

AceFTP 3 Freeware

ActiveCheck component for HP Active Support Library

Adobe AIR

Adobe Community Help

Adobe Download Assistant

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Widget Browser

AIO_CDB_ProductContext

AIO_CDB_Software

AIO_Scan

All Video Fixer 8.9

Amazon MP3 Downloader 1.0.12

Android SDK Tools

Artisteer 2

Artisteer 3

ASPRunner Professional 7.1

Atmosphere Deluxe v6.0

Audacity 1.2.6

avast! Free Antivirus

AviSynth 2.5

Base64 Encoder / Decoder

BufferChm

Cain & Abel v4.9.40

Cain & Abel v4.9.43

CameraHelperMsi

CamStudio OSS Desktop Recorder

Chart Object & Ini++ v1.5

Cheat Engine 6.1

Clippings.NET 0.14

Copy

CustomerResearchQFolder

CyberLink DVD Suite Deluxe

D3DX10

Destinations

DeviceManagementQFolder

Dispatcher

DocProc

DocProcQFolder

DVD Flick 1.3.0.7

DVDFab 8.0.8.5 (19/03/2011)

DVDStyler v2.0.1

EaseUS Partition Master 9.1.1 Home Edition

EaseUS Todo Backup Free 4.5

Enhanced Multimedia Keyboard Solution

erLT

eSupportQFolder

ExtensionView

Fax

FileZilla Client 3.5.3

FormatFactory 2.60

Forms To Go 4.5.4

Forms To Go Lite 4.5.4

Foxit Reader

Free Download Manager 3.0

Gnaural ver. 1.0.20110606

Google Chrome

Google Earth

Google Talk Plugin

Google Update Helper

HelpNDoc 3.5.1.288 Personal Edition

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2565057)

Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2635973)

Hotfix for Microsoft Visual Web Developer 2010 Express - ENU (KB2548139)

Hotfix for Microsoft Visual Web Developer 2010 Express - ENU (KB2635973)

Hotfix for Microsoft Windows Phone Developer Tools - ENU (KB2635973)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)

HP Picasso Media Center Add-In

HP Recovery Manager RSS

HPAsset component for HP Active Support Library

HPProductAssistant

HTML-Kit 292

HTML Help Workshop

ImgBurn

Inno Script Studio version 1.0.0.24

Inno Setup version 5.4.3

ISO Workshop 1.1

Java Auto Updater

Java 6 Update 31

Java 6 Update 7

Junk Mail filter update

K-Lite Codec Pack 7.1.0 (Standard)

KEL CHM Creator

KompoZer 0.8b3

LabelPrint

LAME v3.98.3 for Audacity

LG Android Driver

LightScribe System Software 1.14.25.1

LightScribe Template Labeler

LMMS 0.4.11

Logitech Webcam Software

Lucky Days 2.1

Lucky Days 2.2

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Twitter

LWS Video Mask Maker

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

magicJack

Malwarebytes Anti-Malware version 1.61.0.1400

MarketResearch

Marmalade 6.0

Mesh Runtime

Messenger Companion

MFC RunTime files

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft Application Error Reporting

Microsoft Silverlight

Microsoft Silverlight 3 SDK

Microsoft Silverlight 4 SDK

Microsoft Silverlight Tools for Visual Studio 2010

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft Visual C++ Compilers 2010 Standard - enu - x86

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 Express - ENU

Microsoft Visual Studio 2010 Express for Windows Phone - ENU

Microsoft Visual Web Developer 2010 Express - ENU

Microsoft Works

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

MMF2 Developer Android Exporter

MMF2 Developer SWF File Exporter

Mozilla Firefox 13.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Multimedia Fusion Developer 2

muvee Reveal

Neuro-Programmer 2.5.4

Neuro-Programmer 3.0.9

Neuro-Programmer Professional 2.4.2

Notepad++

OpenOffice.org 3.4

Orphalese Tarot

Patch Maker

Pdf995

PdfEdit995

PHPRunner 6.1

PicPick

Power2Go

PowerDirector

Python 2.5.2

Python 2.7.3

Realtek High Definition Audio Driver

Resource Hacker Version 3.6.0

Revo Uninstaller 1.94

Scan

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Segoe UI

Shipping Assistant 3.8

Signature995

Simple Text Encryptor

Skype Click to Call

Skype™ 5.9

Social App Creator 2.2

Social App Creator 2.2.0.5

Social App Creator version 1.23

SolutionCenter

Sothink Movie DVD Maker

Spybot - Search & Destroy

Status

Toolbox

TrayApp

UnloadSupport

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Veoh Web Player

Video DVD Maker v3.32.0.80

Video Edit Master

VLC media player 1.1.9

WebReg

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Phone 7 Add-in for Visual Studio 2010 - ENU

WinPcap 4.1.2

Wireshark 1.6.0

Wondershare MobileGo for Android ( Version 2.0.0 )

WPF Toolkit February 2010 (Version 3.5.50211.1)

X-Lite 4

XStandard

Yahoo! Messenger

YouTube Downloader 3.4

.

==== Event Viewer Messages From Past Week ========

.

7/9/2012 8:38:22 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cmdGuard EUBKMON EUDSKACS EUFDDISK i8042prt MpFilter SBRE spldr SRTSP SRTSPX vmm Wanarpv6

7/9/2012 8:09:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt SRTSP SRTSPX

7/9/2012 8:05:08 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cmdGuard EUBKMON EUDSKACS EUFDDISK i8042prt MpFilter spldr SRTSP SRTSPX vmm Wanarpv6

7/9/2012 8:03:38 PM, Error: EventLog [6008] - The previous system shutdown at 8:01:06 PM on 7/9/2012 was unexpected.

7/9/2012 7:55:23 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.

7/9/2012 5:45:37 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

7/9/2012 5:45:37 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/9/2012 5:45:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

7/9/2012 12:48:54 AM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 002197CA414A. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

7/9/2012 10:30:51 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP cmdGuard EUBKMON EUDSKACS EUFDDISK i8042prt MpFilter SBRE spldr SRTSP SRTSPX vmm Wanarpv6

7/9/2012 10:30:51 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

7/9/2012 10:30:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

7/9/2012 10:30:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

7/9/2012 10:30:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

7/9/2012 10:30:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

7/9/2012 10:30:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

7/9/2012 10:29:19 PM, Error: EventLog [6008] - The previous system shutdown at 10:26:57 PM on 7/9/2012 was unexpected.

7/9/2012 10:18:25 PM, Error: EventLog [6008] - The previous system shutdown at 10:16:25 PM on 7/9/2012 was unexpected.

7/9/2012 10:14:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Web Deployment Agent Service service to connect.

7/9/2012 10:14:09 PM, Error: Service Control Manager [7000] - The Web Deployment Agent Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/9/2012 10:06:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

7/9/2012 1:58:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}

7/9/2012 1:09:16 PM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).

7/9/2012 1:09:16 PM, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).

7/8/2012 11:27:43 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

7/8/2012 11:27:04 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

7/8/2012 11:26:45 PM, Error: Service Control Manager [7034] - The EaseUS Agent Service service terminated unexpectedly. It has done this 1 time(s).

7/8/2012 11:26:29 PM, Error: Service Control Manager [7034] - The Guard Agent Service service terminated unexpectedly. It has done this 1 time(s).

7/8/2012 11:26:20 PM, Error: Service Control Manager [7034] - The IDriveE Service service terminated unexpectedly. It has done this 1 time(s).

7/8/2012 11:26:16 PM, Error: Service Control Manager [7034] - The ApacheScriptcase6 service terminated unexpectedly. It has done this 1 time(s).

7/8/2012 11:25:43 PM, Error: Service Control Manager [7034] - The SBSD Security Center Service service terminated unexpectedly. It has done this 1 time(s).

7/8/2012 11:25:35 PM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

7/10/2012 7:51:43 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt SBRE SRTSP SRTSPX

7/10/2012 7:51:40 AM, Error: Service Control Manager [7023] - The HP CUE DeviceDiscovery Service service terminated with the following error: The system cannot find the file specified.

.

==== End Of File ===========================

Link to post
Share on other sites

  • Staff

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Link to post
Share on other sites

The first download link downloaded but when I tried to run it I got some error about it being a corrupt file. The second download link worked, but had to rename it. When I downloaded the second file Firefox named the download as ComboFix(1). Combofix gave an error saying that it cannot be renamed to Combofix(1). So I just deleted the first download and had to redownload Combofix as it had deleted that second download. Below is the log file it produced after running the scan.

ComboFix 12-07-11.02 - Nick 07/11/2012 4:49.1.4 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.7037.4134 [GMT -5:00]

Running from: c:\users\Nick\Downloads\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\users\Nick\AppData\Roaming\chrtmp

c:\windows\SysWow64\mfc40.dll.tmp

.

.

((((((((((((((((((((((((( Files Created from 2012-06-11 to 2012-07-11 )))))))))))))))))))))))))))))))

.

.

2012-07-11 10:02 . 2012-07-11 10:02 -------- d-----w- c:\users\Nick\AppData\Local\temp

2012-07-11 10:02 . 2012-07-11 10:02 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-10 03:06 . 2012-07-03 16:21 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-07-10 03:06 . 2012-07-03 16:21 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-07-10 03:06 . 2012-07-03 16:21 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-07-10 03:06 . 2012-07-03 16:21 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-07-10 03:06 . 2012-07-03 16:21 44272 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-07-10 03:06 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe

2012-07-10 03:06 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr

2012-07-10 03:06 . 2012-07-03 16:21 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-07-10 03:05 . 2012-07-10 03:05 -------- d-----w- c:\programdata\AVAST Software

2012-07-10 03:05 . 2012-07-10 03:05 -------- d-----w- c:\program files\AVAST Software

2012-07-10 01:21 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C6F8E11F-9184-4C76-B599-4C600844AC8D}\mpengine.dll

2012-07-10 01:18 . 2012-07-10 01:18 -------- d-----w- c:\programdata\GFI Software

2012-07-09 05:27 . 2012-07-10 00:02 -------- d-----w- C:\sh4ldr

2012-07-09 05:27 . 2012-07-09 05:27 -------- d-----w- c:\program files\Enigma Software Group

2012-07-09 05:26 . 2012-07-10 00:02 -------- d-----w- c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP

2012-07-09 05:26 . 2012-07-09 05:26 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2012-07-08 23:07 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-07-07 00:08 . 2012-07-07 00:08 -------- d-----w- c:\program files (x86)\Chami

2012-07-06 23:03 . 2009-11-06 13:15 232448 ----a-w- C:\libtidy.dll

2012-07-05 00:34 . 2012-07-05 00:34 -------- d-----w- c:\users\Nick\.idlerc

2012-07-05 00:31 . 2012-07-06 23:03 -------- d-----w- C:\Python27

2012-07-04 21:23 . 2012-07-04 21:23 -------- d-----w- c:\users\Nick\AppData\Local\Wondershare

2012-07-04 21:23 . 2012-07-04 21:23 -------- d-----w- c:\program files (x86)\Common Files\Wondershare

2012-07-04 21:23 . 2012-07-04 21:24 -------- d-----w- c:\users\Nick\AppData\Roaming\Wondershare

2012-07-04 21:23 . 2012-07-04 21:23 -------- d-----w- c:\program files (x86)\Wondershare

2012-07-03 21:13 . 2012-02-10 22:19 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{890F334B-D606-498B-B60C-6E607927B377}\gapaengine.dll

2012-06-26 03:17 . 2012-07-09 23:11 -------- d-----w- c:\program files (x86)\NetMake

2012-06-25 23:20 . 2012-06-25 23:27 -------- d-----w- c:\users\Nick\AppData\Local\CCS5

2012-06-25 23:08 . 2012-06-25 23:08 466944 ----a-w- c:\windows\SysWow64\wodSFTP.ocx

2012-06-25 22:33 . 2012-06-25 22:33 -------- d-----w- c:\program files (x86)\Windows Script Control

2012-06-25 22:32 . 2012-06-25 22:33 -------- d-----w- c:\program files (x86)\Common Files\e.World

2012-06-24 13:53 . 2012-06-24 13:53 -------- d-----w- c:\program files (x86)\ASPRunnerPro7.1

2012-06-23 23:56 . 2012-06-23 23:56 -------- d-----w- c:\users\Nick\AppData\Local\Macromedia

2012-06-23 08:35 . 2012-06-23 08:35 -------- d-----w- c:\windows\system32\drivers\UMDF\ko-KR

2012-06-23 08:31 . 2009-07-27 15:00 1547776 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL

2012-06-23 08:31 . 2009-07-27 15:09 1701888 ----a-w- c:\windows\system32\WMVDECOD.DLL

2012-06-23 08:31 . 2009-09-10 15:27 1486848 ----a-w- c:\program files\Windows Media Player\setup_wm.exe

2012-06-23 08:31 . 2009-09-10 14:58 1418752 ----a-w- c:\program files (x86)\Windows Media Player\setup_wm.exe

2012-06-23 08:31 . 2009-09-10 15:27 372736 ----a-w- c:\windows\system32\unregmp2.exe

2012-06-23 08:31 . 2009-09-10 14:58 310784 ----a-w- c:\windows\SysWow64\unregmp2.exe

2012-06-23 08:30 . 2011-02-22 13:53 1149440 ----a-w- c:\windows\system32\FntCache.dll

2012-06-23 08:30 . 2011-02-22 14:47 479744 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2012-06-23 08:30 . 2011-02-22 14:13 288768 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2012-06-23 08:28 . 2010-08-26 17:42 1927680 ----a-w- c:\windows\system32\gameux.dll

2012-06-23 08:28 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\SysWow64\gameux.dll

2012-06-23 08:28 . 2011-03-03 15:59 32256 ----a-w- c:\windows\system32\Apphlpdm.dll

2012-06-23 08:28 . 2011-03-03 15:40 28672 ----a-w- c:\windows\SysWow64\Apphlpdm.dll

2012-06-23 08:28 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\SysWow64\GameUXLegacyGDFs.dll

2012-06-23 08:28 . 2011-03-03 14:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2012-06-23 08:28 . 2012-04-23 16:25 132096 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-23 08:28 . 2012-04-23 16:25 1267200 ----a-w- c:\windows\system32\crypt32.dll

2012-06-23 08:28 . 2012-04-23 16:00 984064 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-06-23 08:28 . 2012-04-23 16:25 174592 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-23 08:28 . 2012-04-23 16:00 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-06-23 08:28 . 2012-04-23 16:00 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-06-23 08:24 . 2011-03-12 22:52 1653760 ----a-w- c:\windows\system32\XpsPrint.dll

2012-06-23 08:24 . 2011-03-12 21:55 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll

2012-06-23 08:16 . 2012-06-23 08:16 -------- d-----w- c:\program files\Microsoft

2012-06-21 03:37 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-21 03:37 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-21 03:37 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-21 03:37 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 03:36 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-21 03:36 . 2012-06-02 22:12 88576 ----a-w- c:\windows\SysWow64\wudriver.dll

2012-06-21 03:36 . 2012-06-02 22:19 35864 ----a-w- c:\windows\SysWow64\wups.dll

2012-06-21 03:36 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-21 03:36 . 2012-06-02 22:19 577048 ----a-w- c:\windows\SysWow64\wuapi.dll

2012-06-21 03:36 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 03:36 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-21 03:36 . 2012-06-02 20:19 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll

2012-06-21 03:36 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-21 03:36 . 2012-06-02 20:12 33792 ----a-w- c:\windows\SysWow64\wuapp.exe

2012-06-20 13:54 . 2012-06-20 13:54 -------- d-----w- c:\program files (x86)\CamStudio 2.6b

2012-06-20 13:54 . 2010-10-24 05:56 49664 ----a-w- c:\windows\system32\CamCodec.dll

2012-06-18 15:04 . 2012-06-18 15:12 -------- d-----w- c:\program files (x86)\PHPRunner6.1

2012-06-18 12:49 . 2012-06-26 03:51 -------- d-----w- C:\xampp

2012-06-14 19:27 . 2012-05-18 02:01 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll

2012-06-14 19:27 . 2012-05-17 22:38 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll

2012-06-14 19:27 . 2012-05-17 22:37 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll

2012-06-14 19:27 . 2012-05-18 02:02 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll

2012-06-13 02:16 . 2012-05-01 14:29 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-13 02:13 . 2012-05-15 20:15 2767360 ----a-w- c:\windows\system32\win32k.sys

2012-06-12 21:51 . 2012-07-09 20:02 -------- d-----w- c:\users\Nick\AppData\Local\GameMaker8.1

2012-06-11 20:58 . 2012-06-11 20:58 -------- d-----w- c:\program files (x86)\Common Files\Skype

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-23 23:34 . 2012-04-05 11:53 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-23 23:34 . 2011-05-14 05:15 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-08 14:41 . 2012-06-03 12:37 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll

2012-06-08 05:31 . 2012-06-08 05:31 955848 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-06-08 05:31 . 2011-11-17 20:18 839112 ----a-w- c:\windows\system32\deployJava1.dll

2012-06-04 20:49 . 2012-06-03 12:22 565056 ----a-w- c:\programdata\Microsoft\VWDExpress\10.0\1033\ResourceCache.dll

2012-06-04 12:22 . 2011-04-22 12:56 100512 ----a-w- c:\programdata\Microsoft\VPDExpress\10.0\1033\ResourceCache.dll

2012-06-04 12:20 . 2012-05-30 05:42 190656 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll

2012-05-17 22:36 . 2012-06-09 03:55 2468520 ----a-w- c:\windows\SysWow64\BootMan.exe

2012-05-15 16:13 . 2012-06-09 03:55 3316736 ----a-w- c:\windows\system32\BootMan.exe

2012-05-03 22:52 . 2012-06-09 04:09 25224 ----a-w- c:\windows\system32\fbnative.exe

2012-05-03 22:52 . 2012-06-09 04:10 189576 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys

2012-05-03 22:52 . 2012-06-09 04:10 48776 ----a-w- c:\windows\system32\drivers\EUBKMON.sys

2012-05-03 22:51 . 2012-06-09 04:10 19592 ----a-w- c:\windows\system32\drivers\eudskacs.sys

2012-05-03 22:51 . 2012-06-09 04:10 58504 ----a-w- c:\windows\system32\drivers\eubakup.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"cdloader"="c:\users\Nick\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

S2 ABBYY.Licensing.FineReader.Corporate.10.0;ABBYY FineReader 10 CE Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe [2009-12-19 814344]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

Themes

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-06 13:10]

.

2012-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-06 13:10]

.

2012-07-04 c:\windows\Tasks\PCDRScheduledMaintenance.job

- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-09-10 16:43]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-12 15853088]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-12 82464]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\windows\System32\guard64.dll

.

------- Supplementary Scan -------

.

uStart Page = about:blank

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm

IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.1.254

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\9kqhg7vi.default\

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MsDepSvc]

"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{8AAF211B-043E02A9-05040000}]

"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2012-07-11 05:09:18

ComboFix-quarantined-files.txt 2012-07-11 10:09

.

Pre-Run: 282,691,293,184 bytes free

Post-Run: 282,767,462,400 bytes free

.

- - End Of File - - 7901D38A6753064CD3287D57D6DD2DEA

Link to post
Share on other sites

  • Staff

Greetings

I would like to know which browsers are redirecting, please verify all that are installed on the computer

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

Link to post
Share on other sites

Both scans turned up clean. aswMBR did not ask me to update anything. Below are the logs.

07:27:56.0869 3424 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35

07:27:57.0434 3424 ============================================================

07:27:57.0434 3424 Current date / time: 2012/07/12 07:27:57.0434

07:27:57.0434 3424 SystemInfo:

07:27:57.0434 3424

07:27:57.0435 3424 OS Version: 6.0.6002 ServicePack: 2.0

07:27:57.0435 3424 Product type: Workstation

07:27:57.0435 3424 ComputerName: LOOMPALAND

07:27:57.0435 3424 UserName: Nick

07:27:57.0435 3424 Windows directory: C:\Windows

07:27:57.0435 3424 System windows directory: C:\Windows

07:27:57.0435 3424 Running under WOW64

07:27:57.0435 3424 Processor architecture: Intel x64

07:27:57.0435 3424 Number of processors: 4

07:27:57.0436 3424 Page size: 0x1000

07:27:57.0436 3424 Boot type: Normal boot

07:27:57.0436 3424 ============================================================

07:27:58.0081 3424 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

07:27:58.0106 3424 Drive \Device\Harddisk3\DR3 - Size: 0x75E00000 (1.84 Gb), SectorSize: 0x200, Cylinders: 0xF0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

07:27:58.0115 3424 ============================================================

07:27:58.0115 3424 \Device\Harddisk0\DR0:

07:27:58.0115 3424 MBR partitions:

07:27:58.0115 3424 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3691DA1E

07:27:58.0115 3424 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x36920800, BlocksNum 0x124F7800

07:27:58.0116 3424 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x48E18550, BlocksNum 0x1A3E971

07:27:58.0116 3424 \Device\Harddisk3\DR3:

07:27:58.0118 3424 MBR partitions:

07:27:58.0118 3424 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x6, StartLBA 0x87, BlocksNum 0x3AE039

07:27:58.0118 3424 ============================================================

07:27:58.0138 3424 C: <-> \Device\Harddisk0\DR0\Partition0

07:27:58.0189 3424 E: <-> \Device\Harddisk0\DR0\Partition1

07:27:58.0235 3424 D: <-> \Device\Harddisk0\DR0\Partition2

07:27:58.0235 3424 ============================================================

07:27:58.0235 3424 Initialize success

07:27:58.0235 3424 ============================================================

07:28:02.0423 1824 ============================================================

07:28:02.0424 1824 Scan started

07:28:02.0424 1824 Mode: Manual;

07:28:02.0424 1824 ============================================================

07:28:03.0214 1824 ABBYY.Licensing.FineReader.Corporate.10.0 (d5934c8b21c2bbbdd259b691defe33ba) C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe

07:28:03.0227 1824 ABBYY.Licensing.FineReader.Corporate.10.0 - ok

07:28:03.0361 1824 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys

07:28:03.0369 1824 ACPI - ok

07:28:03.0441 1824 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys

07:28:03.0472 1824 adp94xx - ok

07:28:03.0553 1824 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys

07:28:03.0607 1824 adpahci - ok

07:28:03.0650 1824 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys

07:28:03.0663 1824 adpu160m - ok

07:28:03.0711 1824 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys

07:28:03.0729 1824 adpu320 - ok

07:28:03.0764 1824 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll

07:28:03.0766 1824 AeLookupSvc - ok

07:28:03.0839 1824 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys

07:28:03.0850 1824 AFD - ok

07:28:03.0884 1824 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys

07:28:03.0886 1824 agp440 - ok

07:28:03.0901 1824 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys

07:28:03.0906 1824 aic78xx - ok

07:28:03.0935 1824 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe

07:28:03.0940 1824 ALG - ok

07:28:03.0954 1824 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys

07:28:03.0956 1824 aliide - ok

07:28:03.0971 1824 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys

07:28:03.0973 1824 amdide - ok

07:28:04.0001 1824 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys

07:28:04.0004 1824 AmdK8 - ok

07:28:04.0059 1824 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys

07:28:04.0062 1824 androidusb - ok

07:28:04.0090 1824 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll

07:28:04.0093 1824 Appinfo - ok

07:28:04.0122 1824 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys

07:28:04.0135 1824 arc - ok

07:28:04.0161 1824 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys

07:28:04.0164 1824 arcsas - ok

07:28:04.0311 1824 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

07:28:04.0313 1824 aspnet_state - ok

07:28:04.0329 1824 aswFsBlk (df59b8e8df0bd2e0e303778a3806a17d) C:\Windows\system32\drivers\aswFsBlk.sys

07:28:04.0331 1824 aswFsBlk - ok

07:28:04.0358 1824 aswMonFlt (f8e6ab4f876feff69250f2e0c29ef004) C:\Windows\system32\drivers\aswMonFlt.sys

07:28:04.0364 1824 aswMonFlt - ok

07:28:04.0388 1824 AswRdr (8047968ed077344c10b3bb81643f4c79) C:\Windows\system32\drivers\AswRdr.sys

07:28:04.0390 1824 AswRdr - ok

07:28:04.0466 1824 aswSnx (f06e230e1e8ca9437a6474b7b551cd37) C:\Windows\system32\drivers\aswSnx.sys

07:28:04.0513 1824 aswSnx - ok

07:28:04.0555 1824 aswSP (3610ca74a69e380424f0452dec5c1317) C:\Windows\system32\drivers\aswSP.sys

07:28:04.0567 1824 aswSP - ok

07:28:04.0597 1824 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys

07:28:04.0599 1824 AsyncMac - ok

07:28:04.0647 1824 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys

07:28:04.0649 1824 atapi - ok

07:28:04.0721 1824 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll

07:28:04.0738 1824 AudioEndpointBuilder - ok

07:28:04.0750 1824 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll

07:28:04.0757 1824 AudioSrv - ok

07:28:04.0803 1824 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

07:28:04.0805 1824 avast! Antivirus - ok

07:28:04.0829 1824 Beep - ok

07:28:04.0909 1824 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll

07:28:04.0926 1824 BFE - ok

07:28:05.0028 1824 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll

07:28:05.0070 1824 BITS - ok

07:28:05.0111 1824 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys

07:28:05.0114 1824 blbdrive - ok

07:28:05.0169 1824 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys

07:28:05.0174 1824 bowser - ok

07:28:05.0206 1824 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys

07:28:05.0208 1824 BrFiltLo - ok

07:28:05.0221 1824 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys

07:28:05.0222 1824 BrFiltUp - ok

07:28:05.0264 1824 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll

07:28:05.0276 1824 Browser - ok

07:28:05.0304 1824 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys

07:28:05.0309 1824 Brserid - ok

07:28:05.0334 1824 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys

07:28:05.0337 1824 BrSerWdm - ok

07:28:05.0353 1824 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys

07:28:05.0355 1824 BrUsbMdm - ok

07:28:05.0368 1824 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys

07:28:05.0370 1824 BrUsbSer - ok

07:28:05.0438 1824 BthEnum (09f926a0d9c0bafd8417a4307d2ed13c) C:\Windows\system32\DRIVERS\BthEnum.sys

07:28:05.0440 1824 BthEnum - ok

07:28:05.0478 1824 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys

07:28:05.0480 1824 BTHMODEM - ok

07:28:05.0524 1824 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys

07:28:05.0536 1824 BthPan - ok

07:28:05.0605 1824 BTHPORT (e1466882252ff51edde48c3f7eda2591) C:\Windows\system32\Drivers\BTHport.sys

07:28:05.0629 1824 BTHPORT - ok

07:28:05.0708 1824 BthServ (22e65ffd640f16968f855f5b3528d366) C:\Windows\System32\bthserv.dll

07:28:05.0711 1824 BthServ - ok

07:28:05.0753 1824 BTHUSB (970192cded77a128e7e30722e5ee6b9c) C:\Windows\system32\Drivers\BTHUSB.sys

07:28:05.0756 1824 BTHUSB - ok

07:28:05.0844 1824 BTWAMPFL (a0dfb69ade3444c78b17636fcf28e898) C:\Windows\system32\DRIVERS\btwampfl.sys

07:28:05.0858 1824 BTWAMPFL - ok

07:28:05.0913 1824 btwaudio (7cf028ce78696882b327ff13d2dfa534) C:\Windows\system32\drivers\btwaudio.sys

07:28:05.0925 1824 btwaudio - ok

07:28:05.0943 1824 btwavdt (3def2370e414b4e299673558ba171a51) C:\Windows\system32\drivers\btwavdt.sys

07:28:05.0947 1824 btwavdt - ok

07:28:06.0109 1824 btwdins (1ad3a2baf31c4327dcbb2b0eca4a23bb) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

07:28:06.0148 1824 btwdins - ok

07:28:06.0171 1824 btwl2cap (346b4051b3d7ff70e8f027869b8eca6e) C:\Windows\system32\DRIVERS\btwl2cap.sys

07:28:06.0174 1824 btwl2cap - ok

07:28:06.0226 1824 btwrchid (9937e0e4dfc0030560a6dfe9d3a94b39) C:\Windows\system32\DRIVERS\btwrchid.sys

07:28:06.0228 1824 btwrchid - ok

07:28:06.0240 1824 catchme - ok

07:28:06.0279 1824 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys

07:28:06.0283 1824 cdfs - ok

07:28:06.0340 1824 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys

07:28:06.0353 1824 cdrom - ok

07:28:06.0412 1824 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll

07:28:06.0415 1824 CertPropSvc - ok

07:28:06.0443 1824 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys

07:28:06.0445 1824 circlass - ok

07:28:06.0517 1824 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys

07:28:06.0529 1824 CLFS - ok

07:28:06.0592 1824 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

07:28:06.0595 1824 clr_optimization_v2.0.50727_32 - ok

07:28:06.0653 1824 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

07:28:06.0656 1824 clr_optimization_v2.0.50727_64 - ok

07:28:06.0759 1824 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

07:28:06.0771 1824 clr_optimization_v4.0.30319_32 - ok

07:28:06.0797 1824 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

07:28:06.0808 1824 clr_optimization_v4.0.30319_64 - ok

07:28:07.0134 1824 cmdAgent (cee48ccc4d561ddb19c72f9fb55d28d5) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

07:28:07.0165 1824 cmdAgent - ok

07:28:07.0335 1824 cmdGuard (98e9ac5f001ab92fd05de5db04621fea) C:\Windows\system32\DRIVERS\cmdguard.sys

07:28:07.0365 1824 cmdGuard - ok

07:28:07.0382 1824 cmdHlp (ba0e1a71d4a05f5dcdbce2070b934b5a) C:\Windows\system32\DRIVERS\cmdhlp.sys

07:28:07.0383 1824 cmdHlp - ok

07:28:07.0409 1824 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys

07:28:07.0410 1824 cmdide - ok

07:28:07.0425 1824 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys

07:28:07.0426 1824 Compbatt - ok

07:28:07.0435 1824 COMSysApp - ok

07:28:07.0461 1824 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys

07:28:07.0462 1824 crcdisk - ok

07:28:07.0546 1824 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll

07:28:07.0598 1824 CryptSvc - ok

07:28:07.0738 1824 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll

07:28:07.0786 1824 DcomLaunch - ok

07:28:07.0850 1824 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys

07:28:07.0855 1824 DfsC - ok

07:28:08.0210 1824 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe

07:28:08.0286 1824 DFSR - ok

07:28:08.0430 1824 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll

07:28:08.0440 1824 Dhcp - ok

07:28:08.0510 1824 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys

07:28:08.0514 1824 disk - ok

07:28:08.0573 1824 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll

07:28:08.0586 1824 Dnscache - ok

07:28:08.0641 1824 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll

07:28:08.0651 1824 dot3svc - ok

07:28:08.0714 1824 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys

07:28:08.0724 1824 Dot4 - ok

07:28:08.0787 1824 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys

07:28:08.0790 1824 Dot4Print - ok

07:28:08.0810 1824 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys

07:28:08.0813 1824 dot4usb - ok

07:28:08.0855 1824 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll

07:28:08.0866 1824 DPS - ok

07:28:08.0903 1824 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys

07:28:08.0905 1824 drmkaud - ok

07:28:09.0009 1824 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys

07:28:09.0042 1824 DXGKrnl - ok

07:28:09.0074 1824 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys

07:28:09.0085 1824 E1G60 - ok

07:28:09.0107 1824 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll

07:28:09.0113 1824 EapHost - ok

07:28:09.0225 1824 EaseUS Agent (1428af5504e8d8b353f5136bdecc20cc) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe

07:28:09.0228 1824 EaseUS Agent - ok

07:28:09.0282 1824 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys

07:28:09.0293 1824 Ecache - ok

07:28:09.0380 1824 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe

07:28:09.0389 1824 ehRecvr - ok

07:28:09.0418 1824 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe

07:28:09.0430 1824 ehSched - ok

07:28:09.0474 1824 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll

07:28:09.0476 1824 ehstart - ok

07:28:09.0523 1824 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys

07:28:09.0547 1824 elxstor - ok

07:28:09.0626 1824 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll

07:28:09.0645 1824 EMDMgmt - ok

07:28:09.0699 1824 epmntdrv (9eafb3b3b60b8ad958985152a9309aca) C:\Windows\system32\epmntdrv.sys

07:28:09.0702 1824 epmntdrv - ok

07:28:09.0721 1824 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys

07:28:09.0723 1824 ErrDev - ok

07:28:09.0780 1824 EUBAKUP (268999a7b9ae8f1ab0bf833c264ff2d7) C:\Windows\system32\drivers\eubakup.sys

07:28:09.0783 1824 EUBAKUP - ok

07:28:09.0793 1824 EUBKMON (bbb7392ddc92d653afbf2f93354db9f2) C:\Windows\system32\drivers\EUBKMON.sys

07:28:09.0795 1824 EUBKMON - ok

07:28:09.0817 1824 EUDSKACS (f5ca6da167b70478c5ac745be27ab33e) C:\Windows\system32\drivers\eudskacs.sys

07:28:09.0819 1824 EUDSKACS - ok

07:28:09.0842 1824 EUFDDISK (8cd7997a5a9098f110b14feae80fc348) C:\Windows\system32\drivers\EuFdDisk.sys

07:28:09.0851 1824 EUFDDISK - ok

07:28:09.0900 1824 EuGdiDrv (fb949ed2c93c878a189039f3d7730942) C:\Windows\system32\EuGdiDrv.sys

07:28:09.0902 1824 EuGdiDrv - ok

07:28:09.0973 1824 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll

07:28:09.0986 1824 EventSystem - ok

07:28:10.0030 1824 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys

07:28:10.0040 1824 exfat - ok

07:28:10.0086 1824 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys

07:28:10.0097 1824 fastfat - ok

07:28:10.0122 1824 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys

07:28:10.0123 1824 fdc - ok

07:28:10.0151 1824 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll

07:28:10.0155 1824 fdPHost - ok

07:28:10.0170 1824 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll

07:28:10.0174 1824 FDResPub - ok

07:28:10.0191 1824 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys

07:28:10.0197 1824 FileInfo - ok

07:28:10.0215 1824 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys

07:28:10.0218 1824 Filetrace - ok

07:28:10.0235 1824 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

07:28:10.0238 1824 flpydisk - ok

07:28:10.0306 1824 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys

07:28:10.0314 1824 FltMgr - ok

07:28:10.0450 1824 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll

07:28:10.0507 1824 FontCache - ok

07:28:10.0580 1824 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

07:28:10.0583 1824 FontCache3.0.0.0 - ok

07:28:10.0641 1824 fssfltr (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\Windows\system32\DRIVERS\fssfltr.sys

07:28:10.0643 1824 fssfltr - ok

07:28:10.0878 1824 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

07:28:10.0929 1824 fsssvc - ok

07:28:11.0047 1824 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys

07:28:11.0050 1824 Fs_Rec - ok

07:28:11.0077 1824 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys

07:28:11.0079 1824 gagp30kx - ok

07:28:11.0163 1824 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll

07:28:11.0177 1824 gpsvc - ok

07:28:11.0300 1824 Guard Agent (922d79bfe60e6277daa15dfd2a751f4d) C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe

07:28:11.0302 1824 Guard Agent - ok

07:28:11.0405 1824 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

07:28:11.0407 1824 gupdate - ok

07:28:11.0426 1824 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

07:28:11.0428 1824 gupdatem - ok

07:28:11.0527 1824 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys

07:28:11.0566 1824 HDAudBus - ok

07:28:11.0595 1824 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys

07:28:11.0597 1824 HidBth - ok

07:28:11.0625 1824 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys

07:28:11.0627 1824 HidIr - ok

07:28:11.0669 1824 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll

07:28:11.0672 1824 hidserv - ok

07:28:11.0707 1824 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys

07:28:11.0710 1824 HidUsb - ok

07:28:11.0737 1824 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll

07:28:11.0742 1824 hkmsvc - ok

07:28:11.0776 1824 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys

07:28:11.0777 1824 HpCISSs - ok

07:28:11.0868 1824 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys

07:28:11.0887 1824 HTTP - ok

07:28:11.0907 1824 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys

07:28:11.0909 1824 i2omp - ok

07:28:11.0943 1824 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys

07:28:11.0949 1824 i8042prt - ok

07:28:11.0976 1824 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys

07:28:11.0982 1824 iaStorV - ok

07:28:12.0101 1824 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

07:28:12.0136 1824 idsvc - ok

07:28:12.0156 1824 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys

07:28:12.0159 1824 iirsp - ok

07:28:12.0228 1824 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll

07:28:12.0248 1824 IKEEXT - ok

07:28:12.0300 1824 inspect (1d942e294a72a2a9ec527b327ae4f4bd) C:\Windows\system32\DRIVERS\inspect.sys

07:28:12.0305 1824 inspect - ok

07:28:12.0522 1824 IntcAzAudAddService (1edab7f9b9de4424beccdef950ce2ff0) C:\Windows\system32\drivers\RTKVHD64.sys

07:28:12.0569 1824 IntcAzAudAddService - ok

07:28:12.0660 1824 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys

07:28:12.0662 1824 intelide - ok

07:28:12.0695 1824 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys

07:28:12.0696 1824 intelppm - ok

07:28:12.0729 1824 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll

07:28:12.0743 1824 IPBusEnum - ok

07:28:12.0802 1824 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys

07:28:12.0809 1824 IpFilterDriver - ok

07:28:12.0883 1824 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll

07:28:12.0919 1824 iphlpsvc - ok

07:28:12.0923 1824 IpInIp - ok

07:28:12.0972 1824 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys

07:28:12.0975 1824 IPMIDRV - ok

07:28:13.0028 1824 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys

07:28:13.0041 1824 IPNAT - ok

07:28:13.0049 1824 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys

07:28:13.0051 1824 IRENUM - ok

07:28:13.0109 1824 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys

07:28:13.0112 1824 isapnp - ok

07:28:13.0167 1824 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys

07:28:13.0175 1824 iScsiPrt - ok

07:28:13.0232 1824 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys

07:28:13.0235 1824 iteatapi - ok

07:28:13.0264 1824 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys

07:28:13.0267 1824 iteraid - ok

07:28:13.0308 1824 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys

07:28:13.0311 1824 kbdclass - ok

07:28:13.0360 1824 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys

07:28:13.0362 1824 kbdhid - ok

07:28:13.0419 1824 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

07:28:13.0424 1824 KeyIso - ok

07:28:13.0616 1824 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys

07:28:13.0658 1824 KSecDD - ok

07:28:13.0709 1824 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys

07:28:13.0712 1824 ksthunk - ok

07:28:13.0801 1824 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll

07:28:13.0859 1824 KtmRm - ok

07:28:13.0952 1824 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll

07:28:13.0963 1824 LanmanServer - ok

07:28:14.0038 1824 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll

07:28:14.0057 1824 LanmanWorkstation - ok

07:28:14.0133 1824 LightScribeService (e75adcfafdef3f4c3af3332928d59926) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

07:28:14.0136 1824 LightScribeService - ok

07:28:14.0148 1824 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys

07:28:14.0152 1824 lltdio - ok

07:28:14.0190 1824 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll

07:28:14.0230 1824 lltdsvc - ok

07:28:14.0246 1824 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll

07:28:14.0251 1824 lmhosts - ok

07:28:14.0286 1824 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys

07:28:14.0298 1824 LSI_FC - ok

07:28:14.0319 1824 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys

07:28:14.0332 1824 LSI_SAS - ok

07:28:14.0352 1824 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys

07:28:14.0364 1824 LSI_SCSI - ok

07:28:14.0396 1824 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys

07:28:14.0408 1824 luafv - ok

07:28:14.0469 1824 LVRS64 (0c85b2b6fb74b36a251792d45e0ef860) C:\Windows\system32\DRIVERS\lvrs64.sys

07:28:14.0482 1824 LVRS64 - ok

07:28:14.0827 1824 LVUVC64 (ff3a488924b0032b1a9ca6948c1fa9e8) C:\Windows\system32\DRIVERS\lvuvc64.sys

07:28:14.0933 1824 LVUVC64 - ok

07:28:15.0099 1824 massfilter (36efc8c32829a27baf0e63bfdbd5ee90) C:\Windows\system32\drivers\massfilter.sys

07:28:15.0101 1824 massfilter - ok

07:28:15.0124 1824 massfilter_hs (9b4b4838a6c8dc97416581c13cb6482c) C:\Windows\system32\drivers\massfilter_hs.sys

07:28:15.0126 1824 massfilter_hs - ok

07:28:15.0165 1824 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll

07:28:15.0179 1824 Mcx2Svc - ok

07:28:15.0219 1824 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys

07:28:15.0222 1824 megasas - ok

07:28:15.0279 1824 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys

07:28:15.0297 1824 MegaSR - ok

07:28:15.0319 1824 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll

07:28:15.0327 1824 MMCSS - ok

07:28:15.0347 1824 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys

07:28:15.0350 1824 Modem - ok

07:28:15.0416 1824 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys

07:28:15.0419 1824 monitor - ok

07:28:15.0439 1824 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys

07:28:15.0442 1824 mouclass - ok

07:28:15.0453 1824 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys

07:28:15.0455 1824 mouhid - ok

07:28:15.0474 1824 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys

07:28:15.0480 1824 MountMgr - ok

07:28:15.0610 1824 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

07:28:15.0623 1824 MozillaMaintenance - ok

07:28:15.0681 1824 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys

07:28:15.0732 1824 MpFilter - ok

07:28:15.0764 1824 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys

07:28:15.0776 1824 mpio - ok

07:28:15.0795 1824 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys

07:28:15.0801 1824 mpsdrv - ok

07:28:15.0887 1824 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll

07:28:15.0908 1824 MpsSvc - ok

07:28:15.0935 1824 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys

07:28:15.0938 1824 Mraid35x - ok

07:28:16.0122 1824 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys

07:28:16.0127 1824 MRxDAV - ok

07:28:16.0176 1824 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys

07:28:16.0188 1824 mrxsmb - ok

07:28:16.0233 1824 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys

07:28:16.0246 1824 mrxsmb10 - ok

07:28:16.0262 1824 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys

07:28:16.0267 1824 mrxsmb20 - ok

07:28:16.0289 1824 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys

07:28:16.0291 1824 msahci - ok

07:28:16.0427 1824 MsDepSvc (aaac4b494de45836121a40aec980b631) C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe

07:28:16.0429 1824 MsDepSvc - ok

07:28:16.0453 1824 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys

07:28:16.0457 1824 msdsm - ok

07:28:16.0482 1824 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe

07:28:16.0495 1824 MSDTC - ok

07:28:16.0520 1824 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys

07:28:16.0522 1824 Msfs - ok

07:28:16.0544 1824 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys

07:28:16.0547 1824 msisadrv - ok

07:28:16.0591 1824 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll

07:28:16.0599 1824 MSiSCSI - ok

07:28:16.0605 1824 msiserver - ok

07:28:16.0650 1824 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys

07:28:16.0653 1824 MSKSSRV - ok

07:28:16.0744 1824 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe

07:28:16.0746 1824 MsMpSvc - ok

07:28:16.0763 1824 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys

07:28:16.0766 1824 MSPCLOCK - ok

07:28:16.0773 1824 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys

07:28:16.0776 1824 MSPQM - ok

07:28:16.0898 1824 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys

07:28:16.0907 1824 MsRPC - ok

07:28:16.0949 1824 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys

07:28:16.0953 1824 mssmbios - ok

07:28:17.0056 1824 MSSQL$SQLEXPRESS - ok

07:28:17.0150 1824 MSSQLServerADHelper100 (7a2a8c975356858eb38466a6b1592e8d) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE

07:28:17.0153 1824 MSSQLServerADHelper100 - ok

07:28:17.0181 1824 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys

07:28:17.0184 1824 MSTEE - ok

07:28:17.0195 1824 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys

07:28:17.0198 1824 Mup - ok

07:28:17.0279 1824 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll

07:28:17.0295 1824 napagent - ok

07:28:17.0344 1824 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys

07:28:17.0362 1824 NativeWifiP - ok

07:28:17.0432 1824 NAVENG - ok

07:28:17.0438 1824 NAVEX15 - ok

07:28:17.0538 1824 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys

07:28:17.0569 1824 NDIS - ok

07:28:17.0628 1824 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys

07:28:17.0631 1824 NdisTapi - ok

07:28:17.0656 1824 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys

07:28:17.0659 1824 Ndisuio - ok

07:28:17.0717 1824 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys

07:28:17.0769 1824 NdisWan - ok

07:28:17.0820 1824 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys

07:28:17.0824 1824 NDProxy - ok

07:28:17.0913 1824 Net Driver HPZ12 (59267d2f0328599aa3b5408c2e06126f) C:\Windows\system32\HPZinw12.dll

07:28:17.0919 1824 Net Driver HPZ12 - ok

07:28:17.0933 1824 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys

07:28:17.0936 1824 NetBIOS - ok

07:28:18.0020 1824 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys

07:28:18.0068 1824 netbt - ok

07:28:18.0128 1824 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

07:28:18.0132 1824 Netlogon - ok

07:28:18.0250 1824 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll

07:28:18.0272 1824 Netman - ok

07:28:18.0405 1824 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

07:28:18.0416 1824 NetMsmqActivator - ok

07:28:18.0425 1824 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

07:28:18.0429 1824 NetPipeActivator - ok

07:28:18.0678 1824 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll

07:28:18.0728 1824 netprofm - ok

07:28:18.0737 1824 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

07:28:18.0741 1824 NetTcpActivator - ok

07:28:18.0749 1824 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

07:28:18.0753 1824 NetTcpPortSharing - ok

07:28:18.0857 1824 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys

07:28:18.0866 1824 nfrd960 - ok

07:28:18.0914 1824 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

07:28:18.0927 1824 NisDrv - ok

07:28:19.0150 1824 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe

07:28:19.0171 1824 NisSrv - ok

07:28:19.0213 1824 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll

07:28:19.0230 1824 NlaSvc - ok

07:28:19.0288 1824 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys

07:28:19.0290 1824 NPF - ok

07:28:19.0381 1824 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys

07:28:19.0397 1824 Npfs - ok

07:28:19.0418 1824 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll

07:28:19.0425 1824 nsi - ok

07:28:19.0456 1824 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys

07:28:19.0459 1824 nsiproxy - ok

07:28:19.0730 1824 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys

07:28:19.0817 1824 Ntfs - ok

07:28:20.0160 1824 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys

07:28:20.0162 1824 Null - ok

07:28:20.0406 1824 NVENETFD (98350606682594521d56eccb5d01ecf7) C:\Windows\system32\DRIVERS\nvmfdx64.sys

07:28:20.0452 1824 NVENETFD - ok

07:28:22.0808 1824 nvlddmkm (e57f802ba29010c557b549392f7e3ca1) C:\Windows\system32\DRIVERS\nvlddmkm.sys

07:28:22.0993 1824 nvlddmkm - ok

07:28:23.0269 1824 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys

07:28:23.0281 1824 nvraid - ok

07:28:23.0354 1824 nvrd64 (011db85affd2368348181c552e025d98) C:\Windows\system32\drivers\nvrd64.sys

07:28:23.0360 1824 nvrd64 - ok

07:28:23.0388 1824 nvsmu (16d36074b84da72d160233c8d132dc89) C:\Windows\system32\drivers\nvsmu.sys

07:28:23.0391 1824 nvsmu - ok

07:28:23.0439 1824 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys

07:28:23.0443 1824 nvstor - ok

07:28:23.0459 1824 nvstor64 (fa6d13aa972967eb46862d0f0372a65a) C:\Windows\system32\drivers\nvstor64.sys

07:28:23.0462 1824 nvstor64 - ok

07:28:23.0522 1824 nvsvc (cc015d29c3be698d14bd9b5e23e33c0d) C:\Windows\system32\nvvsvc.exe

07:28:23.0532 1824 nvsvc - ok

07:28:23.0566 1824 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys

07:28:23.0577 1824 nv_agp - ok

07:28:23.0584 1824 NwlnkFlt - ok

07:28:23.0595 1824 NwlnkFwd - ok

07:28:23.0666 1824 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys

07:28:23.0672 1824 ohci1394 - ok

07:28:24.0067 1824 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

07:28:24.0094 1824 p2pimsvc - ok

07:28:24.0112 1824 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

07:28:24.0129 1824 p2psvc - ok

07:28:24.0164 1824 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys

07:28:24.0177 1824 Parport - ok

07:28:24.0233 1824 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys

07:28:24.0239 1824 partmgr - ok

07:28:24.0273 1824 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll

07:28:24.0281 1824 PcaSvc - ok

07:28:24.0389 1824 PCD5SRVC{8AAF211B-043E02A9-05040000} (7204f835a4355d1ab2853e57c9ff177c) C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms

07:28:24.0394 1824 PCD5SRVC{8AAF211B-043E02A9-05040000} - ok

07:28:24.0616 1824 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys

07:28:24.0621 1824 pci - ok

07:28:24.0677 1824 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys

07:28:24.0680 1824 pciide - ok

07:28:24.0792 1824 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys

07:28:24.0800 1824 pcmcia - ok

07:28:24.0853 1824 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys

07:28:24.0877 1824 PEAUTH - ok

07:28:24.0944 1824 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe

07:28:24.0952 1824 PerfHost - ok

07:28:25.0171 1824 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll

07:28:25.0239 1824 pla - ok

07:28:25.0311 1824 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll

07:28:25.0334 1824 PlugPlay - ok

07:28:25.0403 1824 Pml Driver HPZ12 (5261a2fd55183ac6993145ab6662cddf) C:\Windows\system32\HPZipm12.dll

07:28:25.0416 1824 Pml Driver HPZ12 - ok

07:28:25.0657 1824 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

07:28:25.0674 1824 PNRPAutoReg - ok

07:28:25.0691 1824 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

07:28:25.0709 1824 PNRPsvc - ok

07:28:25.0842 1824 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll

07:28:25.0859 1824 PolicyAgent - ok

07:28:25.0949 1824 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys

07:28:25.0960 1824 PptpMiniport - ok

07:28:25.0983 1824 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys

07:28:25.0986 1824 Processor - ok

07:28:26.0041 1824 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll

07:28:26.0059 1824 ProfSvc - ok

07:28:26.0111 1824 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

07:28:26.0115 1824 ProtectedStorage - ok

07:28:26.0159 1824 Ps2 (1d0a3f565397d08707f3d75b88586645) C:\Windows\system32\DRIVERS\PS2.sys

07:28:26.0162 1824 Ps2 - ok

07:28:26.0233 1824 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys

07:28:26.0237 1824 PSched - ok

07:28:26.0336 1824 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys

07:28:26.0382 1824 ql2300 - ok

07:28:26.0411 1824 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys

07:28:26.0423 1824 ql40xx - ok

07:28:26.0479 1824 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll

07:28:26.0494 1824 QWAVE - ok

07:28:26.0510 1824 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys

07:28:26.0513 1824 QWAVEdrv - ok

07:28:26.0531 1824 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys

07:28:26.0534 1824 RasAcd - ok

07:28:26.0555 1824 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll

07:28:26.0568 1824 RasAuto - ok

07:28:26.0697 1824 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys

07:28:26.0702 1824 Rasl2tp - ok

07:28:26.0756 1824 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll

07:28:26.0778 1824 RasMan - ok

07:28:26.0882 1824 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys

07:28:26.0892 1824 RasPppoe - ok

07:28:26.0971 1824 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys

07:28:26.0975 1824 RasSstp - ok

07:28:27.0082 1824 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys

07:28:27.0140 1824 rdbss - ok

07:28:27.0216 1824 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys

07:28:27.0219 1824 RDPCDD - ok

07:28:27.0314 1824 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys

07:28:27.0345 1824 rdpdr - ok

07:28:27.0354 1824 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys

07:28:27.0356 1824 RDPENCDD - ok

07:28:27.0401 1824 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys

07:28:27.0419 1824 RDPWD - ok

07:28:27.0455 1824 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll

07:28:27.0476 1824 RemoteAccess - ok

07:28:27.0589 1824 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll

07:28:27.0616 1824 RemoteRegistry - ok

07:28:27.0716 1824 RFCOMM (cd71e053d7260e4102d99a28f9196070) C:\Windows\system32\DRIVERS\rfcomm.sys

07:28:27.0750 1824 RFCOMM - ok

07:28:28.0053 1824 rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files (x86)\WinPcap\rpcapd.exe

07:28:28.0059 1824 rpcapd - ok

07:28:28.0093 1824 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe

07:28:28.0098 1824 RpcLocator - ok

07:28:28.0292 1824 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll

07:28:28.0309 1824 RpcSs - ok

07:28:28.0376 1824 RsFx0105 (c9fe05a63c500abe3afa5786504c4d36) C:\Windows\system32\DRIVERS\RsFx0105.sys

07:28:28.0439 1824 RsFx0105 - ok

07:28:28.0608 1824 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys

07:28:28.0621 1824 rspndr - ok

07:28:28.0685 1824 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

07:28:28.0690 1824 SamSs - ok

07:28:28.0731 1824 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys

07:28:28.0735 1824 sbp2port - ok

07:28:28.0758 1824 SBRE - ok

07:28:29.0344 1824 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

07:28:29.0361 1824 SBSDWSCService - ok

07:28:29.0533 1824 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll

07:28:29.0544 1824 SCardSvr - ok

07:28:29.0648 1824 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll

07:28:29.0666 1824 Schedule - ok

07:28:29.0711 1824 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll

07:28:29.0713 1824 SCPolicySvc - ok

07:28:29.0781 1824 ScreamBAudioSvc (490b0b68bb938d5c628ec4a67277be75) C:\Windows\system32\drivers\ScreamingBAudio64.sys

07:28:29.0801 1824 ScreamBAudioSvc - ok

07:28:29.0841 1824 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll

07:28:29.0861 1824 SDRSVC - ok

07:28:29.0895 1824 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

07:28:29.0898 1824 secdrv - ok

07:28:29.0911 1824 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll

07:28:29.0927 1824 seclogon - ok

07:28:29.0943 1824 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll

07:28:29.0958 1824 SENS - ok

07:28:29.0980 1824 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys

07:28:29.0982 1824 Serenum - ok

07:28:30.0013 1824 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys

07:28:30.0026 1824 Serial - ok

07:28:30.0052 1824 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys

07:28:30.0055 1824 sermouse - ok

07:28:30.0094 1824 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll

07:28:30.0108 1824 SessionEnv - ok

07:28:30.0124 1824 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys

07:28:30.0127 1824 sffdisk - ok

07:28:30.0140 1824 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys

07:28:30.0143 1824 sffp_mmc - ok

07:28:30.0156 1824 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys

07:28:30.0159 1824 sffp_sd - ok

07:28:30.0178 1824 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys

07:28:30.0181 1824 sfloppy - ok

07:28:30.0221 1824 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll

07:28:30.0234 1824 SharedAccess - ok

07:28:30.0342 1824 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll

07:28:30.0357 1824 ShellHWDetection - ok

07:28:30.0397 1824 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys

07:28:30.0401 1824 SiSRaid2 - ok

07:28:30.0466 1824 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys

07:28:30.0471 1824 SiSRaid4 - ok

07:28:30.0705 1824 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe

07:28:30.0710 1824 SkypeUpdate - ok

07:28:31.0150 1824 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe

07:28:31.0213 1824 slsvc - ok

07:28:31.0344 1824 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll

07:28:31.0358 1824 SLUINotify - ok

07:28:31.0434 1824 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys

07:28:31.0446 1824 Smb - ok

07:28:31.0485 1824 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe

07:28:31.0502 1824 SNMPTRAP - ok

07:28:31.0561 1824 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys

07:28:31.0564 1824 spldr - ok

07:28:31.0635 1824 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe

07:28:31.0659 1824 Spooler - ok

07:28:31.0805 1824 SQLAgent$SQLEXPRESS (45e65fb17a4cd5facbd3ca16c8334c82) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE

07:28:31.0831 1824 SQLAgent$SQLEXPRESS - ok

07:28:31.0897 1824 SQLWriter (f92e5f93be572b512da3c016b675ede0) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

07:28:31.0916 1824 SQLWriter - ok

07:28:31.0924 1824 SRTSP - ok

07:28:31.0935 1824 SRTSPX - ok

07:28:32.0034 1824 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys

07:28:32.0085 1824 srv - ok

07:28:32.0160 1824 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys

07:28:32.0212 1824 srv2 - ok

07:28:32.0277 1824 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys

07:28:32.0284 1824 srvnet - ok

07:28:32.0385 1824 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys

07:28:32.0404 1824 ssadbus - ok

07:28:32.0459 1824 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys

07:28:32.0461 1824 ssadmdfl - ok

07:28:32.0484 1824 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys

07:28:32.0495 1824 ssadmdm - ok

07:28:32.0540 1824 ssadserd (d33d1bd3ec0e766211a234f56a12726d) C:\Windows\system32\DRIVERS\ssadserd.sys

07:28:32.0551 1824 ssadserd - ok

07:28:32.0609 1824 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll

07:28:32.0626 1824 SSDPSRV - ok

07:28:32.0665 1824 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll

07:28:32.0701 1824 SstpSvc - ok

07:28:32.0799 1824 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll

07:28:32.0828 1824 stisvc - ok

07:28:32.0858 1824 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys

07:28:32.0861 1824 swenum - ok

07:28:32.0929 1824 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll

07:28:32.0953 1824 swprv - ok

07:28:32.0984 1824 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys

07:28:32.0987 1824 Symc8xx - ok

07:28:33.0015 1824 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys

07:28:33.0018 1824 Sym_hi - ok

07:28:33.0038 1824 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys

07:28:33.0041 1824 Sym_u3 - ok

07:28:33.0145 1824 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll

07:28:33.0186 1824 SysMain - ok

07:28:33.0206 1824 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll

07:28:33.0220 1824 TabletInputService - ok

07:28:33.0290 1824 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll

07:28:33.0312 1824 TapiSrv - ok

07:28:33.0338 1824 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll

07:28:33.0347 1824 TBS - ok

07:28:33.0522 1824 Tcpip (ac8d5728e6ad6a7c4819d9a67008337a) C:\Windows\system32\drivers\tcpip.sys

07:28:33.0619 1824 Tcpip - ok

07:28:33.0807 1824 Tcpip6 (ac8d5728e6ad6a7c4819d9a67008337a) C:\Windows\system32\DRIVERS\tcpip.sys

07:28:33.0828 1824 Tcpip6 - ok

07:28:33.0934 1824 tcpipreg (fd8fde859e38e40a20085ebb0c22b416) C:\Windows\system32\drivers\tcpipreg.sys

07:28:33.0938 1824 tcpipreg - ok

07:28:33.0965 1824 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys

07:28:33.0968 1824 TDPIPE - ok

07:28:33.0991 1824 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys

07:28:33.0994 1824 TDTCP - ok

07:28:34.0047 1824 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys

07:28:34.0060 1824 tdx - ok

07:28:34.0112 1824 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys

07:28:34.0118 1824 TermDD - ok

07:28:34.0204 1824 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll

07:28:34.0225 1824 TermService - ok

07:28:34.0310 1824 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll

07:28:34.0322 1824 Themes - ok

07:28:34.0352 1824 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll

07:28:34.0358 1824 THREADORDER - ok

07:28:34.0421 1824 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll

07:28:34.0475 1824 TrkWks - ok

07:28:34.0534 1824 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe

07:28:34.0536 1824 TrustedInstaller - ok

07:28:34.0559 1824 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys

07:28:34.0562 1824 tssecsrv - ok

07:28:34.0577 1824 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys

07:28:34.0580 1824 tunmp - ok

07:28:34.0645 1824 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys

07:28:34.0648 1824 tunnel - ok

07:28:34.0675 1824 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys

07:28:34.0680 1824 uagp35 - ok

07:28:34.0758 1824 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys

07:28:34.0772 1824 udfs - ok

07:28:34.0801 1824 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe

07:28:34.0816 1824 UI0Detect - ok

07:28:34.0848 1824 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys

07:28:34.0854 1824 uliagpkx - ok

07:28:34.0899 1824 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys

07:28:34.0914 1824 uliahci - ok

07:28:34.0944 1824 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys

07:28:34.0955 1824 UlSata - ok

07:28:34.0990 1824 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys

07:28:35.0000 1824 ulsata2 - ok

07:28:35.0022 1824 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys

07:28:35.0025 1824 umbus - ok

07:28:35.0170 1824 UMVPFSrv (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

07:28:35.0177 1824 UMVPFSrv - ok

07:28:35.0209 1824 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll

07:28:35.0230 1824 upnphost - ok

07:28:35.0277 1824 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys

07:28:35.0282 1824 usbaudio - ok

07:28:35.0317 1824 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys

07:28:35.0322 1824 usbccgp - ok

07:28:35.0341 1824 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys

07:28:35.0343 1824 usbcir - ok

07:28:35.0358 1824 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys

07:28:35.0360 1824 usbehci - ok

07:28:35.0420 1824 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys

07:28:35.0428 1824 usbhub - ok

07:28:35.0463 1824 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys

07:28:35.0465 1824 usbohci - ok

07:28:35.0478 1824 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys

07:28:35.0480 1824 usbprint - ok

07:28:35.0502 1824 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys

07:28:35.0504 1824 usbscan - ok

07:28:35.0546 1824 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS

07:28:35.0551 1824 USBSTOR - ok

07:28:35.0569 1824 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys

07:28:35.0572 1824 usbuhci - ok

07:28:35.0609 1824 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys

07:28:35.0619 1824 usbvideo - ok

07:28:35.0667 1824 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll

07:28:35.0683 1824 UxSms - ok

07:28:35.0738 1824 VCSVADHWSer (3a4b01c2bdb07dfef29b0b369487503a) C:\Windows\system32\DRIVERS\vcsvad.sys

07:28:35.0741 1824 VCSVADHWSer - ok

07:28:35.0813 1824 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe

07:28:35.0839 1824 vds - ok

07:28:35.0860 1824 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys

07:28:35.0863 1824 vga - ok

07:28:35.0880 1824 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys

07:28:35.0883 1824 VgaSave - ok

07:28:35.0904 1824 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys

07:28:35.0907 1824 viaide - ok

07:28:35.0973 1824 vmm (21c96aa588d3993191761a08dbaabb15) C:\Windows\system32\Drivers\vmm.sys

07:28:35.0987 1824 vmm - ok

07:28:36.0008 1824 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys

07:28:36.0014 1824 volmgr - ok

07:28:36.0096 1824 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys

07:28:36.0115 1824 volmgrx - ok

07:28:36.0170 1824 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys

07:28:36.0186 1824 volsnap - ok

07:28:36.0217 1824 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys

07:28:36.0227 1824 vsmraid - ok

07:28:36.0376 1824 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe

07:28:36.0404 1824 VSS - ok

07:28:36.0551 1824 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll

07:28:36.0572 1824 W32Time - ok

07:28:36.0600 1824 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys

07:28:36.0603 1824 WacomPen - ok

07:28:36.0670 1824 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

07:28:36.0683 1824 Wanarp - ok

07:28:36.0690 1824 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

07:28:36.0693 1824 Wanarpv6 - ok

07:28:36.0747 1824 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll

07:28:36.0776 1824 wcncsvc - ok

07:28:36.0812 1824 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll

07:28:36.0828 1824 WcsPlugInService - ok

07:28:36.0852 1824 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys

07:28:36.0854 1824 Wd - ok

07:28:36.0949 1824 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys

07:28:36.0983 1824 Wdf01000 - ok

07:28:37.0001 1824 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll

07:28:37.0015 1824 WdiServiceHost - ok

07:28:37.0023 1824 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll

07:28:37.0032 1824 WdiSystemHost - ok

07:28:37.0057 1824 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll

07:28:37.0073 1824 WebClient - ok

07:28:37.0139 1824 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll

07:28:37.0155 1824 Wecsvc - ok

07:28:37.0175 1824 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll

07:28:37.0189 1824 wercplsupport - ok

07:28:37.0207 1824 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll

07:28:37.0227 1824 WerSvc - ok

07:28:37.0262 1824 WinDefend - ok

07:28:37.0282 1824 WinHttpAutoProxySvc - ok

07:28:37.0370 1824 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll

07:28:37.0386 1824 Winmgmt - ok

07:28:37.0560 1824 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll

07:28:37.0624 1824 WinRM - ok

07:28:37.0793 1824 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll

07:28:37.0820 1824 Wlansvc - ok

07:28:37.0898 1824 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

07:28:37.0901 1824 wlcrasvc - ok

07:28:38.0092 1824 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

07:28:38.0124 1824 wlidsvc - ok

07:28:38.0189 1824 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys

07:28:38.0191 1824 WmiAcpi - ok

07:28:38.0268 1824 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe

07:28:38.0277 1824 wmiApSrv - ok

07:28:38.0312 1824 WMPNetworkSvc - ok

07:28:38.0415 1824 WMZuneComm (83b6ca03c846fcd47f9883d77d1eb27b) C:\Program Files\Zune\WMZuneComm.exe

07:28:38.0466 1824 WMZuneComm - ok

07:28:38.0504 1824 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll

07:28:38.0522 1824 WPCSvc - ok

07:28:38.0578 1824 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll

07:28:38.0599 1824 WPDBusEnum - ok

07:28:38.0643 1824 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys

07:28:38.0650 1824 WpdUsb - ok

07:28:38.0864 1824 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe

07:28:38.0883 1824 WPFFontCache_v0400 - ok

07:28:38.0907 1824 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys

07:28:38.0910 1824 ws2ifsl - ok

07:28:38.0961 1824 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll

07:28:38.0972 1824 wscsvc - ok

07:28:38.0979 1824 WSearch - ok

07:28:39.0195 1824 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

07:28:39.0256 1824 wuauserv - ok

07:28:39.0351 1824 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys

07:28:39.0363 1824 WUDFRd - ok

07:28:39.0418 1824 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll

07:28:39.0432 1824 wudfsvc - ok

07:28:39.0487 1824 zghsdiag (b03076bbf4e70490760adcc0045dc4ff) C:\Windows\system32\DRIVERS\zghsdiag.sys

07:28:39.0498 1824 zghsdiag - ok

07:28:40.0106 1824 ZuneNetworkSvc (67b787c34fb2888d01b130ae007042d8) C:\Program Files\Zune\ZuneNss.exe

07:28:40.0243 1824 ZuneNetworkSvc - ok

07:28:40.0318 1824 ZuneWlanCfgSvc (4d89fc1c20cf655739efac5da81a67bc) C:\Program Files\Zune\ZuneWlanCfgSvc.exe

07:28:40.0323 1824 ZuneWlanCfgSvc - ok

07:28:40.0347 1824 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

07:28:40.0942 1824 \Device\Harddisk0\DR0 - ok

07:28:40.0952 1824 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk3\DR3

07:28:40.0963 1824 \Device\Harddisk3\DR3 - ok

07:28:40.0968 1824 Boot (0x1200) (2ced98520bcfddfa6278d285d1b746a3) \Device\Harddisk0\DR0\Partition0

07:28:40.0971 1824 \Device\Harddisk0\DR0\Partition0 - ok

07:28:40.0991 1824 Boot (0x1200) (0df1ecab815e46fb4d74663479a58722) \Device\Harddisk0\DR0\Partition1

07:28:40.0994 1824 \Device\Harddisk0\DR0\Partition1 - ok

07:28:41.0024 1824 Boot (0x1200) (8dc1d6cde6e602afbe3b4a7a7d32f6d9) \Device\Harddisk0\DR0\Partition2

07:28:41.0027 1824 \Device\Harddisk0\DR0\Partition2 - ok

07:28:41.0036 1824 Boot (0x1200) (00f7632e7be0ca24199ba121b788fe81) \Device\Harddisk3\DR3\Partition0

07:28:41.0040 1824 \Device\Harddisk3\DR3\Partition0 - ok

07:28:41.0041 1824 ============================================================

07:28:41.0041 1824 Scan finished

07:28:41.0041 1824 ============================================================

07:28:41.0053 4848 Detected object count: 0

07:28:41.0053 4848 Actual detected object count: 0

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-07-12 07:50:26

-----------------------------

07:50:26.604 OS Version: Windows x64 6.0.6002 Service Pack 2

07:50:26.605 Number of processors: 4 586 0x203

07:50:26.606 ComputerName: LOOMPALAND UserName: Nick

07:50:28.193 Initialze error C000010E - driver not loaded

07:50:28.362 AVAST engine defs: 12071200

07:50:46.627 Service scanning

07:51:05.818 Modules scanning

07:51:05.826 Disk 0 trace - called modules:

07:51:05.831

07:51:07.025 AVAST engine scan C:\Windows

07:51:10.400 AVAST engine scan C:\Windows\system32

07:53:33.404 AVAST engine scan C:\Windows\system32\drivers

07:53:45.754 AVAST engine scan C:\Users\Nick

08:10:44.230 AVAST engine scan C:\ProgramData

08:11:39.347 Scan finished successfully

16:05:21.810 The log file has been saved successfully to "C:\Users\Nick\Documents\Google Redirect Logs\aswMBR.txt"

Link to post
Share on other sites

  • Staff

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

 ClearJavaCache:: 

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  1. report from Combofix
  2. let me know of any problems you may have had
  3. How is the computer doing now after running the script?

Gringo

Link to post
Share on other sites

Why did you want me to rescan with Combofix? aswMBR was the one that didn't ask for updates. In any case, I did as the previous post specified. Below are the scan results:

ComboFix 12-07-13.03 - Nick 07/13/2012 13:39:36.3.4 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.7037.3688 [GMT -5:00]

Running from: c:\users\Nick\Downloads\Combofix\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-06-13 to 2012-07-13 )))))))))))))))))))))))))))))))

.

.

2012-07-13 18:52 . 2012-07-13 18:52 -------- d-----w- c:\users\Nick\AppData\Local\temp

2012-07-13 18:52 . 2012-07-13 18:52 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-10 03:06 . 2012-07-03 16:21 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-07-10 03:06 . 2012-07-03 16:21 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-07-10 03:06 . 2012-07-03 16:21 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-07-10 03:06 . 2012-07-03 16:21 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-07-10 03:06 . 2012-07-03 16:21 44272 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-07-10 03:06 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe

2012-07-10 03:06 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr

2012-07-10 03:06 . 2012-07-03 16:21 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-07-10 03:05 . 2012-07-10 03:05 -------- d-----w- c:\programdata\AVAST Software

2012-07-10 03:05 . 2012-07-10 03:05 -------- d-----w- c:\program files\AVAST Software

2012-07-10 01:18 . 2012-07-10 01:18 -------- d-----w- c:\programdata\GFI Software

2012-07-09 05:27 . 2012-07-10 00:02 -------- d-----w- C:\sh4ldr

2012-07-09 05:27 . 2012-07-09 05:27 -------- d-----w- c:\program files\Enigma Software Group

2012-07-09 05:26 . 2012-07-10 00:02 -------- d-----w- c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP

2012-07-09 05:26 . 2012-07-09 05:26 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2012-07-07 00:08 . 2012-07-07 00:08 -------- d-----w- c:\program files (x86)\Chami

2012-07-06 23:03 . 2009-11-06 13:15 232448 ----a-w- C:\libtidy.dll

2012-07-05 00:34 . 2012-07-05 00:34 -------- d-----w- c:\users\Nick\.idlerc

2012-07-05 00:31 . 2012-07-06 23:03 -------- d-----w- C:\Python27

2012-07-04 21:23 . 2012-07-04 21:23 -------- d-----w- c:\users\Nick\AppData\Local\Wondershare

2012-07-04 21:23 . 2012-07-04 21:23 -------- d-----w- c:\program files (x86)\Common Files\Wondershare

2012-07-04 21:23 . 2012-07-04 21:24 -------- d-----w- c:\users\Nick\AppData\Roaming\Wondershare

2012-07-04 21:23 . 2012-07-04 21:23 -------- d-----w- c:\program files (x86)\Wondershare

2012-07-03 21:13 . 2012-02-10 22:19 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{890F334B-D606-498B-B60C-6E607927B377}\gapaengine.dll

2012-06-26 03:17 . 2012-07-09 23:11 -------- d-----w- c:\program files (x86)\NetMake

2012-06-25 23:20 . 2012-06-25 23:27 -------- d-----w- c:\users\Nick\AppData\Local\CCS5

2012-06-25 23:08 . 2012-06-25 23:08 466944 ----a-w- c:\windows\SysWow64\wodSFTP.ocx

2012-06-25 22:33 . 2012-06-25 22:33 -------- d-----w- c:\program files (x86)\Windows Script Control

2012-06-25 22:32 . 2012-06-25 22:33 -------- d-----w- c:\program files (x86)\Common Files\e.World

2012-06-24 13:53 . 2012-06-24 13:53 -------- d-----w- c:\program files (x86)\ASPRunnerPro7.1

2012-06-23 23:56 . 2012-06-23 23:56 -------- d-----w- c:\users\Nick\AppData\Local\Macromedia

2012-06-23 08:35 . 2012-06-23 08:35 -------- d-----w- c:\windows\system32\drivers\UMDF\ko-KR

2012-06-23 08:31 . 2009-07-27 15:00 1547776 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL

2012-06-23 08:31 . 2009-07-27 15:09 1701888 ----a-w- c:\windows\system32\WMVDECOD.DLL

2012-06-23 08:31 . 2009-09-10 15:27 1486848 ----a-w- c:\program files\Windows Media Player\setup_wm.exe

2012-06-23 08:31 . 2009-09-10 14:58 1418752 ----a-w- c:\program files (x86)\Windows Media Player\setup_wm.exe

2012-06-23 08:31 . 2009-09-10 15:27 372736 ----a-w- c:\windows\system32\unregmp2.exe

2012-06-23 08:31 . 2009-09-10 14:58 310784 ----a-w- c:\windows\SysWow64\unregmp2.exe

2012-06-23 08:30 . 2011-02-22 13:53 1149440 ----a-w- c:\windows\system32\FntCache.dll

2012-06-23 08:30 . 2011-02-22 14:47 479744 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2012-06-23 08:30 . 2011-02-22 14:13 288768 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2012-06-23 08:28 . 2010-08-26 17:42 1927680 ----a-w- c:\windows\system32\gameux.dll

2012-06-23 08:28 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\SysWow64\gameux.dll

2012-06-23 08:28 . 2011-03-03 15:59 32256 ----a-w- c:\windows\system32\Apphlpdm.dll

2012-06-23 08:28 . 2011-03-03 15:40 28672 ----a-w- c:\windows\SysWow64\Apphlpdm.dll

2012-06-23 08:28 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\SysWow64\GameUXLegacyGDFs.dll

2012-06-23 08:28 . 2011-03-03 14:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2012-06-23 08:28 . 2012-04-23 16:25 132096 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-23 08:28 . 2012-04-23 16:25 1267200 ----a-w- c:\windows\system32\crypt32.dll

2012-06-23 08:28 . 2012-04-23 16:00 984064 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-06-23 08:28 . 2012-04-23 16:25 174592 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-23 08:28 . 2012-04-23 16:00 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-06-23 08:28 . 2012-04-23 16:00 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-06-23 08:24 . 2011-03-12 22:52 1653760 ----a-w- c:\windows\system32\XpsPrint.dll

2012-06-23 08:24 . 2011-03-12 21:55 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll

2012-06-23 08:16 . 2012-06-23 08:16 -------- d-----w- c:\program files\Microsoft

2012-06-21 03:37 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-21 03:37 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-21 03:37 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-21 03:37 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 03:36 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-21 03:36 . 2012-06-02 22:12 88576 ----a-w- c:\windows\SysWow64\wudriver.dll

2012-06-21 03:36 . 2012-06-02 22:19 35864 ----a-w- c:\windows\SysWow64\wups.dll

2012-06-21 03:36 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-21 03:36 . 2012-06-02 22:19 577048 ----a-w- c:\windows\SysWow64\wuapi.dll

2012-06-21 03:36 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 03:36 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-21 03:36 . 2012-06-02 20:19 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll

2012-06-21 03:36 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-21 03:36 . 2012-06-02 20:12 33792 ----a-w- c:\windows\SysWow64\wuapp.exe

2012-06-20 13:54 . 2012-06-20 13:54 -------- d-----w- c:\program files (x86)\CamStudio 2.6b

2012-06-20 13:54 . 2010-10-24 05:56 49664 ----a-w- c:\windows\system32\CamCodec.dll

2012-06-18 15:04 . 2012-06-18 15:12 -------- d-----w- c:\program files (x86)\PHPRunner6.1

2012-06-18 12:49 . 2012-06-26 03:51 -------- d-----w- C:\xampp

2012-06-14 19:27 . 2012-05-18 02:01 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll

2012-06-14 19:27 . 2012-05-17 22:38 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll

2012-06-14 19:27 . 2012-05-17 22:37 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll

2012-06-14 19:27 . 2012-05-18 02:02 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-23 23:34 . 2012-04-05 11:53 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-23 23:34 . 2011-05-14 05:15 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-08 14:41 . 2012-06-03 12:37 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll

2012-06-08 05:31 . 2012-06-08 05:31 955848 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-06-08 05:31 . 2011-11-17 20:18 839112 ----a-w- c:\windows\system32\deployJava1.dll

2012-06-04 20:49 . 2012-06-03 12:22 565056 ----a-w- c:\programdata\Microsoft\VWDExpress\10.0\1033\ResourceCache.dll

2012-06-04 12:22 . 2011-04-22 12:56 100512 ----a-w- c:\programdata\Microsoft\VPDExpress\10.0\1033\ResourceCache.dll

2012-06-04 12:20 . 2012-05-30 05:42 190656 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll

2012-05-17 22:36 . 2012-06-09 03:55 2468520 ----a-w- c:\windows\SysWow64\BootMan.exe

2012-05-15 20:15 . 2012-06-13 02:13 2767360 ----a-w- c:\windows\system32\win32k.sys

2012-05-15 16:13 . 2012-06-09 03:55 3316736 ----a-w- c:\windows\system32\BootMan.exe

2012-05-03 22:52 . 2012-06-09 04:09 25224 ----a-w- c:\windows\system32\fbnative.exe

2012-05-03 22:52 . 2012-06-09 04:10 189576 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys

2012-05-03 22:52 . 2012-06-09 04:10 48776 ----a-w- c:\windows\system32\drivers\EUBKMON.sys

2012-05-03 22:51 . 2012-06-09 04:10 19592 ----a-w- c:\windows\system32\drivers\eudskacs.sys

2012-05-03 22:51 . 2012-06-09 04:10 58504 ----a-w- c:\windows\system32\drivers\eubakup.sys

2012-05-01 14:29 . 2012-06-13 02:16 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2012-07-11_10.05.17 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-01-21 03:20 . 2012-07-11 08:54 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-01-21 03:20 . 2012-07-13 17:05 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-01-21 03:20 . 2012-07-13 17:05 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-01-21 03:20 . 2012-07-11 08:54 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-01-21 03:20 . 2012-07-13 17:05 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-01-21 03:20 . 2012-07-11 08:54 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2012-07-09 05:05 . 2012-07-11 05:53 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2012-07-09 05:05 . 2012-07-13 07:53 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2006-11-02 12:33 . 2012-07-11 10:33 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat

- 2006-11-02 12:33 . 2012-07-10 00:24 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat

+ 2012-07-13 12:29 . 2012-07-13 18:37 10850304 c:\windows\erdnt\Hiv-backup\schema.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"cdloader"="c:\users\Nick\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

S2 ABBYY.Licensing.FineReader.Corporate.10.0;ABBYY FineReader 10 CE Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe [2009-12-19 814344]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 62743802

*Deregistered* - 62743802

*Deregistered* - aswMBR

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

Themes

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-06 13:10]

.

2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-06 13:10]

.

2012-07-04 c:\windows\Tasks\PCDRScheduledMaintenance.job

- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-09-10 16:43]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-12 15853088]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-12 82464]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\guard64.dll

.

------- Supplementary Scan -------

.

uStart Page = about:blank

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm

IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.1.254

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\9kqhg7vi.default\

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MsDepSvc]

"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{8AAF211B-043E02A9-05040000}]

"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2012-07-13 13:56:06

ComboFix-quarantined-files.txt 2012-07-13 18:56

ComboFix2.txt 2012-07-13 12:51

ComboFix3.txt 2012-07-11 10:09

.

Pre-Run: 258,419,138,560 bytes free

Post-Run: 258,370,392,064 bytes free

.

- - End Of File - - C81A3D2893A5189561BFFE167494B08C

Link to post
Share on other sites

  • Staff

Greetings

You already have the defs on the computer with avast antivirus and it used those

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

  • Programs to remove
    • Java™ 6 Update 31
      Java™ 6 Update 7

  • Please download and install
Revo Uninstaller FreeDouble click Revo Uninstaller to run it.
From the list of programs double click on The Program to remove
When prompted if you want to uninstall click Yes.
Be sure the Moderate option is selected then click Next.
The program will run, If prompted again click Yes
when the built-in uninstaller is finished click on Next.
Once the program has searched for leftovers click Next.
Check/tick the bolded items only on the list then click Delete
when prompted click on Yes and then on next.
put a check on any folders that are found and select delete
when prompted select yes then on next
Once done click Finish.

.

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.
    Download CCleaner from here http://www.ccleaner.com/
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**

sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe

(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit

(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit

and select to run as administrator

"information and logs"

  • In your next post I need the following
  1. Log From MBAM
  2. report from Hijackthis
  3. let me know of any problems you may have had
  4. How is the computer doing now?

Gringo

Link to post
Share on other sites

syddee - You can get it here: http://www.malwarebytes.org/products/malwarebytes_free

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.14.04

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 9.0.8112.16421

Nick :: LOOMPALAND [administrator]

7/14/2012 7:35:14 AM

mbam-log-2012-07-14 (07-35-14).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 216371

Time elapsed: 3 minute(s), 16 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 7:40:44 AM, on 7/14/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16446)

Boot mode: Normal

Running processes:

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Windows\SysWOW64\ctfmon.exe

C:\Users\Nick\AppData\Roaming\mjusbsp\magicJack.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Nick\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [cdloader] "C:\Users\Nick\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_262_Plugin.exe -update plugin

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} (Java Plug-in 1.6.0_25) -

O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.7.0_01) -

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: ABBYY FineReader 10 CE Licensing Service (ABBYY.Licensing.FineReader.Corporate.10.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: EaseUS Agent Service (EaseUS Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe

O23 - Service: Guard Agent Service (Guard Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 9403 bytes

So far it seems as if there's no more browser redirects, even though I have no clue how it was deleted as the AV scans didn't find anything.

Link to post
Share on other sites

  • Staff

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional

These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_262_Plugin.exe -update plugin

    [*] Close all open windows and browsers/email, etc...

    [*] Click on the "Fix Checked" button

    [*] When completed, close the application.

    • NOTE**You can research each of those lines
    >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]

NOTE**

sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe

(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit

(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit

and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start

    [*]When asked, allow the add/on to be installed

    • Click Start

    [*]Make sure that the option Remove found threats is unticked

    [*]Click on Advanced Settings, ensure the options

    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

    [*]Click Scan

    [*]wait for the virus definitions to be downloaded

    [*]Wait for the scan to finish

When the scan is complete

  • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found

  • If threats were found
    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    • close program
    • copy and paste the report here

Gringo

Link to post
Share on other sites

I just done a few searches and discovered the browser hijacker still exists. I have started saving the URLs in a text file and contacting the companies they are affiliated with in the hopes of getting their affiliate accounts shut down as they are advertising their affiliate links via criminal acts.

Therefore, I'm still infected.

Link to post
Share on other sites

  • Staff

Greetings

which browsers are doing the redirecting?

please verify all that are installed on the computer

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later

    [*]Please post the contents of OTL.txt in your next reply.

Gringo

Link to post
Share on other sites

OTL logfile created on: 7/14/2012 4:20:14 PM - Run 1

OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Nick\Downloads

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.87 Gb Total Physical Memory | 4.68 Gb Available Physical Memory | 68.09% Memory free

13.83 Gb Paging File | 11.41 Gb Available in Paging File | 82.46% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 436.56 Gb Total Space | 240.41 Gb Free Space | 55.07% Space Free | Partition Type: NTFS

Drive D: | 13.12 Gb Total Space | 1.77 Gb Free Space | 13.50% Space Free | Partition Type: NTFS

Drive E: | 146.48 Gb Total Space | 22.68 Gb Free Space | 15.49% Space Free | Partition Type: NTFS

Drive L: | 1.84 Gb Total Space | 1.60 Gb Free Space | 86.91% Space Free | Partition Type: FAT

Computer Name: LOOMPALAND | User Name: Nick | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Nick\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)

PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

PRC - C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe (CHENGDU YIWO Tech Development Co., Ltd)

PRC - C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)

PRC - C:\Users\Nick\AppData\Roaming\mjusbsp\magicJack.exe (magicJack L.P.)

PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)

PRC - C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe (ABBYY)

PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppgooglenaclpluginchrome.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\avutil-51.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\avformat-54.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll ()

MOD - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.3\libEGL.dll ()

MOD - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.3\libGLESv2.dll ()

MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)

SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SRV:64bit: - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)

SRV:64bit: - (ZuneWlanCfgSvc) -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)

SRV:64bit: - (WMZuneComm) -- C:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)

SRV:64bit: - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)

SRV:64bit: - (MsDepSvc) -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe (Microsoft Corporation)

SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV:64bit: - (hpqddsvc) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)

SRV:64bit: - (hpqcxs08) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (Guard Agent) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe (CHENGDU YIWO Tech Development Co., Ltd)

SRV - (EaseUS Agent) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)

SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)

SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (ABBYY.Licensing.FineReader.Corporate.10.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe (ABBYY)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)

DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)

DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)

DRV:64bit: - (AswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)

DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)

DRV:64bit: - (EUFDDISK) -- C:\Windows\SysNative\drivers\EuFdDisk.sys (CHENGDU YIWO Tech Development Co., Ltd)

DRV:64bit: - (EUBKMON) -- C:\Windows\SysNative\drivers\EUBKMON.sys ()

DRV:64bit: - (EUDSKACS) -- C:\Windows\SysNative\drivers\eudskacs.sys (CHENGDU YIWO Tech Development Co., Ltd)

DRV:64bit: - (EUBAKUP) -- C:\Windows\SysNative\drivers\eubakup.sys (CHENGDU YIWO Tech Development Co., Ltd)

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys (Microsoft Corporation)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (LVUVC64) Logitech QuickCam Pro 9000(UVC) -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys (Logitech Inc.)

DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\DRIVERS\lvrs64.sys (Logitech Inc.)

DRV:64bit: - (RsFx0105) -- C:\Windows\SysNative\DRIVERS\RsFx0105.sys (Microsoft Corporation)

DRV:64bit: - (zghsdiag) -- C:\Windows\SysNative\DRIVERS\zghsdiag.sys (ZTE Incorporated)

DRV:64bit: - (massfilter_hs) -- C:\Windows\SysNative\drivers\massfilter_hs.sys (HandSet Incorporated)

DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (MBB Incorporated)

DRV:64bit: - (epmntdrv) -- C:\Windows\SysNative\epmntdrv.sys ()

DRV:64bit: - (EuGdiDrv) -- C:\Windows\SysNative\EuGdiDrv.sys ()

DRV:64bit: - (BTWAMPFL) -- C:\Windows\SysNative\DRIVERS\btwampfl.sys (Broadcom Corporation.)

DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)

DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)

DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys (Broadcom Corporation.)

DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\DRIVERS\btwrchid.sys (Broadcom Corporation.)

DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys (Microsoft Corporation)

DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\DRIVERS\ssadmdm.sys (MCCI Corporation)

DRV:64bit: - (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) -- C:\Windows\SysNative\DRIVERS\ssadserd.sys (MCCI Corporation)

DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\DRIVERS\ssadbus.sys (MCCI Corporation)

DRV:64bit: - (androidusb) -- C:\Windows\SysNative\Drivers\ssadadb.sys (Google Inc)

DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\DRIVERS\ssadmdfl.sys (MCCI Corporation)

DRV:64bit: - (vmm) -- C:\Windows\SysNative\Drivers\vmm.sys (Microsoft Corporation)

DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)

DRV:64bit: - (ScreamBAudioSvc) -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys (Screaming Bee LLC)

DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)

DRV:64bit: - (VCSVADHWSer) Avnex Virtual Audio Device (WDM) -- C:\Windows\SysNative\DRIVERS\vcsvad.sys (Avnex)

DRV:64bit: - (PCD5SRVC{8AAF211B-043E02A9-05040000}) -- C:\Program Files\PC-Doctor for Windows\pcd5srvc_x64.pkms (PC-Doctor, Inc.)

DRV - (epmntdrv) -- C:\Windows\SysWOW64\epmntdrv.sys ()

DRV - (EuGdiDrv) -- C:\Windows\SysWOW64\EuGdiDrv.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D4995696-6C2F-4251-8AC0-D503C23712BF}

IE:64bit: - HKLM\..\SearchScopes\{D4995696-6C2F-4251-8AC0-D503C23712BF}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF

IE:64bit: - HKLM\..\SearchScopes\{E4C79FEC-33AC-498B-9535-EC195C9BD400}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt

IE - HKLM\..\SearchScopes,DefaultScope = {D4995696-6C2F-4251-8AC0-D503C23712BF}

IE - HKLM\..\SearchScopes\{D4995696-6C2F-4251-8AC0-D503C23712BF}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF

IE - HKLM\..\SearchScopes\{E4C79FEC-33AC-498B-9535-EC195C9BD400}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2402766653-243950496-3254906195-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-2402766653-243950496-3254906195-1000\..\SearchScopes,DefaultScope = {D4995696-6C2F-4251-8AC0-D503C23712BF}

IE - HKU\S-1-5-21-2402766653-243950496-3254906195-1000\..\SearchScopes\{D4995696-6C2F-4251-8AC0-D503C23712BF}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKU\S-1-5-21-2402766653-243950496-3254906195-1000\..\SearchScopes\{E4C79FEC-33AC-498B-9535-EC195C9BD400}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

IE - HKU\S-1-5-21-2402766653-243950496-3254906195-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@xstandard.com/XStandard: C:\Program Files (x86)\XStandard\Bin\NPXStandard.dll (Belus Technology Inc.)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Nick\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Nick\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nick\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nick\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/09 22:06:15 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/17 08:17:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/30 00:19:00 | 000,000,000 | ---D | M]

[2011/04/15 01:15:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick\AppData\Roaming\Mozilla\Extensions

[2012/07/08 10:00:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\9kqhg7vi.default\extensions

[2012/06/23 02:04:47 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\9kqhg7vi.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2012/03/17 21:21:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011/12/11 18:11:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2012/06/17 08:17:58 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/06/07 19:29:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/06/07 19:29:03 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll

CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Nick\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Nick\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MI1933~1\Office14\NPSPWRAP.DLL

CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 7 U3 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: XStandard (Enabled) = C:\Program Files (x86)\XStandard\Bin\NPXStandard.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: YouTube = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Draw Something = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpfpcdinndbjpbjmdpcgemeejpohbkl\1.0_0\

CHR - Extension: Google Search = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: avast! WebRep = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\

CHR - Extension: Skype Click to Call = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\

CHR - Extension: ICE Quick Stream = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapljocpedaolbooelchgnkkaplpadgp\5.3_0\

CHR - Extension: Unannoying Facebook = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphkbajimngabpbfbhkikplpdaohoe\1.4_0\

CHR - Extension: Gmail = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/11 05:05:09 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKU\S-1-5-21-2402766653-243950496-3254906195-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKU\S-1-5-21-2402766653-243950496-3254906195-1000..\Run: [cdloader] C:\Users\Nick\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)

O4 - HKU\S-1-5-21-2402766653-243950496-3254906195-1000..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2402766653-243950496-3254906195-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2402766653-243950496-3254906195-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()

O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()

O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()

O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()

O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()

O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()

O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()

O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll ()

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 10.4.0)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 10.4.0)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 10.5.0)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_25)

O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.7.0_01)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 10.5.0)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1ADD8C62-A43D-49E7-93B0-4F3BA4D078ED}: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - AppInit_DLLs: (C:\Windows\System32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)

O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img19.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img19.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/09/12 21:03:04 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/14 10:09:15 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012/07/14 10:09:15 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012/07/14 10:09:14 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012/07/14 10:09:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012/07/14 10:09:13 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012/07/14 10:09:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012/07/14 10:09:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012/07/14 10:09:12 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2012/07/14 10:09:12 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2012/07/14 10:09:11 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012/07/14 10:09:11 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012/07/14 10:09:10 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012/07/14 10:09:10 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012/07/14 07:29:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle

[2012/07/14 07:29:09 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe

[2012/07/14 07:28:41 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe

[2012/07/14 07:28:41 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe

[2012/07/14 07:27:22 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

[2012/07/14 07:18:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/07/14 07:15:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012/07/13 13:56:10 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/07/13 13:56:10 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\temp

[2012/07/11 05:42:12 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll

[2012/07/11 04:46:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/07/11 04:46:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/07/11 04:46:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/07/11 04:42:21 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/07/11 04:41:38 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/07/09 22:06:25 | 000,355,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2012/07/09 22:06:25 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

[2012/07/09 22:06:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus

[2012/07/09 22:06:23 | 000,958,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys

[2012/07/09 22:06:23 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

[2012/07/09 22:06:23 | 000,071,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2012/07/09 22:06:23 | 000,044,272 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys

[2012/07/09 22:06:14 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe

[2012/07/09 22:06:14 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2012/07/09 22:05:57 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

[2012/07/09 22:05:57 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2012/07/09 21:14:18 | 000,000,000 | ---D | C] -- C:\Users\Nick\Documents\Google Redirect Logs

[2012/07/09 20:18:50 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software

[2012/07/09 00:27:39 | 000,000,000 | ---D | C] -- C:\sh4ldr

[2012/07/09 00:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group

[2012/07/09 00:26:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard

[2012/07/06 19:08:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTML-Kit

[2012/07/06 19:08:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Chami

[2012/07/04 19:34:23 | 000,000,000 | ---D | C] -- C:\Users\Nick\.idlerc

[2012/07/04 19:33:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7

[2012/07/04 19:31:52 | 000,000,000 | ---D | C] -- C:\Python27

[2012/07/04 16:23:45 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\Wondershare

[2012/07/04 16:23:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wondershare

[2012/07/04 16:23:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare

[2012/07/04 16:23:36 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Wondershare

[2012/07/04 16:23:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wondershare

[2012/06/25 22:17:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NetMake

[2012/06/25 18:27:54 | 000,000,000 | ---D | C] -- C:\Users\Nick\Documents\PHPMaker

[2012/06/25 18:21:07 | 000,000,000 | ---D | C] -- C:\Users\Nick\Documents\CodeChargeStudio5

[2012/06/25 18:20:27 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\CCS5

[2012/06/25 18:08:18 | 000,466,944 | ---- | C] (WeOnlyDo! COM) -- C:\Windows\SysWow64\wodSFTP.ocx

[2012/06/25 17:33:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Script Control

[2012/06/25 17:32:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\e.World

[2012/06/24 08:55:37 | 000,000,000 | ---D | C] -- C:\Users\Nick\Documents\PHPRunnerTemplates

[2012/06/24 08:55:11 | 000,000,000 | ---D | C] -- C:\Users\Nick\Documents\Classified11php

[2012/06/24 08:53:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASPRunner Professional 7.1

[2012/06/24 08:53:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASPRunnerPro7.1

[2012/06/23 18:56:37 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\Macromedia

[2012/06/23 18:25:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell

[2012/06/23 18:25:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell

[2012/06/23 03:37:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrsmgr.dll

[2012/06/23 03:37:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrsmgr.dll

[2012/06/23 03:37:50 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmplpxy.dll

[2012/06/23 03:37:50 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrssrv.dll

[2012/06/23 03:37:45 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmplpxy.dll

[2012/06/23 03:37:45 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrssrv.dll

[2012/06/23 03:37:35 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pwrshplugin.dll

[2012/06/23 03:37:35 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pwrshplugin.dll

[2012/06/23 03:37:35 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmprovhost.exe

[2012/06/23 03:37:34 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrs.exe

[2012/06/23 03:37:34 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrshost.exe

[2012/06/23 03:37:22 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wevtfwd.dll

[2012/06/23 03:37:22 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wecutil.exe

[2012/06/23 03:37:22 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wecapi.dll

[2012/06/23 03:37:22 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wevtfwd.dll

[2012/06/23 03:37:22 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecutil.exe

[2012/06/23 03:37:22 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecapi.dll

[2012/06/23 03:37:22 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmRes.dll

[2012/06/23 03:37:22 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmRes.dll

[2012/06/23 03:37:21 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrs.exe

[2012/06/23 03:37:21 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrshost.exe

[2012/06/23 03:37:21 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmprovhost.exe

[2012/06/23 03:37:08 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmWmiPl.dll

[2012/06/23 03:37:08 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmAuto.dll

[2012/06/23 03:37:08 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAuto.dll

[2012/06/23 03:37:07 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrscmd.dll

[2012/06/23 03:37:07 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManMigrationPlugin.dll

[2012/06/23 03:37:07 | 000,348,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManHTTPConfig.exe

[2012/06/23 03:37:07 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManMigrationPlugin.dll

[2012/06/23 03:37:07 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManHTTPConfig.exe

[2012/06/23 03:37:07 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrscmd.dll

[2012/06/23 03:37:07 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmWmiPl.dll

[2012/06/23 03:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune

[2012/06/23 03:33:36 | 000,000,000 | ---D | C] -- C:\Program Files\Zune

[2012/06/23 03:31:45 | 001,547,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL

[2012/06/23 03:31:44 | 001,701,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL

[2012/06/23 03:31:02 | 000,372,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\unregmp2.exe

[2012/06/23 03:31:02 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unregmp2.exe

[2012/06/23 03:30:34 | 001,210,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll

[2012/06/23 03:30:25 | 000,479,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll

[2012/06/23 03:30:25 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll

[2012/06/23 03:29:57 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll

[2012/06/23 03:29:57 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll

[2012/06/23 03:29:55 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll

[2012/06/23 03:29:52 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll

[2012/06/23 03:29:47 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe

[2012/06/23 03:29:47 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe

[2012/06/23 03:29:47 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe

[2012/06/23 03:29:46 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe

[2012/06/23 03:29:45 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe

[2012/06/23 03:29:45 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe

[2012/06/23 03:29:45 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe

[2012/06/23 03:29:44 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe

[2012/06/23 03:29:44 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll

[2012/06/23 03:29:44 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll

[2012/06/23 03:29:43 | 000,460,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll

[2012/06/23 03:29:43 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll

[2012/06/23 03:29:43 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll

[2012/06/23 03:29:39 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl

[2012/06/23 03:29:38 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl

[2012/06/23 03:29:37 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll

[2012/06/23 03:28:22 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll

[2012/06/23 03:28:21 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll

[2012/06/23 03:28:17 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll

[2012/06/23 03:28:17 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll

[2012/06/23 03:28:17 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll

[2012/06/23 03:28:16 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll

[2012/06/23 03:28:12 | 001,267,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll

[2012/06/23 03:28:12 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll

[2012/06/23 03:24:06 | 001,653,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll

[2012/06/23 03:24:06 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll

[2012/06/23 03:16:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft

[2012/06/23 02:53:09 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{3485212A-AB11-4E82-8BD9-8EA490C38DAB}

[2012/06/20 22:37:17 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll

[2012/06/20 22:37:17 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe

[2012/06/20 22:37:17 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll

[2012/06/20 22:36:43 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll

[2012/06/20 22:36:43 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll

[2012/06/20 22:36:42 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll

[2012/06/20 22:36:42 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll

[2012/06/20 22:36:42 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll

[2012/06/20 22:36:42 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll

[2012/06/20 22:36:32 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll

[2012/06/20 22:36:32 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll

[2012/06/20 22:36:32 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe

[2012/06/20 22:36:32 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe

[2012/06/20 08:54:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio

[2012/06/20 08:54:51 | 000,049,664 | ---- | C] (CamStudio Group) -- C:\Windows\SysNative\CamCodec.dll

[2012/06/20 08:54:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CamStudio 2.6b

[2012/06/18 17:07:37 | 000,000,000 | ---D | C] -- C:\Users\Nick\Documents\PHPRunnerProjects

[2012/06/18 17:07:37 | 000,000,000 | ---D | C] -- C:\Users\Nick\Documents\PHPRunnerLayouts

[2012/06/18 10:04:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PHPRunner6.1

[2012/06/18 10:04:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PHPRunner6.1

[2012/06/18 07:49:43 | 000,000,000 | ---D | C] -- C:\xampp

[2012/06/18 07:00:39 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\nuBuilder

[4 C:\Users\Nick\Documents\*.tmp files -> C:\Users\Nick\Documents\*.tmp -> ]

[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/14 16:21:44 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/07/14 16:21:44 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/07/14 15:53:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/07/14 10:24:49 | 000,000,896 | ---- | M] () -- C:\Users\Nick\Desktop\magicJack.lnk

[2012/07/14 10:24:17 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/07/14 10:21:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/07/14 10:21:15 | 001,168,832 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/07/14 10:16:10 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2012/07/14 10:04:42 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012/07/14 10:04:42 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/07/14 07:39:08 | 000,081,408 | ---- | M] () -- C:\Users\Nick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/07/14 07:33:29 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/14 07:28:30 | 000,772,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll

[2012/07/14 07:28:30 | 000,687,600 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll

[2012/07/14 07:28:30 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe

[2012/07/14 07:28:30 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe

[2012/07/14 07:28:30 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe

[2012/07/11 05:05:09 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/07/11 02:54:01 | 000,000,059 | ---- | M] () -- C:\Windows\wpd99.drv

[2012/07/10 08:07:42 | 000,000,000 | ---- | M] () -- C:\Users\Nick\defogger_reenable

[2012/07/09 22:50:32 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2012/07/09 22:10:07 | 000,007,728 | ---- | M] () -- C:\Users\Nick\AppData\Local\d3d9caps.dat

[2012/07/09 22:06:25 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2012/07/09 20:57:09 | 000,442,985 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120709-210124.backup

[2012/07/08 23:52:17 | 000,001,460 | ---- | M] () -- C:\Users\Nick\AppData\Local\d3d9caps64.dat

[2012/07/08 23:36:31 | 000,001,129 | ---- | M] () -- C:\Users\Nick\Desktop\Spybot - Search & Destroy.lnk

[2012/07/06 19:08:59 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\HTML-Kit.lnk

[2012/07/04 17:04:36 | 000,878,198 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/07/04 17:04:36 | 000,728,552 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/07/04 17:04:36 | 000,152,180 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/07/04 15:32:55 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job

[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/07/03 11:21:52 | 000,958,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys

[2012/07/03 11:21:52 | 000,355,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2012/07/03 11:21:52 | 000,071,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2012/07/03 11:21:52 | 000,044,272 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys

[2012/07/03 11:21:51 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

[2012/07/03 11:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

[2012/07/03 11:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe

[2012/07/03 11:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

[2012/06/30 07:54:43 | 000,000,550 | ---- | M] () -- C:\Users\Nick\Documents\recaptchamail.html

[2012/06/25 18:12:05 | 000,000,198 | ---- | M] () -- C:\Windows\ODBC.INI

[2012/06/25 18:08:18 | 000,466,944 | ---- | M] (WeOnlyDo! COM) -- C:\Windows\SysWow64\wodSFTP.ocx

[2012/06/24 08:53:56 | 000,000,919 | ---- | M] () -- C:\Users\Nick\Desktop\ASPRunner Professional 7.1.lnk

[2012/06/20 08:54:54 | 000,000,816 | ---- | M] () -- C:\Users\Public\Desktop\CamStudio-Recorder.lnk

[2012/06/18 09:12:39 | 000,000,560 | ---- | M] () -- C:\Users\Nick\Desktop\XAMPP.lnk

[2012/06/18 08:23:23 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[4 C:\Users\Nick\Documents\*.tmp files -> C:\Users\Nick\Documents\*.tmp -> ]

[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/11 04:46:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/07/11 04:46:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/07/11 04:46:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/07/11 04:46:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/07/11 04:46:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/07/10 08:07:42 | 000,000,000 | ---- | C] () -- C:\Users\Nick\defogger_reenable

[2012/07/09 22:06:25 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2012/07/09 22:06:23 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt

[2012/07/06 19:08:59 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\HTML-Kit.lnk

[2012/07/06 18:03:57 | 000,232,448 | ---- | C] () -- C:\libtidy.dll

[2012/06/30 07:52:04 | 000,000,550 | ---- | C] () -- C:\Users\Nick\Documents\recaptchamail.html

[2012/06/25 18:11:44 | 000,000,198 | ---- | C] () -- C:\Windows\ODBC.INI

[2012/06/24 08:53:56 | 000,000,919 | ---- | C] () -- C:\Users\Nick\Desktop\ASPRunner Professional 7.1.lnk

[2012/06/23 03:37:11 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs

[2012/06/23 03:37:11 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs

[2012/06/23 03:37:11 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml

[2012/06/23 03:37:11 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml

[2012/06/23 03:37:11 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl

[2012/06/23 03:37:11 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl

[2012/06/23 03:17:05 | 000,001,968 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Web Platform Installer.lnk

[2012/06/20 08:54:54 | 000,000,816 | ---- | C] () -- C:\Users\Public\Desktop\CamStudio-Recorder.lnk

[2012/06/18 09:12:39 | 000,000,560 | ---- | C] () -- C:\Users\Nick\Desktop\XAMPP.lnk

[2012/06/11 04:15:23 | 000,000,239 | ---- | C] () -- C:\Windows\w32demo8.ini

[2012/06/08 22:55:43 | 002,468,520 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe

[2012/06/08 22:55:43 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll

[2012/06/08 22:55:42 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe

[2012/06/08 22:55:42 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys

[2012/06/08 22:55:42 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys

[2012/04/18 11:22:51 | 000,000,847 | ---- | C] () -- C:\Users\Nick\AppData\Local\recently-used.xbel

[2012/02/12 16:53:26 | 000,001,806 | ---- | C] () -- C:\Windows\TSearch.INI

[2012/01/18 01:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll

[2012/01/18 01:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll

[2012/01/18 01:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe

[2012/01/09 20:50:22 | 000,000,139 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

[2012/01/05 02:34:32 | 000,000,032 | ---- | C] () -- C:\ProgramData\grph.dat

[2011/10/03 23:16:37 | 000,148,214 | ---- | C] () -- C:\Windows\hpoins19.dat.temp

[2011/10/03 23:16:37 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp

[2011/10/01 22:07:03 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll

[2011/08/19 20:44:05 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI

[2011/07/09 16:11:35 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini

[2011/07/09 16:07:24 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll

[2011/07/09 16:07:24 | 000,000,059 | ---- | C] () -- C:\Windows\wpd99.drv

[2011/06/09 07:34:49 | 000,000,921 | ---- | C] () -- C:\Users\Nick\.lmmsrc.xml

[2011/05/31 22:51:39 | 000,000,061 | ---- | C] () -- C:\Windows\SysWow64\SYSVCPDRV.SYS

[2011/05/19 08:11:44 | 000,224,488 | ---- | C] () -- C:\Windows\XSitePro2 Resource Pack 1 Uninstaller.exe

[2011/05/19 07:53:23 | 002,066,218 | ---- | C] () -- C:\Windows\XSitePro2.5 Resource Pack Uninstaller.exe

[2011/05/19 07:42:28 | 001,072,575 | ---- | C] () -- C:\Windows\XSitePro2 Uninstaller.exe

[2011/05/17 03:22:04 | 000,148,926 | ---- | C] () -- C:\Windows\hpoins19.dat

[2011/05/17 03:21:36 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat

[2011/05/11 17:00:42 | 000,000,018 | ---- | C] () -- C:\Windows\ScrCap.ini

[2011/04/19 23:43:01 | 000,007,728 | ---- | C] () -- C:\Users\Nick\AppData\Local\d3d9caps.dat

[2011/04/19 18:49:10 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2011/04/19 18:48:23 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin

[2011/04/19 18:47:41 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2011/04/16 21:27:13 | 000,011,776 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\Settings.cfg

[2011/04/16 21:22:15 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

[2011/04/16 15:41:24 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2011/04/15 04:49:49 | 000,875,718 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/04/15 03:59:47 | 000,001,460 | ---- | C] () -- C:\Users\Nick\AppData\Local\d3d9caps64.dat

[2011/04/15 03:06:53 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

[2011/04/15 02:52:06 | 000,000,130 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\wklnhst.dat

[2011/04/15 01:47:59 | 000,081,408 | ---- | C] () -- C:\Users\Nick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 246 bytes -> C:\ProgramData\Temp:F87C192A

@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:157E1AD3

@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:A5B56640

< End of report >

Link to post
Share on other sites

  • Staff

Hello

which browsers are doing the redirecting?

please verify all that are installed on the computer

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the customFix.png textbox. Do not include the word Code

    :OTL
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nick\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nick\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
    O3 - HKU\S-1-5-21-2402766653-243950496-3254906195-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    @Alternate Data Stream - 246 bytes -> C:\ProgramData\Temp:F87C192A
    @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:157E1AD3
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:A5B56640
    IE:64bit: - HKLM\..\SearchScopes\{E4C79FEC-33AC-498B-9535-EC195C9BD400}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
    IE - HKLM\..\SearchScopes\{E4C79FEC-33AC-498B-9535-EC195C9BD400}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
    IE - HKU\S-1-5-21-2402766653-243950496-3254906195-1000\..\SearchScopes\{E4C79FEC-33AC-498B-9535-EC195C9BD400}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]


  • Then click the Run Fix button at the top.
  • Click btnOK.png.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo

Link to post
Share on other sites

========== OTL ==========

64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-2402766653-243950496-3254906195-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.

File Protocol\Handler\livecall - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.

File Protocol\Handler\ms-itss - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.

File Protocol\Handler\msnim - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.

File Protocol\Handler\skype4com - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.

File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.

File Protocol\Handler\wlmailhtml - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.

File Protocol\Handler\wlpg - No CLSID value found not found.

ADS C:\ProgramData\Temp:F87C192A deleted successfully.

ADS C:\ProgramData\Temp:157E1AD3 deleted successfully.

ADS C:\ProgramData\Temp:A5B56640 deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E4C79FEC-33AC-498B-9535-EC195C9BD400}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E4C79FEC-33AC-498B-9535-EC195C9BD400}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E4C79FEC-33AC-498B-9535-EC195C9BD400}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E4C79FEC-33AC-498B-9535-EC195C9BD400}\ not found.

Registry key HKEY_USERS\S-1-5-21-2402766653-243950496-3254906195-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E4C79FEC-33AC-498B-9535-EC195C9BD400}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E4C79FEC-33AC-498B-9535-EC195C9BD400}\ not found.

========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Nick

->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default

->Flash cache emptied: 56466 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: Nick

->Flash cache emptied: 57003 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.54.0 log created on 07152012_070529

Google search results are still being redirected randomly.

Link to post
Share on other sites

  • Staff

Greetings

I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools

Gringo

Link to post
Share on other sites

  • Staff

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Gringo

Link to post
Share on other sites

I think a better set of directions after opening notepad would be: File > Open, nagivate to where saved frst64 on flash drive, right click on frst64.exe, and click open. The way you described it opens an executable in notepad. That is, loads notepad with a bunch of unreadable text. Below is the FRST64 log.

Scan result of Farbar Recovery Scan Tool Version: 16-07-2012 02

Ran by SYSTEM at 20-07-2012 01:19:50

Running from G:\

Windows Vista Home Premium Service Pack 1 (X64) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [15853088 2008-10-12] (NVIDIA Corporation)

HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [82464 2008-10-12] (NVIDIA Corporation)

HKLM\...\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h [9569096 2012-03-11] (COMODO)

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)

HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4273976 2012-07-03] (AVAST Software)

HKU\Default\...\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)

HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [x]

HKU\Default User\...\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)

HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [x]

HKU\Nick\...\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)

HKU\Nick\...\Run: [cdloader] "C:\Users\Nick\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK [50592 2012-02-01] (magicJack L.P.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

AppInit_DLLs: C:\Windows\System32\guard64.dll

==================== Services (Whitelisted) ======

2 ABBYY.Licensing.FineReader.Corporate.10.0; "C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe" -service [814344 2009-12-18] (ABBYY)

2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-07-03] (AVAST Software)

2 cmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [2815496 2012-03-11] (COMODO)

2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [70280 2012-05-03] (CHENGDU YIWO Tech Development Co., Ltd)

2 Guard Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [24712 2012-05-03] (CHENGDU YIWO Tech Development Co., Ltd)

3 hpqcxs08; C:\Windows\System32\svchost.exe -k hpdevmgmt [27648 2008-01-20] (Microsoft Corporation)

3 hpqcxs08; C:\Windows\SysWow64\svchost.exe -k hpdevmgmt [21504 2008-01-20] (Microsoft Corporation)

2 hpqddsvc; C:\Windows\System32\svchost.exe -k hpdevmgmt [27648 2008-01-20] (Microsoft Corporation)

2 hpqddsvc; C:\Windows\SysWow64\svchost.exe -k hpdevmgmt [21504 2008-01-20] (Microsoft Corporation)

2 MsDepSvc; "C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe" -runService:MsDepSvc [67400 2011-04-01] (Microsoft Corporation)

2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)

2 MSSQL$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [58345832 2011-09-22] (Microsoft Corporation)

3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)

2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

4 SQLAgent$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS [431464 2011-09-22] (Microsoft Corporation)

3 WMZuneComm; "C:\Program Files\Zune\WMZuneComm.exe" [306400 2011-08-05] (Microsoft Corporation)

3 ZuneNetworkSvc; "C:\Program Files\Zune\ZuneNss.exe" [8277728 2011-08-05] (Microsoft Corporation)

3 ZuneWlanCfgSvc; "C:\Program Files\Zune\ZuneWlanCfgSvc.exe" [467680 2011-08-05] (Microsoft Corporation)

3 rpcapd; "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini" [x]

========================== Drivers (Whitelisted) =============

3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [38424 2011-09-20] (Google Inc)

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-07-03] (AVAST Software)

2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71064 2012-07-03] (AVAST Software)

1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [44272 2012-07-03] (AVAST Software)

1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [958400 2012-07-03] (AVAST Software)

1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [355856 2012-07-03] (AVAST Software)

1 cmdGuard; C:\Windows\System32\Drivers\cmdGuard.sys [577824 2012-03-11] (COMODO)

1 cmdHlp; C:\Windows\System32\Drivers\cmdHlp.sys [42224 2012-03-11] (COMODO)

3 epmntdrv; \??\C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] ()

0 EUBAKUP; C:\Windows\System32\Drivers\EUBAKUP.sys [58504 2012-05-03] (CHENGDU YIWO Tech Development Co., Ltd)

0 EUBKMON; C:\Windows\System32\Drivers\EUBKMON.sys [48776 2012-05-03] ()

1 EUDSKACS; C:\Windows\System32\Drivers\EUDSKACS.sys [19592 2012-05-03] (CHENGDU YIWO Tech Development Co., Ltd)

1 EUFDDISK; C:\Windows\System32\Drivers\EUFDDISK.sys [189576 2012-05-03] (CHENGDU YIWO Tech Development Co., Ltd)

3 EuGdiDrv; \??\C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()

1 inspect; C:\Windows\System32\Drivers\inspect.sys [93200 2012-03-11] (COMODO)

3 massfilter; C:\Windows\System32\Drivers\massfilter.sys [11776 2011-09-09] (MBB Incorporated)

3 massfilter_hs; C:\Windows\System32\Drivers\massfilter_hs.sys [18456 2011-09-20] (HandSet Incorporated)

2 NPF; C:\Windows\System32\Drivers\NPF.sys [35344 2010-06-25] (CACE Technologies, Inc.)

4 nvrd64; C:\Windows\System32\Drivers\nvrd64.sys [166944 2008-07-21] (NVIDIA Corporation)

3 Ps2; C:\Windows\System32\Drivers\Ps2.sys [21504 2006-09-07] ()

3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)

3 zghsdiag; C:\Windows\System32\Drivers\zghsdiag.sys [129304 2011-09-20] (ZTE Incorporated)

1 Beep; [x]

3 catchme; \??\C:\ComboFix\catchme.sys [x]

3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]

3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081022.006\ENG64.SYS [x]

3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081022.006\EX64.SYS [x]

3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]

3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

3 PCD5SRVC{8AAF211B-043E02A9-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [x]

1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x]

1 SRTSP; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS [x]

1 SRTSPX; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-07-20 01:19 - 2012-07-20 01:19 - 00000000 ____D C:\FRST

2012-07-19 22:01 - 2012-07-19 22:01 - 01437107 ____A (Farbar) C:\Users\Nick\Downloads\FRST64.exe

2012-07-18 22:44 - 2012-07-18 22:44 - 00000000 ____D C:\Program Files (x86)\ESET

2012-07-18 22:43 - 2012-07-18 22:43 - 02322184 ____A (ESET) C:\Users\Nick\Downloads\esetsmartinstaller_enu.exe

2012-07-18 19:59 - 2012-07-18 19:59 - 00000894 ____A C:\Users\Nick\Downloads\contacts.vcf

2012-07-18 18:11 - 2012-07-18 18:12 - 00001018 ____A C:\Windows\setupact.log

2012-07-18 18:11 - 2012-07-18 18:11 - 00000000 ____A C:\Windows\setuperr.log

2012-07-18 07:19 - 2012-07-18 07:22 - 00002494 ____A C:\Users\Nick\My Documents\carl.txt

2012-07-18 07:19 - 2012-07-18 07:22 - 00002494 ____A C:\Users\Nick\Documents\carl.txt

2012-07-17 03:26 - 2012-07-17 08:20 - 00001496 ____A C:\Users\Nick\My Documents\h.txt

2012-07-17 03:26 - 2012-07-17 08:20 - 00001496 ____A C:\Users\Nick\Documents\h.txt

2012-07-15 04:05 - 2012-07-15 04:05 - 00000000 ____D C:\_OTL

2012-07-14 13:31 - 2012-07-14 13:31 - 00076212 ____A C:\Users\Nick\Downloads\Extras.Txt

2012-07-14 13:29 - 2012-07-14 13:29 - 00116824 ____A C:\Users\Nick\Downloads\OTL.Txt

2012-07-14 13:18 - 2012-07-14 13:18 - 00596480 ____A (OldTimer Tools) C:\Users\Nick\Downloads\OTL.exe

2012-07-14 07:09 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-07-14 07:09 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-07-14 07:09 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-07-14 07:09 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-07-14 07:09 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-07-14 07:09 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-07-14 07:09 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-07-14 07:09 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-07-14 07:09 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-07-14 07:09 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-07-14 07:09 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-07-14 07:09 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-07-14 07:09 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-07-14 07:09 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-07-14 07:09 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-07-14 07:09 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-07-14 07:09 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-07-14 07:09 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-07-14 07:09 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-07-14 07:09 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-07-14 07:09 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-07-14 07:09 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-07-14 07:09 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-07-14 07:09 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-07-14 07:09 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-07-14 07:09 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-07-14 07:09 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-07-14 07:09 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-07-14 07:08 - 2012-06-13 05:58 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-07-14 07:00 - 2012-07-14 07:00 - 00001430 ____A C:\Windows\PFRO.log

2012-07-14 04:29 - 2012-07-14 04:29 - 00000000 ____D C:\Program Files (x86)\Oracle

2012-07-14 04:29 - 2012-07-14 04:28 - 00227824 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2012-07-14 04:28 - 2012-07-14 04:28 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2012-07-14 04:28 - 2012-07-14 04:28 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2012-07-14 04:27 - 2012-07-14 04:27 - 00000000 ____D C:\Users\All Users\McAfee

2012-07-14 04:27 - 2012-07-14 04:27 - 00000000 ____D C:\Users\All Users\Application Data\McAfee

2012-07-14 04:24 - 2012-07-14 04:24 - 00893936 ____A (Oracle Corporation) C:\Users\Nick\Downloads\jxpiinstall.exe

2012-07-13 10:56 - 2012-07-13 10:56 - 00021426 ____A C:\ComboFix.txt

2012-07-13 04:27 - 2012-07-13 10:37 - 00000000 ____D C:\Users\Nick\Downloads\Combofix

2012-07-13 03:34 - 2012-07-13 04:29 - 357432509 ____A C:\Users\Nick\Downloads\video(1).mkv

2012-07-12 04:29 - 2012-07-12 04:30 - 04731392 ____A (AVAST Software) C:\Users\Nick\Downloads\aswMBR(1).exe

2012-07-12 04:27 - 2012-07-12 04:27 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Nick\Downloads\tdsskiller(1).exe

2012-07-11 03:14 - 2012-07-11 03:14 - 00029438 ____A C:\Users\Nick\Downloads\sitemap.xml

2012-07-11 03:09 - 2012-07-11 03:09 - 00267674 ____A C:\Users\Nick\Downloads\com_xmap-1.2.14.zip

2012-07-11 02:42 - 2012-06-08 09:59 - 12899840 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-07-11 02:42 - 2012-06-08 09:47 - 11586048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-07-11 02:42 - 2012-06-05 08:47 - 01401856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-07-11 02:42 - 2012-06-05 08:47 - 01248768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-07-11 02:42 - 2012-06-05 08:22 - 01869824 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-07-11 02:42 - 2012-06-05 08:22 - 01797120 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-07-11 02:42 - 2012-06-04 07:29 - 00516480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-07-11 02:42 - 2012-06-01 16:22 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-07-11 02:42 - 2012-06-01 16:22 - 00254464 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-07-11 02:42 - 2012-06-01 16:05 - 00077312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-07-11 02:42 - 2012-06-01 16:04 - 00278528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-07-11 02:42 - 2012-06-01 16:03 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-07-11 01:46 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe

2012-07-11 01:46 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe

2012-07-11 01:46 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2012-07-11 01:46 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2012-07-11 01:46 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2012-07-11 01:46 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe

2012-07-11 01:46 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe

2012-07-11 01:46 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe

2012-07-11 01:42 - 2012-07-13 10:56 - 00000000 ____D C:\Qoobox

2012-07-11 01:41 - 2012-07-11 02:06 - 00000000 ____D C:\Windows\erdnt

2012-07-10 23:35 - 2012-07-11 00:06 - 378465600 ____A C:\Users\Nick\Downloads\fr11pe.exe

2012-07-10 05:16 - 2012-07-10 05:16 - 00607260 ____R (Swearware) C:\Users\Nick\Downloads\dds(1).scr

2012-07-10 05:08 - 2012-07-10 05:08 - 00881475 ____A C:\Users\Nick\Downloads\SecurityCheck.exe

2012-07-10 05:07 - 2012-07-10 05:07 - 00050477 ____A C:\Users\Nick\Downloads\Defogger.exe

2012-07-10 05:07 - 2012-07-10 05:07 - 00000470 ____A C:\Users\Nick\defogger_disable.log

2012-07-10 05:07 - 2012-07-10 05:07 - 00000000 ____A C:\Users\Nick\defogger_reenable

2012-07-09 19:06 - 2012-07-09 19:50 - 00000000 ____A C:\Windows\SysWOW64\config.nt

2012-07-09 19:06 - 2012-07-09 19:06 - 00011664 ____A C:\Users\Nick\Local Settings\dd_vcredistUI3A29.txt

2012-07-09 19:06 - 2012-07-09 19:06 - 00011664 ____A C:\Users\Nick\Local Settings\Application Data\dd_vcredistUI3A29.txt

2012-07-09 19:06 - 2012-07-09 19:06 - 00011664 ____A C:\Users\Nick\AppData\Local\dd_vcredistUI3A29.txt

2012-07-09 19:06 - 2012-07-09 19:06 - 00001824 ____A C:\Users\Nick\Local Settings\dd_vcredistMSI3A29.txt

2012-07-09 19:06 - 2012-07-09 19:06 - 00001824 ____A C:\Users\Nick\Local Settings\Application Data\dd_vcredistMSI3A29.txt

2012-07-09 19:06 - 2012-07-09 19:06 - 00001824 ____A C:\Users\Nick\AppData\Local\dd_vcredistMSI3A29.txt

2012-07-09 19:06 - 2012-07-09 19:06 - 00001787 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2012-07-09 19:06 - 2012-07-09 19:06 - 00001787 ____A C:\Users\All Users\Desktop\avast! Free Antivirus.lnk

2012-07-09 19:06 - 2012-07-03 08:21 - 00958400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys

2012-07-09 19:06 - 2012-07-03 08:21 - 00355856 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys

2012-07-09 19:06 - 2012-07-03 08:21 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe

2012-07-09 19:06 - 2012-07-03 08:21 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe

2012-07-09 19:06 - 2012-07-03 08:21 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys

2012-07-09 19:06 - 2012-07-03 08:21 - 00044272 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys

2012-07-09 19:06 - 2012-07-03 08:21 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr

2012-07-09 19:06 - 2012-07-03 08:21 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys

2012-07-09 19:05 - 2012-07-09 19:05 - 00000000 ____D C:\Users\All Users\AVAST Software

2012-07-09 19:05 - 2012-07-09 19:05 - 00000000 ____D C:\Users\All Users\Application Data\AVAST Software

2012-07-09 19:05 - 2012-07-09 19:05 - 00000000 ____D C:\Program Files\AVAST Software

2012-07-09 18:56 - 2012-07-09 19:04 - 89340632 ____A C:\Users\Nick\Downloads\avast_free_antivirus_setup.exe

2012-07-09 18:53 - 2012-07-09 18:53 - 00000000 ____D C:\Users\Nick\Downloads\RootkitRevealer

2012-07-09 18:52 - 2012-07-09 18:52 - 00231390 ____A C:\Users\Nick\Downloads\RootkitRevealer.zip

2012-07-09 18:50 - 2012-07-09 18:50 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Nick\Downloads\tdsskiller.exe

2012-07-09 18:13 - 2012-07-09 18:13 - 00607260 ____R (Swearware) C:\Users\Nick\Downloads\dds.scr

2012-07-09 17:57 - 2006-09-18 13:37 - 00000761 ____A C:\Windows\System32\Drivers\etc\hosts.20120709-205709.backup

2012-07-09 17:18 - 2012-07-09 17:18 - 00000000 ____D C:\Users\All Users\GFI Software

2012-07-09 17:18 - 2012-07-09 17:18 - 00000000 ____D C:\Users\All Users\Application Data\GFI Software

2012-07-09 14:23 - 2012-07-09 15:25 - 716484608 ____A C:\Users\Nick\Downloads\xubuntu-12.04-alternate-amd64.iso

2012-07-09 11:18 - 2012-07-09 11:19 - 04731392 ____A (AVAST Software) C:\Users\Nick\Downloads\aswMBR.exe

2012-07-09 11:14 - 2012-07-09 11:14 - 00001205 ____A C:\Users\Nick\Downloads\FixNCR.reg

2012-07-08 21:59 - 2012-07-08 22:00 - 06236280 ____A (Lavasoft Limited) C:\Users\Nick\Downloads\Adaware_Installer(1).exe

2012-07-08 21:49 - 2012-07-08 21:49 - 00000012 ____A C:\Users\Nick\Downloads\FSSC.dat

2012-07-08 21:43 - 2012-07-08 21:43 - 06236280 ____A (Lavasoft Limited) C:\Users\Nick\Downloads\Adaware_Installer.exe

2012-07-08 21:27 - 2012-07-09 16:02 - 00000000 ____D C:\sh4ldr

2012-07-08 21:27 - 2012-07-08 21:27 - 00000000 ____D C:\Program Files\Enigma Software Group

2012-07-08 21:26 - 2012-07-09 16:02 - 00000000 ____D C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP

2012-07-08 21:21 - 2012-07-14 06:49 - 00000293 ____A C:\Users\Nick\My Documents\bhspam.txt

2012-07-08 21:21 - 2012-07-14 06:49 - 00000293 ____A C:\Users\Nick\Documents\bhspam.txt

2012-07-08 16:30 - 2012-07-14 07:06 - 00000000 ____D C:\Users\Nick\Downloads\backups

2012-07-08 15:50 - 2012-07-09 18:06 - 00009353 ____A C:\Users\Nick\Downloads\hijackthis.log

2012-07-08 15:38 - 2012-07-08 15:38 - 00388608 ____A (Trend Micro Inc.) C:\Users\Nick\Downloads\HijackThis.exe

2012-07-08 06:43 - 2012-07-08 07:43 - 358405242 ____A C:\Users\Nick\Downloads\video.mkv

2012-07-08 04:01 - 2012-07-08 04:01 - 00670875 ____A C:\Users\Nick\Downloads\com_jcomments_v2.3.0.zip

2012-07-08 02:41 - 2012-07-08 02:41 - 00014239 ____A C:\Users\Nick\Downloads\mod_simplereset_v2.0.2.zip

2012-07-07 01:49 - 2012-07-07 01:49 - 00000000 ____D C:\Users\Nick\Downloads\mono-social-icons

2012-07-07 01:47 - 2012-07-07 01:48 - 20867007 ____A C:\Users\Nick\Downloads\mono-social-icons.zip

2012-07-06 16:33 - 2012-07-06 16:33 - 00039511 ____A C:\Users\Nick\Downloads\com_test-1.0.0.zip

2012-07-06 16:08 - 2012-07-06 16:08 - 02463779 ____A (HTMLKit.com ) C:\Users\Nick\Downloads\HKSetup.exe

2012-07-06 16:08 - 2012-07-06 16:08 - 00001067 ____A C:\Users\Public\Desktop\HTML-Kit.lnk

2012-07-06 16:08 - 2012-07-06 16:08 - 00001067 ____A C:\Users\All Users\Desktop\HTML-Kit.lnk

2012-07-06 16:08 - 2012-07-06 16:08 - 00000000 ____D C:\Program Files (x86)\Chami

2012-07-06 15:03 - 2009-11-06 05:15 - 00232448 ____A C:\libtidy.dll

2012-07-06 14:55 - 2009-11-06 05:15 - 00232448 ____A C:\Users\Nick\Downloads\libtidy.dll

2012-07-06 14:54 - 2012-07-06 14:54 - 00079219 ____A C:\Users\Nick\Downloads\libtidy.7z

2012-07-06 13:23 - 2012-07-06 13:23 - 00000018 ____A C:\Users\Nick\My Documents\hotard.txt

2012-07-06 13:23 - 2012-07-06 13:23 - 00000018 ____A C:\Users\Nick\Documents\hotard.txt

2012-07-05 19:50 - 2012-07-05 19:50 - 00612528 ____A C:\Users\Nick\Downloads\com_acesef_j25_basic.zip

2012-07-05 19:42 - 2012-07-05 19:42 - 00622771 ____A C:\Users\Nick\Downloads\com_acesef_j15_basic.zip

2012-07-05 18:44 - 2012-07-05 18:44 - 00002996 ____A C:\Users\Nick\Downloads\ext_acesef_jdownloads-free.zip

2012-07-05 11:38 - 2012-07-05 11:38 - 00938135 ____A C:\Users\Nick\Downloads\com_joomsef4-4.2.8.zip

2012-07-05 08:53 - 2012-07-05 08:53 - 01814569 ____A C:\Users\Nick\Downloads\com_jdownloads_1.9.0_stable_927.zip

2012-07-05 07:55 - 2012-07-05 07:55 - 00801967 ____A C:\Users\Nick\Downloads\com_phocadownload_v2.1.6.zip

2012-07-05 07:13 - 2012-07-05 07:13 - 00000000 ____D C:\Users\Nick\Downloads\Chronoforms_V4_RC3.4.1_J1.6

2012-07-05 05:54 - 2012-07-05 05:54 - 00598982 ____A C:\Users\Nick\Downloads\Chronoforms_V4_RC3.4.1_J1.6.zip

2012-07-05 05:11 - 2012-07-05 05:11 - 00177888 ____A C:\Users\Nick\Downloads\bizblue(1).zip

2012-07-05 05:11 - 2012-07-05 05:11 - 00000000 ____D C:\Users\Nick\Downloads\bizblue(1)

2012-07-04 23:45 - 2012-07-04 23:45 - 00498180 ____A C:\Users\Nick\Downloads\com_admintools-2.2.9-core.zip

2012-07-04 23:43 - 2012-07-04 23:43 - 00024453 ____A C:\Users\Nick\Downloads\admintools-en-GB-j15.zip

2012-07-04 23:38 - 2012-07-04 23:40 - 00000000 ____D C:\Users\Nick\Downloads\Joomla_1.5.0_to_1.5.26-Stable-Patch_Package

2012-07-04 23:38 - 2012-07-04 23:38 - 04266487 ____A C:\Users\Nick\Downloads\Joomla_1.5.0_to_1.5.26-Stable-Patch_Package.zip

2012-07-04 16:34 - 2012-07-04 16:34 - 00000000 ____D C:\Users\Nick\.idlerc

2012-07-04 16:31 - 2012-07-06 15:03 - 00000000 ____D C:\Python27

2012-07-04 16:20 - 2012-07-04 16:21 - 15867904 ____A C:\Users\Nick\Downloads\python-2.7.3.msi

2012-07-04 14:02 - 2012-07-04 14:02 - 00001547 ____A C:\Users\Nick\My Documents\jamie_sms.txt

2012-07-04 14:02 - 2012-07-04 14:02 - 00001547 ____A C:\Users\Nick\Documents\jamie_sms.txt

2012-07-04 13:23 - 2012-07-04 13:24 - 00000000 ____D C:\Users\Nick\Application Data\Wondershare

2012-07-04 13:23 - 2012-07-04 13:24 - 00000000 ____D C:\Users\Nick\AppData\Roaming\Wondershare

2012-07-04 13:23 - 2012-07-04 13:23 - 00000000 ____D C:\Users\Nick\Local Settings\Wondershare

2012-07-04 13:23 - 2012-07-04 13:23 - 00000000 ____D C:\Users\Nick\Local Settings\Application Data\Wondershare

2012-07-04 13:23 - 2012-07-04 13:23 - 00000000 ____D C:\Users\Nick\AppData\Local\Wondershare

2012-07-04 13:23 - 2012-07-04 13:23 - 00000000 ____D C:\Program Files (x86)\Wondershare

2012-07-04 13:21 - 2012-07-04 13:22 - 19704432 ____A (Wondershare ) C:\Users\Nick\Downloads\mobilego_full818.exe

2012-07-04 13:21 - 2012-07-04 13:21 - 00000000 ____A C:\Users\Nick\Downloads\veryandroid-sms-backup.zip.crdownload

2012-07-02 04:47 - 2012-07-02 04:47 - 00000000 ____D C:\Users\Nick\Downloads\cakephp-cakephp-2.2.0-RC2-0-g3908f06

2012-07-02 04:46 - 2012-07-02 04:46 - 01853160 ____A C:\Users\Nick\Downloads\cakephp-cakephp-2.2.0-RC2-0-g3908f06.zip

2012-07-02 04:42 - 2012-07-02 04:42 - 00349477 ____A C:\Users\Nick\Downloads\cake_1.1.20.7692.zip

2012-07-02 04:41 - 2012-07-02 04:41 - 00000000 ____D C:\Users\Nick\Downloads\p4a-3.8.4

2012-07-02 04:40 - 2012-07-02 04:41 - 08147131 ____A C:\Users\Nick\Downloads\p4a-3.8.4.zip

2012-07-01 05:21 - 2012-07-01 05:22 - 00000000 ____D C:\Users\Nick\Downloads\plg_recaptcha

2012-07-01 05:19 - 2012-07-01 05:19 - 00006191 ____A C:\Users\Nick\Downloads\plg_recaptcha.8.tar.gz

2012-06-30 04:52 - 2012-06-30 04:54 - 00000550 ____A C:\Users\Nick\My Documents\recaptchamail.html

2012-06-30 04:52 - 2012-06-30 04:54 - 00000550 ____A C:\Users\Nick\Documents\recaptchamail.html

2012-06-26 14:13 - 2012-06-26 14:13 - 00000000 ____D C:\Users\Nick\Downloads\oxygen_gif

2012-06-26 14:09 - 2012-06-26 14:09 - 00000000 ____D C:\Users\Nick\Downloads\oxygen

2012-06-26 14:08 - 2012-06-26 14:08 - 00000000 ____D C:\Users\Nick\Downloads\pumpkin

2012-06-26 14:07 - 2012-06-26 14:07 - 00000000 ____D C:\Users\Nick\Downloads\starrating

2012-06-26 13:14 - 2012-06-26 13:14 - 00099188 ____A C:\Users\Nick\Downloads\pkg_itpmeta_v2.2-J1.6.zip

2012-06-26 13:14 - 2012-06-26 13:14 - 00000000 ____D C:\Users\Nick\Downloads\pkg_itpmeta_v2.2-J1.6

2012-06-26 13:09 - 2012-06-26 13:09 - 00004484 ____A C:\Users\Nick\Downloads\jostag_plugin_for_2.5.zip

2012-06-26 13:03 - 2012-06-26 13:03 - 00917701 ____A C:\Users\Nick\Downloads\com_joomsef4-4.2.7.zip

2012-06-26 11:20 - 2012-06-26 11:20 - 00199695 ____A C:\Users\Nick\Downloads\ForumPostAssistant-FPA-fpa-en-v1.2.0Beta-34-g902eed8.zip

2012-06-26 11:20 - 2012-06-26 11:20 - 00000000 ____D C:\Users\Nick\Downloads\ForumPostAssistant-FPA-fpa-en-v1.2.0Beta-34-g902eed8

2012-06-25 21:57 - 2012-06-25 21:57 - 00029761 ____A C:\Users\Nick\Downloads\plugin_jw_ts-v2.5_j1.5-2.5.zip

2012-06-25 21:20 - 2012-06-25 21:20 - 00509458 ____A C:\Users\Nick\Downloads\com_swmenufree7.2_J2.5.zip

2012-06-25 21:15 - 2012-07-05 02:45 - 00000000 ____D C:\Users\Nick\Downloads\bizblue

2012-06-25 21:06 - 2012-06-25 21:06 - 00106072 ____A C:\Users\Nick\Downloads\mtupgrade.zip

2012-06-25 21:01 - 2012-06-25 21:01 - 00365535 ____A C:\Users\Nick\Downloads\com_jupgrade-2.5.1.zip

2012-06-25 20:52 - 2012-06-25 20:52 - 00000000 ____D C:\Users\Nick\Downloads\bizglobal

2012-06-25 19:17 - 2012-07-09 15:11 - 00000000 ____D C:\Program Files (x86)\NetMake

2012-06-25 19:17 - 2012-06-25 19:17 - 00411614 ____A C:\Users\Nick\Local Settings\dd_vcredistMSI7D2A.txt

2012-06-25 19:17 - 2012-06-25 19:17 - 00411614 ____A C:\Users\Nick\Local Settings\Application Data\dd_vcredistMSI7D2A.txt

2012-06-25 19:17 - 2012-06-25 19:17 - 00411614 ____A C:\Users\Nick\AppData\Local\dd_vcredistMSI7D2A.txt

2012-06-25 19:17 - 2012-06-25 19:17 - 00012260 ____A C:\Users\Nick\Local Settings\dd_vcredistUI7D2A.txt

2012-06-25 19:17 - 2012-06-25 19:17 - 00012260 ____A C:\Users\Nick\Local Settings\Application Data\dd_vcredistUI7D2A.txt

2012-06-25 19:17 - 2012-06-25 19:17 - 00012260 ____A C:\Users\Nick\AppData\Local\dd_vcredistUI7D2A.txt

2012-06-25 19:09 - 2012-06-25 19:17 - 127714061 ____A C:\Users\Nick\Downloads\scriptcase_install_en_us_v6.0.022.exe

2012-06-25 15:27 - 2012-06-25 15:27 - 00000000 ____D C:\Users\Nick\My Documents\PHPMaker

2012-06-25 15:27 - 2012-06-25 15:27 - 00000000 ____D C:\Users\Nick\Documents\PHPMaker

2012-06-25 15:21 - 2012-06-25 15:21 - 00000000 ____D C:\Users\Nick\My Documents\CodeChargeStudio5

2012-06-25 15:21 - 2012-06-25 15:21 - 00000000 ____D C:\Users\Nick\Documents\CodeChargeStudio5

2012-06-25 15:20 - 2012-06-25 15:27 - 00000000 ____D C:\Users\Nick\Local Settings\CCS5

2012-06-25 15:20 - 2012-06-25 15:27 - 00000000 ____D C:\Users\Nick\Local Settings\Application Data\CCS5

2012-06-25 15:20 - 2012-06-25 15:27 - 00000000 ____D C:\Users\Nick\AppData\Local\CCS5

2012-06-25 15:11 - 2012-06-25 15:12 - 00000198 ____A C:\Windows\ODBC.INI

2012-06-25 15:10 - 2012-06-25 15:10 - 03908968 ____A (Thraex Software) C:\Users\Nick\Downloads\aiw.exe

2012-06-25 15:08 - 2012-06-25 15:08 - 00466944 ____A (WeOnlyDo! COM) C:\Windows\SysWOW64\wodSFTP.ocx

2012-06-25 15:00 - 2012-06-25 15:04 - 89166769 ____A C:\Users\Nick\Downloads\CCS_5.0.0.16254.exe

2012-06-25 14:33 - 2012-06-25 14:33 - 00000000 ____D C:\Program Files (x86)\Windows Script Control

2012-06-25 14:28 - 2012-06-25 14:29 - 25983805 ____A (e.World Technology Limited) C:\Users\Nick\Downloads\phpmkr.exe

2012-06-24 05:55 - 2012-06-24 05:55 - 00000000 ____D C:\Users\Nick\My Documents\Classified11php

2012-06-24 05:55 - 2012-06-24 05:55 - 00000000 ____D C:\Users\Nick\Documents\Classified11php

2012-06-24 05:53 - 2012-06-24 05:53 - 00000919 ____A C:\Users\Nick\Desktop\ASPRunner Professional 7.1.lnk

2012-06-24 05:53 - 2012-06-24 05:53 - 00000000 ____D C:\Program Files (x86)\ASPRunnerPro7.1

2012-06-24 05:51 - 2012-06-24 05:52 - 30256712 ____A (Xlinesoft.com ) C:\Users\Nick\Downloads\asprunnerpro-setup.exe

2012-06-24 03:50 - 2012-06-24 03:50 - 00020911 ____A C:\Users\Nick\Downloads\phpsim_beta1.tar.gz

2012-06-24 03:50 - 2012-06-24 03:50 - 00000000 ____D C:\Users\Nick\Downloads\phpsim_beta1

2012-06-24 03:43 - 2012-06-24 03:43 - 00000000 ____D C:\Users\Nick\Downloads\php-setup-wizard

2012-06-24 03:42 - 2012-06-24 03:42 - 00077829 ____A C:\Users\Nick\Downloads\php-setup-wizard.zip

2012-06-23 15:56 - 2012-06-23 15:56 - 00000000 ____D C:\Users\Nick\Local Settings\Macromedia

2012-06-23 15:56 - 2012-06-23 15:56 - 00000000 ____D C:\Users\Nick\Local Settings\Application Data\Macromedia

2012-06-23 15:56 - 2012-06-23 15:56 - 00000000 ____D C:\Users\Nick\AppData\Local\Macromedia

2012-06-23 15:25 - 2012-06-23 15:25 - 00000000 ____D C:\Windows\SysWOW64\WindowsPowerShell

2012-06-23 15:25 - 2012-06-23 15:25 - 00000000 ____D C:\Windows\System32\WindowsPowerShell

2012-06-23 00:37 - 2009-10-09 13:56 - 01181696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll

2012-06-23 00:37 - 2009-10-09 13:56 - 00246272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe

2012-06-23 00:37 - 2009-10-09 13:56 - 00241152 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winrscmd.dll

2012-06-23 00:37 - 2009-10-09 13:56 - 00214016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll

2012-06-23 00:37 - 2009-10-09 13:56 - 00145408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll

2012-06-23 00:37 - 2009-10-09 13:56 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pwrshplugin.dll

2012-06-23 00:37 - 2009-10-09 13:56 - 00040448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winrs.exe

2012-06-23 00:37 - 2009-10-09 13:56 - 00020480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winrshost.exe

2012-06-23 00:37 - 2009-10-09 13:56 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe

2012-06-23 00:37 - 2009-10-09 13:56 - 00010240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll

2012-06-23 00:37 - 2009-10-09 13:56 - 00010240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winrssrv.dll

2012-06-23 00:37 - 2009-10-09 13:56 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winrsmgr.dll

2012-06-23 00:37 - 2009-10-09 13:55 - 00252416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll

2012-06-23 00:37 - 2009-10-09 13:55 - 00081408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wevtfwd.dll

2012-06-23 00:37 - 2009-10-09 13:55 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wecutil.exe

2012-06-23 00:37 - 2009-10-09 13:55 - 00056320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wecapi.dll

2012-06-23 00:37 - 2009-10-09 13:55 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll

2012-06-23 00:37 - 2009-10-09 13:36 - 02050048 ____A (Microsoft Corporation) C:\Windows\System32\WsmSvc.dll

2012-06-23 00:37 - 2009-10-09 13:36 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\pwrshplugin.dll

2012-06-23 00:37 - 2009-10-09 13:35 - 00310272 ____A (Microsoft Corporation) C:\Windows\System32\WsmWmiPl.dll

2012-06-23 00:37 - 2009-10-09 13:35 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\winrs.exe

2012-06-23 00:37 - 2009-10-09 13:35 - 00024064 ____A (Microsoft Corporation) C:\Windows\System32\winrshost.exe

2012-06-23 00:37 - 2009-10-09 13:35 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\wsmprovhost.exe

2012-06-23 00:37 - 2009-10-09 13:35 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wsmplpxy.dll

2012-06-23 00:37 - 2009-10-09 13:35 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\winrsmgr.dll

2012-06-23 00:37 - 2009-10-09 13:34 - 00370688 ____A (Microsoft Corporation) C:\Windows\System32\winrscmd.dll

2012-06-23 00:37 - 2009-10-09 13:34 - 00352768 ____A (Microsoft Corporation) C:\Windows\System32\WSManMigrationPlugin.dll

2012-06-23 00:37 - 2009-10-09 13:34 - 00348672 ____A (Microsoft Corporation) C:\Windows\System32\WSManHTTPConfig.exe

2012-06-23 00:37 - 2009-10-09 13:34 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\wecsvc.dll

2012-06-23 00:37 - 2009-10-09 13:34 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\WsmAuto.dll

2012-06-23 00:37 - 2009-10-09 13:34 - 00113152 ____A (Microsoft Corporation) C:\Windows\System32\wevtfwd.dll

2012-06-23 00:37 - 2009-10-09 13:34 - 00113152 ____A (Microsoft Corporation) C:\Windows\System32\wecutil.exe

2012-06-23 00:37 - 2009-10-09 13:34 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\wecapi.dll

2012-06-23 00:37 - 2009-10-09 13:34 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\WsmRes.dll

2012-06-23 00:37 - 2009-10-09 13:34 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\winrssrv.dll

2012-06-23 00:37 - 2009-07-31 22:27 - 00201184 ____A C:\Windows\SysWOW64\winrm.vbs

2012-06-23 00:37 - 2009-07-31 22:27 - 00201184 ____A C:\Windows\System32\winrm.vbs

2012-06-23 00:37 - 2009-07-16 09:30 - 00004675 ____A C:\Windows\SysWOW64\wsmanconfig_schema.xml

2012-06-23 00:37 - 2009-07-16 09:30 - 00004675 ____A C:\Windows\System32\wsmanconfig_schema.xml

2012-06-23 00:37 - 2009-07-16 09:30 - 00002426 ____A C:\Windows\SysWOW64\WsmTxt.xsl

2012-06-23 00:37 - 2009-07-16 09:30 - 00002426 ____A C:\Windows\System32\WsmTxt.xsl

2012-06-23 00:33 - 2012-06-23 00:35 - 00000000 ____D C:\Program Files\Zune

2012-06-23 00:31 - 2009-09-10 07:27 - 00372736 ____A (Microsoft Corporation) C:\Windows\System32\unregmp2.exe

2012-06-23 00:31 - 2009-09-10 06:58 - 00310784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\unregmp2.exe

2012-06-23 00:31 - 2009-07-27 07:09 - 01701888 ____A (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL

2012-06-23 00:31 - 2009-07-27 07:00 - 01547776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

2012-06-23 00:30 - 2011-04-12 08:15 - 01210880 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll

2012-06-23 00:30 - 2011-04-12 08:11 - 00859648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2012-06-23 00:30 - 2011-02-22 06:47 - 00479744 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll

2012-06-23 00:30 - 2011-02-22 06:13 - 00288768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll

2012-06-23 00:30 - 2011-02-22 05:53 - 01149440 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll

2012-06-23 00:29 - 2011-06-15 08:16 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\xmllite.dll

2012-06-23 00:29 - 2011-06-15 08:12 - 00182784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll

2012-06-23 00:29 - 2010-01-25 04:10 - 00539136 ____A (Microsoft Corporation) C:\Windows\System32\secproc.dll

2012-06-23 00:29 - 2010-01-25 04:10 - 00538624 ____A (Microsoft Corporation) C:\Windows\System32\secproc_isv.dll

2012-06-23 00:29 - 2010-01-25 04:10 - 00160768 ____A (Microsoft Corporation) C:\Windows\System32\secproc_ssp_isv.dll

2012-06-23 00:29 - 2010-01-25 04:10 - 00160768 ____A (Microsoft Corporation) C:\Windows\System32\secproc_ssp.dll

2012-06-23 00:29 - 2010-01-25 04:08 - 00460288 ____A (Microsoft Corporation) C:\Windows\System32\msdrm.dll

2012-06-23 00:29 - 2010-01-25 04:00 - 00471552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll

2012-06-23 00:29 - 2010-01-25 04:00 - 00471552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll

2012-06-23 00:29 - 2010-01-25 04:00 - 00152576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll

2012-06-23 00:29 - 2010-01-25 04:00 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll

2012-06-23 00:29 - 2010-01-25 03:58 - 00332288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll

2012-06-23 00:29 - 2010-01-25 00:29 - 00600576 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate_isv.exe

2012-06-23 00:29 - 2010-01-25 00:29 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate.exe

2012-06-23 00:29 - 2010-01-25 00:29 - 00413696 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp_isv.exe

2012-06-23 00:29 - 2010-01-25 00:29 - 00409600 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp.exe

2012-06-23 00:29 - 2010-01-25 00:21 - 00526336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe

2012-06-23 00:29 - 2010-01-25 00:21 - 00518144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe

2012-06-23 00:29 - 2010-01-25 00:21 - 00347136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe

2012-06-23 00:29 - 2010-01-25 00:21 - 00346624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe

2012-06-23 00:29 - 2009-10-23 09:30 - 00880640 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl

2012-06-23 00:29 - 2009-10-23 09:10 - 00714240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl

2012-06-23 00:28 - 2012-04-23 08:25 - 01267200 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll

2012-06-23 00:28 - 2012-04-23 08:25 - 00174592 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll

2012-06-23 00:28 - 2012-04-23 08:25 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll

2012-06-23 00:28 - 2012-04-23 08:00 - 00984064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2012-06-23 00:28 - 2012-04-23 08:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2012-06-23 00:28 - 2012-04-23 08:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2012-06-23 00:28 - 2011-03-03 07:59 - 00032256 ____A (Microsoft Corporation) C:\Windows\System32\Apphlpdm.dll

2012-06-23 00:28 - 2011-03-03 07:40 - 00028672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Apphlpdm.dll

2012-06-23 00:28 - 2011-03-03 06:00 - 04240384 ____A (Microsoft) C:\Windows\System32\GameUXLegacyGDFs.dll

2012-06-23 00:28 - 2011-03-03 05:35 - 04240384 ____A (Microsoft) C:\Windows\SysWOW64\GameUXLegacyGDFs.dll

2012-06-23 00:28 - 2010-08-26 09:42 - 01927680 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll

2012-06-23 00:28 - 2010-08-26 08:34 - 01696256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll

2012-06-23 00:24 - 2011-03-12 14:52 - 01653760 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll

2012-06-23 00:24 - 2011-03-12 13:55 - 00876032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll

2012-06-23 00:15 - 2012-06-23 00:15 - 00104672 ____A (Microsoft Corporation) C:\Users\Nick\Downloads\VWD11AzurePack_RC.3f.3f.3fnew.exe

2012-06-22 23:53 - 2012-06-22 23:53 - 00000000 ____D C:\Users\Nick\Local Settings\Application Data\{3485212A-AB11-4E82-8BD9-8EA490C38DAB}

2012-06-22 23:53 - 2012-06-22 23:53 - 00000000 ____D C:\Users\Nick\Local Settings\{3485212A-AB11-4E82-8BD9-8EA490C38DAB}

2012-06-22 23:53 - 2012-06-22 23:53 - 00000000 ____D C:\Users\Nick\AppData\Local\{3485212A-AB11-4E82-8BD9-8EA490C38DAB}

2012-06-22 22:41 - 2012-06-22 22:41 - 02344960 ____A C:\Users\Nick\Downloads\kdewin-installer-gui-latest.exe

2012-06-20 19:37 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-20 19:37 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-20 19:37 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-20 19:37 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-20 19:36 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-20 19:36 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2012-06-20 19:36 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-20 19:36 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2012-06-20 19:36 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-20 19:36 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2012-06-20 19:36 - 2012-06-02 12:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-20 19:36 - 2012-06-02 12:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2012-06-20 19:36 - 2012-06-02 12:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-20 19:36 - 2012-06-02 12:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2012-06-20 06:02 - 2012-06-20 06:19 - 00001467 ____A C:\Users\Nick\My Documents\nubuilder errors.txt

2012-06-20 06:02 - 2012-06-20 06:19 - 00001467 ____A C:\Users\Nick\Documents\nubuilder errors.txt

2012-06-20 05:54 - 2012-06-20 05:54 - 04472121 ____A (CamStudio Open Source Dev Team ) C:\Users\Nick\Downloads\CamStudio_Setup_v2.6b_r294_(build_24Oct2010).exe

2012-06-20 05:54 - 2012-06-20 05:54 - 00000816 ____A C:\Users\Public\Desktop\CamStudio-Recorder.lnk

2012-06-20 05:54 - 2012-06-20 05:54 - 00000816 ____A C:\Users\All Users\Desktop\CamStudio-Recorder.lnk

2012-06-20 05:54 - 2012-06-20 05:54 - 00000000 ____D C:\Program Files (x86)\CamStudio 2.6b

2012-06-20 05:54 - 2010-10-23 21:56 - 00049664 ____A (CamStudio Group) C:\Windows\System32\CamCodec.dll

2012-06-20 04:44 - 2012-06-20 04:44 - 00000000 ____D C:\Users\Nick\Downloads\nubuilder-12.06.05

2012-06-20 04:42 - 2012-06-20 04:43 - 22792488 ____A C:\Users\Nick\Downloads\nubuilder-12.06.05.zip

============ 3 Months Modified Files ========================

2012-07-19 22:13 - 2011-04-15 00:06 - 01425264 ____A C:\Windows\WindowsUpdate.log

2012-07-19 22:13 - 2011-04-15 00:06 - 00000012 ____A C:\Windows\bthservsdp.dat

2012-07-19 22:13 - 2006-11-02 07:42 - 00032628 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-07-19 22:13 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-07-19 22:13 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2012-07-19 22:13 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2012-07-19 22:09 - 2006-11-02 04:46 - 00878198 ____A C:\Windows\System32\PerfStringBackup.INI

2012-07-19 22:01 - 2012-07-19 22:01 - 01437107 ____A (Farbar) C:\Users\Nick\Downloads\FRST64.exe

2012-07-18 22:43 - 2012-07-18 22:43 - 02322184 ____A (ESET) C:\Users\Nick\Downloads\esetsmartinstaller_enu.exe

2012-07-18 20:11 - 2011-04-14 22:47 - 00083456 ____A C:\Users\Nick\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-07-18 20:11 - 2011-04-14 22:47 - 00083456 ____A C:\Users\Nick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-07-18 20:11 - 2011-04-14 22:47 - 00083456 ____A C:\Users\Nick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-07-18 19:59 - 2012-07-18 19:59 - 00000894 ____A C:\Users\Nick\Downloads\contacts.vcf

2012-07-18 18:12 - 2012-07-18 18:11 - 00001018 ____A C:\Windows\setupact.log

2012-07-18 18:11 - 2012-07-18 18:11 - 00000000 ____A C:\Windows\setuperr.log

2012-07-18 07:22 - 2012-07-18 07:19 - 00002494 ____A C:\Users\Nick\My Documents\carl.txt

2012-07-18 07:22 - 2012-07-18 07:19 - 00002494 ____A C:\Users\Nick\Documents\carl.txt

2012-07-17 08:20 - 2012-07-17 03:26 - 00001496 ____A C:\Users\Nick\My Documents\h.txt

2012-07-17 08:20 - 2012-07-17 03:26 - 00001496 ____A C:\Users\Nick\Documents\h.txt

2012-07-15 14:53 - 2011-05-06 05:10 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-07-14 21:53 - 2011-05-06 05:10 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-07-14 13:31 - 2012-07-14 13:31 - 00076212 ____A C:\Users\Nick\Downloads\Extras.Txt

2012-07-14 13:29 - 2012-07-14 13:29 - 00116824 ____A C:\Users\Nick\Downloads\OTL.Txt

2012-07-14 13:18 - 2012-07-14 13:18 - 00596480 ____A (OldTimer Tools) C:\Users\Nick\Downloads\OTL.exe

2012-07-14 07:24 - 2011-12-24 17:20 - 00000896 ____A C:\Users\Nick\Desktop\magicJack.lnk

2012-07-14 07:21 - 2006-11-02 07:21 - 01168832 ____A C:\Windows\System32\FNTCACHE.DAT

2012-07-14 07:11 - 2006-11-02 04:35 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe

2012-07-14 07:04 - 2012-04-05 03:53 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-07-14 07:04 - 2011-05-13 21:15 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-07-14 07:00 - 2012-07-14 07:00 - 00001430 ____A C:\Windows\PFRO.log

2012-07-14 06:49 - 2012-07-08 21:21 - 00000293 ____A C:\Users\Nick\My Documents\bhspam.txt

2012-07-14 06:49 - 2012-07-08 21:21 - 00000293 ____A C:\Users\Nick\Documents\bhspam.txt

2012-07-14 04:33 - 2011-12-28 15:20 - 00000950 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-14 04:33 - 2011-12-28 15:20 - 00000950 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-14 04:28 - 2012-07-14 04:29 - 00227824 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2012-07-14 04:28 - 2012-07-14 04:28 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2012-07-14 04:28 - 2012-07-14 04:28 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2012-07-14 04:28 - 2012-03-03 16:12 - 00772592 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll

2012-07-14 04:28 - 2011-04-15 00:11 - 00687600 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll

2012-07-14 04:24 - 2012-07-14 04:24 - 00893936 ____A (Oracle Corporation) C:\Users\Nick\Downloads\jxpiinstall.exe

2012-07-13 10:56 - 2012-07-13 10:56 - 00021426 ____A C:\ComboFix.txt

2012-07-13 10:52 - 2006-11-02 04:34 - 00000215 ____A C:\Windows\system.ini

2012-07-13 04:29 - 2012-07-13 03:34 - 357432509 ____A C:\Users\Nick\Downloads\video(1).mkv

2012-07-12 04:30 - 2012-07-12 04:29 - 04731392 ____A (AVAST Software) C:\Users\Nick\Downloads\aswMBR(1).exe

2012-07-12 04:27 - 2012-07-12 04:27 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Nick\Downloads\tdsskiller(1).exe

2012-07-11 03:14 - 2012-07-11 03:14 - 00029438 ____A C:\Users\Nick\Downloads\sitemap.xml

2012-07-11 03:09 - 2012-07-11 03:09 - 00267674 ____A C:\Users\Nick\Downloads\com_xmap-1.2.14.zip

2012-07-11 00:06 - 2012-07-10 23:35 - 378465600 ____A C:\Users\Nick\Downloads\fr11pe.exe

2012-07-10 23:54 - 2011-07-09 13:07 - 00000059 ____A C:\Windows\wpd99.drv

2012-07-10 05:16 - 2012-07-10 05:16 - 00607260 ____R (Swearware) C:\Users\Nick\Downloads\dds(1).scr

2012-07-10 05:08 - 2012-07-10 05:08 - 00881475 ____A C:\Users\Nick\Downloads\SecurityCheck.exe

2012-07-10 05:07 - 2012-07-10 05:07 - 00050477 ____A C:\Users\Nick\Downloads\Defogger.exe

2012-07-10 05:07 - 2012-07-10 05:07 - 00000470 ____A C:\Users\Nick\defogger_disable.log

2012-07-10 05:07 - 2012-07-10 05:07 - 00000000 ____A C:\Users\Nick\defogger_reenable

2012-07-09 19:50 - 2012-07-09 19:06 - 00000000 ____A C:\Windows\SysWOW64\config.nt

2012-07-09 19:10 - 2011-04-19 20:43 - 00007728 ____A C:\Users\Nick\Local Settings\d3d9caps.dat

2012-07-09 19:10 - 2011-04-19 20:43 - 00007728 ____A C:\Users\Nick\Local Settings\Application Data\d3d9caps.dat

2012-07-09 19:10 - 2011-04-19 20:43 - 00007728 ____A C:\Users\Nick\AppData\Local\d3d9caps.dat

2012-07-09 19:06 - 2012-07-09 19:06 - 00011664 ____A C:\Users\Nick\Local Settings\dd_vcredistUI3A29.txt

2012-07-09 19:06 - 2012-07-09 19:06 - 00011664 ____A C:\Users\Nick\Local Settings\Application Data\dd_vcredistUI3A29.txt

2012-07-09 19:06 - 2012-07-09 19:06 - 00011664 ____A C:\Users\Nick\AppData\Local\dd_vcredistUI3A29.txt

2012-07-09 19:06 - 2012-07-09 19:06 - 00001824 ____A C:\Users\Nick\Local Settings\dd_vcredistMSI3A29.txt

2012-07-09 19:06 - 2012-07-09 19:06 - 00001824 ____A C:\Users\Nick\Local Settings\Application Data\dd_vcredistMSI3A29.txt

2012-07-09 19:06 - 2012-07-09 19:06 - 00001824 ____A C:\Users\Nick\AppData\Local\dd_vcredistMSI3A29.txt

2012-07-09 19:06 - 2012-07-09 19:06 - 00001787 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2012-07-09 19:06 - 2012-07-09 19:06 - 00001787 ____A C:\Users\All Users\Desktop\avast! Free Antivirus.lnk

2012-07-09 19:04 - 2012-07-09 18:56 - 89340632 ____A C:\Users\Nick\Downloads\avast_free_antivirus_setup.exe

2012-07-09 18:52 - 2012-07-09 18:52 - 00231390 ____A C:\Users\Nick\Downloads\RootkitRevealer.zip

2012-07-09 18:50 - 2012-07-09 18:50 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Nick\Downloads\tdsskiller.exe

2012-07-09 18:13 - 2012-07-09 18:13 - 00607260 ____R (Swearware) C:\Users\Nick\Downloads\dds.scr

2012-07-09 18:06 - 2012-07-08 15:50 - 00009353 ____A C:\Users\Nick\Downloads\hijackthis.log

2012-07-09 17:57 - 2006-11-02 04:34 - 00442985 ___RA C:\Windows\System32\Drivers\etc\hosts.20120709-210124.backup

2012-07-09 16:49 - 2011-04-14 21:24 - 00394768 ____A C:\Users\Nick\Local Settings\GDIPFONTCACHEV1.DAT

2012-07-09 16:49 - 2011-04-14 21:24 - 00394768 ____A C:\Users\Nick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2012-07-09 16:49 - 2011-04-14 21:24 - 00394768 ____A C:\Users\Nick\AppData\Local\GDIPFONTCACHEV1.DAT

2012-07-09 15:25 - 2012-07-09 14:23 - 716484608 ____A C:\Users\Nick\Downloads\xubuntu-12.04-alternate-amd64.iso

2012-07-09 13:59 - 2008-12-11 14:38 - 00000682 ____A C:\updatedatfix.log

2012-07-09 11:19 - 2012-07-09 11:18 - 04731392 ____A (AVAST Software) C:\Users\Nick\Downloads\aswMBR.exe

2012-07-09 11:14 - 2012-07-09 11:14 - 00001205 ____A C:\Users\Nick\Downloads\FixNCR.reg

2012-07-08 22:00 - 2012-07-08 21:59 - 06236280 ____A (Lavasoft Limited) C:\Users\Nick\Downloads\Adaware_Installer(1).exe

2012-07-08 21:49 - 2012-07-08 21:49 - 00000012 ____A C:\Users\Nick\Downloads\FSSC.dat

2012-07-08 21:43 - 2012-07-08 21:43 - 06236280 ____A (Lavasoft Limited) C:\Users\Nick\Downloads\Adaware_Installer.exe

2012-07-08 20:52 - 2011-04-15 00:59 - 00001460 ____A C:\Users\Nick\Local Settings\d3d9caps64.dat

2012-07-08 20:52 - 2011-04-15 00:59 - 00001460 ____A C:\Users\Nick\Local Settings\Application Data\d3d9caps64.dat

2012-07-08 20:52 - 2011-04-15 00:59 - 00001460 ____A C:\Users\Nick\AppData\Local\d3d9caps64.dat

2012-07-08 20:36 - 2011-05-26 04:34 - 00001129 ____A C:\Users\Nick\Desktop\Spybot - Search & Destroy.lnk

2012-07-08 15:38 - 2012-07-08 15:38 - 00388608 ____A (Trend Micro Inc.) C:\Users\Nick\Downloads\HijackThis.exe

2012-07-08 07:43 - 2012-07-08 06:43 - 358405242 ____A C:\Users\Nick\Downloads\video.mkv

2012-07-08 04:01 - 2012-07-08 04:01 - 00670875 ____A C:\Users\Nick\Downloads\com_jcomments_v2.3.0.zip

2012-07-08 02:41 - 2012-07-08 02:41 - 00014239 ____A C:\Users\Nick\Downloads\mod_simplereset_v2.0.2.zip

2012-07-07 01:48 - 2012-07-07 01:47 - 20867007 ____A C:\Users\Nick\Downloads\mono-social-icons.zip

2012-07-06 16:33 - 2012-07-06 16:33 - 00039511 ____A C:\Users\Nick\Downloads\com_test-1.0.0.zip

2012-07-06 16:08 - 2012-07-06 16:08 - 02463779 ____A (HTMLKit.com ) C:\Users\Nick\Downloads\HKSetup.exe

2012-07-06 16:08 - 2012-07-06 16:08 - 00001067 ____A C:\Users\Public\Desktop\HTML-Kit.lnk

2012-07-06 16:08 - 2012-07-06 16:08 - 00001067 ____A C:\Users\All Users\Desktop\HTML-Kit.lnk

2012-07-06 14:54 - 2012-07-06 14:54 - 00079219 ____A C:\Users\Nick\Downloads\libtidy.7z

2012-07-06 13:23 - 2012-07-06 13:23 - 00000018 ____A C:\Users\Nick\My Documents\hotard.txt

2012-07-06 13:23 - 2012-07-06 13:23 - 00000018 ____A C:\Users\Nick\Documents\hotard.txt

2012-07-05 19:50 - 2012-07-05 19:50 - 00612528 ____A C:\Users\Nick\Downloads\com_acesef_j25_basic.zip

2012-07-05 19:42 - 2012-07-05 19:42 - 00622771 ____A C:\Users\Nick\Downloads\com_acesef_j15_basic.zip

2012-07-05 18:44 - 2012-07-05 18:44 - 00002996 ____A C:\Users\Nick\Downloads\ext_acesef_jdownloads-free.zip

2012-07-05 11:38 - 2012-07-05 11:38 - 00938135 ____A C:\Users\Nick\Downloads\com_joomsef4-4.2.8.zip

2012-07-05 08:53 - 2012-07-05 08:53 - 01814569 ____A C:\Users\Nick\Downloads\com_jdownloads_1.9.0_stable_927.zip

2012-07-05 07:55 - 2012-07-05 07:55 - 00801967 ____A C:\Users\Nick\Downloads\com_phocadownload_v2.1.6.zip

2012-07-05 05:54 - 2012-07-05 05:54 - 00598982 ____A C:\Users\Nick\Downloads\Chronoforms_V4_RC3.4.1_J1.6.zip

2012-07-05 05:11 - 2012-07-05 05:11 - 00177888 ____A C:\Users\Nick\Downloads\bizblue(1).zip

2012-07-04 23:45 - 2012-07-04 23:45 - 00498180 ____A C:\Users\Nick\Downloads\com_admintools-2.2.9-core.zip

2012-07-04 23:43 - 2012-07-04 23:43 - 00024453 ____A C:\Users\Nick\Downloads\admintools-en-GB-j15.zip

2012-07-04 23:38 - 2012-07-04 23:38 - 04266487 ____A C:\Users\Nick\Downloads\Joomla_1.5.0_to_1.5.26-Stable-Patch_Package.zip

2012-07-04 16:21 - 2012-07-04 16:20 - 15867904 ____A C:\Users\Nick\Downloads\python-2.7.3.msi

2012-07-04 14:02 - 2012-07-04 14:02 - 00001547 ____A C:\Users\Nick\My Documents\jamie_sms.txt

2012-07-04 14:02 - 2012-07-04 14:02 - 00001547 ____A C:\Users\Nick\Documents\jamie_sms.txt

2012-07-04 13:22 - 2012-07-04 13:21 - 19704432 ____A (Wondershare ) C:\Users\Nick\Downloads\mobilego_full818.exe

2012-07-04 13:21 - 2012-07-04 13:21 - 00000000 ____A C:\Users\Nick\Downloads\veryandroid-sms-backup.zip.crdownload

2012-07-04 12:32 - 2011-04-15 01:00 - 00000456 ____A C:\Windows\Tasks\PCDRScheduledMaintenance.job

2012-07-03 10:46 - 2011-05-20 08:35 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-07-03 08:21 - 2012-07-09 19:06 - 00958400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys

2012-07-03 08:21 - 2012-07-09 19:06 - 00355856 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys

2012-07-03 08:21 - 2012-07-09 19:06 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe

2012-07-03 08:21 - 2012-07-09 19:06 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe

2012-07-03 08:21 - 2012-07-09 19:06 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys

2012-07-03 08:21 - 2012-07-09 19:06 - 00044272 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys

2012-07-03 08:21 - 2012-07-09 19:06 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr

2012-07-03 08:21 - 2012-07-09 19:06 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys

2012-07-02 04:46 - 2012-07-02 04:46 - 01853160 ____A C:\Users\Nick\Downloads\cakephp-cakephp-2.2.0-RC2-0-g3908f06.zip

2012-07-02 04:42 - 2012-07-02 04:42 - 00349477 ____A C:\Users\Nick\Downloads\cake_1.1.20.7692.zip

2012-07-02 04:41 - 2012-07-02 04:40 - 08147131 ____A C:\Users\Nick\Downloads\p4a-3.8.4.zip

2012-07-01 05:19 - 2012-07-01 05:19 - 00006191 ____A C:\Users\Nick\Downloads\plg_recaptcha.8.tar.gz

2012-06-30 04:54 - 2012-06-30 04:52 - 00000550 ____A C:\Users\Nick\My Documents\recaptchamail.html

2012-06-30 04:54 - 2012-06-30 04:52 - 00000550 ____A C:\Users\Nick\Documents\recaptchamail.html

2012-06-26 13:14 - 2012-06-26 13:14 - 00099188 ____A C:\Users\Nick\Downloads\pkg_itpmeta_v2.2-J1.6.zip

2012-06-26 13:09 - 2012-06-26 13:09 - 00004484 ____A C:\Users\Nick\Downloads\jostag_plugin_for_2.5.zip

2012-06-26 13:03 - 2012-06-26 13:03 - 00917701 ____A C:\Users\Nick\Downloads\com_joomsef4-4.2.7.zip

2012-06-26 11:20 - 2012-06-26 11:20 - 00199695 ____A C:\Users\Nick\Downloads\ForumPostAssistant-FPA-fpa-en-v1.2.0Beta-34-g902eed8.zip

2012-06-25 21:57 - 2012-06-25 21:57 - 00029761 ____A C:\Users\Nick\Downloads\plugin_jw_ts-v2.5_j1.5-2.5.zip

2012-06-25 21:20 - 2012-06-25 21:20 - 00509458 ____A C:\Users\Nick\Downloads\com_swmenufree7.2_J2.5.zip

2012-06-25 21:06 - 2012-06-25 21:06 - 00106072 ____A C:\Users\Nick\Downloads\mtupgrade.zip

2012-06-25 21:01 - 2012-06-25 21:01 - 00365535 ____A C:\Users\Nick\Downloads\com_jupgrade-2.5.1.zip

2012-06-25 19:17 - 2012-06-25 19:17 - 00411614 ____A C:\Users\Nick\Local Settings\dd_vcredistMSI7D2A.txt

2012-06-25 19:17 - 2012-06-25 19:17 - 00411614 ____A C:\Users\Nick\Local Settings\Application Data\dd_vcredistMSI7D2A.txt

2012-06-25 19:17 - 2012-06-25 19:17 - 00411614 ____A C:\Users\Nick\AppData\Local\dd_vcredistMSI7D2A.txt

2012-06-25 19:17 - 2012-06-25 19:17 - 00012260 ____A C:\Users\Nick\Local Settings\dd_vcredistUI7D2A.txt

2012-06-25 19:17 - 2012-06-25 19:17 - 00012260 ____A C:\Users\Nick\Local Settings\Application Data\dd_vcredistUI7D2A.txt

2012-06-25 19:17 - 2012-06-25 19:17 - 00012260 ____A C:\Users\Nick\AppData\Local\dd_vcredistUI7D2A.txt

2012-06-25 19:17 - 2012-06-25 19:09 - 127714061 ____A C:\Users\Nick\Downloads\scriptcase_install_en_us_v6.0.022.exe

2012-06-25 15:12 - 2012-06-25 15:11 - 00000198 ____A C:\Windows\ODBC.INI

2012-06-25 15:10 - 2012-06-25 15:10 - 03908968 ____A (Thraex Software) C:\Users\Nick\Downloads\aiw.exe

2012-06-25 15:08 - 2012-06-25 15:08 - 00466944 ____A (WeOnlyDo! COM) C:\Windows\SysWOW64\wodSFTP.ocx

2012-06-25 15:04 - 2012-06-25 15:00 - 89166769 ____A C:\Users\Nick\Downloads\CCS_5.0.0.16254.exe

2012-06-25 14:29 - 2012-06-25 14:28 - 25983805 ____A (e.World Technology Limited) C:\Users\Nick\Downloads\phpmkr.exe

2012-06-24 05:53 - 2012-06-24 05:53 - 00000919 ____A C:\Users\Nick\Desktop\ASPRunner Professional 7.1.lnk

2012-06-24 05:52 - 2012-06-24 05:51 - 30256712 ____A (Xlinesoft.com ) C:\Users\Nick\Downloads\asprunnerpro-setup.exe

2012-06-24 03:50 - 2012-06-24 03:50 - 00020911 ____A C:\Users\Nick\Downloads\phpsim_beta1.tar.gz

2012-06-24 03:42 - 2012-06-24 03:42 - 00077829 ____A C:\Users\Nick\Downloads\php-setup-wizard.zip

2012-06-23 00:15 - 2012-06-23 00:15 - 00104672 ____A (Microsoft Corporation) C:\Users\Nick\Downloads\VWD11AzurePack_RC.3f.3f.3fnew.exe

2012-06-22 22:41 - 2012-06-22 22:41 - 02344960 ____A C:\Users\Nick\Downloads\kdewin-installer-gui-latest.exe

2012-06-20 06:19 - 2012-06-20 06:02 - 00001467 ____A C:\Users\Nick\My Documents\nubuilder errors.txt

2012-06-20 06:19 - 2012-06-20 06:02 - 00001467 ____A C:\Users\Nick\Documents\nubuilder errors.txt

2012-06-20 05:54 - 2012-06-20 05:54 - 04472121 ____A (CamStudio Open Source Dev Team ) C:\Users\Nick\Downloads\CamStudio_Setup_v2.6b_r294_(build_24Oct2010).exe

2012-06-20 05:54 - 2012-06-20 05:54 - 00000816 ____A C:\Users\Public\Desktop\CamStudio-Recorder.lnk

2012-06-20 05:54 - 2012-06-20 05:54 - 00000816 ____A C:\Users\All Users\Desktop\CamStudio-Recorder.lnk

2012-06-20 04:43 - 2012-06-20 04:42 - 22792488 ____A C:\Users\Nick\Downloads\nubuilder-12.06.05.zip

2012-06-18 07:00 - 2012-06-18 06:59 - 33772488 ____A (Xlinesoft.com ) C:\Users\Nick\Downloads\phprunner-setup.exe

2012-06-18 06:20 - 2012-06-18 06:20 - 00000579 ____A C:\Users\Nick\Downloads\xatD73B.tmp.tar.gz

2012-06-18 06:12 - 2012-06-18 06:12 - 00000560 ____A C:\Users\Nick\Desktop\XAMPP.lnk

2012-06-18 05:34 - 2012-06-18 05:34 - 01377058 ____A C:\Users\Nick\Downloads\PSTools.zip

2012-06-18 05:23 - 2011-09-02 01:02 - 00002413 ____A C:\Users\Public\Desktop\Skype.lnk

2012-06-18 05:23 - 2011-09-02 01:02 - 00002413 ____A C:\Users\All Users\Desktop\Skype.lnk

2012-06-18 04:49 - 2012-06-18 04:37 - 156604674 ____A C:\Users\Nick\Downloads\xampp-win32-1.7.7-VC9.zip

2012-06-18 04:26 - 2012-06-18 04:25 - 00585492 ____A C:\Users\Nick\Local Settings\dd_vcredistMSI2F6F.txt

2012-06-18 04:26 - 2012-06-18 04:25 - 00585492 ____A C:\Users\Nick\Local Settings\Application Data\dd_vcredistMSI2F6F.txt

2012-06-18 04:26 - 2012-06-18 04:25 - 00585492 ____A C:\Users\Nick\AppData\Local\dd_vcredistMSI2F6F.txt

2012-06-18 04:26 - 2012-06-18 04:25 - 00014302 ____A C:\Users\Nick\Local Settings\dd_vcredistUI2F6F.txt

2012-06-18 04:26 - 2012-06-18 04:25 - 00014302 ____A C:\Users\Nick\Local Settings\Application Data\dd_vcredistUI2F6F.txt

2012-06-18 04:26 - 2012-06-18 04:25 - 00014302 ____A C:\Users\Nick\AppData\Local\dd_vcredistUI2F6F.txt

2012-06-18 04:25 - 2012-06-18 04:25 - 04216840 ____A (Microsoft Corporation) C:\Users\Nick\Downloads\vcredist_x86.exe

2012-06-18 04:14 - 2012-06-18 04:09 - 84881998 ____A C:\Users\Nick\Downloads\xampp-win32-1.7.7-VC9-installer.exe

2012-06-18 03:46 - 2012-06-18 03:45 - 04602459 ____A C:\Users\Nick\Downloads\xataface-1.3.2.zip

2012-06-16 04:49 - 2012-06-16 04:49 - 00000062 ____A C:\Users\Nick\My Documents\jgauto2.txt

2012-06-16 04:49 - 2012-06-16 04:49 - 00000062 ____A C:\Users\Nick\Documents\jgauto2.txt

2012-06-14 13:01 - 2012-06-14 13:01 - 00000859 ____A C:\Users\Nick\Downloads\enabledisabledesktopicons.zip

2012-06-14 12:55 - 2012-06-14 12:55 - 00001405 ____A C:\Users\Nick\Downloads\enabledisabledesktopicons.vbs

2012-06-14 03:58 - 2012-06-14 03:57 - 04692341 ____A C:\Users\Nick\Downloads\Xinha-0.96.1.zip

2012-06-13 05:58 - 2012-07-14 07:08 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-06-12 13:50 - 2012-06-12 13:49 - 12725464 ____A C:\Users\Nick\Downloads\GameMaker-Installer-8.1.exe

2012-06-12 08:57 - 2012-03-06 10:10 - 00011816 ____A C:\Users\Nick\My Documents\jgauto.odt

2012-06-12 08:57 - 2012-03-06 10:10 - 00011816 ____A C:\Users\Nick\Documents\jgauto.odt

2012-06-11 03:03 - 2012-06-11 03:00 - 27568485 ____A C:\Users\Nick\Downloads\Sens3s_The_Art_of_Understanding_2011_11_16_0752.zip

2012-06-11 02:33 - 2012-06-11 02:34 - 00021762 ____A C:\Users\Nick\Downloads\comparelist.mfa

2012-06-11 02:30 - 2012-06-11 02:30 - 00327687 ____A C:\Users\Nick\Downloads\cigarettesmoke.mfa

2012-06-11 01:18 - 2012-06-11 01:18 - 00748246 ____A ( ) C:\Users\Nick\Downloads\reshack_setup.exe

2012-06-11 01:16 - 2012-06-11 01:15 - 00000239 ____A C:\Windows\w32demo8.ini

2012-06-10 23:15 - 2012-06-10 23:14 - 00472436 ____A C:\Users\Nick\Local Settings\dd_vcredistMSI1E4B.txt

2012-06-10 23:15 - 2012-06-10 23:14 - 00472436 ____A C:\Users\Nick\Local Settings\Application Data\dd_vcredistMSI1E4B.txt

2012-06-10 23:15 - 2012-06-10 23:14 - 00472436 ____A C:\Users\Nick\AppData\Local\dd_vcredistMSI1E4B.txt

2012-06-10 23:15 - 2012-06-10 23:14 - 00012986 ____A C:\Users\Nick\Local Settings\dd_vcredistUI1E4B.txt

2012-06-10 23:15 - 2012-06-10 23:14 - 00012986 ____A C:\Users\Nick\Local Settings\Application Data\dd_vcredistUI1E4B.txt

2012-06-10 23:15 - 2012-06-10 23:14 - 00012986 ____A C:\Users\Nick\AppData\Local\dd_vcredistUI1E4B.txt

2012-06-10 23:02 - 2012-06-10 22:48 - 151801119 ____A C:\Users\Nick\Downloads\Apache_OpenOffice_incubating_3.4.0_Win_x86_install_en-US.exe

2012-06-10 18:35 - 2012-06-10 18:35 - 00365755 ____A C:\Users\Nick\Downloads\Application.zip

2012-06-09 22:42 - 2012-06-09 22:42 - 01069703 ____A C:\Users\Nick\Downloads\cryptopp561.zip

2012-06-09 18:21 - 2012-06-09 18:21 - 00006684 ____A C:\Users\Nick\Downloads\Sparkles.zip

2012-06-09 16:45 - 2012-06-09 16:44 - 07266635 ____A C:\Users\Nick\Downloads\sqlitebrowser_200_b1_win.zip

2012-06-09 11:48 - 2012-06-09 11:48 - 00010019 ____A C:\Users\Nick\My Documents\test.ini

2012-06-09 11:48 - 2012-06-09 11:48 - 00010019 ____A C:\Users\Nick\Documents\test.ini

2012-06-08 20:44 - 2012-06-08 20:43 - 00001535 ___AH C:\Windows\EPMBatch.ept

2012-06-08 20:07 - 2012-06-08 19:58 - 99250776 ____A (CHENGDU YIWO Tech Development Co., Ltd ) C:\Users\Nick\Downloads\tb_free.exe

2012-06-08 19:54 - 2012-06-08 19:52 - 12086624 ____A (EaseUS ) C:\Users\Nick\Downloads\epm.exe

2012-06-08 19:44 - 2012-06-08 19:44 - 00007984 ____A C:\MbrFix.htm

2012-06-08 19:43 - 2012-06-08 19:43 - 00042285 ____A C:\Users\Nick\Downloads\mbrfix.zip

2012-06-08 19:10 - 2012-06-08 19:09 - 05507952 ____A (Microsoft Corporation) C:\Users\Nick\Downloads\SSCERuntime-ENU.exe

2012-06-08 19:05 - 2012-06-08 19:05 - 00461004 ____A C:\Users\Nick\Local Settings\dd_vcredistMSI43A8.txt

2012-06-08 19:05 - 2012-06-08 19:05 - 00461004 ____A C:\Users\Nick\Local Settings\Application Data\dd_vcredistMSI43A8.txt

2012-06-08 19:05 - 2012-06-08 19:05 - 00461004 ____A C:\Users\Nick\AppData\Local\dd_vcredistMSI43A8.txt

2012-06-08 19:05 - 2012-06-08 19:05 - 00011642 ____A C:\Users\Nick\Local Settings\dd_vcredistUI43A8.txt

2012-06-08 19:05 - 2012-06-08 19:05 - 00011642 ____A C:\Users\Nick\Local Settings\Application Data\dd_vcredistUI43A8.txt

2012-06-08 19:05 - 2012-06-08 19:05 - 00011642 ____A C:\Users\Nick\AppData\Local\dd_vcredistUI43A8.txt

2012-06-08 10:55 - 2012-06-08 10:18 - 225724842 ____A C:\Users\Nick\Downloads\HDI-MSDN-ITPro-winvideo-Introduction_to_Visual_Cpp_2008_Express_Edition.zip

2012-06-08 09:59 - 2012-07-11 02:42 - 12899840 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-06-08 09:47 - 2012-07-11 02:42 - 11586048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-06-08 06:53 - 2012-06-08 06:53 - 00888280 ____A C:\Users\Nick\Downloads\TICPP-2nd-ed-Vol-one.zip

2012-06-08 06:53 - 2012-06-08 06:52 - 01015742 ____A C:\Users\Nick\Downloads\TICPP-2nd-ed-Vol-two.zip

2012-06-08 06:44 - 2012-06-03 04:25 - 01479504 ____A C:\Users\Nick\Local Settings\dd_install_vc_xcor_100.txt

2012-06-08 06:44 - 2012-06-03 04:25 - 01479504 ____A C:\Users\Nick\Local Settings\Application Data\dd_install_vc_xcor_100.txt

2012-06-08 06:44 - 2012-06-03 04:25 - 01479504 ____A C:\Users\Nick\AppData\Local\dd_install_vc_xcor_100.txt

2012-06-08 06:41 - 2012-06-08 06:41 - 00000985 ____A C:\Users\Nick\Desktop\Microsoft Visual C++ 2010 Express.lnk

2012-06-08 06:32 - 2012-06-08 06:32 - 01848036 ____A C:\Users\Nick\Local Settings\dd_netfx_dtp02CF.txt

2012-06-08 06:32 - 2012-06-08 06:32 - 01848036 ____A C:\Users\Nick\Local Settings\Application Data\dd_netfx_dtp02CF.txt

2012-06-08 06:32 - 2012-06-08 06:32 - 01848036 ____A C:\Users\Nick\AppData\Local\dd_netfx_dtp02CF.txt

2012-06-08 06:32 - 2012-06-03 04:25 - 00226266 ____A C:\Users\Nick\Local Settings\dd_depcheck_VC_EXP_100.txt

2012-06-08 06:32 - 2012-06-03 04:25 - 00226266 ____A C:\Users\Nick\Local Settings\Application Data\dd_depcheck_VC_EXP_100.txt

2012-06-08 06:32 - 2012-06-03 04:25 - 00226266 ____A C:\Users\Nick\AppData\Local\dd_depcheck_VC_EXP_100.txt

2012-06-08 06:31 - 2012-06-08 06:30 - 01159768 ____A C:\Users\Nick\Local Settings\dd_vsexpbsln64_10001EE.txt

2012-06-08 06:31 - 2012-06-08 06:30 - 01159768 ____A C:\Users\Nick\Local Settings\Application Data\dd_vsexpbsln64_10001EE.txt

2012-06-08 06:31 - 2012-06-08 06:30 - 01159768 ____A C:\Users\Nick\AppData\Local\dd_vsexpbsln64_10001EE.txt

2012-06-08 06:30 - 2012-06-03 04:25 - 00000840 ____A C:\Users\Nick\Local Settings\dd_error_vc_xcor_100.txt

2012-06-08 06:30 - 2012-06-03 04:25 - 00000840 ____A C:\Users\Nick\Local Settings\Application Data\dd_error_vc_xcor_100.txt

2012-06-08 06:30 - 2012-06-03 04:25 - 00000840 ____A C:\Users\Nick\AppData\Local\dd_error_vc_xcor_100.txt

2012-06-08 06:23 - 2011-04-15 01:49 - 00875718 ____A C:\Windows\SysWOW64\PerfStringBackup.INI

2012-06-08 06:18 - 2012-06-08 06:18 - 05350616 ____A (Microsoft Corporation) C:\Users\Nick\Downloads\Windows8-ReleasePreview-UpgradeAssistant.exe

2012-06-08 06:15 - 2012-06-08 06:14 - 00445634 ____A C:\Users\Nick\Local Settings\dd_VC_Red_MSI75AC.txt

2012-06-08 06:15 - 2012-06-08 06:14 - 00445634 ____A C:\Users\Nick\Local Settings\Application Data\dd_VC_Red_MSI75AC.txt

2012-06-08 06:15 - 2012-06-08 06:14 - 00445634 ____A C:\Users\Nick\AppData\Local\dd_VC_Red_MSI75AC.txt

2012-06-08 06:14 - 2012-06-08 06:14 - 00322010 ____A C:\Users\Nick\Local Settings\dd_dw20shared_x86_msi7591.txt

2012-06-08 06:14 - 2012-06-08 06:14 - 00322010 ____A C:\Users\Nick\Local Settings\Application Data\dd_dw20shared_x86_msi7591.txt

2012-06-08 06:14 - 2012-06-08 06:14 - 00322010 ____A C:\Users\Nick\AppData\Local\dd_dw20shared_x86_msi7591.txt

2012-06-08 03:02 - 2012-06-08 03:02 - 03418313 ____A C:\Users\Nick\Downloads\phplist-2.10.18.zip

2012-06-08 01:40 - 2012-06-08 01:40 - 00000879 ____A C:\Users\Nick\Desktop\Patch Maker.lnk

2012-06-07 22:01 - 2011-08-31 13:26 - 00000979 ____A C:\Users\Nick\Desktop\HelpNDoc 3.lnk

2012-06-07 21:31 - 2012-06-07 21:31 - 00955848 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll

2012-06-07 21:31 - 2012-06-07 21:31 - 00268744 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe

2012-06-07 21:31 - 2012-02-25 05:50 - 00189384 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe

2012-06-07 21:31 - 2012-02-25 05:50 - 00188872 ____A (Oracle Corporation) C:\Windows\System32\java.exe

2012-06-07 21:31 - 2011-11-17 12:18 - 00839112 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll

2012-06-07 15:43 - 2012-06-07 15:33 - 175831837 ____A C:\Users\Nick\Downloads\MoSyncWindows-3.0.2.exe

2012-06-05 12:14 - 2011-05-02 19:23 - 00000772 ____A C:\Users\Public\Desktop\CCleaner.lnk

2012-06-05 12:14 - 2011-05-02 19:23 - 00000772 ____A C:\Users\All Users\Desktop\CCleaner.lnk

2012-06-05 12:03 - 2012-06-05 11:47 - 00003284 ____A C:\Users\Nick\My Documents\response.txt

2012-06-05 12:03 - 2012-06-05 11:47 - 00003284 ____A C:\Users\Nick\Documents\response.txt

2012-06-05 08:47 - 2012-07-11 02:42 - 01401856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-06-05 08:47 - 2012-07-11 02:42 - 01248768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-06-05 08:22 - 2012-07-11 02:42 - 01869824 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-06-05 08:22 - 2012-07-11 02:42 - 01797120 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-06-04 13:59 - 2012-06-05 12:47 - 00001048 ____A C:\Users\Nick\Desktop\Dispatcher.lnk

2012-06-04 13:59 - 2012-06-04 13:58 - 02307111 ____A C:\Users\Nick\Downloads\Dispatcher_Setup.exe

2012-06-04 13:33 - 2012-05-29 21:26 - 00869574 ____A C:\Users\Nick\Local Settings\dd_install_vcs_xcor_100.txt

2012-06-04 13:33 - 2012-05-29 21:26 - 00869574 ____A C:\Users\Nick\Local Settings\Application Data\dd_install_vcs_xcor_100.txt

2012-06-04 13:33 - 2012-05-29 21:26 - 00869574 ____A C:\Users\Nick\AppData\Local\dd_install_vcs_xcor_100.txt

2012-06-04 13:31 - 2012-05-29 21:26 - 00250953 ____A C:\Users\Nick\Local Settings\dd_depcheck_VCS_EXP_100.txt

2012-06-04 13:31 - 2012-05-29 21:26 - 00250953 ____A C:\Users\Nick\Local Settings\Application Data\dd_depcheck_VCS_EXP_100.txt

2012-06-04 13:31 - 2012-05-29 21:26 - 00250953 ____A C:\Users\Nick\AppData\Local\dd_depcheck_VCS_EXP_100.txt

2012-06-04 08:00 - 2011-04-19 20:39 - 00023076 ____A C:\Windows\System32\lvcoinst.log

2012-06-04 07:29 - 2012-07-11 02:42 - 00516480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-06-03 14:30 - 2012-06-03 14:30 - 00729732 ____A C:\Users\Nick\Local Settings\dd_HelpSetup_MSI6A11.txt

2012-06-03 14:30 - 2012-06-03 14:30 - 00729732 ____A C:\Users\Nick\Local Settings\Application Data\dd_HelpSetup_MSI6A11.txt

2012-06-03 14:30 - 2012-06-03 14:30 - 00729732 ____A C:\Users\Nick\AppData\Local\dd_HelpSetup_MSI6A11.txt

2012-06-03 14:30 - 2012-06-03 14:30 - 00012382 ____A C:\Users\Nick\Local Settings\dd_HelpSetup_UI6A11.txt

2012-06-03 14:30 - 2012-06-03 14:30 - 00012382 ____A C:\Users\Nick\Local Settings\Application Data\dd_HelpSetup_UI6A11.txt

2012-06-03 14:30 - 2012-06-03 14:30 - 00012382 ____A C:\Users\Nick\AppData\Local\dd_HelpSetup_UI6A11.txt

2012-06-03 14:30 - 2012-06-03 14:29 - 01078960 ____A C:\Users\Nick\Local Settings\dd_vstor40_x64MSI697E.txt

2012-06-03 14:30 - 2012-06-03 14:29 - 01078960 ____A C:\Users\Nick\Local Settings\Application Data\dd_vstor40_x64MSI697E.txt

2012-06-03 14:30 - 2012-06-03 14:29 - 01078960 ____A C:\Users\Nick\AppData\Local\dd_vstor40_x64MSI697E.txt

2012-06-03 14:30 - 2012-06-03 14:29 - 00012382 ____A C:\Users\Nick\Local Settings\dd_vstor40_x64UI697E.txt

2012-06-03 14:30 - 2012-06-03 14:29 - 00012382 ____A C:\Users\Nick\Local Settings\Application Data\dd_vstor40_x64UI697E.txt

2012-06-03 14:30 - 2012-06-03 14:29 - 00012382 ____A C:\Users\Nick\AppData\Local\dd_vstor40_x64UI697E.txt

2012-06-03 04:24 - 2012-06-03 04:24 - 00322034 ____A C:\Users\Nick\Local Settings\dd_SqlPubWiz_14_msi1AB3.txt

2012-06-03 04:24 - 2012-06-03 04:24 - 00322034 ____A C:\Users\Nick\Local Settings\Application Data\dd_SqlPubWiz_14_msi1AB3.txt

2012-06-03 04:24 - 2012-06-03 04:24 - 00322034 ____A C:\Users\Nick\AppData\Local\dd_SqlPubWiz_14_msi1AB3.txt

2012-06-03 04:24 - 2012-06-03 04:24 - 00126706 ____A C:\Users\Nick\Local Settings\dd_AspNetMVC2.msi1AA3.txt

2012-06-03 04:24 - 2012-06-03 04:24 - 00126706 ____A C:\Users\Nick\Local Settings\Application Data\dd_AspNetMVC2.msi1AA3.txt

2012-06-03 04:24 - 2012-06-03 04:24 - 00126706 ____A C:\Users\Nick\AppData\Local\dd_AspNetMVC2.msi1AA3.txt

2012-06-03 04:24 - 2012-06-03 04:23 - 00441022 ____A C:\Users\Nick\Local Settings\dd_VWD2010ToolsMVC2.msi1983.txt

2012-06-03 04:24 - 2012-06-03 04:23 - 00441022 ____A C:\Users\Nick\Local Settings\Application Data\dd_VWD2010ToolsMVC2.msi1983.txt

2012-06-03 04:24 - 2012-06-03 04:23 - 00441022 ____A C:\Users\Nick\AppData\Local\dd_VWD2010ToolsMVC2.msi1983.txt

2012-06-03 04:24 - 2012-06-03 04:05 - 00489040 ____A C:\Users\Nick\Local Settings\dd_install_vns_xcor_100.txt

2012-06-03 04:24 - 2012-06-03 04:05 - 00489040 ____A C:\Users\Nick\Local Settings\Application Data\dd_install_vns_xcor_100.txt

2012-06-03 04:24 - 2012-06-03 04:05 - 00489040 ____A C:\Users\Nick\AppData\Local\dd_install_vns_xcor_100.txt

2012-06-03 04:23 - 2012-06-03 04:23 - 00449298 ____A C:\Users\Nick\Local Settings\dd_WebDeploy_x64_en-US.msi1966.txt

2012-06-03 04:23 - 2012-06-03 04:23 - 00449298 ____A C:\Users\Nick\Local Settings\Application Data\dd_WebDeploy_x64_en-US.msi1966.txt

2012-06-03 04:23 - 2012-06-03 04:23 - 00449298 ____A C:\Users\Nick\AppData\Local\dd_WebDeploy_x64_en-US.msi1966.txt

2012-06-03 04:17 - 2012-06-03 04:17 - 00318168 ____A C:\Users\Nick\Local Settings\dd_vc_runtime_x86_msi1503.txt

2012-06-03 04:17 - 2012-06-03 04:17 - 00318168 ____A C:\Users\Nick\Local Settings\Application Data\dd_vc_runtime_x86_msi1503.txt

2012-06-03 04:17 - 2012-06-03 04:17 - 00318168 ____A C:\Users\Nick\AppData\Local\dd_vc_runtime_x86_msi1503.txt

2012-06-03 04:17 - 2012-06-03 04:05 - 00166712 ____A C:\Users\Nick\Local Settings\dd_depcheck_VNS_EXP_100.txt

2012-06-03 04:17 - 2012-06-03 04:05 - 00166712 ____A C:\Users\Nick\Local Settings\Application Data\dd_depcheck_VNS_EXP_100.txt

2012-06-03 04:17 - 2012-06-03 04:05 - 00166712 ____A C:\Users\Nick\AppData\Local\dd_depcheck_VNS_EXP_100.txt

2012-06-03 04:05 - 2012-06-03 04:05 - 00000002 ____A C:\Users\Nick\Local Settings\dd_error_vns_xcor_100.txt

2012-06-03 04:05 - 2012-06-03 04:05 - 00000002 ____A C:\Users\Nick\Local Settings\Application Data\dd_error_vns_xcor_100.txt

2012-06-03 04:05 - 2012-06-03 04:05 - 00000002 ____A C:\Users\Nick\AppData\Local\dd_error_vns_xcor_100.txt

2012-06-03 03:57 - 2012-06-03 03:57 - 00100192 ____A (Microsoft Corporation) C:\Users\Nick\Downloads\vwd.exe

2012-06-03 03:57 - 2012-06-03 03:56 - 03324232 ____A (Microsoft Corporation) C:\Users\Nick\Downloads\vc_web.exe

2012-06-02 14:19 - 2012-06-20 19:37 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-02 14:19 - 2012-06-20 19:37 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-02 14:19 - 2012-06-20 19:37 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-02 14:19 - 2012-06-20 19:36 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-02 14:19 - 2012-06-20 19:36 - 00577048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2012-06-02 14:19 - 2012-06-20 19:36 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-02 14:19 - 2012-06-20 19:36 - 00035864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2012-06-02 14:15 - 2012-06-20 19:37 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-02 14:15 - 2012-06-20 19:36 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-02 14:12 - 2012-06-20 19:36 - 00088576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2012-06-02 12:19 - 2012-06-20 19:36 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-02 12:19 - 2012-06-20 19:36 - 00171904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2012-06-02 12:15 - 2012-06-20 19:36 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-02 12:12 - 2012-06-20 19:36 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2012-06-02 04:49 - 2012-07-14 07:09 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-06-02 04:17 - 2012-07-14 07:09 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-06-02 04:12 - 2012-07-14 07:09 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-06-02 04:05 - 2012-07-14 07:09 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-06-02 04:05 - 2012-07-14 07:09 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-06-02 04:04 - 2012-07-14 07:09 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-06-02 04:04 - 2012-07-14 07:09 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-06-02 04:03 - 2012-07-14 07:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-06-02 04:01 - 2012-07-14 07:09 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-06-02 04:00 - 2012-07-14 07:09 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-06-02 03:59 - 2012-07-14 07:09 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-06-02 03:57 - 2012-07-14 07:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-06-02 03:57 - 2012-07-14 07:09 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-06-02 03:54 - 2012-07-14 07:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-06-02 01:07 - 2012-07-14 07:09 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-06-02 00:43 - 2012-07-14 07:09 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-06-02 00:33 - 2012-07-14 07:09 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-06-02 00:26 - 2012-07-14 07:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-06-02 00:25 - 2012-07-14 07:09 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-06-02 00:25 - 2012-07-14 07:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-06-02 00:23 - 2012-07-14 07:09 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-06-02 00:21 - 2012-07-14 07:09 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-06-02 00:20 - 2012-07-14 07:09 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-06-02 00:19 - 2012-07-14 07:09 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-06-02 00:19 - 2012-07-14 07:09 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-06-02 00:17 - 2012-07-14 07:09 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-06-02 00:16 - 2012-07-14 07:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-06-02 00:14 - 2012-07-14 07:09 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-06-01 16:22 - 2012-07-11 02:42 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-06-01 16:22 - 2012-07-11 02:42 - 00254464 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-06-01 16:05 - 2012-07-11 02:42 - 00077312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-06-01 16:04 - 2012-07-11 02:42 - 00278528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-06-01 16:03 - 2012-07-11 02:42 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-05-31 13:59 - 2012-05-31 13:35 - 227833386 ____A C:\Users\Nick\Downloads\12WorkingwithStrings_2MB_ch9.wmv

2012-05-31 13:55 - 2012-05-31 13:35 - 150498016 ____A C:\Users\Nick\Downloads\11whileIterationsandReadingDatafromaTextFile_2MB_ch9.wmv

2012-05-31 13:53 - 2012-05-31 13:36 - 131239337 ____A C:\Users\Nick\Downloads\13WorkingwithDateTime_2MB_ch9.wmv

2012-05-30 11:45 - 2012-05-30 11:45 - 00944981 ____A C:\Users\Nick\Downloads\C9CS_Code.zip

2012-05-29 21:52 - 2012-05-29 21:51 - 00968156 ____A C:\Users\Nick\Local Settings\dd_ADONETEntityFrameworkTools_enu_MSI3540.txt

2012-05-29 21:52 - 2012-05-29 21:51 - 00968156 ____A C:\Users\Nick\Local Settings\Application Data\dd_ADONETEntityFrameworkTools_enu_MSI3540.txt

2012-05-29 21:52 - 2012-05-29 21:51 - 00968156 ____A C:\Users\Nick\AppData\Local\dd_ADONETEntityFrameworkTools_enu_MSI3540.txt

2012-05-29 21:43 - 2012-05-29 21:43 - 01649668 ____A C:\Users\Nick\Local Settings\dd_SharedManagementObjects_MSI2EC5.txt

2012-05-29 21:43 - 2012-05-29 21:43 - 01649668 ____A C:\Users\Nick\Local Settings\Application Data\dd_SharedManagementObjects_MSI2EC5.txt

2012-05-29 21:43 - 2012-05-29 21:43 - 01649668 ____A C:\Users\Nick\AppData\Local\dd_SharedManagementObjects_MSI2EC5.txt

2012-05-29 21:43 - 2012-05-29 21:43 - 00513970 ____A C:\Users\Nick\Local Settings\dd_SQLSysClrTypes_msi2EAB.txt

2012-05-29 21:43 - 2012-05-29 21:43 - 00513970 ____A C:\Users\Nick\Local Settings\Application Data\dd_SQLSysClrTypes_msi2EAB.txt

2012-05-29 21:43 - 2012-05-29 21:43 - 00513970 ____A C:\Users\Nick\AppData\Local\dd_SQLSysClrTypes_msi2EAB.txt

2012-05-29 21:43 - 2012-05-29 21:42 - 00213172 ____A C:\Users\Nick\Local Settings\dd_SQLCEToolsForVS2007_MSI2EA4.txt

2012-05-29 21:43 - 2012-05-29 21:42 - 00213172 ____A C:\Users\Nick\Local Settings\Application Data\dd_SQLCEToolsForVS2007_MSI2EA4.txt

2012-05-29 21:43 - 2012-05-29 21:42 - 00213172 ____A C:\Users\Nick\AppData\Local\dd_SQLCEToolsForVS2007_MSI2EA4.txt

2012-05-29 21:42 - 2012-05-29 21:42 - 00701478 ____A C:\Users\Nick\Local Settings\dd_SSCERuntime_MSI2E63.txt

2012-05-29 21:42 - 2012-05-29 21:42 - 00701478 ____A C:\Users\Nick\Local Settings\Application Data\dd_SSCERuntime_MSI2E63.txt

2012-05-29 21:42 - 2012-05-29 21:42 - 00701478 ____A C:\Users\Nick\AppData\Local\dd_SSCERuntime_MSI2E63.txt

2012-05-29 21:42 - 2012-05-29 21:42 - 00664442 ____A C:\Users\Nick\Local Settings\dd_SSCERuntime_64_MSI2E8A.txt

2012-05-29 21:42 - 2012-05-29 21:42 - 00664442 ____A C:\Users\Nick\Local Settings\Application Data\dd_SSCERuntime_64_MSI2E8A.txt

2012-05-29 21:42 - 2012-05-29 21:42 - 00664442 ____A C:\Users\Nick\AppData\Local\dd_SSCERuntime_64_MSI2E8A.txt

2012-05-29 21:28 - 2012-05-29 21:26 - 00000390 ____A C:\Users\Nick\Local Settings\dd_error_vcs_xcor_100.txt

2012-05-29 21:28 - 2012-05-29 21:26 - 00000390 ____A C:\Users\Nick\Local Settings\Application Data\dd_error_vcs_xcor_100.txt

2012-05-29 21:28 - 2012-05-29 21:26 - 00000390 ____A C:\Users\Nick\AppData\Local\dd_error_vcs_xcor_100.txt

2012-05-29 21:25 - 2012-05-29 21:25 - 03252048 ____A (Microsoft Corporation) C:\Users\Nick\Downloads\vcs_web.exe

2012-05-29 21:14 - 2011-04-14 22:22 - 00001101 ____A C:\Users\Nick\Desktop\Revo Uninstaller.lnk

2012-05-25 23:36 - 2012-05-12 14:56 - 00002027 ____A C:\Users\Public\Desktop\Chrome.lnk

2012-05-25 23:36 - 2012-05-12 14:56 - 00002027 ____A C:\Users\All Users\Desktop\Chrome.lnk

2012-05-23 06:10 - 2012-05-23 06:10 - 00031908 ____A C:\Users\Nick\Downloads\super_mario_bros._(usajapan).zip

2012-05-23 05:07 - 2012-05-23 05:07 - 00382217 ____A C:\Users\Nick\Downloads\virtuanes097e.zip

2012-05-23 04:57 - 2012-05-23 04:57 - 00439463 ____A C:\Users\Nick\Downloads\jnes_1_1.exe

2012-05-23 04:54 - 2012-05-23 04:54 - 00073217 ____A C:\Users\Nick\Downloads\Top Gun.zip

2012-05-23 04:45 - 2012-05-23 04:45 - 00090421 ____A C:\Users\Nick\Downloads\Contra.zip

2012-05-17 14:36 - 2012-06-08 19:55 - 02468520 ____A C:\Windows\SysWOW64\BootMan.exe

2012-05-17 13:24 - 2012-05-17 13:24 - 00080752 ____A C:\Users\Nick\Downloads\detective.ttf

2012-05-15 11:23 - 2012-05-15 11:23 - 00000866 ____A C:\Users\Nick\Desktop\Social App Creator 2.lnk

2012-05-15 08:13 - 2012-06-08 19:55 - 03316736 ____A C:\Windows\System32\BootMan.exe

2012-05-12 14:58 - 2012-05-12 14:58 - 00002117 ____A C:\Users\Public\Desktop\Google Earth.lnk

2012-05-12 14:58 - 2012-05-12 14:58 - 00002117 ____A C:\Users\All Users\Desktop\Google Earth.lnk

2012-05-12 10:30 - 2012-05-12 10:30 - 00000013 ____A C:\Users\Nick\My Documents\teche.txt

2012-05-12 10:30 - 2012-05-12 10:30 - 00000013 ____A C:\Users\Nick\Documents\teche.txt

2012-05-12 04:31 - 2012-05-12 04:31 - 00000041 ____A C:\Users\Nick\My Documents\bmtno.txt

2012-05-12 04:31 - 2012-05-12 04:31 - 00000041 ____A C:\Users\Nick\Documents\bmtno.txt

2012-05-10 08:34 - 2012-05-10 08:34 - 00012848 ____A C:\Users\Nick\My Documents\losfa-experian payment.ods

2012-05-10 08:34 - 2012-05-10 08:34 - 00012848 ____A C:\Users\Nick\Documents\losfa-experian payment.ods

2012-05-08 07:48 - 2012-05-08 07:48 - 00000035 ____A C:\Users\Nick\My Documents\geico info.txt

2012-05-08 07:48 - 2012-05-08 07:48 - 00000035 ____A C:\Users\Nick\Documents\geico info.txt

2012-05-08 03:17 - 2012-05-08 03:17 - 00000021 ____A C:\Users\Nick\My Documents\geico quote.txt

2012-05-08 03:17 - 2012-05-08 03:17 - 00000021 ____A C:\Users\Nick\Documents\geico quote.txt

2012-05-03 14:52 - 2012-06-08 20:10 - 00189576 ____A (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\System32\Drivers\EuFdDisk.sys

2012-05-03 14:52 - 2012-06-08 20:10 - 00048776 ____A C:\Windows\System32\Drivers\EUBKMON.sys

2012-05-03 14:52 - 2012-06-08 20:09 - 00025224 ____A (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\System32\fbnative.exe

2012-05-03 14:51 - 2012-06-08 20:10 - 00058504 ____A (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\System32\Drivers\eubakup.sys

2012-05-03 14:51 - 2012-06-08 20:10 - 00019592 ____A (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\System32\Drivers\eudskacs.sys

2012-05-02 13:36 - 2012-05-02 13:36 - 00000014 ____A C:\Users\Nick\My Documents\geico.txt

2012-05-02 13:36 - 2012-05-02 13:36 - 00000014 ____A C:\Users\Nick\Documents\geico.txt

2012-05-02 13:36 - 2012-05-02 13:04 - 00000158 ____A C:\Users\Nick\My Documents\quote.txt

2012-05-02 13:36 - 2012-05-02 13:04 - 00000158 ____A C:\Users\Nick\Documents\quote.txt

2012-05-02 11:35 - 2011-04-15 01:49 - 00001945 ____A C:\Windows\epplauncher.mif

2012-05-01 06:29 - 2012-06-12 18:16 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys

2012-04-25 05:03 - 2012-04-25 04:59 - 53256026 ____A C:\Users\Nick\My Documents\The Amelia Belle.mp4

2012-04-25 05:03 - 2012-04-25 04:59 - 53256026 ____A C:\Users\Nick\Documents\The Amelia Belle.mp4

2012-04-23 08:25 - 2012-06-23 00:28 - 01267200 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll

2012-04-23 08:25 - 2012-06-23 00:28 - 00174592 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll

2012-04-23 08:25 - 2012-06-23 00:28 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll

2012-04-23 08:00 - 2012-06-23 00:28 - 00984064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2012-04-23 08:00 - 2012-06-23 00:28 - 00133120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2012-04-23 08:00 - 2012-06-23 00:28 - 00098304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 12%

Total physical RAM: 7037.45 MB

Available physical RAM: 6126.93 MB

Total Pagefile: 6590.94 MB

Available Pagefile: 6109.37 MB

Total Virtual: 8192 MB

Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (HP) (Fixed) (Total:436.56 GB) (Free:241.38 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.12 GB) (Free:1.77 GB) NTFS ==>[system with boot components (obtained from reading drive)]

3 Drive e: (Backup) (Fixed) (Total:146.48 GB) (Free:22.7 GB) NTFS

5 Drive g: () (Removable) (Total:1.86 GB) (Free:1.09 GB) FAT32

8 Drive j: () (Removable) (Total:1.84 GB) (Free:1.6 GB) FAT

11 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ---------- ------- ------- --- ---

Disk 0 Online 596 GB 4096 KB

Disk 1 Online 1944 MB 0 B

Disk 2 No Media 0 B 0 B

Disk 3 No Media 0 B 0 B

Disk 4 Online 1886 MB 0 B

Disk 5 No Media 0 B 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 437 GB 32 KB

Partition 2 Primary 146 GB 437 GB

Partition 3 Primary 13 GB 583 GB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C HP NTFS Partition 437 GB Healthy

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E Backup NTFS Partition 146 GB Healthy

==================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 D FACTORY_IMA NTFS Partition 13 GB Healthy

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 1908 MB 65 KB

==================================================================================

Disk: 1

Partition 1

Type : 0B

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 5 G FAT32 Removable 1908 MB Healthy

==================================================================================

Partitions of Disk 4:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 1884 MB 68 KB

==================================================================================

Disk: 4

Partition 1

Type : 06

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 8 J FAT Removable 1884 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-19 20:09

======================= End Of Log ==========================

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share