# Browser Redirect



## tanusgreystar (Oct 15, 2007)

Guys. I downloaded an updated Spywareblaster a couple of months ago and I ended up downloading a download manager along with it thinking it was part of the new version. I ended up getting tons of ads in my fiance's facebook page (this is her pc), so I ran Malwarebytes, Spybot, and AVG antivirus. Not much was found, so I got rid of that, and the ads continued so I installed Adblock, because I remember using that to get rid of ads in my FB page. It worked, but I remember my fiance mentioning that she would click to go somewhere online but would go to a different web page, but I didn't get around to look at the issue. The other day I got on this pc and noticed the browser is still redirecting, so I went on here and ran Hijackthis, etc. Here are the logfiles. Thanks!

note: when I ran Hijackthis I got a message saying that it was unable to access the hostfile. I don't know if that's important.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:55:22 PM, on 2/26/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\Direct Console\DCHelper.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
C:\Program Files (x86)\ASUS\Net4Switch\Net4Switch.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\ProgramData\OfficeGuardianV2N\Reminder\SacReminder.exe
C:\Users\Lyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
C:\Users\Lyn\AppData\Local\Google\Update\1.3.21.99\GoogleCrashHandler.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\Turbo Gear Extreme\GearHelp.exe
C:\Program Files (x86)\ASUS\Turbo Gear Extreme\TurboGear.exe
C:\Program Files (x86)\Razer\Salmosa\razerhid.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Iminent\Iminent.exe
C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Razer\Salmosa\razertra.exe
C:\Program Files (x86)\Razer\Salmosa\razerofa.exe
C:\Users\Lyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Users\Lyn\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
R3 - URLSearchHook: (no name) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - (no file)
R3 - URLSearchHook: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
O1 - Hosts: ::1 localhost
O1 - Hosts: 216.240.133.193 www.google-analytics.com.
O1 - Hosts: 216.240.133.193 ad-emea.doubleclick.net.
O1 - Hosts: 216.240.133.193 www.statcounter.com.
O1 - Hosts: 69.72.252.254 www.google-analytics.com.
O1 - Hosts: 69.72.252.254 ad-emea.doubleclick.net.
O1 - Hosts: 69.72.252.254 www.statcounter.com.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Freecause Shopping BHO - {3A90A078-4BB9-4568-9557-CDEEFCAE68A0} - C:\Program Files (x86)\Shop to Win 22\Shop to Win 22.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: GetDislike - {F0E15660-5BE6-48b9-8ED6-F8C1643BD6B8} - C:\Program Files (x86)\getdislike\ie\211221920getdisike.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [DirectConsole2] C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Turbo Gear Help] "C:\Program Files (x86)\ASUS\Turbo Gear Extreme\GearHelp.exe"
O4 - HKLM\..\Run: [Turbo Gear] "C:\Program Files (x86)\ASUS\Turbo Gear Extreme\TurboGear.exe" -r
O4 - HKLM\..\Run: [Salmosa] C:\Program Files (x86)\Razer\Salmosa\razerhid.exe
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
O4 - HKLM\..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Lyn\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SacReminderHDDV2N] C:\ProgramData\OfficeGuardianV2N\reminder\SacReminder.exe
O4 - HKCU\..\Run: [chromium] C:\Users\Lyn\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window
O4 - HKCU\..\Run: [MyTomTomSA.exe] "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2867500651-1516734084-2197057008-1007\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2867500651-1516734084-2197057008-1007\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG8\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: CFUACProxy_officeguardianv2n - Storage Appliance Corp. - C:\ProgramData\OfficeGuardianV2N\UACProxy.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NPWService - Unknown owner - C:\Program Files (x86)\Generic\Network Printer Wizard\NPWService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: SacNetAgentService_C57C4F854F53 - Storage Appliance Corporation - C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: spmgr - Unknown owner - C:\Program Files (x86)\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WB VGA Service (WBVGAservice) - Unknown owner - C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14867 bytes

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_29
Run by Lyn at 13:58:20 on 2012-02-26
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6143.4185 [GMT -5:00]
.
AV: AVG Anti-Virus Free *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\ProgramData\OfficeGuardianV2N\UACProxy.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Generic\Network Printer Wizard\NPWService.exe
C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe
C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
C:\PROGRA~2\AVG\AVG8\avgrsa.exe
C:\PROGRA~2\AVG\AVG8\avgemc.exe
C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\Direct Console\DCHelper.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
C:\Program Files (x86)\ASUS\Net4Switch\Net4Switch.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\MsgTranAgt64.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\ProgramData\OfficeGuardianV2N\Reminder\SacReminder.exe
C:\Users\Lyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
C:\Users\Lyn\AppData\Local\Google\Update\1.3.21.99\GoogleCrashHandler.exe
C:\Users\Lyn\AppData\Local\Google\Update\1.3.21.99\GoogleCrashHandler64.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\Turbo Gear Extreme\GearHelp.exe
C:\Program Files (x86)\ASUS\Turbo Gear Extreme\TurboGear.exe
C:\Program Files (x86)\Razer\Salmosa\razerhid.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Iminent\Iminent.exe
C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Razer\Salmosa\razertra.exe
C:\Program Files (x86)\Razer\Salmosa\razerofa.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Users\Lyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Lyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files (x86)\ASUS\NB Probe\SPM\spmgr.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\PROGRA~2\AVG\AVG8\avgnsa.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Shop to Win: {3a90a078-4bb9-4568-9557-cdeefcae68a0} - C:\Program Files (x86)\Shop to Win 22\Shop to Win 22.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
BHO: IMinent WebBooster (BHO): {a09ab6eb-31b5-454c-97ec-9b294d92ee2a} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: GetDislike: {f0e15660-5be6-48b9-8ed6-f8c1643bd6b8} - C:\Program Files (x86)\getdislike\ie\211221920getdisike.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
TB: {90B49673-5506-483E-B92B-CA0265BD9CA8} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Google Update] "C:\Users\Lyn\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SacReminderHDDV2N] C:\ProgramData\OfficeGuardianV2N\reminder\SacReminder.exe
uRun: [chromium] C:\Users\Lyn\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window
uRun: [MyTomTomSA.exe] "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe"
mRun: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
mRun: [DirectConsole2] C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Turbo Gear Help] "C:\Program Files (x86)\ASUS\Turbo Gear Extreme\GearHelp.exe"
mRun: [Turbo Gear] "C:\Program Files (x86)\ASUS\Turbo Gear Extreme\TurboGear.exe" -r
mRun: [Salmosa] C:\Program Files (x86)\Razer\Salmosa\razerhid.exe
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
mRun: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe /startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Lyn\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{4DF8EA25-F255-4953-83ED-02146F7812C7} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{59456B02-21EB-4D6E-8D2C-419B16CA04BF} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{59456B02-21EB-4D6E-8D2C-419B16CA04BF}\0556163686341647 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{59456B02-21EB-4D6E-8D2C-419B16CA04BF}\1557965647D41676E6F6C69616 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{59456B02-21EB-4D6E-8D2C-419B16CA04BF}\3557075627E65647 : DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
TCP: Interfaces\{59456B02-21EB-4D6E-8D2C-419B16CA04BF}\358696472657D6 : DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
TCP: Interfaces\{59456B02-21EB-4D6E-8D2C-419B16CA04BF}\3757D6D65627 : DhcpNameServer = 24.92.226.11 24.92.226.12
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: Shop to Win: {3A90A078-4BB9-4568-9557-CDEEFCAE68A0} - C:\Program Files (x86)\Shop to Win 22\Shop to Win 22.dll
BHO-X64: Freecause Shopping BHO - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
BHO-X64: IMinent WebBooster (BHO): {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll
BHO-X64: IMinent WebBooster - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: GetDislike: {F0E15660-5BE6-48b9-8ED6-F8C1643BD6B8} - C:\Program Files (x86)\getdislike\ie\211221920getdisike.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
TB-X64: {90B49673-5506-483E-B92B-CA0265BD9CA8} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
mRun-x64: [DirectConsole2] C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [Turbo Gear Help] "C:\Program Files (x86)\ASUS\Turbo Gear Extreme\GearHelp.exe"
mRun-x64: [Turbo Gear] "C:\Program Files (x86)\ASUS\Turbo Gear Extreme\TurboGear.exe" -r
mRun-x64: [Salmosa] C:\Program Files (x86)\Razer\Salmosa\razerhid.exe
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
mRun-x64: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe /startup
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Hosts: 216.240.133.193 www.google-analytics.com.
Hosts: 216.240.133.193 ad-emea.doubleclick.net.
Hosts: 216.240.133.193 www.statcounter.com.
Hosts: 69.72.252.254 www.google-analytics.com.
Hosts: 69.72.252.254 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Lyn\AppData\Roaming\Mozilla\Firefox\Profiles\d5d88x05.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bb0ef9f52-a2c6-44ae-a259-11bfa4d07651%7D&mid=c56ee27e1a40e0fe998401c113409fef-308d03a9941fb7b7656ebee84075bcdc2524e48f&ds=AVG&v=10.0.0.7&lang=us&pr=fr&d=2011-12-05%2009%3A44%3A15&sap=ku&q=
FF - component: C:\Program Files (x86)\AVG\AVG8\Toolbar\Firefox\[email protected]\components\IGeared_tavgp_xputils2.dll
FF - component: C:\Program Files (x86)\AVG\AVG8\Toolbar\Firefox\[email protected]\components\IGeared_tavgp_xputils3.dll
FF - component: C:\Program Files (x86)\AVG\AVG8\Toolbar\Firefox\[email protected]\components\IGeared_tavgp_xputils35.dll
FF - component: C:\Program Files (x86)\AVG\AVG8\Toolbar\Firefox\[email protected]\components\xpavgtbapi.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Lyn\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
============= SERVICES / DRIVERS ===============
.
R0 lullaby;lullaby;C:\Windows\system32\DRIVERS\lullaby.sys --> C:\Windows\system32\DRIVERS\lullaby.sys [?]
R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\system32\Drivers\avgldx64.sys --> C:\Windows\system32\Drivers\avgldx64.sys [?]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\system32\Drivers\avgmfx64.sys --> C:\Windows\system32\Drivers\avgmfx64.sys [?]
R1 AvgTdiA;AVG Free8 Network Redirector x64;C:\Windows\system32\Drivers\avgtdia.sys --> C:\Windows\system32\Drivers\avgtdia.sys [?]
R1 EIO64;EIO Driver;C:\Windows\system32\DRIVERS\EIO64.sys --> C:\Windows\system32\DRIVERS\EIO64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2009-10-5 14904]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~2\AVG\AVG8\avgemc.exe [2009-10-5 908056]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe [2009-10-5 297752]
R2 CFUACProxy_officeguardianv2n;CFUACProxy_officeguardianv2n;C:\ProgramData\OfficeGuardianV2N\UACProxy.exe [2011-4-20 83792]
R2 cpuz133;cpuz133;\??\C:\Windows\system32\drivers\cpuz133_x64.sys --> C:\Windows\system32\drivers\cpuz133_x64.sys [?]
R2 NPWService;NPWService;C:\Program Files (x86)\Generic\Network Printer Wizard\NPWService.exe [2009-1-15 788480]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-4-29 2218600]
R2 SacNetAgentService_C57C4F854F53;SacNetAgentService_C57C4F854F53;C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe [2011-4-20 163664]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-4-7 378472]
R2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-1-19 909152]
R2 WBVGAservice;WB VGA Service;C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [2009-10-12 72248]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 EST_BusEnum;Network USB Device Bus;C:\Windows\system32\DRIVERS\GenBus.sys --> C:\Windows\system32\DRIVERS\GenBus.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 salmosa;Razer Salmosa;C:\Windows\system32\drivers\salmosa.sys --> C:\Windows\system32\drivers\salmosa.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-2-1 1153368]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG8\Toolbar\ToolbarBroker.exe [2010-10-26 167264]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 EST_Server;Network USB Device;C:\Windows\system32\DRIVERS\GenHC.sys --> C:\Windows\system32\DRIVERS\GenHC.sys [?]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2011-12-24 18:14:17	414368	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 20:24:08	23152	----a-w-	C:\Windows\System32\drivers\mbam.sys
2011-12-07 12:03:16	270720	------w-	C:\Windows\System32\MpSigStub.exe
2009-04-08 14:31:56	106496	----a-w-	C:\Program Files (x86)\Common Files\CPInstallAction.dll
.
============= FINISH: 13:59:04.25 ===============


----------



## tanusgreystar (Oct 15, 2007)

Um I updated Java and it's not redirecting anymore, so far anyway. I'll post back if i'm still having trouble. Thanks!


----------



## tanusgreystar (Oct 15, 2007)

Still redirecting sometimes


----------



## tanusgreystar (Oct 15, 2007)

bump


----------



## Deejay100six (Sep 27, 2011)

Hi and welcome to TSG.

I am reviewing your logs and will respond with a reply as soon as I can.

Please note that *all* my replies are reviewed by a qualified Analyst before I post. This ensures that you will continue to receive quality expert assistance.

Thank you for your patience.


----------



## Deejay100six (Sep 27, 2011)

Hi, my name is Dave and I will be helping you to clean any malware which may be present on your system.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.


Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does *NOT* mean that your system is clean.
If there is anything you don't understand, please ask *BEFORE* proceeding with the fixes.
Please ensure that you follow the instructions in the order I have them listed.
Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into your thread. If the logs are too big to post in one reply, please feel free to use more posts. Do *NOT* add them as attachments unless specifically instructed.
If I don't hear from you within *3 days* from this initial or any subsequent post, I will have to unsubscribe from this thread, which means I will not recieve notifications of any further replies and will move on to assist someone else.

*------------------------------------------------------------------------------------------------------*

There are some entries in your logs that need to be dealt with but also, whilst not malicious as such, AVG has installed a lot of toolbars etc on your machine which surely can't be helping with performance. AVG used to be good and was highly recommended throughout the malware community. But, sad to say, they crossed over to the dark side and these days we actually find ourselves discouraging people from downloading AVG. I personally would advise you to uninstall it and let me remove all the bloatware that came with it.

i recommend Microsoft Security Essentials to replace it. MSE is free, lightweight and very efficient, you won't even know its there unless it detects something. Its up to you anyway, thats just my opinion.

*------------------------------------------------------------------------------------------------------*

I see you have *P2P* software (BitTorrent) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here,
here and here.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Programs and Features >> Uninstall a Program.

*Note; If you choose not to uninstall, please refrain from using such programs until after your system has been declared clean.*

*------------------------------------------------------------------------------------------------------*

*Combofix*

We will begin with *ComboFix.exe*. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

*Please read all the information carefully!*

*You MUST disable your AntiVirus and AntiSpyware applications - please read this thread as a guide. They may otherwise interfere with our tools and interrupt the cleansing process.*

Please include the log *C:\ComboFix.txt* in your next reply for further review.

*Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.*


----------



## Deejay100six (Sep 27, 2011)

Hi, do you still require assistance?

If you do not reply within *24 hours* I will have to *unsubscribe* from this thread and wont be notified about any new replies.


----------



## Cookiegal (Aug 27, 2003)

As it's important to reply in a timely manner when dealing with malware, and even more so when a trainee is assisting so as not to hinder their progress, please note that due to your failure to reply, Deejay100six will be moving on to help others who are patiently waiting for assistance. I will revert the thread status back to "NEW" and leave it open until it automatically closes due to inactivity.


----------



## tanusgreystar (Oct 15, 2007)

Hi sorry for not replying, but the pc in question is down (needs a new screen) so it will be a few days until I can run those fixes. I will however remove avg from all of my pc's. Thanks for the heads up on that!


----------



## tanusgreystar (Oct 15, 2007)

BTW what would be a better antivirus to use??


----------



## tanusgreystar (Oct 15, 2007)

On second thought, I could hook a monitor to the laptop and do it that way.


----------



## Cookiegal (Aug 27, 2003)

If you wish to continue, please carry out the last instructions left by Deejay100six.


----------



## tanusgreystar (Oct 15, 2007)

ok thanks.


----------



## tanusgreystar (Oct 15, 2007)

Sorry for the delay. I was finally able to fix the laptop screen. Here's the combofix log:

ComboFix 12-03-25.01 - Lyn 03/25/2012 21:07:07.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6143.4656 [GMT -4:00]
Running from: c:\users\Lyn\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\ASPG_icon.ico
c:\program files (x86)\getdislike
c:\program files (x86)\getdislike\ie\211221920getdisike.dll
c:\program files (x86)\getdislike\license.txt
c:\program files (x86)\getdislike\uninst.exe
c:\program files (x86)\Search Toolbar
c:\program files (x86)\Search Toolbar\icon.ico
c:\program files (x86)\Search Toolbar\SearchToolbar.dll
c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe
c:\programdata\Tarma Installer
c:\users\Public\AlterAeon.exe
c:\users\Public\ccsetup316.exe
c:\users\Public\setup(1).exe
c:\users\Public\setup.exe
c:\users\Public\spywareblastersetup46.exe
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-02-26 to 2012-03-26 )))))))))))))))))))))))))))))))
.
.
2012-03-26 01:13 . 2012-03-26 01:13	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-03-26 01:13 . 2012-03-26 01:13	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-11 14:27 . 2012-03-11 14:27	--------	d-----w-	c:\programdata\Premium
2012-03-11 14:25 . 2012-03-11 14:32	--------	d-----w-	c:\programdata\InstallMate
2012-02-26 21:56 . 2012-02-26 21:56	--------	d-----w-	c:\program files (x86)\DriverTuner
2012-02-26 21:05 . 2012-02-26 21:05	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-02-26 21:05 . 2012-02-26 21:05	476904	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-02-26 19:16 . 2012-02-26 19:16	--------	d-----w-	c:\users\Public\HIJACK
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-26 21:05 . 2010-06-01 18:52	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-01-03 00:04 . 2012-01-03 00:04	6723368	----a-w-	c:\users\Public\InstallMyTomTomSA.exe
2009-04-08 14:31 . 2009-04-08 14:31	106496	----a-w-	c:\program files (x86)\Common Files\CPInstallAction.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2010-04-08 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2010-04-08 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-12 13:25	1869152	----a-w-	c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-12 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 21:08	143360	----a-w-	c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SacReminderHDDV2N"="c:\programdata\OfficeGuardianV2N\reminder\SacReminder.exe" [2010-11-18 862032]
"chromium"="c:\users\Lyn\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-03-10 1049072]
"MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2011-11-14 435672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~2\AVG\AVG8\avgtray.exe" [2011-10-17 2042208]
"DirectConsole2"="c:\program files (x86)\ASUS\Direct Console\Direct Console.exe" [2009-04-07 2861624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-07 159744]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Turbo Gear Help"="c:\program files (x86)\ASUS\Turbo Gear Extreme\GearHelp.exe" [2009-08-06 1026048]
"Turbo Gear"="c:\program files (x86)\ASUS\Turbo Gear Extreme\TurboGear.exe" [2009-08-06 2987520]
"Salmosa"="c:\program files (x86)\Razer\Salmosa\razerhid.exe" [2008-08-21 139264]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-03-12 982880]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-20 928096]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Lyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2010-9-15 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG8\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 EST_Server;Network USB Device;c:\windows\system32\DRIVERS\GenHC.sys [x]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
R3 salmosa;Razer Salmosa;c:\windows\system32\drivers\salmosa.sys [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\System32\Drivers\avgldx64.sys [x]
S1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\System32\Drivers\avgmfx64.sys [x]
S1 AvgTdiA;AVG Free8 Network Redirector x64;c:\windows\System32\Drivers\avgtdia.sys [x]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~2\AVG\AVG8\avgemc.exe [2009-10-06 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~2\AVG\AVG8\avgwdsvc.exe [2009-10-06 297752]
S2 CFUACProxy_officeguardianv2n;CFUACProxy_officeguardianv2n;c:\programdata\OfficeGuardianV2N\UACProxy.exe [2010-11-18 83792]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [x]
S2 NPWService;NPWService;c:\program files (x86)\Generic\Network Printer Wizard\NPWService.exe [2009-01-15 788480]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 SacNetAgentService_C57C4F854F53;SacNetAgentService_C57C4F854F53;c:\programdata\OfficeGuardianV2N\Reminder\SacNetAgent.exe [2010-11-18 163664]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-08 378472]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-12 918880]
S2 WBVGAservice;WB VGA Service;c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [2009-02-06 72248]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\DRIVERS\GenBus.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001Core.job
- c:\users\Lyn\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-18 15:59]
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001UA.job
- c:\users\Lyn\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-18 15:59]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 20:52	159744	----a-w-	c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-20 1833504]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 2184520]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Lyn\AppData\Roaming\Mozilla\Firefox\Profiles\d5d88x05.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bb0ef9f52-a2c6-44ae-a259-11bfa4d07651%7D&mid=c56ee27e1a40e0fe998401c113409fef-308d03a9941fb7b7656ebee84075bcdc2524e48f&ds=AVG&v=10.0.0.7&lang=us&pr=fr&d=2011-12-05%2009%3A44%3A15&sap=ku&q=
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
URLSearchHooks-{90b49673-5506-483e-b92b-ca0265bd9ca8} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{90B49673-5506-483E-B92B-CA0265BD9CA8} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-GetDislike - c:\program files (x86)\getdislike\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2867500651-1516734084-2197057008-1001\Software\SecuROM\License information*]
"datasecu"=hex:7f,43,c7,10,e5,e7,73,fc,6a,5d,61,48,76,5a,80,1a,2c,03,81,57,ec,
57,f4,3d,3b,a3,47,dc,32,a3,33,5a,bf,b1,29,ad,e5,66,f6,50,96,de,92,ca,a5,17,\
"rkeysecu"=hex:de,c7,f0,77,cc,44,e2,a7,6d,05,f1,c1,86,cd,a4,c6
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
c:\program files (x86)\AVG\AVG8\avgcsrvx.exe
c:\program files (x86)\ASUS\Net4Switch\Net4Switch.exe
c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\ASUS\NB Probe\SPM\spmgr.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe
.
**************************************************************************
.
Completion time: 2012-03-25 21:21:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-26 01:21
.
Pre-Run: 148,282,880,000 bytes free
Post-Run: 147,816,378,368 bytes free
.
- - End Of File - - 21C0B9E610531803C84078E0E88C04D3


----------



## tanusgreystar (Oct 15, 2007)

bump


----------



## Deejay100six (Sep 27, 2011)

Hi,

My apologies for the delay. I have been very busy and forgot about your thread as I had unsubscribed. This post will automatically subscribe me again and I'll get to work on your log now.

Thankyou for your patience.


----------



## Deejay100six (Sep 27, 2011)

Hi,



tanusgreystar said:


> BTW what would be a better antivirus to use??


I gave you some advice about this in post #6 and also asked about your views on uninstalling the AVG products. I wouldn't actually be surprised if it was AVG causing your redirects.

First of all, we need to disable Spybots Teatimer.

*Disable SpyBot Tea Timer*
While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent some of our scanning tools from running properly.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your logs are declared clean.


Open Spybot Search & Destroy.
In the Mode menu click *"Advanced mode"* if not already selected.
Choose *"Yes"* at the Warning prompt.
Expand the *"Tools"* menu.
Click *"Resident".*
Uncheck the *"Resident "TeaTimer" (Protection of overall system settings) active."* box.
In the File menu click *"Exit"* to exit Spybot Search & Destroy.

*---------------------------------------------------------------------------------------------*

*Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.*

1. Close any open browsers.

2. *Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.*

3. Open *notepad* and copy/paste the text in the box below into it:


```
Firefox::
FF - ProfilePath - c:\users\Lyn\AppData\Roaming\Mozilla\Firefox\Profiles\d5d88x05.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bb0 ... &sap=ku&q=
```
Save this as *CFScript.txt*, in the same location as ComboFix.exe










Refering to the picture above, drag CFScript into ComboFix.exe

*Very Important! -->* If you receive a prompt saying there is an updated version of ComboFix available, please allow it to update.

*Do not mouseclick combofix's window whilst it's running. This may cause it to stall.*

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

*----------------------------------------------------------------------------------*

Extra Combofix Report


Push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
Please copy and paste the following into the box


```
C:\Qoobox\Add-Remove Programs.txt
```

Click ok

Copy and paste the report into this topic for me to review.


----------



## tanusgreystar (Oct 15, 2007)

Ok I'll get to this within the next couple of days. I got rid of AVG using their removal tool but there may still be some of it left, like their toolbar. I'll try to get rid of that. I installed Avast and that seems to be ok so far. If I don't get to things right away, I work and go to school, so I may not get back to you as quickly as you would like. I apologize. Thanks.


----------



## tanusgreystar (Oct 15, 2007)

ComboFix 12-03-29.02 - Lyn 03/29/2012 15:23:52.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6143.4345 [GMT -4:00]
Running from: c:\users\Lyn\Desktop\ComboFix.exe
Command switches used :: c:\users\Lyn\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-29 )))))))))))))))))))))))))))))))
.
.
2012-03-29 19:33 . 2012-03-29 19:33	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-03-29 19:33 . 2012-03-29 19:33	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-26 12:49 . 2012-03-26 12:49	592824	----a-w-	c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-26 12:49 . 2012-03-26 12:49	44472	----a-w-	c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-26 01:47 . 2012-03-06 23:01	24408	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-03-26 01:47 . 2012-03-06 23:04	337240	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-03-26 01:47 . 2012-03-06 23:02	53080	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-03-26 01:47 . 2012-03-06 23:01	59224	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-03-26 01:47 . 2012-03-06 23:04	819032	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-03-26 01:47 . 2012-03-06 23:15	258520	----a-w-	c:\windows\system32\aswBoot.exe
2012-03-26 01:47 . 2012-03-06 23:01	69976	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-03-26 01:46 . 2012-03-06 23:15	41184	----a-w-	c:\windows\avastSS.scr
2012-03-26 01:46 . 2012-03-06 23:15	201352	----a-w-	c:\windows\SysWow64\aswBoot.exe
2012-03-26 01:46 . 2012-03-26 01:46	--------	d-----w-	c:\programdata\AVAST Software
2012-03-26 01:46 . 2012-03-26 01:46	--------	d-----w-	c:\program files\AVAST Software
2012-03-11 14:27 . 2012-03-11 14:27	--------	d-----w-	c:\programdata\Premium
2012-03-11 14:25 . 2012-03-11 14:32	--------	d-----w-	c:\programdata\InstallMate
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-26 21:05 . 2010-06-01 18:52	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-01-03 00:04 . 2012-01-03 00:04	6723368	----a-w-	c:\users\Public\InstallMyTomTomSA.exe
2009-04-08 14:31 . 2009-04-08 14:31	106496	----a-w-	c:\program files (x86)\Common Files\CPInstallAction.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2010-04-08 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2010-04-08 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((( [email protected]_01.14.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-03-25 22:49	16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-29 19:38	16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-25 22:49	32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-29 19:38	32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-29 19:38	16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-25 22:49	16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-06 00:29 . 2012-03-29 19:39	67058 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-29 19:39	49578 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-10-06 00:15 . 2012-03-29 19:39	15538 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2867500651-1516734084-2197057008-1001_UserData.bin
- 2009-10-06 00:12 . 2012-03-26 01:15	16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-06 00:12 . 2012-03-29 19:38	16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-06 00:12 . 2012-03-26 01:15	32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-06 00:12 . 2012-03-29 19:38	32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-06 00:12 . 2012-03-26 01:15	16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-06 00:12 . 2012-03-29 19:38	16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-06 00:12 . 2012-03-26 01:15	16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-06 00:12 . 2012-03-29 19:38	16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-06 00:12 . 2012-03-26 01:15	16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-06 00:12 . 2012-03-29 19:38	16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-03-26 01:14 . 2012-03-26 01:14	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-29 19:36 . 2012-03-29 19:36	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-29 19:36 . 2012-03-29 19:36	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-26 01:14 . 2012-03-26 01:14	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-12-13 00:47 . 2012-03-26 02:25	277808 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-10-07 03:54 . 2012-03-28 22:30	349932 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 05:01 . 2012-03-29 19:36	401520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-03-26 01:13	401520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-02-06 04:55 . 2012-03-29 19:36	22641264 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2867500651-1516734084-2197057008-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 21:08	143360	----a-w-	c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SacReminderHDDV2N"="c:\programdata\OfficeGuardianV2N\reminder\SacReminder.exe" [2010-11-18 862032]
"chromium"="c:\users\Lyn\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-03-21 1049072]
"MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2011-11-14 435672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DirectConsole2"="c:\program files (x86)\ASUS\Direct Console\Direct Console.exe" [2009-04-07 2861624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-07 159744]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Turbo Gear Help"="c:\program files (x86)\ASUS\Turbo Gear Extreme\GearHelp.exe" [2009-08-06 1026048]
"Turbo Gear"="c:\program files (x86)\ASUS\Turbo Gear Extreme\TurboGear.exe" [2009-08-06 2987520]
"Salmosa"="c:\program files (x86)\Razer\Salmosa\razerhid.exe" [2008-08-21 139264]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
c:\users\Lyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2010-9-15 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 EST_Server;Network USB Device;c:\windows\system32\DRIVERS\GenHC.sys [x]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 CFUACProxy_officeguardianv2n;CFUACProxy_officeguardianv2n;c:\programdata\OfficeGuardianV2N\UACProxy.exe [2010-11-18 83792]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [x]
S2 NPWService;NPWService;c:\program files (x86)\Generic\Network Printer Wizard\NPWService.exe [2009-01-15 788480]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 SacNetAgentService_C57C4F854F53;SacNetAgentService_C57C4F854F53;c:\programdata\OfficeGuardianV2N\Reminder\SacNetAgent.exe [2010-11-18 163664]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-08 378472]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-12 918880]
S2 WBVGAservice;WB VGA Service;c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [2009-02-06 72248]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\DRIVERS\GenBus.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 salmosa;Razer Salmosa;c:\windows\system32\drivers\salmosa.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001Core.job
- c:\users\Lyn\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-18 15:59]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001UA.job
- c:\users\Lyn\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-18 15:59]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15	135408	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 20:52	159744	----a-w-	c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-20 1833504]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 2184520]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Lyn\AppData\Roaming\Mozilla\Firefox\Profiles\d5d88x05.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Secure Search\vprot.exe
Wow6432Node-HKLM-Run-ROC_roc_dec12 - c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2867500651-1516734084-2197057008-1001\Software\SecuROM\License information*]
"datasecu"=hex:7f,43,c7,10,e5,e7,73,fc,6a,5d,61,48,76,5a,80,1a,2c,03,81,57,ec,
57,f4,3d,3b,a3,47,dc,32,a3,33,5a,bf,b1,29,ad,e5,66,f6,50,96,de,92,ca,a5,17,\
"rkeysecu"=hex:de,c7,f0,77,cc,44,e2,a7,6d,05,f1,c1,86,cd,a4,c6
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\Net4Switch\Net4Switch.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe
c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\ASUS\NB Probe\SPM\spmgr.exe
c:\program files (x86)\Razer\Salmosa\razertra.exe
c:\program files (x86)\Razer\Salmosa\razerofa.exe
c:\program files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
.
**************************************************************************
.
Completion time: 2012-03-29 15:58:40 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-29 19:58
ComboFix2.txt 2012-03-26 01:21
.
Pre-Run: 147,795,017,728 bytes free
Post-Run: 148,084,473,856 bytes free
.
- - End Of File - - F2ECC7234BFD949E87B07190D09FE246

7-Zip 4.65
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.0
Apple Application Support
Apple Software Update
ASUS CopyProtect
ASUS Data Security Manager
ASUS LifeFrame3
ASUS Live Update
ASUS MultiFrame
ASUS SmartLogon
ASUS Turbo Gear Enhanced VGA Driver
ASUS Virtual Camera
ATK Generic Function Service
ATK Hotkey
ATK Media
ATKOSD2
avast! Free Antivirus
BitTorrent
Canon Easy-WebPrint EX
Canon MP Navigator EX 3.0
Canon MP250 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
ControlDeck
Direct Console 2.0
Dragon Age II
Dragon Age: Origins
DriverTuner 3.1.0.0
GetDislike
GIMP 2.6.11
Google Chrome
Java Auto Updater
Java(TM) 6 Update 31
Magic ISO Maker v5.5 (build 0281)
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Mozilla Firefox 11.0 (x86 en-US)
MyTomTom 3.1.0.530
NB Probe
Net4Switch
NetAssistant
NetAssistant for Firefox
Network Printer Wizard
Networking USB Server
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenPaint
QuickTime
Razer Salmosa
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
SDFormatter
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Spybot - Search & Destroy
SpywareBlaster 4.6
The Sims Medieval
Turbo Gear Extreme
UltraISO Premium V9.36
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2410711)
Visual Studio C++ 10.0 Runtime
Windows Media Player Firefox Plugin
WinFlash
Wireless Console 2
Wireless Console 3


----------



## Deejay100six (Sep 27, 2011)

Hi,

Please follow the instructions here to disable Windows Defender. Its not neccessary and may even cause conflicts with Avast.

*---------------------------------------------------------------------------------------------*

*Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.*

1. Close any open browsers.

2. *Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.*

3. Open *notepad* and copy/paste the text in the box below into it:


```
Driver::
vToolbarUpdater10.2.0

Folder::
c:\program files (x86)\Common Files\AVG Secure Search

DDS::
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
```
Save this as *CFScript.txt*, in the same location as ComboFix.exe










Refering to the picture above, drag CFScript into ComboFix.exe

*Very Important! -->* If you receive a prompt saying there is an updated version of ComboFix available, please allow it to update.

*Do not mouseclick combofix's window whilst it's running. This may cause it to stall.*

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

*----------------------------------------------------------------------------------*

I notice that you have Malwarebytes Antimalware (MBAM) installed
I want you to run a scan for me.
First I want you to *update MBAM* so we have the latest definitions onboard.....

Please open Malwarebytes Antimalware
Now click on the *update tab*
Next - Click on the *Check for updates* button


_If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install._
On the Scanner tab:
Make sure the "*Perform Quick Scan*" option is selected.
Then click on the *Scan* button.

The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the *Start Scan* button.
The scan will begin and "_Scan in progress_" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "_The scan completed successfully. Click 'Show Results' to display all objects found_".
Click *OK* to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the *Show Results* button to see a list of any malware that was found.
Make sure that *everything is checked*, and click *Remove Selected*.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. _(see Note below)_
The log is automatically saved and can be viewed by clicking the *Logs* tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.
_*Note*: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware._

*-----------------------------------------------------------------------*

Download *Security Check* by screen317 from here or here.


Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.


----------



## tanusgreystar (Oct 15, 2007)

Windows Defender doesn't appear on my programs list for some reason.

LOGS

ComboFix 12-03-29.02 - Lyn 03/31/2012 11:04:03.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6143.4704 [GMT -4:00]
Running from: c:\users\Lyn\Desktop\ComboFix.exe
Command switches used :: c:\users\Lyn\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\AVG Secure Search
c:\program files (x86)\Common Files\AVG Secure Search\CommonInstaller\10.0.6\CommonInstaller.exe
c:\program files (x86)\Common Files\AVG Secure Search\CommonInstaller\10.2.0\CommonInstaller.exe
c:\program files (x86)\Common Files\AVG Secure Search\CommonInstaller\9.0.1\CommonInstaller.exe
c:\program files (x86)\Common Files\AVG Secure Search\InstalledProducts.ini
c:\program files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\10.0.6\ScriptHelper.exe
c:\program files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\10.2.0\ScriptHelper.exe
c:\program files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\9.0.1\ScriptHelper.exe
c:\program files (x86)\Common Files\AVG Secure Search\ToolBandTlb\10.0.6\toolband
c:\program files (x86)\Common Files\AVG Secure Search\ToolBandTlb\10.2.0\toolband
c:\program files (x86)\Common Files\AVG Secure Search\ToolBandTlb\9.0.1\toolband
c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\UpdaterConfig.ini
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\UpdaterConfig.ini
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\UpdaterConfig.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_vToolbarUpdater10.2.0
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-31 )))))))))))))))))))))))))))))))
.
.
2012-03-31 15:14 . 2012-03-31 15:14	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-03-31 15:14 . 2012-03-31 15:14	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-26 12:49 . 2012-03-26 12:49	592824	----a-w-	c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-26 12:49 . 2012-03-26 12:49	44472	----a-w-	c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-26 01:47 . 2012-03-06 23:01	24408	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-03-26 01:47 . 2012-03-06 23:04	337240	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-03-26 01:47 . 2012-03-06 23:02	53080	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-03-26 01:47 . 2012-03-06 23:01	59224	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-03-26 01:47 . 2012-03-06 23:04	819032	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-03-26 01:47 . 2012-03-06 23:15	258520	----a-w-	c:\windows\system32\aswBoot.exe
2012-03-26 01:47 . 2012-03-06 23:01	69976	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-03-26 01:46 . 2012-03-06 23:15	41184	----a-w-	c:\windows\avastSS.scr
2012-03-26 01:46 . 2012-03-06 23:15	201352	----a-w-	c:\windows\SysWow64\aswBoot.exe
2012-03-26 01:46 . 2012-03-26 01:46	--------	d-----w-	c:\programdata\AVAST Software
2012-03-26 01:46 . 2012-03-26 01:46	--------	d-----w-	c:\program files\AVAST Software
2012-03-11 14:27 . 2012-03-11 14:27	--------	d-----w-	c:\programdata\Premium
2012-03-11 14:25 . 2012-03-11 14:32	--------	d-----w-	c:\programdata\InstallMate
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-26 21:05 . 2010-06-01 18:52	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-01-03 00:04 . 2012-01-03 00:04	6723368	----a-w-	c:\users\Public\InstallMyTomTomSA.exe
2009-04-08 14:31 . 2009-04-08 14:31	106496	----a-w-	c:\program files (x86)\Common Files\CPInstallAction.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2010-04-08 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2010-04-08 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((( [email protected]_01.14.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-03-31 15:15	16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-25 22:49	16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-31 15:15	32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-25 22:49	32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-25 22:49	16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-31 15:15	16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-06 00:29 . 2012-03-29 19:39	67058 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-31 15:17	49642 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-10-06 00:15 . 2012-03-31 11:19	15594 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2867500651-1516734084-2197057008-1001_UserData.bin
+ 2009-10-06 03:07 . 2012-03-29 20:53	16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-06 03:07 . 2012-03-06 14:01	16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-06 03:07 . 2012-03-29 20:53	32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-06 03:07 . 2012-03-06 14:01	32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-29 20:53	16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-06 14:01	16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-06 00:12 . 2012-03-31 15:16	16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-06 00:12 . 2012-03-26 01:15	16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-06 00:12 . 2012-03-31 15:16	32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-06 00:12 . 2012-03-26 01:15	32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-06 00:12 . 2012-03-31 15:16	16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-06 00:12 . 2012-03-26 01:15	16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-06 00:12 . 2012-03-26 01:15	16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-06 00:12 . 2012-03-31 15:17	16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-06 00:12 . 2012-03-31 15:17	16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-06 00:12 . 2012-03-26 01:15	16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-03-26 01:14 . 2012-03-26 01:14	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-31 15:15 . 2012-03-31 15:15	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-26 01:14 . 2012-03-26 01:14	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-31 15:15 . 2012-03-31 15:15	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-12-13 00:47 . 2012-03-26 02:25	277808 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-10-07 03:54 . 2012-03-31 02:04	355190 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-08-03 17:13 . 2012-03-18 21:07	732750 c:\windows\system32\perfh019.dat
+ 2009-08-03 17:13 . 2012-03-31 13:35	732750 c:\windows\system32\perfh019.dat
+ 2009-07-14 02:36 . 2012-03-31 13:35	670178 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-18 21:07	670178 c:\windows\system32\perfh009.dat
+ 2009-08-03 17:13 . 2012-03-31 13:35	154362 c:\windows\system32\perfc019.dat
- 2009-08-03 17:13 . 2012-03-18 21:07	154362 c:\windows\system32\perfc019.dat
- 2009-07-14 02:36 . 2012-03-18 21:07	125322 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-03-31 13:35	125322 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-03-26 01:13	401520  c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-31 15:14	401520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:34 . 2012-03-29 21:11	10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-03-15 13:15	10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-02-06 04:55 . 2012-03-31 15:14	23000575 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2867500651-1516734084-2197057008-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 21:08	143360	----a-w-	c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SacReminderHDDV2N"="c:\programdata\OfficeGuardianV2N\reminder\SacReminder.exe" [2010-11-18 862032]
"chromium"="c:\users\Lyn\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-03-27 1224176]
"MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2011-11-14 435672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DirectConsole2"="c:\program files (x86)\ASUS\Direct Console\Direct Console.exe" [2009-04-07 2861624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-07 159744]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Turbo Gear Help"="c:\program files (x86)\ASUS\Turbo Gear Extreme\GearHelp.exe" [2009-08-06 1026048]
"Turbo Gear"="c:\program files (x86)\ASUS\Turbo Gear Extreme\TurboGear.exe" [2009-08-06 2987520]
"Salmosa"="c:\program files (x86)\Razer\Salmosa\razerhid.exe" [2008-08-21 139264]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
c:\users\Lyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2010-9-15 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 EST_Server;Network USB Device;c:\windows\system32\DRIVERS\GenHC.sys [x]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 CFUACProxy_officeguardianv2n;CFUACProxy_officeguardianv2n;c:\programdata\OfficeGuardianV2N\UACProxy.exe [2010-11-18 83792]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [x]
S2 NPWService;NPWService;c:\program files (x86)\Generic\Network Printer Wizard\NPWService.exe [2009-01-15 788480]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 SacNetAgentService_C57C4F854F53;SacNetAgentService_C57C4F854F53;c:\programdata\OfficeGuardianV2N\Reminder\SacNetAgent.exe [2010-11-18 163664]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-08 378472]
S2 WBVGAservice;WB VGA Service;c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [2009-02-06 72248]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\DRIVERS\GenBus.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 salmosa;Razer Salmosa;c:\windows\system32\drivers\salmosa.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001Core.job
- c:\users\Lyn\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-18 15:59]
.
2012-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001UA.job
- c:\users\Lyn\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-18 15:59]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15	135408	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 20:52	159744	----a-w-	c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-20 1833504]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 2184520]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"combofix"="c:\combofix\CF2790.3XE" [2009-07-14 344576]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Lyn\AppData\Roaming\Mozilla\Firefox\Profiles\d5d88x05.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2867500651-1516734084-2197057008-1001\Software\SecuROM\License information*]
"datasecu"=hex:7f,43,c7,10,e5,e7,73,fc,6a,5d,61,48,76,5a,80,1a,2c,03,81,57,ec,
57,f4,3d,3b,a3,47,dc,32,a3,33,5a,bf,b1,29,ad,e5,66,f6,50,96,de,92,ca,a5,17,\
"rkeysecu"=hex:de,c7,f0,77,cc,44,e2,a7,6d,05,f1,c1,86,cd,a4,c6
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\ASUS\Net4Switch\Net4Switch.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\Razer\Salmosa\razertra.exe
c:\program files (x86)\Razer\Salmosa\razerofa.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\ASUS\NB Probe\SPM\spmgr.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
c:\program files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe
.
**************************************************************************
.
Completion time: 2012-03-31 11:32:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-31 15:32
ComboFix2.txt 2012-03-29 19:58
ComboFix3.txt 2012-03-26 01:21
.
Pre-Run: 146,155,274,240 bytes free
Post-Run: 145,550,991,360 bytes free
.
- - End Of File - - 17AC041E8E740F2A79426D5619D0A81C
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.31.08

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Lyn :: LYN-PC [administrator]

3/31/2012 11:33:53 AM
mbam-log-2012-03-31 (11-33-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216476
Time elapsed: 3 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Results of screen317's Security Check version 0.99.32 
Windows 7 x64 (UAC is enabled) 
Internet Explorer 8 *Out of date!* 
*`````````````````````````````` 
Antivirus/Firewall Check:* 
Windows Firewall Enabled! 
avast! Free Antivirus 
WMI entry may not exist for antivirus; attempting automatic update. 
*``````````````````````````````` 
Anti-malware/Other Utilities Check:* 
SpywareBlaster 4.6 
Spybot - Search & Destroy 
Java(TM) 6 Update 31 
Adobe Flash Player 11.1.102.55 
Adobe Reader 9 *Adobe Reader out of date!* 
Mozilla Firefox (11.0.) 
*```````````````````````````````` 
Process Check: 
objlist.exe by Laurent* 
*Spybot Teatimer.exe is disabled!* 
AVAST Software Avast AvastSvc.exe 
AVAST Software Avast AvastUI.exe 
*``````````End of Log````````````*

THANKS!!


----------



## Deejay100six (Sep 27, 2011)

Hi,



> Windows Defender doesn't appear on my programs list for some reason.


Ok, lets deal with that first.


Please press the







+ R key and copy/paste or type *services.msc* into the run dialogue box.
The services window should open. Check to see if Windows Defender is present in the list.
Assuming it is, right click Windows Defender and select properties.
Click the down arrow next to startup type and select disabled.
Let me know if you had any problems with this.

*---------------------------------------------------------------------------------------------*

*Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.*

1. Close any open browsers.

2. *Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.*

3. Open *notepad* and copy/paste the text in the box below into it:


```
Folder::
c:\programdata\Premium
c:\programdata\InstallMate
c:\program files (x86)\AVG Secure Search

Registry::
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=-
[-HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[-HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
```
Save this as *CFScript.txt*, in the same location as ComboFix.exe










Refering to the picture above, drag CFScript into ComboFix.exe

*Very Important! -->* If you receive a prompt saying there is an updated version of ComboFix available, please allow it to update.

*Do not mouseclick combofix's window whilst it's running. This may cause it to stall.*

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

*----------------------------------------------------------------------------------*


----------



## Deejay100six (Sep 27, 2011)

Hi, do you still require assistance?

If you do not reply within *24 hours* I will have to *unsubscribe* from this thread and wont be notified about any new replies.


----------



## tanusgreystar (Oct 15, 2007)

Hi yes I still require assistance. Sorry I didn't get back to you sooner. I will do that tonight and reply. Thanks.


----------



## tanusgreystar (Oct 15, 2007)

ComboFix 12-04-05.09 - Lyn 04/05/2012 19:28:15.4.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6143.4388 [GMT -4:00]
Running from: c:\users\Lyn\Desktop\ComboFix.exe
Command switches used :: c:\users\Lyn\Desktop\New folder\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\InstallMate
c:\programdata\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\_Setup.dll
c:\programdata\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\_Setupx.dll
c:\programdata\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\0.ini
c:\programdata\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\20120311102543.log
c:\programdata\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\Setup.dat
c:\programdata\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\Setup.exe
c:\programdata\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\Setup.ico
c:\programdata\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\TsuDll.dll
c:\programdata\Premium
c:\users\Public\SecurityCheck.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-05 to 2012-04-05 )))))))))))))))))))))))))))))))
.
.
2012-04-05 23:37 . 2012-04-05 23:37	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-04-05 23:37 . 2012-04-05 23:37	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-26 12:49 . 2012-03-26 12:49	592824	----a-w-	c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-26 12:49 . 2012-03-26 12:49	44472	----a-w-	c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-26 01:47 . 2012-03-06 23:01	24408	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-03-26 01:47 . 2012-03-06 23:04	337240	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-03-26 01:47 . 2012-03-06 23:02	53080	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-03-26 01:47 . 2012-03-06 23:01	59224	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-03-26 01:47 . 2012-03-06 23:04	819032	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-03-26 01:47 . 2012-03-06 23:15	258520	----a-w-	c:\windows\system32\aswBoot.exe
2012-03-26 01:47 . 2012-03-06 23:01	69976	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-03-26 01:46 . 2012-03-06 23:15	41184	----a-w-	c:\windows\avastSS.scr
2012-03-26 01:46 . 2012-03-06 23:15	201352	----a-w-	c:\windows\SysWow64\aswBoot.exe
2012-03-26 01:46 . 2012-03-26 01:46	--------	d-----w-	c:\programdata\AVAST Software
2012-03-26 01:46 . 2012-03-26 01:46	--------	d-----w-	c:\program files\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-26 21:05 . 2010-06-01 18:52	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2009-04-08 14:31 . 2009-04-08 14:31	106496	----a-w-	c:\program files (x86)\Common Files\CPInstallAction.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2010-04-08 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2010-04-08 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((( [email protected]_01.14.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-04-05 23:38	16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-25 22:49	16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-05 23:38	32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-25 22:49	32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-25 22:49	16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-05 23:38	16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-06 00:29 . 2012-04-05 23:40	67546 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-05 11:07	49642 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-10-06 00:15 . 2012-04-05 11:07	15750 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2867500651-1516734084-2197057008-1001_UserData.bin
+ 2010-05-13 01:04 . 2010-04-24 09:00	28672 c:\windows\system32\spool\prtprocs\x64\1_CNMPD9W.DLL
- 2009-10-06 03:07 . 2012-03-06 14:01	16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-06 03:07 . 2012-04-03 12:53	16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-06 03:07 . 2012-03-06 14:01	32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-06 03:07 . 2012-04-03 12:53	32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-03 12:53	16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-06 14:01	16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-06 00:12 . 2012-03-26 01:15	16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-06 00:12 . 2012-04-05 23:40	16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-06 00:12 . 2012-03-26 01:15	32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-06 00:12 . 2012-04-05 23:40	32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-06 00:12 . 2012-03-26 01:15	16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-06 00:12 . 2012-04-05 23:40	16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-06 00:12 . 2012-03-26 01:15	16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-06 00:12 . 2012-04-05 23:40	16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-06 00:12 . 2012-04-05 23:40	16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-06 00:12 . 2012-03-26 01:15	16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-03-26 01:14 . 2012-03-26 01:14	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-05 23:38 . 2012-04-05 23:38	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-26 01:14 . 2012-03-26 01:14	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-05 23:38 . 2012-04-05 23:38	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-12-13 00:47 . 2012-03-26 02:25	277808 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-10-07 03:54 . 2012-04-03 16:31	356438 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-08-03 17:13 . 2012-03-18 21:07	732750 c:\windows\system32\perfh019.dat
+ 2009-08-03 17:13 . 2012-04-01 19:05	732750 c:\windows\system32\perfh019.dat
- 2009-07-14 02:36 . 2012-03-18 21:07	670178 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-01 19:05	670178 c:\windows\system32\perfh009.dat
+ 2009-08-03 17:13 . 2012-04-01 19:05	154362 c:\windows\system32\perfc019.dat
- 2009-08-03 17:13 . 2012-03-18 21:07	154362 c:\windows\system32\perfc019.dat
+ 2009-07-14 02:36 . 2012-04-01 19:05	125322 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-18 21:07	125322 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-04-05 23:37	401520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-03-26 01:13	401520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2012-03-15 13:15	10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-03-31 18:38	10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-02-06 04:55 . 2012-04-05 23:37	29719066 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2867500651-1516734084-2197057008-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 21:08	143360	----a-w-	c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SacReminderHDDV2N"="c:\programdata\OfficeGuardianV2N\reminder\SacReminder.exe" [2010-11-18 862032]
"chromium"="c:\users\Lyn\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-03-27 1224176]
"MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2011-11-14 435672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DirectConsole2"="c:\program files (x86)\ASUS\Direct Console\Direct Console.exe" [2009-04-07 2861624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-07 159744]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Turbo Gear Help"="c:\program files (x86)\ASUS\Turbo Gear Extreme\GearHelp.exe" [2009-08-06 1026048]
"Turbo Gear"="c:\program files (x86)\ASUS\Turbo Gear Extreme\TurboGear.exe" [2009-08-06 2987520]
"Salmosa"="c:\program files (x86)\Razer\Salmosa\razerhid.exe" [2008-08-21 139264]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
c:\users\Lyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2010-9-15 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 EST_Server;Network USB Device;c:\windows\system32\DRIVERS\GenHC.sys [x]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 CFUACProxy_officeguardianv2n;CFUACProxy_officeguardianv2n;c:\programdata\OfficeGuardianV2N\UACProxy.exe [2010-11-18 83792]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [x]
S2 NPWService;NPWService;c:\program files (x86)\Generic\Network Printer Wizard\NPWService.exe [2009-01-15 788480]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 SacNetAgentService_C57C4F854F53;SacNetAgentService_C57C4F854F53;c:\programdata\OfficeGuardianV2N\Reminder\SacNetAgent.exe [2010-11-18 163664]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-08 378472]
S2 WBVGAservice;WB VGA Service;c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [2009-02-06 72248]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\DRIVERS\GenBus.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 salmosa;Razer Salmosa;c:\windows\system32\drivers\salmosa.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001Core.job
- c:\users\Lyn\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-18 15:59]
.
2012-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001UA.job
- c:\users\Lyn\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-18 15:59]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15	135408	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 20:52	159744	----a-w-	c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-20 1833504]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 2184520]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Lyn\AppData\Roaming\Mozilla\Firefox\Profiles\d5d88x05.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2867500651-1516734084-2197057008-1001\Software\SecuROM\License information*]
"datasecu"=hex:7f,43,c7,10,e5,e7,73,fc,6a,5d,61,48,76,5a,80,1a,2c,03,81,57,ec,
57,f4,3d,3b,a3,47,dc,32,a3,33,5a,bf,b1,29,ad,e5,66,f6,50,96,de,92,ca,a5,17,\
"rkeysecu"=hex:de,c7,f0,77,cc,44,e2,a7,6d,05,f1,c1,86,cd,a4,c6
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\ASUS\Net4Switch\Net4Switch.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe
c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\ASUS\NB Probe\SPM\spmgr.exe
c:\program files (x86)\Razer\Salmosa\razertra.exe
c:\program files (x86)\Razer\Salmosa\razerofa.exe
c:\program files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
.
**************************************************************************
.
Completion time: 2012-04-05 19:56:34 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-05 23:56
ComboFix2.txt 2012-03-31 15:32
ComboFix3.txt 2012-03-29 19:58
ComboFix4.txt 2012-03-26 01:21
.
Pre-Run: 145,223,303,168 bytes free
Post-Run: 145,032,863,744 bytes free
.
- - End Of File - - B8F13CCD549066BE423F9B490F3D3B42


----------



## Deejay100six (Sep 27, 2011)

Hi,

It looks like you didn't manage to disable Defender. Did you have problems?

Your Internet Explorer is out of date. Even if you don't use the browser, it is very important that you have the latest version.
Go here and download and install Internet Explorer 9.

*---------------------------------------------------------------------------------------------------*

*Your Adobe Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.*

Adobe Reader is a large program and if you prefer a smaller program you can get Foxit 2.0 here.

There is a newer version of *Adobe Reader* available.


Please go to this link *Adobe Reader Download Link*
Untick *any program(s)* you do not wish to include in the installation.
Click Download Now
Follow all on screen prompts

When the installation is complete go to *Add/Remove Programs* and uninstall all previous versions.

*---------------------------------------------------------------------------------------------------*

One more scan to be sure theres nothing lurking.

Go *here* to run an online scannner from ESET.

*Note:* For browsers other than Internet Explorer, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
 Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to *YES, I accept the Terms of Use.*
Click *Start*
When asked, allow the activex control to install
Click *Start*
Make sure that the option *Remove found threats* is unticked and the *Scan Archives* option is ticked.
Click on Advanced Settings, ensure the options *Scan for potentially unwanted applications*, *Scan for potentially unsafe applications*, and *Enable Anti-Stealth Technology* are ticked.
Click *Scan*
Wait for the scan to finish
Use *notepad* to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic and also let me know how things are now.

Also, please let me know how the system is running now.


----------



## tanusgreystar (Oct 15, 2007)

Hi, I'm running the scan right now. I was unable to update IE through that link. It says I have the wrong version of Windows?? Also, when going to the site to the online scan, this page came up which comes up a lot when trying to visit web pages:

http://63.209.69.107/search/web/online+scan+virus+scanner+free+security/a10/44561-24645/v5

I'll post the txt file when finished. Thanks!


----------



## Deejay100six (Sep 27, 2011)

tanusgreystar said:


> Hi, I'm running the scan right now. I was unable to update IE through that link. It says I have the wrong version of Windows??


Apologies, I forgot you are running 64bit.

The correct link >> http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=23332

Regarding the redirecting, do you have a router? If you do, please let me know what make/model in your next post.


----------



## tanusgreystar (Oct 15, 2007)

C:\Qoobox\Quarantine\C\Program Files (x86)\Search Toolbar\SearchToolbar.dll.vir	Win32/Toolbar.Zugo application
C:\Users\Lyn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\58630b2b-4f2203ce	Java/TrojanDownloader.OpenStream.NCM trojan
C:\Users\Lyn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\6bb753eb-5a6923a2	Java/Agent.DR trojan
C:\Users\Lyn\Downloads\SoftonicDownloader_for_adobe-flash-player.exe	a variant of Win32/SoftonicDownloader.A application
C:\Users\Lyn\Downloads\SoftonicDownloader_for_openpaint(2).exe	a variant of Win32/SoftonicDownloader.A application
C:\Users\Lyn\Downloads\SoftonicDownloader_for_openpaint.exe	a variant of Win32/SoftonicDownloader.A application
C:\Users\Lyn\Downloads\SoftonicDownloader_for_paint-net.exe	a variant of Win32/SoftonicDownloader.A application
C:\Users\Lyn\Downloads\SoftonicDownloader_for_photofiltre.exe	a variant of Win32/SoftonicDownloader.A application

I have a Linksys E1000


----------



## Deejay100six (Sep 27, 2011)

Hi,

*Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.*

1. Close any open browsers.

2. *Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.*

3. Open *notepad* and copy/paste the text in the box below into it:


```
ClearJavaCache::

http://forums.techguy.org/virus-other-malware-removal/1042798-browser-redirect.html

suspect::[71]
C:\Users\Lyn\Downloads\SoftonicDownloader_for_adobe-flash-player.exe
C:\Users\Lyn\Downloads\SoftonicDownloader_for_openpaint(2).exe
C:\Users\Lyn\Downloads\SoftonicDownloader_for_openpaint.exe
C:\Users\Lyn\Downloads\SoftonicDownloader_for_paint-net.exe
C:\Users\Lyn\Downloads\SoftonicDownloader_for_photofiltre.exe
```
Save this as *CFScript.txt*, in the same location as ComboFix.exe










Refering to the picture above, drag CFScript into ComboFix.exe

*Very Important! -->* If you receive a prompt saying there is an updated version of ComboFix available, please allow it to update.

*Do not mouseclick combofix's window whilst it's running. This may cause it to stall.*

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

*----------------------------------------------------------------------------------*

*Softonic Downloader* is obviously downloading files from dubious sources. I would advise you to cease using it. I actually struggled to find negative feedback about this but I did find some interesting reading here.

I believe Microsoft Windows is perfectly capable of downloading software without the help of these so called download managers. I'm not sure how it is installed as I don't see anything in your logs so if you agree that you'd rather remove it, I need you to run this small tool.

Please download *SystemLook* from one of the links below and save it to your *Desktop*.

*Download Mirror #1
Download Mirror #2*


Double-click *SystemLook.exe* to run it.
Copy the *contents* of the following codebox into the main textfield:


```
:filefind
**softonic**
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*

*---------------------------------------------------------------------------------*

As I said earlier, if you are still having redirect issues, it may be that your router has been hijacked so we need to reset it to factory defaults.


This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
If you don't know the router's default password, you can look it up. HERE
You also need to reconfigure any security settings you had in place prior to the reset.
You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Let me know if you are still being redirected.


----------



## tanusgreystar (Oct 15, 2007)

ComboFix 12-04-05.09 - Lyn 04/09/2012 18:20:46.5.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6143.4472 [GMT -4:00]
Running from: c:\users\Lyn\Desktop\ComboFix.exe
Command switches used :: c:\users\Lyn\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
.
((((((((((((((((((((((((( Files Created from 2012-03-09 to 2012-04-09 )))))))))))))))))))))))))))))))
.
.
2012-04-09 22:29 . 2012-04-09 22:29	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-04-09 22:29 . 2012-04-09 22:29	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-04-07 18:34 . 2012-04-07 18:34	982912	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2012-04-07 13:44 . 2012-04-07 13:44	--------	d-----w-	c:\program files (x86)\ESET
2012-04-07 13:37 . 2012-04-07 13:37	--------	d-----w-	c:\programdata\McAfee Security Scan
2012-04-07 13:37 . 2012-04-07 13:37	--------	d-----w-	c:\program files (x86)\McAfee Security Scan
2012-04-07 13:36 . 2012-04-07 13:36	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2012-03-26 12:49 . 2012-03-26 12:49	592824	----a-w-	c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-26 12:49 . 2012-03-26 12:49	44472	----a-w-	c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-26 01:47 . 2012-03-06 23:01	24408	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-03-26 01:47 . 2012-03-06 23:04	337240	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-03-26 01:47 . 2012-03-06 23:02	53080	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-03-26 01:47 . 2012-03-06 23:01	59224	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-03-26 01:47 . 2012-03-06 23:04	819032	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-03-26 01:47 . 2012-03-06 23:15	258520	----a-w-	c:\windows\system32\aswBoot.exe
2012-03-26 01:47 . 2012-03-06 23:01	69976	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-03-26 01:46 . 2012-03-06 23:15	41184	----a-w-	c:\windows\avastSS.scr
2012-03-26 01:46 . 2012-03-06 23:15	201352	----a-w-	c:\windows\SysWow64\aswBoot.exe
2012-03-26 01:46 . 2012-03-26 01:46	--------	d-----w-	c:\programdata\AVAST Software
2012-03-26 01:46 . 2012-03-26 01:46	--------	d-----w-	c:\program files\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-26 21:05 . 2010-06-01 18:52	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2009-04-08 14:31 . 2009-04-08 14:31	106496	----a-w-	c:\program files (x86)\Common Files\CPInstallAction.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2010-04-08 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2010-04-08 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((( [email protected]_01.14.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-07 18:35 . 2012-04-07 18:35	76800 c:\windows\SysWOW64\SetIEInstalledDate.exe
+ 2012-04-07 18:35 . 2012-04-07 18:35	74752 c:\windows\SysWOW64\RegisterIEPKEYs.exe
+ 2012-04-07 18:35 . 2012-04-07 18:35	54272 c:\windows\SysWOW64\pngfilt.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	48640 c:\windows\SysWOW64\mshtmler.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	72704 c:\windows\SysWOW64\mshtmled.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	11776 c:\windows\SysWOW64\mshta.exe
+ 2012-04-07 18:35 . 2012-04-07 18:35	10752 c:\windows\SysWOW64\msfeedssync.exe
+ 2012-04-07 18:35 . 2012-04-07 18:35	41472 c:\windows\SysWOW64\msfeedsbs.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	23552 c:\windows\SysWOW64\licmgr10.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	65024 c:\windows\SysWOW64\jsproxy.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	78848 c:\windows\SysWOW64\inseng.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	35840 c:\windows\SysWOW64\imgutil.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	86528 c:\windows\SysWOW64\iesysprep.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	74752 c:\windows\SysWOW64\iesetup.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	31744 c:\windows\SysWOW64\iernonce.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	74240 c:\windows\SysWOW64\ie4uinit.exe
+ 2012-04-07 18:35 . 2012-04-07 18:35	66048 c:\windows\SysWOW64\icardie.dll
+ 2009-07-14 04:54 . 2012-04-09 22:31	16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-25 22:49	16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-25 22:49	32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-09 22:31	32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-09 22:31	16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-25 22:49	16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-06 00:29 . 2012-04-09 10:19	68422 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-09 22:35	49642 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-10-06 00:15 . 2012-04-09 22:35	16088 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2867500651-1516734084-2197057008-1001_UserData.bin
+ 2012-04-07 18:35 . 2012-04-07 18:35	91648 c:\windows\system32\SetIEInstalledDate.exe
+ 2012-04-07 18:35 . 2012-04-07 18:35	89088 c:\windows\system32\RegisterIEPKEYs.exe
+ 2012-04-07 18:35 . 2012-04-07 18:35	65024 c:\windows\system32\pngfilt.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	48640 c:\windows\system32\mshtmler.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	96256 c:\windows\system32\mshtmled.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	12288 c:\windows\system32\mshta.exe
+ 2012-04-07 18:35 . 2012-04-07 18:35	10752 c:\windows\system32\msfeedssync.exe
+ 2012-04-07 18:35 . 2012-04-07 18:35	55296 c:\windows\system32\msfeedsbs.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	30720 c:\windows\system32\licmgr10.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	85504 c:\windows\system32\jsproxy.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	49664 c:\windows\system32\imgutil.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	85504 c:\windows\system32\iesetup.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	39936 c:\windows\system32\iernonce.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	89088 c:\windows\system32\ie4uinit.exe
+ 2012-04-07 18:35 . 2012-04-07 18:35	82432 c:\windows\system32\icardie.dll
+ 2009-10-06 03:07 . 2012-04-07 18:34	16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-06 03:07 . 2012-03-06 14:01	16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-06 03:07 . 2012-03-06 14:01	32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-06 03:07 . 2012-04-07 18:34	32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-06 14:01	16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-07 18:34	16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-06 00:12 . 2012-03-26 01:15	16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-06 00:12 . 2012-04-07 13:28	16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-06 00:12 . 2012-04-07 13:28	32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-06 00:12 . 2012-03-26 01:15	32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-06 00:12 . 2012-04-07 13:28	16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-06 00:12 . 2012-03-26 01:15	16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-06 00:12 . 2012-04-07 13:28	16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-06 00:12 . 2012-03-26 01:15	16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-06 00:12 . 2012-04-07 13:28	16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-06 00:12 . 2012-03-26 01:15	16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-06 16:55 . 2011-06-06 16:55	73624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\wow_helper.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55	17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55	35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55	88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55	94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55	64952 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\armsvc.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55	49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55	17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55	63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55	64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55	63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
- 2012-03-26 01:14 . 2012-03-26 01:14	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-09 22:30 . 2012-04-09 22:30	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-09 22:30 . 2012-04-09 22:30	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-26 01:14 . 2012-03-26 01:14	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 00:15 . 2009-07-14 01:16	135168 c:\windows\SysWOW64\XpsRasterService.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34	135168 c:\windows\SysWOW64\XpsRasterService.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34	442880 c:\windows\SysWOW64\XpsPrint.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34	283648 c:\windows\SysWOW64\XpsGdiConverter.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	152064 c:\windows\SysWOW64\wextract.exe
+ 2012-04-07 18:35 . 2012-04-07 18:35	203776 c:\windows\SysWOW64\webcheck.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	420864 c:\windows\SysWOW64\vbscript.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	231936 c:\windows\SysWOW64\url.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	123392 c:\windows\SysWOW64\occache.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	162304 c:\windows\SysWOW64\msrating.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	161792 c:\windows\SysWOW64\msls31.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	580608 c:\windows\SysWOW64\msfeeds.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34	196608 c:\windows\SysWOW64\mfreadwrite.dll
- 2010-02-24 14:04 . 2009-12-02 08:17	716800 c:\windows\SysWOW64\jscript.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	716800 c:\windows\SysWOW64\jscript.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	150528 c:\windows\SysWOW64\iexpress.exe
+ 2012-04-07 18:35 . 2012-04-07 18:35	142848 c:\windows\SysWOW64\ieUnatt.exe
- 2010-11-04 06:18 . 2010-09-08 04:28	176640 c:\windows\SysWOW64\ieui.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	176640 c:\windows\SysWOW64\ieui.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	118784 c:\windows\SysWOW64\iepeers.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	353584 c:\windows\SysWOW64\iedkcs32.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	434176 c:\windows\SysWOW64\ieapfltr.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	163840 c:\windows\SysWOW64\ieakui.dll
- 2009-07-13 23:42 . 2009-07-14 01:05	163840 c:\windows\SysWOW64\ieakui.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	227840 c:\windows\SysWOW64\ieaksie.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	130560 c:\windows\SysWOW64\ieakeng.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	110592 c:\windows\SysWOW64\IEAdvpack.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	223232 c:\windows\SysWOW64\dxtrans.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	353792 c:\windows\SysWOW64\dxtmsft.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34	218624 c:\windows\SysWOW64\d3d10_1core.dll
- 2009-07-13 23:27 . 2009-07-14 01:15	161792 c:\windows\SysWOW64\d3d10_1.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34	161792 c:\windows\SysWOW64\d3d10_1.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34	739840 c:\windows\SysWOW64\d2d1.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	101888 c:\windows\SysWOW64\admparse.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34	229888 c:\windows\system32\XpsRasterService.dll
- 2009-07-14 00:37 . 2009-07-14 01:41	229888 c:\windows\system32\XpsRasterService.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34	662528 c:\windows\system32\XpsPrint.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34	470016 c:\windows\system32\XpsGdiConverter.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	160256 c:\windows\system32\wextract.exe
+ 2012-04-07 18:35 . 2012-04-07 18:35	249344 c:\windows\system32\webcheck.dll
+ 2009-12-13 00:47 . 2012-03-26 02:25	277808 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-10-07 03:54 . 2012-04-09 17:28	356884 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2012-04-07 18:35 . 2012-04-07 18:35	603648 c:\windows\system32\vbscript.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	237056 c:\windows\system32\url.dll
+ 2009-08-03 17:13 . 2012-04-01 19:05	732750 c:\windows\system32\perfh019.dat
- 2009-08-03 17:13 . 2012-03-18 21:07	732750 c:\windows\system32\perfh019.dat
- 2009-07-14 02:36 . 2012-03-18 21:07	670178 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-01 19:05	670178 c:\windows\system32\perfh009.dat
+ 2009-08-03 17:13 . 2012-04-01 19:05	154362 c:\windows\system32\perfc019.dat
- 2009-08-03 17:13 . 2012-03-18 21:07	154362 c:\windows\system32\perfc019.dat
- 2009-07-14 02:36 . 2012-03-18 21:07	125322 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-04-01 19:05	125322 c:\windows\system32\perfc009.dat
+ 2012-04-07 18:35 . 2012-04-07 18:35	149504 c:\windows\system32\occache.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	197120 c:\windows\system32\msrating.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	222208 c:\windows\system32\msls31.dll
- 2009-07-13 23:39 . 2009-07-14 01:41	222208 c:\windows\system32\msls31.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	697344 c:\windows\system32\msfeeds.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34	257024 c:\windows\system32\mfreadwrite.dll
- 2009-07-14 00:18 . 2009-07-14 01:41	206848 c:\windows\system32\mfps.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34	206848 c:\windows\system32\mfps.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	818688 c:\windows\system32\jscript.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	103936 c:\windows\system32\inseng.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	165888 c:\windows\system32\iexpress.exe
+ 2012-04-07 18:35 . 2012-04-07 18:35	173056 c:\windows\system32\ieUnatt.exe
+ 2012-04-07 18:35 . 2012-04-07 18:35	248320 c:\windows\system32\ieui.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	111616 c:\windows\system32\iesysprep.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	145920 c:\windows\system32\iepeers.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	403248 c:\windows\system32\iedkcs32.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	534528 c:\windows\system32\ieapfltr.dll
- 2009-07-13 23:58 . 2009-07-14 01:27	163840 c:\windows\system32\ieakui.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	163840 c:\windows\system32\ieakui.dll
- 2009-07-13 23:58 . 2009-07-14 01:41	267776 c:\windows\system32\ieaksie.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	267776 c:\windows\system32\ieaksie.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	160256 c:\windows\system32\ieakeng.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	135168 c:\windows\system32\IEAdvpack.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	282112 c:\windows\system32\dxtrans.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	452608 c:\windows\system32\dxtmsft.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34	265088 c:\windows\system32\drivers\dxgmms1.sys
+ 2012-04-07 18:34 . 2012-04-07 18:34	320512 c:\windows\system32\d3d10_1core.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34	197120 c:\windows\system32\d3d10_1.dll
- 2009-07-13 23:41 . 2009-07-14 01:40	197120 c:\windows\system32\d3d10_1.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34	902656 c:\windows\system32\d2d1.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34	144384 c:\windows\system32\cdd.dll
- 2010-07-14 13:11 . 2010-05-19 19:48	144384 c:\windows\system32\cdd.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	114176 c:\windows\system32\admparse.dll
+ 2009-07-14 05:01 . 2012-04-09 22:30	387248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-04-04 21:28 . 2012-04-09 22:30	388016 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2867500651-1516734084-2197057008-1001-12288.dat
+ 2011-06-06 16:55 . 2011-06-06 16:55	249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55	394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55	183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55	104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55	937920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\adobearm.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55	102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55	755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55	296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55	205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34	1619456 c:\windows\SysWOW64\WMVDECOD.DLL
+ 2012-04-07 18:35 . 2012-04-07 18:35	1127424 c:\windows\SysWOW64\wininet.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	1103360 c:\windows\SysWOW64\urlmon.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34	3181568 c:\windows\SysWOW64\mf.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	1798656 c:\windows\SysWOW64\jscript9.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	1792000 c:\windows\SysWOW64\iertutil.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	9705472 c:\windows\SysWOW64\ieframe.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	3695416 c:\windows\SysWOW64\ieapfltr.dat
+ 2012-04-07 18:34 . 2012-04-07 18:34	1495040 c:\windows\SysWOW64\ExplorerFrame.dll
- 2009-07-13 23:44 . 2009-07-14 01:15	1495040 c:\windows\SysWOW64\ExplorerFrame.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34	1074176 c:\windows\SysWOW64\DWrite.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34	1170944 c:\windows\SysWOW64\d3d10warp.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34	1888256 c:\windows\system32\WMVDECOD.DLL
+ 2012-04-07 18:35 . 2012-04-07 18:35	1390080 c:\windows\system32\wininet.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	1345536 c:\windows\system32\urlmon.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34	4068864 c:\windows\system32\mf.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	2308096 c:\windows\system32\jscript9.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	2144256 c:\windows\system32\iertutil.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	3695416 c:\windows\system32\ieapfltr.dat
+ 2012-04-07 18:34 . 2012-04-07 18:34	1133568 c:\windows\system32\FntCache.dll
- 2009-07-13 23:57 . 2009-07-14 01:40	1863680 c:\windows\system32\ExplorerFrame.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34	1863680 c:\windows\system32\ExplorerFrame.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34	1540608 c:\windows\system32\DWrite.dll
+ 2012-04-07 18:34 . 2012-04-07 18:34	1837568 c:\windows\system32\d3d10warp.dll
+ 2011-02-06 04:55 . 2012-04-09 22:30	5169524 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2867500651-1516734084-2197057008-1001-8192.dat
+ 2011-06-06 20:45 . 2011-06-06 20:45	2318848 c:\windows\Installer\80f60.msi
+ 2011-06-06 16:55 . 2011-06-06 16:55	2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55	1189004 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\JSByteCodeWin.bin
+ 2011-06-06 16:55 . 2011-06-06 16:55	6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55	1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55	1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
+ 2012-04-07 18:35 . 2012-04-07 18:35	12282368 c:\windows\SysWOW64\mshtml.dll
- 2009-07-14 02:34 . 2012-03-15 13:15	10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-04-09 13:18	10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-04-07 18:35 . 2012-04-07 18:35	17790464 c:\windows\system32\mshtml.dll
+ 2012-04-07 18:35 . 2012-04-07 18:35	10887168 c:\windows\system32\ieframe.dll
+ 2012-01-03 17:44 . 2012-01-03 17:44	15929344 c:\windows\Installer\80f61.msp
+ 2011-06-06 16:55 . 2011-06-06 16:55	24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 21:08	143360	----a-w-	c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SacReminderHDDV2N"="c:\programdata\OfficeGuardianV2N\reminder\SacReminder.exe" [2010-11-18 862032]
"chromium"="c:\users\Lyn\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-04-04 1224176]
"MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2011-11-14 435672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DirectConsole2"="c:\program files (x86)\ASUS\Direct Console\Direct Console.exe" [2009-04-07 2861624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-07 159744]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Turbo Gear Help"="c:\program files (x86)\ASUS\Turbo Gear Extreme\GearHelp.exe" [2009-08-06 1026048]
"Turbo Gear"="c:\program files (x86)\ASUS\Turbo Gear Extreme\TurboGear.exe" [2009-08-06 2987520]
"Salmosa"="c:\program files (x86)\Razer\Salmosa\razerhid.exe" [2008-08-21 139264]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\users\Lyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2010-9-15 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 EST_Server;Network USB Device;c:\windows\system32\DRIVERS\GenHC.sys [x]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 CFUACProxy_officeguardianv2n;CFUACProxy_officeguardianv2n;c:\programdata\OfficeGuardianV2N\UACProxy.exe [2010-11-18 83792]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [x]
S2 NPWService;NPWService;c:\program files (x86)\Generic\Network Printer Wizard\NPWService.exe [2009-01-15 788480]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 SacNetAgentService_C57C4F854F53;SacNetAgentService_C57C4F854F53;c:\programdata\OfficeGuardianV2N\Reminder\SacNetAgent.exe [2010-11-18 163664]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-08 378472]
S2 WBVGAservice;WB VGA Service;c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [2009-02-06 72248]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\DRIVERS\GenBus.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 salmosa;Razer Salmosa;c:\windows\system32\drivers\salmosa.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001Core.job
- c:\users\Lyn\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-18 15:59]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001UA.job
- c:\users\Lyn\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-18 15:59]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15	135408	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 20:52	159744	----a-w-	c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-20 1833504]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 2184520]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Lyn\AppData\Roaming\Mozilla\Firefox\Profiles\d5d88x05.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2867500651-1516734084-2197057008-1001\Software\SecuROM\License information*]
"datasecu"=hex:7f,43,c7,10,e5,e7,73,fc,6a,5d,61,48,76,5a,80,1a,2c,03,81,57,ec,
57,f4,3d,3b,a3,47,dc,32,a3,33,5a,bf,b1,29,ad,e5,66,f6,50,96,de,92,ca,a5,17,\
"rkeysecu"=hex:de,c7,f0,77,cc,44,e2,a7,6d,05,f1,c1,86,cd,a4,c6
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\Razer\Salmosa\razertra.exe
c:\program files (x86)\Razer\Salmosa\razerofa.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
c:\program files (x86)\ASUS\NB Probe\SPM\spmgr.exe
c:\program files (x86)\ASUS\Net4Switch\Net4Switch.exe
c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe
.
**************************************************************************
.
Completion time: 2012-04-09 18:53:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-09 22:53
ComboFix2.txt 2012-04-05 23:56
ComboFix3.txt 2012-03-31 15:32
ComboFix4.txt 2012-03-29 19:58
ComboFix5.txt 2012-04-09 22:19
.
Pre-Run: 145,305,149,440 bytes free
Post-Run: 145,635,635,200 bytes free
.
- - End Of File - - 45C9344BE0E2B69EE71820C002D5D172
Upload was successful 
SystemLook 30.07.11 by jpshortstuff
Log created at 18:57 on 09/04/2012 by Lyn
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "**softonic**"
C:\Users\Lyn\Downloads\SoftonicDownloader_for_adobe-flash-player.exe	------- 293184 bytes	[00:09 07/12/2010]	[00:10 07/12/2010] 2B8E192326CA1ED2FB9CEC7B2392ACF4
C:\Users\Lyn\Downloads\SoftonicDownloader_for_openpaint(2).exe	------- 304920 bytes	[00:15 06/02/2011]	[00:16 06/02/2011] 979B1833E45FF582B08D4322449AC177
C:\Users\Lyn\Downloads\SoftonicDownloader_for_openpaint.exe	------- 304920 bytes	[00:10 06/02/2011]	[00:10 06/02/2011] 979B1833E45FF582B08D4322449AC177
C:\Users\Lyn\Downloads\SoftonicDownloader_for_paint-net.exe	------- 293144 bytes	[16:44 08/12/2010]	[16:44 08/12/2010] 5A67F2DE41A47D966C22E678B141849A
C:\Users\Lyn\Downloads\SoftonicDownloader_for_photofiltre.exe	------- 293152 bytes	[16:30 08/12/2010]	[16:30 08/12/2010] 5BCEC254C7850A1AD814074099E44857

-= EOF =-


----------



## Deejay100six (Sep 27, 2011)

Hi,

The files downloaded by Softonic are classified as a low risk threat because they install adware on your machine. If you wish to remove them, the choice is yours. If you decide you want them removed, run the following script.

*Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.*

1. Close any open browsers.

2. *Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.*

3. Open *notepad* and copy/paste the text in the box below into it:


```
File::
C:\Users\Lyn\Downloads\SoftonicDownloader_for_adobe-flash-player.exe
C:\Users\Lyn\Downloads\SoftonicDownloader_for_openpaint(2).exe
C:\Users\Lyn\Downloads\SoftonicDownloader_for_openpaint.exe
C:\Users\Lyn\Downloads\SoftonicDownloader_for_paint-net.exe
C:\Users\Lyn\Downloads\SoftonicDownloader_for_photofiltre.exe
```
Save this as *CFScript.txt*, in the same location as ComboFix.exe










Refering to the picture above, drag CFScript into ComboFix.exe

*Very Important! -->* If you receive a prompt saying there is an updated version of ComboFix available, please allow it to update.

*Do not mouseclick combofix's window whilst it's running. This may cause it to stall.*

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

*----------------------------------------------------------------------------------*

Also, I'd like to have a look at your hosts file.

To view the Hosts file in Notepad;

Please press the







+ R key and copy/paste or type: *notepad %windir%\system32\drivers\etc\hosts* into the run dialogue box and then press ENTER.

Copy/Paste the *complete* contents into your next reply.

You didn't say whether the router reset solved the redirect problem.

Please let me know whether it did and also if there are any more problems.


----------



## tanusgreystar (Oct 15, 2007)

Hi Dave,

I don't know if the reset fixed anything just yet. I'll gladly get rid of all the Softonic stuff. I'll do that right now.


----------



## Deejay100six (Sep 27, 2011)

Good. :up: Only just realised, your original concern was about the downloader anyway.  I think Combofix should automatically reset your hosts file but I'd like to have a look anyway, to make sure.


----------



## tanusgreystar (Oct 15, 2007)

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost
216.240.133.193 www.google-analytics.com.
216.240.133.193 ad-emea.doubleclick.net.
216.240.133.193 www.statcounter.com.
69.72.252.254 www.google-analytics.com.
69.72.252.254 ad-emea.doubleclick.net.
69.72.252.254 www.statcounter.com.
ComboFix 12-04-05.09 - Lyn 04/09/2012 23:19:06.6.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6143.4746 [GMT -4:00]
Running from: c:\users\Lyn\Desktop\ComboFix.exe
Command switches used :: c:\users\Lyn\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Lyn\Downloads\SoftonicDownloader_for_adobe-flash-player.exe"
"c:\users\Lyn\Downloads\SoftonicDownloader_for_openpaint(2).exe"
"c:\users\Lyn\Downloads\SoftonicDownloader_for_openpaint.exe"
"c:\users\Lyn\Downloads\SoftonicDownloader_for_paint-net.exe"
"c:\users\Lyn\Downloads\SoftonicDownloader_for_photofiltre.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Lyn\Downloads\SoftonicDownloader_for_adobe-flash-player.exe
c:\users\Lyn\Downloads\SoftonicDownloader_for_openpaint(2).exe
c:\users\Lyn\Downloads\SoftonicDownloader_for_openpaint.exe
c:\users\Lyn\Downloads\SoftonicDownloader_for_paint-net.exe
c:\users\Lyn\Downloads\SoftonicDownloader_for_photofiltre.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-10 to 2012-04-10 )))))))))))))))))))))))))))))))
.
.
2012-04-10 03:28 . 2012-04-10 03:28	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-04-10 03:28 . 2012-04-10 03:28	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-04-07 18:34 . 2012-04-07 18:34	982912	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2012-04-07 13:44 . 2012-04-07 13:44	--------	d-----w-	c:\program files (x86)\ESET
2012-04-07 13:37 . 2012-04-07 13:37	--------	d-----w-	c:\programdata\McAfee Security Scan
2012-04-07 13:37 . 2012-04-07 13:37	--------	d-----w-	c:\program files (x86)\McAfee Security Scan
2012-04-07 13:36 . 2012-04-07 13:36	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2012-03-26 12:49 . 2012-03-26 12:49	592824	----a-w-	c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-26 12:49 . 2012-03-26 12:49	44472	----a-w-	c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-26 01:47 . 2012-03-06 23:01	24408	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-03-26 01:47 . 2012-03-06 23:04	337240	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-03-26 01:47 . 2012-03-06 23:02	53080	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-03-26 01:47 . 2012-03-06 23:01	59224	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-03-26 01:47 . 2012-03-06 23:04	819032	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-03-26 01:47 . 2012-03-06 23:15	258520	----a-w-	c:\windows\system32\aswBoot.exe
2012-03-26 01:47 . 2012-03-06 23:01	69976	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-03-26 01:46 . 2012-03-06 23:15	41184	----a-w-	c:\windows\avastSS.scr
2012-03-26 01:46 . 2012-03-06 23:15	201352	----a-w-	c:\windows\SysWow64\aswBoot.exe
2012-03-26 01:46 . 2012-03-26 01:46	--------	d-----w-	c:\programdata\AVAST Software
2012-03-26 01:46 . 2012-03-26 01:46	--------	d-----w-	c:\program files\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-26 21:05 . 2010-06-01 18:52	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2009-04-08 14:31 . 2009-04-08 14:31	106496	----a-w-	c:\program files (x86)\Common Files\CPInstallAction.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2010-04-08 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2010-04-08 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((( SnapShot_2012-04-09_22.34.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-04-09 22:31	16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-10 03:29	16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-10 03:29	32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-09 22:31	32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-10 03:29	16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-09 22:31	16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-06 00:29 . 2012-04-10 03:31	68636 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-04-09 22:35	49642 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-10 03:31	49642 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-10-06 00:15 . 2012-04-10 03:31	16200 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2867500651-1516734084-2197057008-1001_UserData.bin
+ 2012-04-09 23:12 . 2012-04-09 23:12	9560 c:\windows\system32\NetworkList\Icons\{21D61C80-3B95-4F67-AB46-0F17AEE619E6}_48.bin
+ 2012-04-09 23:12 . 2012-04-09 23:12	4280 c:\windows\system32\NetworkList\Icons\{21D61C80-3B95-4F67-AB46-0F17AEE619E6}_32.bin
+ 2012-04-09 23:12 . 2012-04-09 23:12	2456 c:\windows\system32\NetworkList\Icons\{21D61C80-3B95-4F67-AB46-0F17AEE619E6}_24.bin
- 2012-04-09 22:30 . 2012-04-09 22:30	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-10 03:29 . 2012-04-10 03:29	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-10 03:29 . 2012-04-10 03:29	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-09 22:30 . 2012-04-09 22:30	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-04-09 22:30	387248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-10 03:28	387248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-04-04 21:28 . 2012-04-09 22:30	388016 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2867500651-1516734084-2197057008-1001-12288.dat
+ 2011-04-04 21:28 . 2012-04-10 03:28	388016 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2867500651-1516734084-2197057008-1001-12288.dat
+ 2011-02-06 04:55 . 2012-04-10 03:28	5316060 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2867500651-1516734084-2197057008-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 21:08	143360	----a-w-	c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SacReminderHDDV2N"="c:\programdata\OfficeGuardianV2N\reminder\SacReminder.exe" [2010-11-18 862032]
"chromium"="c:\users\Lyn\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-04-04 1224176]
"MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2011-11-14 435672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DirectConsole2"="c:\program files (x86)\ASUS\Direct Console\Direct Console.exe" [2009-04-07 2861624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-07 159744]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Turbo Gear Help"="c:\program files (x86)\ASUS\Turbo Gear Extreme\GearHelp.exe" [2009-08-06 1026048]
"Turbo Gear"="c:\program files (x86)\ASUS\Turbo Gear Extreme\TurboGear.exe" [2009-08-06 2987520]
"Salmosa"="c:\program files (x86)\Razer\Salmosa\razerhid.exe" [2008-08-21 139264]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\users\Lyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2010-9-15 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 EST_Server;Network USB Device;c:\windows\system32\DRIVERS\GenHC.sys [x]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 CFUACProxy_officeguardianv2n;CFUACProxy_officeguardianv2n;c:\programdata\OfficeGuardianV2N\UACProxy.exe [2010-11-18 83792]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [x]
S2 NPWService;NPWService;c:\program files (x86)\Generic\Network Printer Wizard\NPWService.exe [2009-01-15 788480]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 SacNetAgentService_C57C4F854F53;SacNetAgentService_C57C4F854F53;c:\programdata\OfficeGuardianV2N\Reminder\SacNetAgent.exe [2010-11-18 163664]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-08 378472]
S2 WBVGAservice;WB VGA Service;c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [2009-02-06 72248]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\DRIVERS\GenBus.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 salmosa;Razer Salmosa;c:\windows\system32\drivers\salmosa.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001Core.job
- c:\users\Lyn\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-18 15:59]
.
2012-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001UA.job
- c:\users\Lyn\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-18 15:59]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15	135408	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 20:52	159744	----a-w-	c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-20 1833504]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 2184520]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Lyn\AppData\Roaming\Mozilla\Firefox\Profiles\d5d88x05.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2867500651-1516734084-2197057008-1001\Software\SecuROM\License information*]
"datasecu"=hex:7f,43,c7,10,e5,e7,73,fc,6a,5d,61,48,76,5a,80,1a,2c,03,81,57,ec,
57,f4,3d,3b,a3,47,dc,32,a3,33,5a,bf,b1,29,ad,e5,66,f6,50,96,de,92,ca,a5,17,\
"rkeysecu"=hex:de,c7,f0,77,cc,44,e2,a7,6d,05,f1,c1,86,cd,a4,c6
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\ASUS\Net4Switch\Net4Switch.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\ASUS\NB Probe\SPM\spmgr.exe
c:\program files (x86)\Razer\Salmosa\razertra.exe
c:\program files (x86)\Razer\Salmosa\razerofa.exe
.
**************************************************************************
.
Completion time: 2012-04-09 23:47:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-10 03:46
ComboFix2.txt 2012-04-09 22:55
ComboFix3.txt 2012-04-05 23:56
ComboFix4.txt 2012-03-31 15:32
ComboFix5.txt 2012-04-10 03:18
.
Pre-Run: 144,948,301,824 bytes free
Post-Run: 144,655,527,936 bytes free
.
- - End Of File - - 95F7DBB58766123F2E1B8809D5DFB0C7


----------



## Deejay100six (Sep 27, 2011)

Hi,

Not sure why Combofix didn't reset your hosts file, it should have.

Download the *HostsXpert - Hosts File Manager*.


Unzip HostsXpert - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager
Run HostsXpert - Hosts File Manager from its new home
Click on "File Handling".
Click on "Restore MS Hosts File".
Click OK on the Confirmation box.
Click on "Make Read Only?"
Click the X to exit the program.
Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Then reboot your machine and follow the steps in post #32 to view your hosts file again, it should look like this.



> # Copyright (c) 1993-2006 Microsoft Corp.
> #
> # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
> #
> ...


There shouldn't be anything below *::1 localhost *

Let me know how it goes.

Are you still getting redirects?


----------



## tanusgreystar (Oct 15, 2007)

Hi. Even though the program said it couldn't write to my host file, it did work. Still getting redirects. : (


----------



## Deejay100six (Sep 27, 2011)

Hi,

It may be something thats been altered in your network settings. Lets try this first and if it doesn't work, we'll take a more in-depth look at whats happening.

Copy and paste these lines into Notepad.

*@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0*

Save as *flush.bat* to your desktop.
Double click on the flush.bat file to run it.Vista and Windows 7... right click the .bat file and choose to run as Administrator. Your computer will reboot itself.

Then run Combofix by double clicking its icon and post the log produced in your next reply.

Let me know if you're still getting redirected.


----------



## tanusgreystar (Oct 15, 2007)

Hi. Just to let you know I can do this tomorrow. Thanks!


----------



## Deejay100six (Sep 27, 2011)

No problem.


----------



## Deejay100six (Sep 27, 2011)

Hi,

Its been more than 2 days again without a response. Do you wish to continue?


----------



## Cookiegal (Aug 27, 2003)

I think we'll just close it this time. You really need to reply in a timley manner if you want assistance with malware removal.


----------



## tanusgreystar (Oct 15, 2007)

Hi. Thanks for reopening! I'll try to do he last step and get back to you today. Thanks again!


----------



## tanusgreystar (Oct 15, 2007)

ComboFix 12-04-18.01 - Lyn 04/18/2012 12:44:13.7.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6143.4706 [GMT -4:00]
Running from: c:\users\Lyn\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-03-18 to 2012-04-18 )))))))))))))))))))))))))))))))
.
.
2012-04-18 16:54 . 2012-04-18 16:54	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-04-18 16:54 . 2012-04-18 16:54	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-04-15 09:52 . 2012-03-20 07:51	8669240	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F3930A6F-6FDE-4FC8-B558-B2B94D132A46}\mpengine.dll
2012-04-13 14:30 . 2012-04-13 14:30	--------	d-----w-	C:\Perfect World Entertainment
2012-04-13 14:21 . 2012-04-13 13:00	258352	----a-w-	c:\windows\SysWow64\unicows.dll
2012-04-13 12:52 . 2012-04-14 03:11	--------	d-----w-	c:\users\Lyn\AppData\Local\PMB Files
2012-04-13 12:52 . 2012-04-13 12:53	--------	d-----w-	c:\programdata\PMB Files
2012-04-12 07:23 . 2012-04-12 07:23	--------	d-----w-	c:\program files (x86)\The Elder Scrolls V Skyrim
2012-04-07 18:34 . 2012-04-07 18:34	982912	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2012-04-07 13:44 . 2012-04-07 13:44	--------	d-----w-	c:\program files (x86)\ESET
2012-04-07 13:37 . 2012-04-07 13:37	--------	d-----w-	c:\programdata\McAfee Security Scan
2012-04-07 13:37 . 2012-04-10 21:02	--------	d-----w-	c:\program files (x86)\McAfee Security Scan
2012-04-07 13:36 . 2012-04-07 13:36	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2012-03-26 12:49 . 2012-03-26 12:49	592824	----a-w-	c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-26 12:49 . 2012-03-26 12:49	44472	----a-w-	c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-26 01:47 . 2012-03-06 23:01	24408	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-03-26 01:47 . 2012-03-06 23:04	337240	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-03-26 01:47 . 2012-03-06 23:02	53080	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-03-26 01:47 . 2012-03-06 23:01	59224	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-03-26 01:47 . 2012-03-06 23:04	819032	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-03-26 01:47 . 2012-03-06 23:15	258520	----a-w-	c:\windows\system32\aswBoot.exe
2012-03-26 01:47 . 2012-03-06 23:01	69976	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-03-26 01:46 . 2012-03-06 23:15	41184	----a-w-	c:\windows\avastSS.scr
2012-03-26 01:46 . 2012-03-06 23:15	201352	----a-w-	c:\windows\SysWow64\aswBoot.exe
2012-03-26 01:46 . 2012-03-26 01:46	--------	d-----w-	c:\programdata\AVAST Software
2012-03-26 01:46 . 2012-03-26 01:46	--------	d-----w-	c:\program files\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-26 21:05 . 2010-06-01 18:52	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-02-23 14:18 . 2009-10-06 00:18	279656	------w-	c:\windows\system32\MpSigStub.exe
2009-04-08 14:31 . 2009-04-08 14:31	106496	----a-w-	c:\program files (x86)\Common Files\CPInstallAction.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2010-04-08 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2010-04-08 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((( SnapShot_2012-04-09_22.34.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-04-18 16:56	16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-09 22:31	16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-09 22:31	32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-18 16:56	32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-18 16:56	16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-09 22:31	16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-06 00:29 . 2012-04-18 16:58	69600 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-04-09 22:35	49642 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-18 16:58	49642 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-10-06 00:15 . 2012-04-18 16:58	16542 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2867500651-1516734084-2197057008-1001_UserData.bin
+ 2009-10-06 03:07 . 2012-04-17 12:51	16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-06 03:07 . 2012-04-07 18:34	16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-06 03:07 . 2012-04-17 12:51	32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-06 03:07 . 2012-04-07 18:34	32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-17 12:51	16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-07 18:34	16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-04-11 06:56	76568 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-04-09 23:12 . 2012-04-09 23:12	9560 c:\windows\system32\NetworkList\Icons\{21D61C80-3B95-4F67-AB46-0F17AEE619E6}_48.bin
+ 2012-04-09 23:12 . 2012-04-09 23:12	4280 c:\windows\system32\NetworkList\Icons\{21D61C80-3B95-4F67-AB46-0F17AEE619E6}_32.bin
+ 2012-04-09 23:12 . 2012-04-09 23:12	2456 c:\windows\system32\NetworkList\Icons\{21D61C80-3B95-4F67-AB46-0F17AEE619E6}_24.bin
- 2012-04-09 22:30 . 2012-04-09 22:30	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-18 16:55 . 2012-04-18 16:55	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-18 16:55 . 2012-04-18 16:55	2048  c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-09 22:30 . 2012-04-09 22:30	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-10-07 03:54 . 2012-04-17 21:07	356892 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 05:01 . 2012-04-09 22:30	387248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-18 16:55	387248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-13 01:49 . 2012-04-16 03:42	387248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2867500651-1516734084-2197057008-1001-4096.dat
+ 2011-04-04 21:28 . 2012-04-18 16:55	492216 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2867500651-1516734084-2197057008-1001-12288.dat
- 2009-07-14 04:45 . 2011-09-23 03:35	3610726 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-04-11 06:26	3610726 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-02-06 04:55 . 2012-04-18 16:55	9663552 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2867500651-1516734084-2197057008-1001-8192.dat
- 2009-07-14 02:34 . 2012-04-09 13:18	10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-04-16 14:25	10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 21:08	143360	----a-w-	c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SacReminderHDDV2N"="c:\programdata\OfficeGuardianV2N\reminder\SacReminder.exe" [2010-11-18 862032]
"chromium"="c:\users\Lyn\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-04-12 1224176]
"MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2011-11-14 435672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DirectConsole2"="c:\program files (x86)\ASUS\Direct Console\Direct Console.exe" [2009-04-07 2861624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-07 159744]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Turbo Gear Help"="c:\program files (x86)\ASUS\Turbo Gear Extreme\GearHelp.exe" [2009-08-06 1026048]
"Turbo Gear"="c:\program files (x86)\ASUS\Turbo Gear Extreme\TurboGear.exe" [2009-08-06 2987520]
"Salmosa"="c:\program files (x86)\Razer\Salmosa\razerhid.exe" [2008-08-21 139264]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\users\Lyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2010-9-15 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 EST_Server;Network USB Device;c:\windows\system32\DRIVERS\GenHC.sys [x]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 CFUACProxy_officeguardianv2n;CFUACProxy_officeguardianv2n;c:\programdata\OfficeGuardianV2N\UACProxy.exe [2010-11-18 83792]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [x]
S2 NPWService;NPWService;c:\program files (x86)\Generic\Network Printer Wizard\NPWService.exe [2009-01-15 788480]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 SacNetAgentService_C57C4F854F53;SacNetAgentService_C57C4F854F53;c:\programdata\OfficeGuardianV2N\Reminder\SacNetAgent.exe [2010-11-18 163664]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-08 378472]
S2 WBVGAservice;WB VGA Service;c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [2009-02-06 72248]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\DRIVERS\GenBus.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 salmosa;Razer Salmosa;c:\windows\system32\drivers\salmosa.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001Core.job
- c:\users\Lyn\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-18 15:59]
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001UA.job
- c:\users\Lyn\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-18 15:59]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15	135408	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 20:52	159744	----a-w-	c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-20 1833504]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 2184520]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Lyn\AppData\Roaming\Mozilla\Firefox\Profiles\d5d88x05.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2867500651-1516734084-2197057008-1001\Software\SecuROM\License information*]
"datasecu"=hex:7f,43,c7,10,e5,e7,73,fc,6a,5d,61,48,76,5a,80,1a,2c,03,81,57,ec,
57,f4,3d,3b,a3,47,dc,32,a3,33,5a,bf,b1,29,ad,e5,66,f6,50,96,de,92,ca,a5,17,\
"rkeysecu"=hex:de,c7,f0,77,cc,44,e2,a7,6d,05,f1,c1,86,cd,a4,c6
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\Net4Switch\Net4Switch.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
c:\program files (x86)\ASUS\NB Probe\SPM\spmgr.exe
c:\program files (x86)\Razer\Salmosa\razertra.exe
.
**************************************************************************
.
Completion time: 2012-04-18 13:13:15 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-18 17:13
ComboFix2.txt 2012-04-10 03:47
ComboFix3.txt 2012-04-09 22:55
ComboFix4.txt 2012-04-05 23:56
ComboFix5.txt 2012-04-18 16:42
.
Pre-Run: 128,145,285,120 bytes free
Post-Run: 127,733,657,600 bytes free
.
- - End Of File - - A1136971D992A09F3AF55D055B4A0E93
Still redirecting.


----------



## Deejay100six (Sep 27, 2011)

Hi,

Sorry, I had overlooked your thread because I had unsubscribed. I'll have another look at your logs now.


----------



## tanusgreystar (Oct 15, 2007)

Ok thanks


----------



## Deejay100six (Sep 27, 2011)

Hi,


Download *OTL* to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath *Output* at the top change it to *Minimal Output*.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL.
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time, and post them with your next reply. You may need two posts to fit them all in.


----------



## tanusgreystar (Oct 15, 2007)

OTL Extras logfile created on: 4/23/2012 10:06:30 PM - Run 1
OTL by OldTimer - Version 3.2.41.0 Folder = C:\Users\Lyn\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.27 Gb Available Physical Memory | 71.14% Memory free
12.00 Gb Paging File | 10.28 Gb Available in Paging File | 85.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 244.50 Gb Total Space | 116.61 Gb Free Space | 47.69% Space Free | Partition Type: NTFS
Drive D: | 221.16 Gb Total Space | 168.86 Gb Free Space | 76.35% Space Free | Partition Type: NTFS

Computer Name: LYN-PC | User Name: Lyn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{7EFB6CDA-6ECA-483B-AA4C-E59C3EF28F08}" = Networking USB Server
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}" = iTunes
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 270.61
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.1.34
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C270918F-A77C-45BD-A9A4-BD5C2641F864}" = Network Printer Wizard
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"5F4DD0919B4763856B77AD385DEEEFCDF01784A8" = ENE CIR Receiver Driver
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.54
"Defraggler" = Defraggler
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{1266764D-FC4F-4FA7-B63B-884D53B1680F}" = NetAssistant
"{15EB20D6-5F13-41D0-BEF9-C9C44D6AC620}" = SDFormatter
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{439F7BFD-4F1B-4CAE-834A-4136396C2738}" = ASUS Turbo Gear Enhanced VGA Driver
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{520C1D80-935C-42B9-9340-E883849D804F}_is1" = DriverTuner 3.1.0.0
"{558B0625-03A7-491C-9693-FD1066005CBB}" = Turbo Gear Extreme
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = The Sims Medieval
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{9D6D7811-43B3-463C-BC79-5D1755269989}" = Net4Switch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C3B6103A-C76F-45CF-898E-22E74BD33CFF}" = Direct Console 2.0
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E6DA58C0-4EC5-4F5E-B73E-2F22ED30ACFC}" = Razer Salmosa
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"BitTorrent" = BitTorrent
"Canon MP250 series User Registration" = Canon MP250 series User Registration
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"GetDislike" = GetDislike
"InstallShield_{7EFB6CDA-6ECA-483B-AA4C-E59C3EF28F08}" = Networking USB Server
"InstallShield_{C270918F-A77C-45BD-A9A4-BD5C2641F864}" = Network Printer Wizard
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MyTomTom" = MyTomTom 3.1.0.530
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenPaint" = OpenPaint
"SpywareBlaster_is1" = SpywareBlaster 4.6
"UltraISO_is1" = UltraISO Premium V9.36
"WinGimp-2.0_is1" = GIMP 2.6.11

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"NetAssistant" = NetAssistant for Firefox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/9/2011 6:35:58 AM | Computer Name = Lyn-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
error code: 0x80070005

Error - 8/9/2011 6:00:00 PM | Computer Name = Lyn-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 8/10/2011 6:52:15 AM | Computer Name = Lyn-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 8/10/2011 3:44:40 PM | Computer Name = Lyn-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 8/10/2011 5:22:12 PM | Computer Name = Lyn-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program 
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of 
attribute "language" in element "assemblyIdentity" is invalid.

Error - 8/11/2011 6:57:53 AM | Computer Name = Lyn-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 8/11/2011 8:07:28 AM | Computer Name = Lyn-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 8/11/2011 7:08:42 PM | Computer Name = Lyn-PC | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 5.0.0.4183, time 
stamp: 0x4df95302 Faulting module name: xul.dll, version: 5.0.0.4183, time stamp:
0x4df95221 Exception code: 0xc0000409 Fault offset: 0x000e9830 Faulting process id:
0x1534 Faulting application start time: 0x01cc581f89481df3 Faulting application path:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe Faulting module path: C:\Program
Files (x86)\Mozilla Firefox\xul.dll Report Id: dad790fd-c46e-11e0-b420-0026183b4a92

Error - 8/12/2011 6:42:05 AM | Computer Name = Lyn-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 8/12/2011 5:21:34 PM | Computer Name = Lyn-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program 
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of 
attribute "language" in element "assemblyIdentity" is invalid.

[ OSession Events ]
Error - 10/12/2009 5:28:35 PM | Computer Name = Lyn-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1579
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/12/2009 9:45:28 PM | Computer Name = Lyn-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 12019
seconds with 1680 seconds of active time. This session ended with a crash.

Error - 10/12/2009 9:45:47 PM | Computer Name = Lyn-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/12/2009 9:46:17 PM | Computer Name = Lyn-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/12/2009 9:47:42 PM | Computer Name = Lyn-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/13/2012 9:53:19 PM | Computer Name = Lyn-PC | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.1.144. The computer with the IP address 192.168.1.143 did
not allow the name to be claimed by this computer.

Error - 4/14/2012 5:06:57 PM | Computer Name = Lyn-PC | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.1.144. The computer with the IP address 192.168.1.143 did
not allow the name to be claimed by this computer.

Error - 4/15/2012 9:40:37 PM | Computer Name = Lyn-PC | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.1.144. The computer with the IP address 192.168.1.143 did
not allow the name to be claimed by this computer.

Error - 4/18/2012 12:38:43 PM | Computer Name = Lyn-PC | Source = Service Control Manager | ID = 7034
Description = The CFUACProxy_officeguardianv2n service terminated unexpectedly. 
It has done this 1 time(s).

Error - 4/18/2012 12:39:07 PM | Computer Name = Lyn-PC | Source = Service Control Manager | ID = 7034
Description = The SacNetAgentService_C57C4F854F53 service terminated unexpectedly.
It has done this 1 time(s).

Error - 4/18/2012 12:49:16 PM | Computer Name = Lyn-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 4/18/2012 12:54:54 PM | Computer Name = Lyn-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 4/18/2012 12:56:30 PM | Computer Name = Lyn-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error: 
%%126

Error - 4/21/2012 1:52:25 PM | Computer Name = Lyn-PC | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.1.144. The computer with the IP address 192.168.1.143 did
not allow the name to be claimed by this computer.

Error - 4/22/2012 6:33:15 PM | Computer Name = Lyn-PC | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.1.144. The computer with the IP address 192.168.1.143 did
not allow the name to be claimed by this computer.

< End of report >


----------



## tanusgreystar (Oct 15, 2007)

OTL logfile created on: 4/23/2012 10:06:30 PM - Run 1
OTL by OldTimer - Version 3.2.41.0 Folder = C:\Users\Lyn\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.27 Gb Available Physical Memory | 71.14% Memory free
12.00 Gb Paging File | 10.28 Gb Available in Paging File | 85.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 244.50 Gb Total Space | 116.61 Gb Free Space | 47.69% Space Free | Partition Type: NTFS
Drive D: | 221.16 Gb Total Space | 168.86 Gb Free Space | 76.35% Space Free | Partition Type: NTFS

Computer Name: LYN-PC | User Name: Lyn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Lyn\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Lyn\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (TomTom)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\ProgramData\OfficeGuardianV2N\UACProxy.exe (Storage Appliance Corp.)
PRC - C:\ProgramData\OfficeGuardianV2N\Reminder\SacReminder.exe (Storage Appliance Corp.)
PRC - C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe (Storage Appliance Corporation)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
PRC - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe ()
PRC - C:\Program Files (x86)\ASUS\Turbo Gear Extreme\TurboGear.exe ()
PRC - C:\Program Files (x86)\ASUS\Turbo Gear Extreme\GearHelp.exe ()
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe (ASUSTek.)
PRC - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe (ASUSTeK Inc.)
PRC - C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
PRC - C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\Razer\Salmosa\razertra.exe ()
PRC - C:\Program Files (x86)\Razer\Salmosa\razerhid.exe ()
PRC - C:\Program Files (x86)\Razer\Salmosa\razerofa.exe (Razer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\Direct Console\DCHelper.exe (ASUSTek.)
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Program Files (x86)\ASUS\Net4Switch\Net4Switch.exe (ASUS)
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files (x86)\ASUS\NB Probe\SPM\spmgr.exe ()

========== Modules (No Company Name) ==========

MOD - C:\Users\Lyn\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Lyn\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll ()
MOD - C:\Users\Lyn\AppData\Local\Google\Chrome\Application\18.0.1025.162\avutil-51.dll ()
MOD - C:\Users\Lyn\AppData\Local\Google\Chrome\Application\18.0.1025.162\avformat-53.dll ()
MOD - C:\Users\Lyn\AppData\Local\Google\Chrome\Application\18.0.1025.162\avcodec-53.dll ()
MOD - C:\Program Files\AVAST Software\Avast\aswOtl.dll ()
MOD - C:\Program Files (x86)\MyTomTom 3\TomTomSupporterProxy.dll ()
MOD - C:\Program Files (x86)\MyTomTom 3\TomTomSupporterBase.dll ()
MOD - C:\Program Files (x86)\MyTomTom 3\QtGui4.dll ()
MOD - C:\Program Files (x86)\MyTomTom 3\QtCore4.dll ()
MOD - C:\Program Files (x86)\MyTomTom 3\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\MyTomTom 3\QtXml4.dll ()
MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
MOD - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe ()
MOD - C:\Program Files (x86)\ASUS\Turbo Gear Extreme\TurboGear.exe ()
MOD - C:\Program Files (x86)\ASUS\Turbo Gear Extreme\GearHelp.exe ()
MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswsysmon.dll ()
MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipsw_cfgmgr.dll ()
MOD - C:\Program Files (x86)\ASUS\Net4Switch\LogonStartup.dll ()
MOD - C:\Program Files (x86)\ASUS\Net4Switch\iphelper.dll ()
MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswui.dll ()
MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswobj.dll ()
MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswhlp.dll ()
MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswgblset.dll ()
MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswds.dll ()
MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswcore.dll ()
MOD - C:\Program Files (x86)\ASUS\Net4Switch\cxcmrt.dll ()
MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswresmgr.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll ()
MOD - C:\Program Files (x86)\Razer\Salmosa\razertra.exe ()
MOD - C:\Program Files (x86)\Razer\Salmosa\razerhid.exe ()
MOD - C:\Program Files (x86)\ASUS\Direct Console\OLED.dll ()
MOD - C:\Program Files (x86)\ASUS\Direct Console\SysInfo.dll ()
MOD - C:\Program Files (x86)\ASUS\Turbo Gear Extreme\atkmethod.dll ()
MOD - C:\Program Files (x86)\ASUS\Direct Console\OvrClk.dll ()
MOD - C:\Program Files (x86)\ASUS\Turbo Gear Extreme\OcSetting.dll ()
MOD - C:\Program Files (x86)\ASUS\Direct Console\LED.dll ()
MOD - C:\Program Files (x86)\ASUS\Direct Console\OUTLOOK.dll ()
MOD - C:\Program Files (x86)\ASUS\Direct Console\MSN.dll ()
MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
MOD - C:\Program Files (x86)\ASUS\Direct Console\OutlookAlertBoxTerminate.dll ()
MOD - C:\Program Files (x86)\ASUS\Net4Switch\ResItf.dll ()
MOD - C:\Program Files\ATKGFNEX\AGFNEX.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Program Files (x86)\ASUS\Turbo Gear Extreme\pngio.dll ()

========== Win32 Services (SafeList) ==========

SRV:*64bit:* - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:*64bit:* - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:*64bit:* - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:*64bit:* - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:*64bit:* - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (CFUACProxy_officeguardianv2n) -- C:\ProgramData\OfficeGuardianV2N\UACProxy.exe (Storage Appliance Corp.)
SRV - (SacNetAgentService_C57C4F854F53) -- C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe (Storage Appliance Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (DAUpdaterSvc) -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WBVGAservice) -- C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe ()
SRV - (NPWService) -- C:\Program Files (x86)\Generic\Network Printer Wizard\NPWService.exe ()
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe ()
SRV - (ADSMService) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
SRV - (spmgr) -- C:\Program Files (x86)\ASUS\NB Probe\SPM\spmgr.exe ()

========== Driver Services (SafeList) ==========

DRV:*64bit:* - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:*64bit:* - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:*64bit:* - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:*64bit:* - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:*64bit:* - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:*64bit:* - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:*64bit:* - (cpuz133) -- C:\Windows\SysNative\drivers\cpuz133_x64.sys (Windows (R) Win 7 DDK provider)
DRV:*64bit:* - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:*64bit:* - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:*64bit:* - (AsDsm) -- C:\Windows\SysNative\drivers\AsDsm.sys (ASUSTek Computer Inc)
DRV:*64bit:* - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:*64bit:* - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:*64bit:* - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:*64bit:* - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:*64bit:* - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:*64bit:* - (EIO64) -- C:\Windows\SysNative\drivers\EIO64.sys (ASUSTeK Computer Inc.)
DRV:*64bit:* - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:*64bit:* - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:*64bit:* - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:*64bit:* - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:*64bit:* - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:*64bit:* - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:*64bit:* - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:*64bit:* - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:*64bit:* - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:*64bit:* - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:*64bit:* - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:*64bit:* - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV:*64bit:* - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)
DRV:*64bit:* - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:*64bit:* - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:*64bit:* - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:*64bit:* - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:*64bit:* - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:*64bit:* - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:*64bit:* - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:*64bit:* - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV:*64bit:* - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:*64bit:* - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV:*64bit:* - (lullaby) -- C:\Windows\SysNative\drivers\lullaby.sys (Windows (R) Win 7 DDK provider)
DRV:*64bit:* - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV:*64bit:* - (EST_Server) -- C:\Windows\SysNative\drivers\GenHC.sys ( )
DRV:*64bit:* - (EST_BusEnum) -- C:\Windows\SysNative\drivers\GenBus.sys ( )
DRV:*64bit:* - (salmosa) -- C:\Windows\SysNative\drivers\salmosa.sys (Razer (Asia-Pacific) Pte Ltd)
DRV:*64bit:* - (ASMMAP64) -- C:\Program Files\ATKGFNEX\ASMMAP64.sys ()
DRV - (ISODrive) -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (ghaio) -- C:\Program Files (x86)\ASUS\NB Probe\SPM\ghaio.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{10EDAC71-1851-473a-BE8E-5D77C8FE5129}: "URL" = http://www.ask.com/web?o=101450&l=dis&q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://findgala.com/?&uid=5641&q={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={CF43130C-EB81-4DD1-8C7D-9F4ABC4EBEC4}&mid=c56ee27e1a40e0fe998401c113409fef-308d03a9941fb7b7656ebee84075bcdc2524e48f&lang=us&ds=AVG&pr=fr&d=2011-12-05 09:44:15&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?o=10587&gct=&gc=1&q={searchTerms}&crm=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:0.1.2008d
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.5
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Lyn\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lyn\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lyn\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\10.2.0.3\ [2012/03/12 09:26:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/25 21:47:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/26 08:49:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/07 09:36:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1266764D-FC4F-4FA7-B63B-884D53B1680F}: C:\Users\Lyn\AppData\Roaming\NetAssistant\ [2011/02/05 20:12:13 | 000,000,000 | ---D | M]

[2011/02/01 20:01:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lyn\AppData\Roaming\Mozilla\Extensions
[2011/01/26 11:55:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lyn\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/02/01 20:01:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lyn\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/04/21 06:46:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lyn\AppData\Roaming\Mozilla\Firefox\Profiles\d5d88x05.default\extensions
[2012/03/26 08:49:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/07 21:01:10 | 000,000,000 | ---D | M] (GetDislike) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
File not found (No name found) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2012/03/26 08:49:12 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/26 17:05:16 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/12 09:25:55 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/10/02 20:20:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/10 00:02:30 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Lyn\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lyn\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lyn\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Lyn\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Lyn\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Lyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Lyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: GetDislike = C:\Users\Lyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecfaonpigeiandhnmepfclkmldegepl\3.2_0\
CHR - Extension: avast! WebRep = C:\Users\Lyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Gmail = C:\Users\Lyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/12/03 09:31:48 | 000,001,401 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 216.240.133.193 www.google-analytics.com.
O1 - Hosts: 216.240.133.193 ad-emea.doubleclick.net.
O1 - Hosts: 216.240.133.193 www.statcounter.com.
O1 - Hosts: 69.72.252.254 www.google-analytics.com.
O1 - Hosts: 69.72.252.254 ad-emea.doubleclick.net.
O1 - Hosts: 69.72.252.254 www.statcounter.com.
O2:*64bit:* - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (GetDislike) - {F0E15660-5BE6-48b9-8ED6-F8C1643BD6B8} - C:\Program Files (x86)\getdislike\ie\211221920getdisike.dll File not found
O3:*64bit:* - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:*64bit:* - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:*64bit:* - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:*64bit:* - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DirectConsole2] C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe (ASUSTek.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Salmosa] C:\Program Files (x86)\Razer\Salmosa\razerhid.exe ()
O4 - HKLM..\Run: [Turbo Gear] C:\Program Files (x86)\ASUS\Turbo Gear Extreme\TurboGear.exe ()
O4 - HKLM..\Run: [Turbo Gear Help] C:\Program Files (x86)\ASUS\Turbo Gear Extreme\GearHelp.exe ()
O4 - HKCU..\Run: [MyTomTomSA.exe] C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKCU..\Run: [SacReminderHDDV2N] C:\ProgramData\OfficeGuardianV2N\Reminder\SacReminder.exe (Storage Appliance Corp.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Lyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files (x86)\Generic\Network Printer Wizard\NPWprint.dll (Elite Silicon Technology Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DF8EA25-F255-4953-83ED-02146F7812C7}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59456B02-21EB-4D6E-8D2C-419B16CA04BF}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:*64bit:* - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:*64bit:* - Protocol\Handler\ms-help - No CLSID value found
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/23 22:03:40 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\Lyn\Desktop\OTL.exe
[2012/04/18 13:16:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/18 12:54:40 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/18 12:42:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/18 12:42:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/18 12:42:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/18 12:40:28 | 004,467,613 | R--- | C] (Swearware) -- C:\Users\Lyn\Desktop\ComboFix.exe
[2012/04/13 10:35:50 | 000,000,000 | ---D | C] -- C:\Users\Lyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
[2012/04/13 10:35:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
[2012/04/13 10:30:22 | 000,000,000 | ---D | C] -- C:\Perfect World Entertainment
[2012/04/13 10:21:49 | 000,258,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unicows.dll
[2012/04/13 08:53:14 | 000,000,000 | ---D | C] -- C:\Users\Lyn\Desktop\FW_EN_Installer_0.215.0
[2012/04/13 08:52:52 | 000,000,000 | ---D | C] -- C:\Users\Lyn\AppData\Local\PMB Files
[2012/04/13 08:52:50 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012/04/12 03:23:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911
[2012/04/12 03:23:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Elder Scrolls V Skyrim
[2012/04/10 17:02:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/04/10 16:50:34 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\skyrim-verified
[2012/04/07 14:35:10 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/04/07 14:35:10 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/04/07 14:35:10 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/04/07 14:35:10 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/07 14:35:10 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/07 14:35:10 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/07 14:35:10 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/04/07 14:35:10 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/04/07 14:35:10 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/04/07 14:35:10 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/04/07 14:35:10 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/04/07 14:35:10 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/04/07 14:35:10 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/07 14:35:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/07 14:35:10 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/04/07 14:35:10 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/04/07 14:35:10 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/04/07 14:35:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/07 14:35:10 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/04/07 14:35:10 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/04/07 14:35:10 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/04/07 14:35:10 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/04/07 14:35:10 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/04/07 14:35:10 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/04/07 14:35:10 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/04/07 14:35:10 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/04/07 14:35:10 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/04/07 14:35:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/04/07 14:35:10 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/04/07 14:35:10 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/04/07 14:35:10 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/04/07 14:35:10 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/04/07 14:35:10 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/04/07 14:35:10 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/04/07 14:35:10 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/04/07 14:35:10 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/04/07 14:35:10 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/04/07 14:35:10 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/04/07 14:35:10 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/04/07 14:35:10 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/04/07 14:35:10 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/04/07 14:35:10 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/04/07 14:35:10 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/04/07 14:35:10 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/04/07 14:35:10 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/04/07 14:35:10 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/07 14:35:10 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/04/07 14:35:10 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/04/07 14:35:10 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/04/07 14:35:10 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/04/07 14:35:10 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/04/07 14:35:10 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/04/07 14:35:10 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/04/07 14:35:10 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/04/07 14:35:10 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/04/07 14:35:10 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/04/07 14:35:10 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/04/07 14:35:10 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/04/07 14:35:09 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/07 14:35:09 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/04/07 14:35:09 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/04/07 14:35:09 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/04/07 14:35:09 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/07 14:35:09 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/04/07 14:35:09 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/04/07 14:35:09 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/04/07 14:35:09 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/07 14:35:09 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/04/07 14:35:09 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/04/07 14:35:09 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/04/07 14:35:09 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/04/07 14:35:09 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/04/07 14:34:27 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2012/04/07 14:34:27 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2012/04/07 14:34:27 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2012/04/07 14:34:27 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2012/04/07 14:34:27 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012/04/07 14:34:27 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2012/04/07 14:34:27 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/04/07 14:34:27 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2012/04/07 14:34:27 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/04/07 14:34:27 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012/04/07 14:34:27 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2012/04/07 14:34:27 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012/04/07 14:34:27 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012/04/07 14:34:27 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2012/04/07 14:34:27 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2012/04/07 14:34:27 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2012/04/07 14:34:27 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2012/04/07 14:34:27 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2012/04/07 14:34:27 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/04/07 14:34:27 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2012/04/07 14:34:27 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2012/04/07 14:34:27 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2012/04/07 09:44:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/04/07 09:37:06 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012/04/07 09:37:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2012/04/07 09:36:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/04/07 09:36:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/04/07 09:36:14 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/04/01 15:06:14 | 000,000,000 | ---D | C] -- C:\Users\Lyn\Desktop\New folder
[2012/03/25 21:47:21 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/03/25 21:47:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/03/25 21:47:20 | 000,337,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/03/25 21:47:19 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/03/25 21:47:17 | 000,059,224 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/03/25 21:47:14 | 000,819,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/03/25 21:47:10 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/03/25 21:47:10 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/03/25 21:46:50 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/03/25 21:46:50 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/03/25 21:46:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/03/25 21:46:40 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/03/25 21:04:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/25 21:04:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[3 C:\Users\Lyn\Desktop\*.tmp files -> C:\Users\Lyn\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/23 22:03:55 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Lyn\Desktop\OTL.exe
[2012/04/23 21:24:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001UA.job
[2012/04/23 18:25:04 | 003,038,067 | ---- | M] () -- C:\Users\Lyn\Desktop\1471302-the_witcher_2_geralt_wiedzmin69.jpg
[2012/04/23 09:24:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001Core.job
[2012/04/23 06:02:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/23 06:02:22 | 536,109,055 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/20 19:28:12 | 000,016,439 | ---- | M] () -- C:\Users\Lyn\Desktop\51SeMXZ0seL._SL500_AA300_.jpg
[2012/04/18 12:40:43 | 004,467,613 | R--- | M] (Swearware) -- C:\Users\Lyn\Desktop\ComboFix.exe
[2012/04/15 22:03:45 | 000,027,584 | ---- | M] () -- C:\Users\Lyn\Desktop\jesus.jpg
[2012/04/14 06:53:14 | 000,040,676 | ---- | M] () -- C:\Users\Lyn\Desktop\428701_315081988547059_176890359032890_786295_387122672_n.jpg
[2012/04/14 06:48:59 | 000,036,775 | ---- | M] () -- C:\Users\Lyn\Desktop\554533_323644787690779_176890359032890_805702_926714452_n.jpg
[2012/04/14 06:36:58 | 000,022,647 | ---- | M] () -- C:\Users\Lyn\Desktop\558663_318860241513639_243597202373277_818210_918487247_n.jpg
[2012/04/13 14:45:57 | 000,061,410 | ---- | M] () -- C:\Users\Lyn\Desktop\internet-memes-memebase-home-its-hard-out-there-for-a-dragonborn.jpg
[2012/04/13 14:38:38 | 000,086,175 | ---- | M] () -- C:\Users\Lyn\Desktop\video-game-memes-player.jpg
[2012/04/13 11:05:33 | 000,000,937 | ---- | M] () -- C:\Users\Lyn\Desktop\Forsaken World.lnk
[2012/04/13 11:05:33 | 000,000,131 | ---- | M] () -- C:\Users\Lyn\Desktop\Forsaken World.url
[2012/04/13 09:00:47 | 000,258,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\unicows.dll
[2012/04/13 08:52:25 | 002,126,728 | ---- | M] () -- C:\Users\Lyn\Desktop\ForsakenWorld_EN_215_Pando.exe
[2012/04/13 07:25:53 | 000,112,081 | ---- | M] () -- C:\Users\Lyn\Desktop\540028_423006121062180_111221945573934_1522771_1717831371_n.jpg
[2012/04/12 19:30:06 | 000,247,776 | ---- | M] () -- C:\Users\Lyn\Desktop\l-11.jpg
[2012/04/12 19:30:02 | 000,100,816 | ---- | M] () -- C:\Users\Lyn\Desktop\l-7.jpg
[2012/04/12 19:29:56 | 000,086,627 | ---- | M] () -- C:\Users\Lyn\Desktop\l-28.jpg
[2012/04/12 19:29:48 | 000,101,046 | ---- | M] () -- C:\Users\Lyn\Desktop\l-15.jpg
[2012/04/12 19:29:44 | 000,166,742 | ---- | M] () -- C:\Users\Lyn\Desktop\l-41.jpg
[2012/04/12 19:01:28 | 000,116,129 | ---- | M] () -- C:\Users\Lyn\Desktop\l-5.jpg
[2012/04/12 19:00:30 | 000,098,646 | ---- | M] () -- C:\Users\Lyn\Desktop\l-40.jpg
[2012/04/12 15:06:25 | 000,174,420 | ---- | M] () -- C:\Users\Lyn\Desktop\Funny-Pics-14.03.2012-29.jpg
[2012/04/12 15:05:28 | 000,058,037 | ---- | M] () -- C:\Users\Lyn\Desktop\video-game-memes-video-games-tough-guy-khajiit.jpg
[2012/04/12 15:05:12 | 000,105,564 | ---- | M] () -- C:\Users\Lyn\Desktop\video-game-sales-funny-artwork-jpg.jpg
[2012/04/12 15:04:05 | 000,107,909 | ---- | M] () -- C:\Users\Lyn\Desktop\mass-effect-3-Y-U-NO-ending-meme.jpg
[2012/04/12 15:03:46 | 000,042,879 | ---- | M] () -- C:\Users\Lyn\Desktop\console-pc-resolution.jpg
[2012/04/12 15:03:00 | 000,037,934 | ---- | M] () -- C:\Users\Lyn\Desktop\video-game-memes-mass-effect.jpg
[2012/04/12 15:02:53 | 000,028,663 | ---- | M] () -- C:\Users\Lyn\Desktop\video-game-memes-dats-a-wacist.jpg
[2012/04/12 15:02:43 | 000,053,269 | ---- | M] () -- C:\Users\Lyn\Desktop\video-game-memes-video-game-protagonists.jpg
[2012/04/11 03:38:41 | 000,019,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/11 03:38:41 | 000,019,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/11 01:26:59 | 000,357,766 | ---- | M] () -- C:\Users\Lyn\Desktop\HostsXpert.zip
[2012/04/10 17:02:07 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/04/10 17:02:07 | 000,001,864 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/04/07 14:43:13 | 000,001,441 | ---- | M] () -- C:\Users\Lyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/07 14:42:52 | 000,002,192 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012/04/07 14:42:51 | 000,001,673 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012/04/07 14:35:10 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/04/07 14:35:10 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/04/07 14:35:10 | 002,308,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/04/07 14:35:10 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/07 14:35:10 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/07 14:35:10 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/07 14:35:10 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/04/07 14:35:10 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/04/07 14:35:10 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/04/07 14:35:10 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/04/07 14:35:10 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/04/07 14:35:10 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/04/07 14:35:10 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/04/07 14:35:10 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/07 14:35:10 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/07 14:35:10 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/04/07 14:35:10 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/04/07 14:35:10 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/04/07 14:35:10 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/07 14:35:10 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/04/07 14:35:10 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/04/07 14:35:10 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/04/07 14:35:10 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/04/07 14:35:10 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/04/07 14:35:10 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/04/07 14:35:10 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/04/07 14:35:10 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/04/07 14:35:10 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/04/07 14:35:10 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/04/07 14:35:10 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/04/07 14:35:10 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/04/07 14:35:10 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/04/07 14:35:10 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/04/07 14:35:10 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/04/07 14:35:10 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/04/07 14:35:10 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/04/07 14:35:10 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/04/07 14:35:10 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/04/07 14:35:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/04/07 14:35:10 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/04/07 14:35:10 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/04/07 14:35:10 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/04/07 14:35:10 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/04/07 14:35:10 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/04/07 14:35:10 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/04/07 14:35:10 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/04/07 14:35:10 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/04/07 14:35:10 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/07 14:35:10 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/04/07 14:35:10 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/04/07 14:35:10 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/04/07 14:35:10 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/04/07 14:35:10 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/04/07 14:35:10 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/04/07 14:35:10 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/04/07 14:35:10 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/04/07 14:35:10 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/04/07 14:35:10 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/04/07 14:35:10 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/04/07 14:35:10 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/04/07 14:35:09 | 001,493,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/07 14:35:09 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/04/07 14:35:09 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/04/07 14:35:09 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/07 14:35:09 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/04/07 14:35:09 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/04/07 14:35:09 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/04/07 14:35:09 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/07 14:35:09 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/04/07 14:35:09 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/04/07 14:35:09 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/04/07 14:35:09 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/04/07 14:35:09 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/04/07 14:35:09 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/04/07 14:34:27 | 004,068,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2012/04/07 14:34:27 | 003,181,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2012/04/07 14:34:27 | 001,888,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2012/04/07 14:34:27 | 001,863,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2012/04/07 14:34:27 | 001,837,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012/04/07 14:34:27 | 001,619,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2012/04/07 14:34:27 | 001,540,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/04/07 14:34:27 | 001,495,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2012/04/07 14:34:27 | 000,902,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/04/07 14:34:27 | 000,662,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012/04/07 14:34:27 | 000,470,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2012/04/07 14:34:27 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012/04/07 14:34:27 | 000,320,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012/04/07 14:34:27 | 000,283,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2012/04/07 14:34:27 | 000,265,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2012/04/07 14:34:27 | 000,257,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2012/04/07 14:34:27 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2012/04/07 14:34:27 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2012/04/07 14:34:27 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/04/07 14:34:27 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2012/04/07 14:34:27 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2012/04/07 14:34:27 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2012/04/07 09:36:47 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/04/04 22:19:28 | 000,065,934 | ---- | M] () -- C:\Users\Lyn\Desktop\HUS 218.rtf
[2012/04/04 22:07:29 | 000,032,357 | ---- | M] () -- C:\Users\Lyn\Desktop\Individual Support Plan.rtf
[2012/04/01 15:05:23 | 001,668,226 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/01 15:05:23 | 000,732,750 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat
[2012/04/01 15:05:23 | 000,670,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/01 15:05:23 | 000,154,362 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat
[2012/04/01 15:05:23 | 000,125,322 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/01 14:33:02 | 000,100,830 | ---- | M] () -- C:\Users\Lyn\Desktop\Service Plan.rtf
[2012/03/30 12:03:06 | 000,000,162 | -H-- | M] () -- C:\Users\Lyn\Desktop\~$rvice Plan.rtf
[2012/03/25 21:47:10 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/03/25 21:37:32 | 000,002,324 | ---- | M] () -- C:\Windows\epplauncher.mif
[3 C:\Users\Lyn\Desktop\*.tmp files -> C:\Users\Lyn\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/23 18:25:04 | 003,038,067 | ---- | C] () -- C:\Users\Lyn\Desktop\1471302-the_witcher_2_geralt_wiedzmin69.jpg
[2012/04/20 19:28:12 | 000,016,439 | ---- | C] () -- C:\Users\Lyn\Desktop\51SeMXZ0seL._SL500_AA300_.jpg
[2012/04/18 12:42:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/18 12:42:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/18 12:42:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/18 12:42:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/18 12:42:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/15 22:03:45 | 000,027,584 | ---- | C] () -- C:\Users\Lyn\Desktop\jesus.jpg
[2012/04/14 06:53:14 | 000,040,676 | ---- | C] () -- C:\Users\Lyn\Desktop\428701_315081988547059_176890359032890_786295_387122672_n.jpg
[2012/04/14 06:48:59 | 000,036,775 | ---- | C] () -- C:\Users\Lyn\Desktop\554533_323644787690779_176890359032890_805702_926714452_n.jpg
[2012/04/14 06:36:58 | 000,022,647 | ---- | C] () -- C:\Users\Lyn\Desktop\558663_318860241513639_243597202373277_818210_918487247_n.jpg
[2012/04/13 14:45:56 | 000,061,410 | ---- | C] () -- C:\Users\Lyn\Desktop\internet-memes-memebase-home-its-hard-out-there-for-a-dragonborn.jpg
[2012/04/13 14:38:38 | 000,086,175 | ---- | C] () -- C:\Users\Lyn\Desktop\video-game-memes-player.jpg
[2012/04/13 11:05:33 | 000,000,937 | ---- | C] () -- C:\Users\Lyn\Desktop\Forsaken World.lnk
[2012/04/13 11:05:33 | 000,000,131 | ---- | C] () -- C:\Users\Lyn\Desktop\Forsaken World.url
[2012/04/13 08:52:16 | 002,126,728 | ---- | C] () -- C:\Users\Lyn\Desktop\ForsakenWorld_EN_215_Pando.exe
[2012/04/13 07:25:53 | 000,112,081 | ---- | C] () -- C:\Users\Lyn\Desktop\540028_423006121062180_111221945573934_1522771_1717831371_n.jpg
[2012/04/12 19:30:06 | 000,247,776 | ---- | C] () -- C:\Users\Lyn\Desktop\l-11.jpg
[2012/04/12 19:30:02 | 000,100,816 | ---- | C] () -- C:\Users\Lyn\Desktop\l-7.jpg
[2012/04/12 19:29:55 | 000,086,627 | ---- | C] () -- C:\Users\Lyn\Desktop\l-28.jpg
[2012/04/12 19:29:48 | 000,101,046 | ---- | C] () -- C:\Users\Lyn\Desktop\l-15.jpg
[2012/04/12 19:29:44 | 000,166,742 | ---- | C] () -- C:\Users\Lyn\Desktop\l-41.jpg
[2012/04/12 19:01:27 | 000,116,129 | ---- | C] () -- C:\Users\Lyn\Desktop\l-5.jpg
[2012/04/12 19:00:30 | 000,098,646 | ---- | C] () -- C:\Users\Lyn\Desktop\l-40.jpg
[2012/04/12 15:06:25 | 000,174,420 | ---- | C] () -- C:\Users\Lyn\Desktop\Funny-Pics-14.03.2012-29.jpg
[2012/04/12 15:05:28 | 000,058,037 | ---- | C] () -- C:\Users\Lyn\Desktop\video-game-memes-video-games-tough-guy-khajiit.jpg
[2012/04/12 15:05:12 | 000,105,564 | ---- | C] () -- C:\Users\Lyn\Desktop\video-game-sales-funny-artwork-jpg.jpg
[2012/04/12 15:04:05 | 000,107,909 | ---- | C] () -- C:\Users\Lyn\Desktop\mass-effect-3-Y-U-NO-ending-meme.jpg
[2012/04/12 15:03:45 | 000,042,879 | ---- | C] () -- C:\Users\Lyn\Desktop\console-pc-resolution.jpg
[2012/04/12 15:03:00 | 000,037,934 | ---- | C] () -- C:\Users\Lyn\Desktop\video-game-memes-mass-effect.jpg
[2012/04/12 15:02:53 | 000,028,663 | ---- | C] () -- C:\Users\Lyn\Desktop\video-game-memes-dats-a-wacist.jpg
[2012/04/12 15:02:43 | 000,053,269 | ---- | C] () -- C:\Users\Lyn\Desktop\video-game-memes-video-game-protagonists.jpg
[2012/04/11 01:26:56 | 000,357,766 | ---- | C] () -- C:\Users\Lyn\Desktop\HostsXpert.zip
[2012/04/07 14:43:11 | 000,001,441 | ---- | C] () -- C:\Users\Lyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/07 14:35:10 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/04/07 14:35:09 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/04/07 09:37:05 | 000,001,866 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/04/07 09:37:05 | 000,001,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/04/07 09:36:47 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/04/07 09:36:47 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/04/04 22:09:32 | 000,065,934 | ---- | C] () -- C:\Users\Lyn\Desktop\HUS 218.rtf
[2012/04/04 22:07:28 | 000,032,357 | ---- | C] () -- C:\Users\Lyn\Desktop\Individual Support Plan.rtf
[2012/03/30 12:03:06 | 000,000,162 | -H-- | C] () -- C:\Users\Lyn\Desktop\~$rvice Plan.rtf
[2012/03/30 12:03:02 | 000,100,830 | ---- | C] () -- C:\Users\Lyn\Desktop\Service Plan.rtf
[2012/03/25 21:47:10 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/05/16 15:34:29 | 000,001,192 | ---- | C] () -- C:\Windows\wininit.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >


----------



## Glaswegian (Dec 5, 2004)

Hi

Deejay100six is not available so I will assist you.

Can you tell me how your system is running at the moment?


----------



## tanusgreystar (Oct 15, 2007)

Hi. It still redirects.


----------



## Glaswegian (Dec 5, 2004)

Hi again

Please delete your copy of ComboFix (drag and drop on the Recycle Bin) and download a fresh copy from one of these locations

*Link 1*
*Link 2*

Double click on *ComboFix* and let it run.

Please post back with *C:\Combofix.txt*


----------



## tanusgreystar (Oct 15, 2007)

ComboFix 12-04-24.02 - Lyn 04/24/2012 15:54:06.8.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6143.4474 [GMT -4:00]
Running from: c:\users\Lyn\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Lyn\AppData\Roaming\Mozilla\Firefox\Profiles\d5d88x05.default\weave\toFetch
c:\windows\SysWow64\urttemp
c:\windows\SysWow64\urttemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-24 to 2012-04-24 )))))))))))))))))))))))))))))))
.
.
2012-04-24 20:02 . 2012-04-24 20:02	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-04-24 20:02 . 2012-04-24 20:02	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-04-24 02:25 . 2012-04-24 02:25	418464	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-24 02:25 . 2012-04-24 02:25	--------	d-----w-	c:\windows\system32\Macromed
2012-04-15 09:52 . 2012-03-20 07:51	8669240	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F3930A6F-6FDE-4FC8-B558-B2B94D132A46}\mpengine.dll
2012-04-13 14:30 . 2012-04-13 14:30	--------	d-----w-	C:\Perfect World Entertainment
2012-04-13 14:21 . 2012-04-13 13:00	258352	----a-w-	c:\windows\SysWow64\unicows.dll
2012-04-13 12:52 . 2012-04-14 03:11	--------	d-----w-	c:\users\Lyn\AppData\Local\PMB Files
2012-04-13 12:52 . 2012-04-13 12:53	--------	d-----w-	c:\programdata\PMB Files
2012-04-12 07:23 . 2012-04-12 07:23	--------	d-----w-	c:\program files (x86)\The Elder Scrolls V Skyrim
2012-04-07 18:34 . 2012-04-07 18:34	982912	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2012-04-07 13:44 . 2012-04-07 13:44	--------	d-----w-	c:\program files (x86)\ESET
2012-04-07 13:37 . 2012-04-07 13:37	--------	d-----w-	c:\programdata\McAfee Security Scan
2012-04-07 13:37 . 2012-04-10 21:02	--------	d-----w-	c:\program files (x86)\McAfee Security Scan
2012-04-07 13:36 . 2012-04-07 13:36	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2012-03-26 12:49 . 2012-03-26 12:49	592824	----a-w-	c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-26 12:49 . 2012-03-26 12:49	44472	----a-w-	c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-26 01:47 . 2012-03-06 23:01	24408	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-03-26 01:47 . 2012-03-06 23:04	337240	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-03-26 01:47 . 2012-03-06 23:02	53080	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-03-26 01:47 . 2012-03-06 23:01	59224	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-03-26 01:47 . 2012-03-06 23:04	819032	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-03-26 01:47 . 2012-03-06 23:15	258520	----a-w-	c:\windows\system32\aswBoot.exe
2012-03-26 01:47 . 2012-03-06 23:01	69976	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-03-26 01:46 . 2012-03-06 23:15	41184	----a-w-	c:\windows\avastSS.scr
2012-03-26 01:46 . 2012-03-06 23:15	201352	----a-w-	c:\windows\SysWow64\aswBoot.exe
2012-03-26 01:46 . 2012-03-26 01:46	--------	d-----w-	c:\programdata\AVAST Software
2012-03-26 01:46 . 2012-03-26 01:46	--------	d-----w-	c:\program files\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-24 02:25 . 2011-06-23 17:12	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-26 21:05 . 2010-06-01 18:52	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-02-23 14:18 . 2009-10-06 00:18	279656	------w-	c:\windows\system32\MpSigStub.exe
2009-04-08 14:31 . 2009-04-08 14:31	106496	----a-w-	c:\program files (x86)\Common Files\CPInstallAction.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2010-04-08 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2010-04-08 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((( SnapShot_2012-04-09_22.34.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-04-09 22:31	16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-24 20:04	16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-09 22:31	32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-24 20:04	32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-09 22:31	16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-24 20:04	16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-06 00:29 . 2012-04-24 20:06	69798 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-04-09 22:35	49642 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-24 20:06	49642 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-10-06 00:15 . 2012-04-24 20:06	16634 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2867500651-1516734084-2197057008-1001_UserData.bin
- 2009-10-06 03:07 . 2012-04-07 18:34	16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-06 03:07 . 2012-04-17 12:51	16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-06 03:07 . 2012-04-17 12:51	32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-06 03:07 . 2012-04-07 18:34	32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-17 12:51	16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-07 18:34	16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-04-11 06:56	76568 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-02-25 06:28 . 2012-04-20 02:13	3576 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-04-09 23:12 . 2012-04-09 23:12	9560 c:\windows\system32\NetworkList\Icons\{21D61C80-3B95-4F67-AB46-0F17AEE619E6}_48.bin
+ 2012-04-09 23:12 . 2012-04-09 23:12	4280 c:\windows\system32\NetworkList\Icons\{21D61C80-3B95-4F67-AB46-0F17AEE619E6}_32.bin
+ 2012-04-09 23:12 . 2012-04-09 23:12	2456 c:\windows\system32\NetworkList\Icons\{21D61C80-3B95-4F67-AB46-0F17AEE619E6}_24.bin
- 2012-04-09 22:30 . 2012-04-09 22:30	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-24 20:03 . 2012-04-24 20:03	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-24 20:03 . 2012-04-24 20:03	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-09 22:30 . 2012-04-09 22:30	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-24 02:25 . 2012-04-24 02:25	353440 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_Plugin.exe
+ 2012-04-24 02:25 . 2012-04-24 02:25	253088 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2009-10-07 03:54 . 2012-04-22 22:33	356892 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2012-04-24 02:25 . 2012-04-24 02:25	630944 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_233_Plugin.exe
+ 2009-07-14 05:01 . 2012-04-24 20:03	387248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-09 22:30	387248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-13 01:49 . 2012-04-16 03:42	387248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2867500651-1516734084-2197057008-1001-4096.dat
+ 2011-04-04 21:28 . 2012-04-24 20:03	492216 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2867500651-1516734084-2197057008-1001-12288.dat
+ 2012-04-24 02:25 . 2012-04-24 02:25	8797344 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
+ 2009-07-14 04:45 . 2012-04-11 06:26	3610726 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-09-23 03:35	3610726 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-02-06 04:55 . 2012-04-24 20:03	9774000 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2867500651-1516734084-2197057008-1001-8192.dat
+ 2009-07-14 02:34 . 2012-04-18 18:18	10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-04-09 13:18	10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-04-24 02:25 . 2012-04-24 02:25	11589280 c:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 21:08	143360	----a-w-	c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SacReminderHDDV2N"="c:\programdata\OfficeGuardianV2N\reminder\SacReminder.exe" [2010-11-18 862032]
"chromium"="c:\users\Lyn\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-04-12 1224176]
"MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2011-11-14 435672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DirectConsole2"="c:\program files (x86)\ASUS\Direct Console\Direct Console.exe" [2009-04-07 2861624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-07 159744]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Turbo Gear Help"="c:\program files (x86)\ASUS\Turbo Gear Extreme\GearHelp.exe" [2009-08-06 1026048]
"Turbo Gear"="c:\program files (x86)\ASUS\Turbo Gear Extreme\TurboGear.exe" [2009-08-06 2987520]
"Salmosa"="c:\program files (x86)\Razer\Salmosa\razerhid.exe" [2008-08-21 139264]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\users\Lyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2010-9-15 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 253088]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 EST_Server;Network USB Device;c:\windows\system32\DRIVERS\GenHC.sys [x]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 CFUACProxy_officeguardianv2n;CFUACProxy_officeguardianv2n;c:\programdata\OfficeGuardianV2N\UACProxy.exe [2010-11-18 83792]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [x]
S2 NPWService;NPWService;c:\program files (x86)\Generic\Network Printer Wizard\NPWService.exe [2009-01-15 788480]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 SacNetAgentService_C57C4F854F53;SacNetAgentService_C57C4F854F53;c:\programdata\OfficeGuardianV2N\Reminder\SacNetAgent.exe [2010-11-18 163664]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-08 378472]
S2 WBVGAservice;WB VGA Service;c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [2009-02-06 72248]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\DRIVERS\GenBus.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 salmosa;Razer Salmosa;c:\windows\system32\drivers\salmosa.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 02:25]
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001Core.job
- c:\users\Lyn\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-18 15:59]
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001UA.job
- c:\users\Lyn\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-18 15:59]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15	135408	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 20:52	159744	----a-w-	c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-20 1833504]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 2184520]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Lyn\AppData\Roaming\Mozilla\Firefox\Profiles\d5d88x05.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2867500651-1516734084-2197057008-1001\Software\SecuROM\License information*]
"datasecu"=hex:7f,43,c7,10,e5,e7,73,fc,6a,5d,61,48,76,5a,80,1a,2c,03,81,57,ec,
57,f4,3d,3b,a3,47,dc,32,a3,33,5a,bf,b1,29,ad,e5,66,f6,50,96,de,92,ca,a5,17,\
"rkeysecu"=hex:de,c7,f0,77,cc,44,e2,a7,6d,05,f1,c1,86,cd,a4,c6
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
c:\program files (x86)\ASUS\Net4Switch\Net4Switch.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\Razer\Salmosa\razertra.exe
c:\program files (x86)\Razer\Salmosa\razerofa.exe
c:\program files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
c:\program files (x86)\ASUS\NB Probe\SPM\spmgr.exe
c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe
.
**************************************************************************
.
Completion time: 2012-04-24 16:23:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-24 20:23
ComboFix2.txt 2012-04-18 17:13
ComboFix3.txt 2012-04-10 03:47
ComboFix4.txt 2012-04-09 22:55
ComboFix5.txt 2012-04-24 19:53
.
Pre-Run: 127,968,641,024 bytes free
Post-Run: 127,560,253,440 bytes free
.
- - End Of File - - 65057BEBA97B154332F81DEDD506A578


----------



## Glaswegian (Dec 5, 2004)

Hi again

I think we may need to replace a couple of system files.

Please download *SystemLook* from one of the links below and save it to your *Desktop*.

*Download Mirror #1
Download Mirror #2*


Double-click *SystemLook.exe* to run it.
Copy the *contents* of the following codebox into the main textfield:


```
:filefind
user32.dll
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## tanusgreystar (Oct 15, 2007)

SystemLook 30.07.11 by jpshortstuff
Log created at 18:56 on 24/04/2012 by Lyn
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "user32.dll"
C:\Windows\System32\user32.dll	--a---- 833024 bytes	[23:24 13/07/2009]	[06:01 08/04/2010] 861C4346F9281DC0380DE72C8D55D6BE
C:\Windows\SysWOW64\user32.dll	--a---- 833024 bytes	[23:24 13/07/2009]	[06:01 08/04/2010] 861C4346F9281DC0380DE72C8D55D6BE
C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll	--a---- 1008640 bytes	[23:38 13/07/2009]	[01:41 14/07/2009] 72D7B3EA16946E8F0CF7458150031CC6
C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll	--a---- 833024 bytes	[23:24 13/07/2009]	[01:11 14/07/2009] E8B0FFC209E504CB7E79FC24E6C085F0

-= EOF =-


----------



## Glaswegian (Dec 5, 2004)

Hi

Do you have a flash/USB drive available? Can you obtain one?


----------



## tanusgreystar (Oct 15, 2007)

I have a few


----------



## Glaswegian (Dec 5, 2004)

Hi again

Good  we will need to use one to produce this next log. Please follow these instructions carefully.

For x64 bit systems download *Farbar Recovery Scan Tool x64* and save it to a flash drive.

*Plug the flashdrive into the infected PC.*

Enter *System Recovery Options*.

*To enter System Recovery Options from the Advanced Boot Options:*
Restart the computer.
As soon as the BIOS is loaded begin tapping the* F8* key until Advanced Boot Options appears.
Use the arrow keys to select the *Repair your computer* menu item.
Choose your language settings, and then click *Next*.
Select the operating system you want to repair, and then click *Next*.
Select your user account an click *Next*.

*On the System Recovery Options menu you will get the following options:*


*Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt*

Select *Command Prompt*
In the command window type in *notepad* and press *Enter*.
The notepad opens. Under File menu select *Open*.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type * e:\frst.exe* (for x64 bit version type * e:\frst64*) and press *Enter*
*Note:* Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press *Scan* button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


----------



## tanusgreystar (Oct 15, 2007)

Scan result of Farbar Recovery Scan Tool Version: 22-04-2012
Ran by SYSTEM at 25-04-2012 23:26:09
Running from G:\
Windows 7 Ultimate (X64) OS Language: English(US) 
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-04-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2184520 2009-03-23] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon [767312 2009-03-17] (CANON INC.)
HKLM-x32\...\Run: [DirectConsole2] C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe [2861624 2009-04-07] (ASUSTek.)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [98304 2008-08-18] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [159744 2009-04-07] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [8392704 2009-03-04] (ASUS)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [31072 2008-10-25] (Microsoft Corporation)
HKLM-x32\...\Run: [Turbo Gear Help] "C:\Program Files (x86)\ASUS\Turbo Gear Extreme\GearHelp.exe" [1026048 2009-08-05] ()
HKLM-x32\...\Run: [Turbo Gear] "C:\Program Files (x86)\ASUS\Turbo Gear Extreme\TurboGear.exe" -r [2987520 2009-08-05] ()
HKLM-x32\...\Run: [Salmosa] C:\Program Files (x86)\Razer\Salmosa\razerhid.exe [139264 2008-08-21] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4241512 2012-03-06] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKU\Lyn\...\Run: [SacReminderHDDV2N] C:\ProgramData\OfficeGuardianV2N\reminder\SacReminder.exe [862032 2010-11-18] (Storage Appliance Corp.)
HKU\Lyn\...\Run: [chromium] C:\Users\Lyn\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window [1224176 2012-04-11] (Google Inc.)
HKU\Lyn\...\Run: [MyTomTomSA.exe] "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe" [435672 2011-11-14] (TomTom)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

==================== Services (Whitelisted) ======

3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253088 2012-04-23] (Adobe Systems Incorporated)
2 ASLDRService; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [100920 2008-08-13] ()
2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-07] ()
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44768 2012-03-06] (AVAST Software)
2 CFUACProxy_officeguardianv2n; "C:\ProgramData\OfficeGuardianV2N\UACProxy.exe" -s "-pC:\ProgramData\OfficeGuardianV2N" [83792 2010-11-18] (Storage Appliance Corp.)
3 DAUpdaterSvc; C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [25832 2009-12-15] (BioWare)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [65888 2008-10-25] (Microsoft Corporation)
2 NPWService; C:\Program Files (x86)\Generic\Network Printer Wizard\NPWService.exe [788480 2009-01-15] ()
2 SacNetAgentService_C57C4F854F53; C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe [163664 2010-11-18] (Storage Appliance Corporation)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
3 spmgr; C:\Program Files (x86)\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
2 WBVGAservice; C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [72248 2009-02-06] ()

========================== Drivers (Whitelisted) =============

2 ASMMAP64; \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [24408 2012-03-06] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [69976 2012-03-06] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [53080 2012-03-06] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [819032 2012-03-06] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [337240 2012-03-06] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59224 2012-03-06] (AVAST Software)
2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [314016 2009-10-12] ()
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
2 cpuz133; \??\C:\Windows\system32\drivers\cpuz133_x64.sys [20968 2010-03-30] (Windows (R) Win 7 DDK provider)
1 EIO64; C:\Windows\System32\Drivers\EIO64.sys [16384 2009-07-22] (ASUSTeK Computer Inc.)
3 enecir; C:\Windows\System32\Drivers\enecir.sys [70656 2009-05-20] (ENE TECHNOLOGY INC.)
3 EST_BusEnum; C:\Windows\System32\DRIVERS\GenBus.sys [29696 2009-01-06] ( )
3 EST_Server; C:\Windows\System32\DRIVERS\GenHC.sys [197632 2009-01-16] ( )
2 ghaio; \??\C:\Program Files (x86)\ASUS\NB Probe\SPM\ghaio.sys [17464 2007-08-03] ()
1 ISODrive; \??\C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [43680 2009-10-12] ()
0 lullaby; C:\Windows\System32\Drivers\lullaby.sys [16440 2009-04-01] (Windows (R) Win 7 DDK provider)
3 mcdbus; C:\Windows\System32\Drivers\mcdbus.sys [255552 2009-02-24] (MagicISO, Inc.)
3 mcdbus; C:\Windows\SysWow64\Drivers\mcdbus.sys [255552 2009-02-24] (MagicISO, Inc.)
3 salmosa; C:\Windows\System32\Drivers\salmosa.sys [11904 2008-03-20] (Razer (Asia-Pacific) Pte Ltd)
2 SBKUPNT; C:\Windows\SysWow64\Drivers\SBKUPNT.sys [14976 2001-07-13] ()
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 ipswuio; C:\Windows\System32\DRIVERS\ipswuio.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-04-25 23:25 - 2009-10-10 18:15 - 0000000 ____D C:\FRST
2012-04-25 03:17 - 2012-03-14 08:33 - 0000000 __SHD C:\$RECYCLE.BIN
2012-04-24 14:56 - 2011-09-22 03:27 - 0139264 ____A C:\Users\Lyn\Desktop\SystemLook.exe
2012-04-24 12:23 - 2009-10-05 17:53 - 0024410 ____A C:\ComboFix.txt
2012-04-23 18:25 - 2009-07-13 17:14 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-23 18:25 - 2009-06-10 13:10 - 0000000 ____D C:\Windows\System32\Macromed
2012-04-23 18:25 - - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-23 18:03 - 2012-04-23 18:16 - 0594944 ____A (OldTimer Tools) C:\Users\Lyn\Desktop\OTL.exe
2012-04-23 14:25 - - 3038067 ____A C:\Users\Lyn\Desktop\1471302-the_witcher_2_geralt_wiedzmin69.jpg
2012-04-20 15:28 - 2012-04-14 02:53 - 0016439 ____A C:\Users\Lyn\Desktop\51SeMXZ0seL._SL500_AA300_.jpg
2012-04-18 08:42 - 2012-04-07 10:35 - 0208896 ____A C:\Windows\MBR.exe
2012-04-18 08:42 - 2009-10-14 13:32 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-04-18 08:42 - 2009-07-13 23:50 - 0080412 ____A C:\Windows\grep.exe
2012-04-18 08:42 - 2009-07-13 23:46 - 0098816 ____A C:\Windows\sed.exe
2012-04-18 08:42 - 2009-07-13 21:32 - 0256000 ____A C:\Windows\PEV.exe
2012-04-18 08:42 - 2009-07-13 17:39 - 0068096 ____A C:\Windows\zip.exe
2012-04-18 08:42 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-04-18 08:42 - 2000-07-14 20:00 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-04-18 08:40 - 2012-04-14 02:36 - 4474448 ____R (Swearware) C:\Users\Lyn\Desktop\ComboFix.exe
2012-04-15 18:03 - 2012-02-26 20:02 - 0027584 ____A C:\Users\Lyn\Desktop\jesus.jpg
2012-04-14 02:53 - 2012-01-08 17:34 - 0040676 ____A C:\Users\Lyn\Desktop\428701_315081988547059_176890359032890_786295_387122672_n.jpg
2012-04-14 02:48 - 2012-04-13 03:25 - 0036775 ____A C:\Users\Lyn\Desktop\554533_323644787690779_176890359032890_805702_926714452_n.jpg
2012-04-14 02:36 - 2012-04-14 02:48 - 0022647 ____A C:\Users\Lyn\Desktop\558663_318860241513639_243597202373277_818210_918487247_n.jpg
2012-04-13 10:45 - 2012-04-04 18:07 - 0061410 ____A C:\Users\Lyn\Desktop\internet-memes-memebase-home-its-hard-out-there-for-a-dragonborn.jpg
2012-04-13 10:38 - 2012-04-12 11:03 - 0086175 ____A C:\Users\Lyn\Desktop\video-game-memes-player.jpg
2012-04-13 07:05 - 2012-04-13 07:05 - 0000131 ____A C:\Users\Lyn\Desktop\Forsaken World.url
2012-04-13 07:05 - 2012-01-24 18:40 - 0000937 ____A C:\Users\Lyn\Desktop\Forsaken World.lnk
2012-04-13 07:05 - - 0000937 ____A C:\Users\UpdatusUser\Desktop\Forsaken World.lnk
2012-04-13 06:30 - 2012-04-25 19:19 - 0000000 ____D C:\Perfect World Entertainment
2012-04-13 06:21 - 2009-07-13 17:16 - 0258352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\unicows.dll
2012-04-13 04:53 - 2012-04-12 11:06 - 0000000 ____D C:\Users\Lyn\Desktop\FW_EN_Installer_0.215.0
2012-04-13 04:52 - 2012-04-13 07:05 - 2126728 ____A C:\Users\Lyn\Desktop\ForsakenWorld_EN_215_Pando.exe
2012-04-13 04:52 - 2011-07-27 17:13 - 0000000 ____D C:\Users\All Users\PMB Files
2012-04-13 04:52 - 2011-07-27 17:13 - 0000000 ____D C:\ProgramData\PMB Files
2012-04-13 04:52 - 2011-02-15 10:24 - 0000000 ____D C:\Users\Lyn\AppData\Local\PMB Files
2012-04-13 03:25 - 2012-04-20 15:28 - 0112081 ____A C:\Users\Lyn\Desktop\540028_423006121062180_111221945573934_1522771_1717831371_n.jpg
2012-04-12 15:30 - 2012-04-12 15:01 - 0100816 ____A C:\Users\Lyn\Desktop\l-7.jpg
2012-04-12 15:30 - 2011-07-21 07:37 - 0247776 ____A C:\Users\Lyn\Desktop\l-11.jpg
2012-04-12 15:29 - 2012-04-12 15:30 - 0101046 ____A C:\Users\Lyn\Desktop\l-15.jpg
2012-04-12 15:29 - 2012-04-12 15:29 - 0086627 ____A C:\Users\Lyn\Desktop\l-28.jpg
2012-04-12 15:29 - 2012-04-12 15:00 - 0166742 ____A C:\Users\Lyn\Desktop\l-41.jpg
2012-04-12 15:01 - 2012-04-12 15:29 - 0116129 ____A C:\Users\Lyn\Desktop\l-5.jpg
2012-04-12 15:00 - 2012-04-12 15:29 - 0098646 ____A C:\Users\Lyn\Desktop\l-40.jpg
2012-04-12 11:06 - 2012-04-13 04:52 - 0174420 ____A C:\Users\Lyn\Desktop\Funny-Pics-14.03.2012-29.jpg
2012-04-12 11:05 - 2012-04-12 11:05 - 0105564 ____A C:\Users\Lyn\Desktop\video-game-sales-funny-artwork-jpg.jpg
2012-04-12 11:05 - 2012-04-12 11:02 - 0058037 ____A C:\Users\Lyn\Desktop\video-game-memes-video-games-tough-guy-khajiit.jpg
2012-04-12 11:04 - 2012-04-12 15:30 - 0107909 ____A C:\Users\Lyn\Desktop\mass-effect-3-Y-U-NO-ending-meme.jpg
2012-04-12 11:03 - 2012-04-24 11:52 - 0042879 ____A C:\Users\Lyn\Desktop\console-pc-resolution.jpg
2012-04-12 11:03 - 2012-04-12 11:02 - 0037934 ____A C:\Users\Lyn\Desktop\video-game-memes-mass-effect.jpg
2012-04-12 11:02 - 2012-04-13 10:38 - 0053269 ____A C:\Users\Lyn\Desktop\video-game-memes-video-game-protagonists.jpg
2012-04-12 11:02 - 2011-04-27 15:17 - 0028663 ____A C:\Users\Lyn\Desktop\video-game-memes-dats-a-wacist.jpg
2012-04-11 23:23 - 2009-10-05 18:03 - 0000000 ____D C:\Program Files (x86)\The Elder Scrolls V Skyrim
2012-04-10 21:26 - 2012-03-29 11:34 - 0357766 ____A C:\Users\Lyn\Desktop\HostsXpert.zip
2012-04-10 12:50 - 2009-07-13 21:08 - 0000000 ____D C:\Users\Public\Documents\skyrim-verified
2012-04-07 10:35 - 2012-04-07 10:35 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-04-07 10:35 - 2012-04-07 10:35 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-04-07 10:35 - 2012-04-07 10:35 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-07 10:35 - 2012-04-07 10:35 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-07 10:35 - 2012-04-07 10:35 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-04-07 10:35 - 2012-04-07 10:35 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-04-07 10:35 - 2012-04-07 10:35 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-04-07 10:35 - 2010-03-03 23:57 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-07 10:35 - 2010-03-03 23:33 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-04-07 10:35 - 2009-10-05 19:06 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-04-07 10:35 - 2009-10-05 19:06 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-04-07 10:35 - 2009-07-13 19:20 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-04-07 10:35 - 2009-07-13 19:20 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-04-07 10:35 - 2009-07-13 19:20 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-04-07 10:35 - 2009-07-13 19:20 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-04-07 10:35 - 2009-07-13 17:41 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-07 10:35 - 2009-07-13 17:41 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-07 10:35 - 2009-07-13 17:41 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-04-07 10:35 - 2009-07-13 17:41 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-04-07 10:35 - 2009-07-13 17:41 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-04-07 10:35 - 2009-07-13 17:41 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-04-07 10:35 - 2009-07-13 17:41 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-04-07 10:35 - 2009-07-13 17:40 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-04-07 10:35 - 2009-07-13 17:39 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-04-07 10:35 - 2009-07-13 17:39 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-04-07 10:35 - 2009-07-13 17:39 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-04-07 10:35 - 2009-07-13 17:39 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-04-07 10:35 - 2009-07-13 17:38 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-07 10:35 - 2009-07-13 17:38 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-04-07 10:35 - 2009-07-13 17:38 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-04-07 10:35 - 2009-07-13 17:38 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-04-07 10:35 - 2009-07-13 17:16 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-07 10:35 - 2009-07-13 17:16 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-07 10:35 - 2009-07-13 17:16 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-04-07 10:35 - 2009-07-13 17:16 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-04-07 10:35 - 2009-07-13 17:15 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-04-07 10:35 - 2009-07-13 17:15 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-04-07 10:35 - 2009-07-13 17:15 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-04-07 10:35 - 2009-07-13 17:15 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-04-07 10:35 - 2009-07-13 17:15 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-04-07 10:35 - 2009-07-13 17:14 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-07 10:35 - 2009-07-13 17:14 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-04-07 10:35 - 2009-07-13 17:14 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-04-07 10:35 - 2009-07-13 17:14 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-04-07 10:35 - 2009-07-13 17:14 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-04-07 10:35 - 2009-07-13 17:14 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-04-07 10:35 - 2009-07-13 17:14 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-04-07 10:35 - 2009-07-13 17:14 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-04-07 10:35 - 2009-07-13 15:55 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-04-07 10:35 - 2009-07-13 15:40 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-04-07 10:35 - 2009-07-13 15:31 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-04-07 10:35 - 2009-07-13 15:19 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-04-07 10:35 - 2009-07-13 12:49 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-07 10:35 - 2009-06-10 13:14 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-04-07 10:35 - 2009-06-10 12:30 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0662528 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0265088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2012-04-07 10:34 - 2012-04-07 10:34 - 0257024 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0229888 ____A (Microsoft Corporation) C:\Windows\System32\XpsRasterService.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0135168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2012-04-07 10:34 - 2010-11-03 22:48 - 1133568 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2012-04-07 10:34 - 2009-10-30 21:45 - 1495040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2012-04-07 10:34 - 2009-07-13 17:41 - 4068864 ____A (Microsoft Corporation) C:\Windows\System32\mf.dll
2012-04-07 10:34 - 2009-07-13 17:41 - 1888256 ____A (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2012-04-07 10:34 - 2009-07-13 17:41 - 0470016 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2012-04-07 10:34 - 2009-07-13 17:40 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-04-07 10:34 - 2009-07-13 17:40 - 1540608 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-04-07 10:34 - 2009-07-13 17:40 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-04-07 10:34 - 2009-07-13 17:40 - 0144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2012-04-07 10:34 - 2009-07-13 17:39 - 1863680 ____A (Microsoft Corporation) C:\Windows\System32\ExplorerFrame.dll
2012-04-07 10:34 - 2009-07-13 17:39 - 0206848 ____A (Microsoft Corporation) C:\Windows\System32\mfps.dll
2012-04-07 10:34 - 2009-07-13 17:16 - 1619456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2012-04-07 10:34 - 2009-07-13 17:16 - 0283648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2012-04-07 10:34 - 2009-07-13 17:15 - 3181568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2012-04-07 10:34 - 2009-07-13 17:15 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-04-07 10:34 - 2009-07-13 17:15 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-04-07 10:34 - 2009-07-13 17:15 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-04-07 10:34 - 2009-07-13 17:15 - 0196608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2012-04-07 10:34 - 2009-07-13 15:38 - 0982912 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2012-04-07 10:32 - 2009-07-13 17:39 - 0004118 ____A C:\Windows\IE9_main.log
2012-04-07 05:44 - 2011-04-29 10:10 - 0000000 ____D C:\Program Files (x86)\ESET
2012-04-07 05:37 - 2012-02-25 09:19 - 0000000 ____D C:\Program Files (x86)\McAfee Security Scan
2012-04-07 05:37 - 2011-07-23 07:04 - 0001866 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2012-04-07 05:37 - 2011-03-06 06:19 - 0000000 ____D C:\Users\All Users\McAfee Security Scan
2012-04-07 05:37 - 2011-03-06 06:19 - 0000000 ____D C:\ProgramData\McAfee Security Scan
2012-04-07 05:37 - 2009-07-13 20:54 - 0001864 ____A C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
2012-04-07 05:36 - 2010-03-25 13:51 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-04-07 05:36 - - 0002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-04-04 18:09 - 2012-04-10 21:26 - 0065934 ____A C:\Users\Lyn\Desktop\HUS 218.rtf
2012-04-04 18:07 - 2012-04-04 18:19 - 0032357 ____A C:\Users\Lyn\Desktop\Individual Support Plan.rtf
2012-04-01 11:06 - 2011-03-08 21:02 - 0000000 ____D C:\Users\Lyn\Desktop\New folder
2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-03-31 07:14 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-03-31 07:14 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-03-31 07:14 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-03-31 07:14 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-03-31 07:14 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-03-30 08:03 - 2011-08-16 08:18 - 0100830 ____A C:\Users\Lyn\Desktop\Service Plan.rtf
2012-03-30 08:03 - 2011-01-19 13:22 - 0000162 ___AH C:\Users\Lyn\Desktop\~$rvice Plan.rtf
2012-03-29 11:34 - 2012-04-13 06:21 - 0011678 ____A C:\Users\Lyn\Desktop\Hi Inge.docx

============ 3 Months Modified Files and Folders =============

2012-04-25 23:26 - 2012-04-25 23:25 - 0000000 ____D C:\FRST
2012-04-25 19:19 - 2012-02-27 05:04 - 0005320 ____A C:\Windows\setupact.log
2012-04-25 19:19 - 2009-10-05 19:01 - 536109056 __ASH C:\hiberfil.sys
2012-04-25 19:19 - 2009-10-05 16:59 - 0000000 ____D C:\Users\All Users\NVIDIA
2012-04-25 19:19 - 2009-10-05 16:59 - 0000000 ____D C:\ProgramData\NVIDIA
2012-04-25 19:19 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-25 16:57 - 2009-10-05 19:05 - 1311636 ____A C:\Windows\WindowsUpdate.log
2012-04-25 16:24 - 2010-10-18 07:59 - 0000900 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001UA.job
2012-04-25 16:11 - 2012-04-23 18:25 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-25 05:24 - 2010-10-18 07:59 - 0000848 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001Core.job
2012-04-25 03:17 - 2012-04-25 03:17 - 0000000 __SHD C:\$RECYCLE.BIN
2012-04-24 14:56 - 2012-04-24 14:56 - 0139264 ____A C:\Users\Lyn\Desktop\SystemLook.exe
2012-04-24 12:23 - 2012-04-24 12:23 - 0024410 ____A C:\ComboFix.txt
2012-04-24 12:23 - 2012-03-25 17:04 - 0000000 ____D C:\Qoobox
2012-04-24 12:05 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
2012-04-24 12:03 - 2012-02-27 05:04 - 0011908 ____A C:\Windows\PFRO.log
2012-04-24 11:52 - 2012-04-18 08:40 - 4474448 ____R (Swearware) C:\Users\Lyn\Desktop\ComboFix.exe
2012-04-24 01:48 - 2009-10-12 19:27 - 0001725 ____A C:\Windows\System32\ServiceFilter.ini
2012-04-23 18:25 - 2012-04-23 18:25 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-23 18:25 - 2012-04-23 18:25 - 0000000 ____D C:\Windows\System32\Macromed
2012-04-23 18:25 - 2011-06-23 09:12 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-04-23 18:16 - 2012-04-01 11:06 - 0000000 ____D C:\Users\Lyn\Desktop\New folder
2012-04-23 18:03 - 2012-04-23 18:03 - 0594944 ____A (OldTimer Tools) C:\Users\Lyn\Desktop\OTL.exe
2012-04-23 14:25 - 2012-04-23 14:25 - 3038067 ____A C:\Users\Lyn\Desktop\1471302-the_witcher_2_geralt_wiedzmin69.jpg
2012-04-20 15:28 - 2012-04-20 15:28 - 0016439 ____A C:\Users\Lyn\Desktop\51SeMXZ0seL._SL500_AA300_.jpg
2012-04-20 10:21 - 2009-10-05 17:43 - 0000000 ____D C:\Users\All Users\Adobe
2012-04-20 10:21 - 2009-10-05 17:43 - 0000000 ____D C:\ProgramData\Adobe
2012-04-20 10:20 - 2009-10-05 16:52 - 0000000 ____D C:\Users\Lyn\AppData\Roaming\Adobe
2012-04-15 18:03 - 2012-04-15 18:03 - 0027584 ____A C:\Users\Lyn\Desktop\jesus.jpg
2012-04-14 02:53 - 2012-04-14 02:53 - 0040676 ____A C:\Users\Lyn\Desktop\428701_315081988547059_176890359032890_786295_387122672_n.jpg
2012-04-14 02:48 - 2012-04-14 02:48 - 0036775 ____A C:\Users\Lyn\Desktop\554533_323644787690779_176890359032890_805702_926714452_n.jpg
2012-04-14 02:36 - 2012-04-14 02:36 - 0022647 ____A C:\Users\Lyn\Desktop\558663_318860241513639_243597202373277_818210_918487247_n.jpg
2012-04-13 19:11 - 2012-04-13 04:52 - 0000000 ____D C:\Users\Lyn\AppData\Local\PMB Files
2012-04-13 10:45 - 2012-04-13 10:45 - 0061410 ____A C:\Users\Lyn\Desktop\internet-memes-memebase-home-its-hard-out-there-for-a-dragonborn.jpg
2012-04-13 10:38 - 2012-04-13 10:38 - 0086175 ____A C:\Users\Lyn\Desktop\video-game-memes-player.jpg
2012-04-13 07:05 - 2012-04-13 07:05 - 0000937 ____A C:\Users\UpdatusUser\Desktop\Forsaken World.lnk
2012-04-13 07:05 - 2012-04-13 07:05 - 0000937 ____A C:\Users\Lyn\Desktop\Forsaken World.lnk
2012-04-13 07:05 - 2012-04-13 07:05 - 0000131 ____A C:\Users\Lyn\Desktop\Forsaken World.url
2012-04-13 06:30 - 2012-04-13 06:30 - 0000000 ____D C:\Perfect World Entertainment
2012-04-13 06:21 - 2012-04-13 04:53 - 0000000 ____D C:\Users\Lyn\Desktop\FW_EN_Installer_0.215.0
2012-04-13 05:00 - 2012-04-13 06:21 - 0258352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\unicows.dll
2012-04-13 04:53 - 2012-04-13 04:52 - 0000000 ____D C:\Users\All Users\PMB Files
2012-04-13 04:53 - 2012-04-13 04:52 - 0000000 ____D C:\ProgramData\PMB Files
2012-04-13 04:52 - 2012-04-13 04:52 - 2126728 ____A C:\Users\Lyn\Desktop\ForsakenWorld_EN_215_Pando.exe
2012-04-13 03:25 - 2012-04-13 03:25 - 0112081 ____A C:\Users\Lyn\Desktop\540028_423006121062180_111221945573934_1522771_1717831371_n.jpg
2012-04-12 15:30 - 2012-04-12 15:30 - 0247776 ____A C:\Users\Lyn\Desktop\l-11.jpg
2012-04-12 15:30 - 2012-04-12 15:30 - 0100816 ____A C:\Users\Lyn\Desktop\l-7.jpg
2012-04-12 15:29 - 2012-04-12 15:29 - 0166742 ____A C:\Users\Lyn\Desktop\l-41.jpg
2012-04-12 15:29 - 2012-04-12 15:29 - 0101046 ____A C:\Users\Lyn\Desktop\l-15.jpg
2012-04-12 15:29 - 2012-04-12 15:29 - 0086627 ____A C:\Users\Lyn\Desktop\l-28.jpg
2012-04-12 15:01 - 2012-04-12 15:01 - 0116129 ____A C:\Users\Lyn\Desktop\l-5.jpg
2012-04-12 15:00 - 2012-04-12 15:00 - 0098646 ____A C:\Users\Lyn\Desktop\l-40.jpg
2012-04-12 11:06 - 2012-04-12 11:06 - 0174420 ____A C:\Users\Lyn\Desktop\Funny-Pics-14.03.2012-29.jpg
2012-04-12 11:05 - 2012-04-12 11:05 - 0105564 ____A C:\Users\Lyn\Desktop\video-game-sales-funny-artwork-jpg.jpg
2012-04-12 11:05 - 2012-04-12 11:05 - 0058037 ____A C:\Users\Lyn\Desktop\video-game-memes-video-games-tough-guy-khajiit.jpg
2012-04-12 11:04 - 2012-04-12 11:04 - 0107909 ____A C:\Users\Lyn\Desktop\mass-effect-3-Y-U-NO-ending-meme.jpg
2012-04-12 11:03 - 2012-04-12 11:03 - 0042879 ____A C:\Users\Lyn\Desktop\console-pc-resolution.jpg
2012-04-12 11:03 - 2012-04-12 11:03 - 0037934 ____A C:\Users\Lyn\Desktop\video-game-memes-mass-effect.jpg
2012-04-12 11:02 - 2012-04-12 11:02 - 0053269 ____A C:\Users\Lyn\Desktop\video-game-memes-video-game-protagonists.jpg
2012-04-12 11:02 - 2012-04-12 11:02 - 0028663 ____A C:\Users\Lyn\Desktop\video-game-memes-dats-a-wacist.jpg
2012-04-11 23:23 - 2012-04-11 23:23 - 0000000 ____D C:\Program Files (x86)\The Elder Scrolls V Skyrim
2012-04-11 23:21 - 2012-04-10 12:50 - 0000000 ____D C:\Users\Public\Documents\skyrim-verified
2012-04-10 23:38 - 2009-07-13 20:45 - 0019792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-10 23:38 - 2009-07-13 20:45 - 0019792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-10 21:26 - 2012-04-10 21:26 - 0357766 ____A C:\Users\Lyn\Desktop\HostsXpert.zip
2012-04-10 13:02 - 2012-04-07 05:37 - 0001866 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2012-04-10 13:02 - 2012-04-07 05:37 - 0001864 ____A C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
2012-04-10 13:02 - 2012-04-07 05:37 - 0000000 ____D C:\Program Files (x86)\McAfee Security Scan
2012-04-09 14:57 - 2009-10-05 16:46 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-04-09 05:09 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2012-04-07 10:42 - 2009-10-12 19:27 - 0002192 ____A C:\Windows\System32\AutoRunFilter.ini
2012-04-07 10:41 - 2009-10-05 20:01 - 0000000 ____D C:\Windows\Panther
2012-04-07 10:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ru-RU
2012-04-07 10:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ru-RU
2012-04-07 10:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-04-07 10:38 - 2012-04-07 10:32 - 0004118 ____A C:\Windows\IE9_main.log
2012-04-07 10:35 - 2012-04-07 10:35 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-04-07 10:35 - 2012-04-07 10:35 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-04-07 10:35 - 2012-04-07 10:35 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-07 10:35 - 2012-04-07 10:35 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-07 10:35 - 2012-04-07 10:35 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-07 10:35 - 2012-04-07 10:35 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-04-07 10:35 - 2012-04-07 10:35 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-04-07 10:35 - 2012-04-07 10:35 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-04-07 10:35 - 2012-04-07 10:35 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-04-07 10:35 - 2012-04-07 10:35 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-04-07 10:35 - 2012-04-07 10:35 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-04-07 10:35 - 2012-04-07 10:35 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-04-07 10:35 - 2012-04-07 10:35 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-04-07 10:34 - 2012-04-07 10:34 - 4068864 ____A (Microsoft Corporation) C:\Windows\System32\mf.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 3181568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 1888256 ____A (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2012-04-07 10:34 - 2012-04-07 10:34 - 1863680 ____A (Microsoft Corporation) C:\Windows\System32\ExplorerFrame.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 1619456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2012-04-07 10:34 - 2012-04-07 10:34 - 1540608 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 1495040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 1133568 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0982912 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2012-04-07 10:34 - 2012-04-07 10:34 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0662528 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0470016 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0283648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0265088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2012-04-07 10:34 - 2012-04-07 10:34 - 0257024 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0229888 ____A (Microsoft Corporation) C:\Windows\System32\XpsRasterService.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0206848 ____A (Microsoft Corporation) C:\Windows\System32\mfps.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0196608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0135168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2012-04-07 05:44 - 2012-04-07 05:44 - 0000000 ____D C:\Program Files (x86)\ESET
2012-04-07 05:37 - 2012-04-07 05:37 - 0000000 ____D C:\Users\All Users\McAfee Security Scan
2012-04-07 05:37 - 2012-04-07 05:37 - 0000000 ____D C:\ProgramData\McAfee Security Scan
2012-04-07 05:36 - 2012-04-07 05:36 - 0002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-04-07 05:36 - 2012-04-07 05:36 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-04-07 05:36 - 2009-10-05 17:41 - 0000000 ____D C:\Users\Lyn\AppData\Local\Adobe
2012-04-05 15:34 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-04-04 18:19 - 2012-04-04 18:09 - 0065934 ____A C:\Users\Lyn\Desktop\HUS 218.rtf
2012-04-04 18:07 - 2012-04-04 18:07 - 0032357 ____A C:\Users\Lyn\Desktop\Individual Support Plan.rtf
2012-04-04 18:04 - 2009-10-07 15:02 - 0000000 ____D C:\Users\Lyn\Desktop\Random Writing
2012-04-02 16:31 - 2009-07-13 19:20 - 0000000 __RHD C:\Users\Public\Libraries
2012-04-01 16:42 - 2010-07-27 15:35 - 0000000 ____D C:\Users\Lyn\AppData\Roaming\vlc
2012-04-01 11:05 - 2009-08-03 09:13 - 0732750 ____A C:\Windows\System32\perfh019.dat
2012-04-01 11:05 - 2009-08-03 09:13 - 0154362 ____A C:\Windows\System32\perfc019.dat
2012-04-01 11:05 - 2009-07-13 21:13 - 1668226 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-01 10:33 - 2012-03-30 08:03 - 0100830 ____A C:\Users\Lyn\Desktop\Service Plan.rtf
2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-03-31 07:14 - 2012-03-25 17:04 - 0000000 ____D C:\Windows\ERDNT
2012-03-31 07:14 - 2009-07-13 18:34 - 68419584 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-03-31 07:14 - 2009-07-13 18:34 - 17301504 ____A C:\Windows\System32\config\SYSTEM.bak
2012-03-31 07:14 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\SECURITY.bak
2012-03-31 07:14 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\SAM.bak
2012-03-31 07:14 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\DEFAULT.bak
2012-03-30 08:03 - 2012-03-30 08:03 - 0000162 ___AH C:\Users\Lyn\Desktop\~$rvice Plan.rtf
2012-03-29 13:55 - 2009-10-13 20:19 - 0000000 ____D C:\Users\Lyn\AppData\Local\ElevatedDiagnostics
2012-03-29 13:55 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-03-29 11:34 - 2012-03-29 11:34 - 0011678 ____A C:\Users\Lyn\Desktop\Hi Inge.docx
2012-03-25 17:47 - 2012-03-25 17:47 - 0000000 ____A C:\Windows\SysWOW64\config.nt
2012-03-25 17:46 - 2012-03-25 17:46 - 0000000 ____D C:\Users\All Users\AVAST Software
2012-03-25 17:46 - 2012-03-25 17:46 - 0000000 ____D C:\ProgramData\AVAST Software
2012-03-25 17:46 - 2012-03-25 17:46 - 0000000 ____D C:\Program Files\AVAST Software
2012-03-25 17:37 - 2011-12-11 07:25 - 0002324 ____A C:\Windows\epplauncher.mif
2012-03-25 17:32 - 2009-10-05 16:34 - 0000000 ____D C:\Users\All Users\avg8
2012-03-25 17:32 - 2009-10-05 16:34 - 0000000 ____D C:\Users\All Users\AVG Security Toolbar
2012-03-25 17:32 - 2009-10-05 16:34 - 0000000 ____D C:\ProgramData\avg8
2012-03-25 17:32 - 2009-10-05 16:34 - 0000000 ____D C:\ProgramData\AVG Security Toolbar
2012-03-25 17:21 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Default
2012-03-15 02:57 - 2010-03-21 18:16 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-03-14 08:33 - 2009-10-13 08:11 - 0000000 ____D C:\$AVG8.VAULT$
2012-03-12 05:26 - 2011-12-05 06:44 - 0000000 ____D C:\Users\All Users\AVG Secure Search
2012-03-12 05:26 - 2011-12-05 06:44 - 0000000 ____D C:\ProgramData\AVG Secure Search
2012-03-11 06:51 - 2009-10-05 16:40 - 0000000 ____D C:\Program Files (x86)\SpywareBlaster
2012-03-06 15:15 - 2012-03-25 17:47 - 0258520 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-03-06 15:15 - 2012-03-25 17:46 - 0201352 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-03-06 15:15 - 2012-03-25 17:46 - 0041184 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-03-06 15:04 - 2012-03-25 17:47 - 0819032 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-03-06 15:04 - 2012-03-25 17:47 - 0337240 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-03-06 15:02 - 2012-03-25 17:47 - 0053080 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-03-06 15:01 - 2012-03-25 17:47 - 0069976 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-03-06 15:01 - 2012-03-25 17:47 - 0059224 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-03-06 15:01 - 2012-03-25 17:47 - 0024408 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-03-01 05:28 - 2010-02-01 12:47 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-03-01 05:28 - 2010-02-01 12:47 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-02-27 17:34 - 2012-02-27 17:34 - 0000010 ____A C:\Users\Public\homegroup.txt
2012-02-27 12:24 - 2009-07-13 21:08 - 0032576 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-02-27 05:04 - 2012-02-27 05:04 - 0000000 ____A C:\Windows\setuperr.log
2012-02-27 05:04 - 2011-12-07 17:01 - 0000000 ____D C:\Program Files (x86)\Iminent
2012-02-26 20:02 - 2012-02-26 20:02 - 3613059 ____A C:\Users\Lyn\Desktop\ITV Handouts.pdf
2012-02-26 13:56 - 2012-02-26 13:56 - 0001047 ____A C:\Users\Public\DriverTuner.lnk
2012-02-26 13:56 - 2012-02-26 13:56 - 0000000 ____D C:\Program Files (x86)\DriverTuner
2012-02-26 13:47 - 2012-02-26 13:47 - 0000249 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog
2012-02-26 13:42 - 2012-02-26 13:42 - 0004478 ____A C:\Users\Lyn\Documents\cc_20120226_164250.reg
2012-02-26 13:42 - 2009-10-05 16:44 - 0000000 ____D C:\Users\Lyn\AppData\Roaming\BitTorrent
2012-02-26 13:41 - 2009-10-05 18:25 - 0000000 ____D C:\Windows\Minidump
2012-02-26 13:40 - 2011-12-07 18:55 - 0000000 ____D C:\Program Files\CCleaner
2012-02-26 13:05 - 2012-02-26 13:05 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-02-26 13:05 - 2012-02-26 13:05 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-02-26 13:05 - 2012-02-26 13:05 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-02-26 13:05 - 2010-06-01 10:52 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-02-26 13:03 - 2009-10-11 11:25 - 0000000 ____D C:\Program Files (x86)\Java
2012-02-26 11:16 - 2012-02-26 11:16 - 0000000 ____D C:\Users\Public\HIJACK
2012-02-25 09:19 - 2012-02-25 09:19 - 0001113 ____A C:\Users\Public\Malwarebytes Anti-Malware.lnk
2012-02-25 09:19 - 2010-02-01 13:27 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-23 06:18 - 2009-10-05 16:18 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-11 20:43 - 2009-10-05 16:12 - 0000000 ____D C:\users\Lyn

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2009-07-13 15:38] - [2010-04-07 22:01] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

C:\Windows\SysWOW64\User32.dll
[2009-07-13 15:24] - [2010-04-07 22:01] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 11%
Total physical RAM: 6143.04 MB
Available physical RAM: 5433.26 MB
Total Pagefile: 6141.18 MB
Available Pagefile: 5421.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:244.5 GB) (Free:118.43 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:221.16 GB) (Free:168.86 GB) NTFS
4 Drive g: () (Removable) (Total:3.75 GB) (Free:1.12 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 1024 KB 
Disk 1 Online 3840 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 244 GB 101 MB
Partition 0 Extended 221 GB 244 GB
Partition 3 Logical 221 GB 244 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label  Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 244 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D DATA NTFS Partition 221 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3839 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 3839 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-04-19 08:59

======================= End Of Log ==========================


----------



## Glaswegian (Dec 5, 2004)

Hi again

Lets replace those 2 files.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as *fixlist.txt*

*Plug the flashdrive into the infected PC.*


```
Replace: 
c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll C:\Windows\SysWOW64\User32.dll
c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll c:\windows\system32\user32.dll
```
*NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system*

On Vista or Windows 7: Now please enter *System Recovery Options*.
Run * FRST* and press the *Fix* button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


----------



## tanusgreystar (Oct 15, 2007)

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 22-04-2012
Ran by SYSTEM at 2012-04-26 18:24:20 R:1
Running from G:\

==============================================

Could not find Replace: .
Could not find Replace: .
C:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll C:\Windows\SysWOW64\User32.dll not found.
C:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll c:\windows\system32\user32.dll not found.

==== End of Fixlog ====


----------



## Glaswegian (Dec 5, 2004)

Hi again

My apologies  I copied and pasted the wrong file names. I need to check the correct file names..

In Vista or Windows 7: Boot to System Recovery Options and run FRST.
Type the following in the edit box after "Search:".

*user32.dll**

It then should look like:

*Search: user32.dll**

Click *Search* button and post the log (Search.txt) it makes to your reply.


----------



## tanusgreystar (Oct 15, 2007)

Hi. I'll get to this tomorrow. If I don't get to it I'll at least check in. BTW she's getting popups now! Talk to you tomorrow. Thanks!


----------



## Glaswegian (Dec 5, 2004)

No worries.

I will be away for most of tomorrow so it might be Sunday before I can reply.


----------



## tanusgreystar (Oct 15, 2007)

ok thanks!


----------



## tanusgreystar (Oct 15, 2007)

Scan result of Farbar Recovery Scan Tool Version: 22-04-2012
Ran by SYSTEM at 29-04-2012 21:31:29
Running from G:\
Windows 7 Ultimate (X64) OS Language: English(US) 
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-04-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2184520 2009-03-23] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon [767312 2009-03-17] (CANON INC.)
HKLM-x32\...\Run: [DirectConsole2] C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe [2861624 2009-04-07] (ASUSTek.)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [98304 2008-08-18] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [159744 2009-04-07] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [8392704 2009-03-04] (ASUS)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [31072 2008-10-25] (Microsoft Corporation)
HKLM-x32\...\Run: [Turbo Gear Help] "C:\Program Files (x86)\ASUS\Turbo Gear Extreme\GearHelp.exe" [1026048 2009-08-05] ()
HKLM-x32\...\Run: [Turbo Gear] "C:\Program Files (x86)\ASUS\Turbo Gear Extreme\TurboGear.exe" -r [2987520 2009-08-05] ()
HKLM-x32\...\Run: [Salmosa] C:\Program Files (x86)\Razer\Salmosa\razerhid.exe [139264 2008-08-21] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4241512 2012-03-06] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKU\Lyn\...\Run: [SacReminderHDDV2N] C:\ProgramData\OfficeGuardianV2N\reminder\SacReminder.exe [862032 2010-11-18] (Storage Appliance Corp.)
HKU\Lyn\...\Run: [chromium] C:\Users\Lyn\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window [1224176 2012-04-11] (Google Inc.)
HKU\Lyn\...\Run: [MyTomTomSA.exe] "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe" [435672 2011-11-14] (TomTom)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

==================== Services (Whitelisted) ======

3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253088 2012-04-23] (Adobe Systems Incorporated)
2 ASLDRService; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [100920 2008-08-13] ()
2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-07] ()
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44768 2012-03-06] (AVAST Software)
2 CFUACProxy_officeguardianv2n; "C:\ProgramData\OfficeGuardianV2N\UACProxy.exe" -s "-pC:\ProgramData\OfficeGuardianV2N" [83792 2010-11-18] (Storage Appliance Corp.)
3 DAUpdaterSvc; C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [25832 2009-12-15] (BioWare)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [65888 2008-10-25] (Microsoft Corporation)
2 NPWService; C:\Program Files (x86)\Generic\Network Printer Wizard\NPWService.exe [788480 2009-01-15] ()
2 SacNetAgentService_C57C4F854F53; C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe [163664 2010-11-18] (Storage Appliance Corporation)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
3 spmgr; C:\Program Files (x86)\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
2 WBVGAservice; C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [72248 2009-02-06] ()

========================== Drivers (Whitelisted) =============

2 ASMMAP64; \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [24408 2012-03-06] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [69976 2012-03-06] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [53080 2012-03-06] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [819032 2012-03-06] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [337240 2012-03-06] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59224 2012-03-06] (AVAST Software)
2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [314016 2009-10-12] ()
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
2 cpuz133; \??\C:\Windows\system32\drivers\cpuz133_x64.sys [20968 2010-03-30] (Windows (R) Win 7 DDK provider)
1 EIO64; C:\Windows\System32\Drivers\EIO64.sys [16384 2009-07-22] (ASUSTeK Computer Inc.)
3 enecir; C:\Windows\System32\Drivers\enecir.sys [70656 2009-05-20] (ENE TECHNOLOGY INC.)
3 EST_BusEnum; C:\Windows\System32\DRIVERS\GenBus.sys [29696 2009-01-06] ( )
3 EST_Server; C:\Windows\System32\DRIVERS\GenHC.sys [197632 2009-01-16] ( )
2 ghaio; \??\C:\Program Files (x86)\ASUS\NB Probe\SPM\ghaio.sys [17464 2007-08-03] ()
1 ISODrive; \??\C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [43680 2009-10-12] ()
0 lullaby; C:\Windows\System32\Drivers\lullaby.sys [16440 2009-04-01] (Windows (R) Win 7 DDK provider)
3 mcdbus; C:\Windows\System32\Drivers\mcdbus.sys [255552 2009-02-24] (MagicISO, Inc.)
3 mcdbus; C:\Windows\SysWow64\Drivers\mcdbus.sys [255552 2009-02-24] (MagicISO, Inc.)
3 salmosa; C:\Windows\System32\Drivers\salmosa.sys [11904 2008-03-20] (Razer (Asia-Pacific) Pte Ltd)
2 SBKUPNT; C:\Windows\SysWow64\Drivers\SBKUPNT.sys [14976 2001-07-13] ()
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 ipswuio; C:\Windows\System32\DRIVERS\ipswuio.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-04-25 23:25 - 2009-10-10 18:15 - 0000000 ____D C:\FRST
2012-04-25 03:17 - 2012-03-14 08:33 - 0000000 __SHD C:\$RECYCLE.BIN
2012-04-24 14:56 - 2011-09-22 03:27 - 0139264 ____A C:\Users\Lyn\Desktop\SystemLook.exe
2012-04-24 12:23 - 2009-10-05 17:53 - 0024410 ____A C:\ComboFix.txt
2012-04-23 18:25 - 2009-07-13 17:14 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-23 18:25 - 2009-06-10 13:10 - 0000000 ____D C:\Windows\System32\Macromed
2012-04-23 18:25 - - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-23 18:03 - 2012-04-23 18:16 - 0594944 ____A (OldTimer Tools) C:\Users\Lyn\Desktop\OTL.exe
2012-04-18 08:42 - 2012-04-07 10:35 - 0208896 ____A C:\Windows\MBR.exe
2012-04-18 08:42 - 2009-10-14 13:32 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-04-18 08:42 - 2009-07-13 23:50 - 0080412 ____A C:\Windows\grep.exe
2012-04-18 08:42 - 2009-07-13 23:46 - 0098816 ____A C:\Windows\sed.exe
2012-04-18 08:42 - 2009-07-13 21:32 - 0256000 ____A C:\Windows\PEV.exe
2012-04-18 08:42 - 2009-07-13 17:39 - 0068096 ____A C:\Windows\zip.exe
2012-04-18 08:42 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-04-18 08:42 - 2000-07-14 20:00 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-04-18 08:40 - - 4474448 ____R (Swearware) C:\Users\Lyn\Desktop\ComboFix.exe
2012-04-13 07:05 - - 0000937 ____A C:\Users\UpdatusUser\Desktop\Forsaken World.lnk
2012-04-13 06:30 - 2012-04-29 04:07 - 0000000 ____D C:\Perfect World Entertainment
2012-04-13 06:21 - 2009-07-13 17:16 - 0258352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\unicows.dll
2012-04-13 04:52 - 2011-07-27 17:13 - 0000000 ____D C:\Users\All Users\PMB Files
2012-04-13 04:52 - 2011-07-27 17:13 - 0000000 ____D C:\ProgramData\PMB Files
2012-04-13 04:52 - 2011-02-15 10:24 - 0000000 ____D C:\Users\Lyn\AppData\Local\PMB Files
2012-04-11 23:23 - 2009-10-05 18:03 - 0000000 ____D C:\Program Files (x86)\The Elder Scrolls V Skyrim
2012-04-10 21:26 - 2012-03-29 11:34 - 0357766 ____A C:\Users\Lyn\Desktop\HostsXpert.zip
2012-04-10 12:50 - 2009-07-13 21:08 - 0000000 ____D C:\Users\Public\Documents\skyrim-verified
2012-04-07 10:35 - 2012-04-07 10:35 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-04-07 10:35 - 2012-04-07 10:35 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-04-07 10:35 - 2012-04-07 10:35 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-07 10:35 - 2012-04-07 10:35 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-07 10:35 - 2012-04-07 10:35 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-04-07 10:35 - 2012-04-07 10:35 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-04-07 10:35 - 2012-04-07 10:35 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-04-07 10:35 - 2010-03-03 23:57 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-07 10:35 - 2010-03-03 23:33 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-04-07 10:35 - 2009-10-05 19:06 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-04-07 10:35 - 2009-10-05 19:06 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-04-07 10:35 - 2009-07-13 19:20 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-04-07 10:35 - 2009-07-13 19:20 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-04-07 10:35 - 2009-07-13 19:20 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-04-07 10:35 - 2009-07-13 19:20 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-04-07 10:35 - 2009-07-13 17:41 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-07 10:35 - 2009-07-13 17:41 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-07 10:35 - 2009-07-13 17:41 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-04-07 10:35 - 2009-07-13 17:41 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-04-07 10:35 - 2009-07-13 17:41 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-04-07 10:35 - 2009-07-13 17:41 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-04-07 10:35 - 2009-07-13 17:41 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-04-07 10:35 - 2009-07-13 17:40 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-04-07 10:35 - 2009-07-13 17:39 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-04-07 10:35 - 2009-07-13 17:39 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-04-07 10:35 - 2009-07-13 17:39 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-04-07 10:35 - 2009-07-13 17:39 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-04-07 10:35 - 2009-07-13 17:38 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-07 10:35 - 2009-07-13 17:38 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-04-07 10:35 - 2009-07-13 17:38 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-04-07 10:35 - 2009-07-13 17:38 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-04-07 10:35 - 2009-07-13 17:16 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-07 10:35 - 2009-07-13 17:16 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-07 10:35 - 2009-07-13 17:16 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-04-07 10:35 - 2009-07-13 17:16 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-04-07 10:35 - 2009-07-13 17:15 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-04-07 10:35 - 2009-07-13 17:15 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-04-07 10:35 - 2009-07-13 17:15 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-04-07 10:35 - 2009-07-13 17:15 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-04-07 10:35 - 2009-07-13 17:15 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-04-07 10:35 - 2009-07-13 17:14 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-07 10:35 - 2009-07-13 17:14 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-04-07 10:35 - 2009-07-13 17:14 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-04-07 10:35 - 2009-07-13 17:14 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-04-07 10:35 - 2009-07-13 17:14 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-04-07 10:35 - 2009-07-13 17:14 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-04-07 10:35 - 2009-07-13 17:14 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-04-07 10:35 - 2009-07-13 17:14 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-04-07 10:35 - 2009-07-13 15:55 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-04-07 10:35 - 2009-07-13 15:40 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-04-07 10:35 - 2009-07-13 15:31 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-04-07 10:35 - 2009-07-13 15:19 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-04-07 10:35 - 2009-07-13 12:49 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-07 10:35 - 2009-06-10 13:14 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-04-07 10:35 - 2009-06-10 12:30 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0662528 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0265088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2012-04-07 10:34 - 2012-04-07 10:34 - 0257024 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0229888 ____A (Microsoft Corporation) C:\Windows\System32\XpsRasterService.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0135168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2012-04-07 10:34 - 2010-11-03 22:48 - 1133568 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2012-04-07 10:34 - 2009-10-30 21:45 - 1495040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2012-04-07 10:34 - 2009-07-13 17:41 - 4068864 ____A (Microsoft Corporation) C:\Windows\System32\mf.dll
2012-04-07 10:34 - 2009-07-13 17:41 - 1888256 ____A (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2012-04-07 10:34 - 2009-07-13 17:41 - 0470016 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2012-04-07 10:34 - 2009-07-13 17:40 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-04-07 10:34 - 2009-07-13 17:40 - 1540608 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-04-07 10:34 - 2009-07-13 17:40 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-04-07 10:34 - 2009-07-13 17:40 - 0144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2012-04-07 10:34 - 2009-07-13 17:39 - 1863680 ____A (Microsoft Corporation) C:\Windows\System32\ExplorerFrame.dll
2012-04-07 10:34 - 2009-07-13 17:39 - 0206848 ____A (Microsoft Corporation) C:\Windows\System32\mfps.dll
2012-04-07 10:34 - 2009-07-13 17:16 - 1619456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2012-04-07 10:34 - 2009-07-13 17:16 - 0283648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2012-04-07 10:34 - 2009-07-13 17:15 - 3181568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2012-04-07 10:34 - 2009-07-13 17:15 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-04-07 10:34 - 2009-07-13 17:15 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-04-07 10:34 - 2009-07-13 17:15 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-04-07 10:34 - 2009-07-13 17:15 - 0196608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2012-04-07 10:34 - 2009-07-13 15:38 - 0982912 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2012-04-07 10:32 - 2009-07-13 17:39 - 0004118 ____A C:\Windows\IE9_main.log
2012-04-07 05:44 - 2011-04-29 10:10 - 0000000 ____D C:\Program Files (x86)\ESET
2012-04-07 05:37 - 2012-02-25 09:19 - 0000000 ____D C:\Program Files (x86)\McAfee Security Scan
2012-04-07 05:37 - 2011-07-23 07:04 - 0001866 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2012-04-07 05:37 - 2011-03-06 06:19 - 0000000 ____D C:\Users\All Users\McAfee Security Scan
2012-04-07 05:37 - 2011-03-06 06:19 - 0000000 ____D C:\ProgramData\McAfee Security Scan
2012-04-07 05:37 - 2009-07-13 20:54 - 0001864 ____A C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
2012-04-07 05:36 - 2010-03-25 13:51 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-04-07 05:36 - - 0002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-04-01 11:06 - 2011-03-08 21:02 - 0000000 ____D C:\Users\Lyn\Desktop\New folder
2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-03-31 07:14 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-03-31 07:14 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-03-31 07:14 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-03-31 07:14 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-03-31 07:14 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-03-30 08:03 - 2011-01-19 13:22 - 0000162 ___AH C:\Users\Lyn\Desktop\~$rvice Plan.rtf

============ 3 Months Modified Files and Folders =============

2012-04-29 21:31 - 2012-04-25 23:25 - 0000000 ____D C:\FRST
2012-04-29 17:29 - 2009-10-05 19:05 - 1331527 ____A C:\Windows\WindowsUpdate.log
2012-04-29 17:24 - 2010-10-18 07:59 - 0000900 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001UA.job
2012-04-29 17:11 - 2012-04-23 18:25 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-29 13:01 - 2012-04-29 13:01 - 0014399 ____A C:\Users\Lyn\Desktop\evolution-b6u3jmn1j-271148-475-286.jpg
2012-04-29 05:24 - 2010-10-18 07:59 - 0000848 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001Core.job
2012-04-29 04:07 - 2012-02-27 05:04 - 0005600 ____A C:\Windows\setupact.log
2012-04-29 04:07 - 2009-10-05 19:01 - 536109056 __ASH C:\hiberfil.sys
2012-04-29 04:07 - 2009-10-05 16:59 - 0000000 ____D C:\Users\All Users\NVIDIA
2012-04-29 04:07 - 2009-10-05 16:59 - 0000000 ____D C:\ProgramData\NVIDIA
2012-04-29 04:07 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-27 19:37 - 2009-10-07 15:02 - 0000000 ____D C:\Users\Lyn\Desktop\Random Writing
2012-04-26 14:29 - 2009-08-03 09:13 - 0732750 ____A C:\Windows\System32\perfh019.dat
2012-04-26 14:29 - 2009-08-03 09:13 - 0154362 ____A C:\Windows\System32\perfc019.dat
2012-04-26 14:29 - 2009-07-13 21:13 - 1668226 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-25 03:17 - 2012-04-25 03:17 - 0000000 __SHD C:\$RECYCLE.BIN
2012-04-24 14:56 - 2012-04-24 14:56 - 0139264 ____A C:\Users\Lyn\Desktop\SystemLook.exe
2012-04-24 12:23 - 2012-04-24 12:23 - 0024410 ____A C:\ComboFix.txt
2012-04-24 12:23 - 2012-03-25 17:04 - 0000000 ____D C:\Qoobox
2012-04-24 12:05 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
2012-04-24 12:03 - 2012-02-27 05:04 - 0011908 ____A C:\Windows\PFRO.log
2012-04-24 11:52 - 2012-04-18 08:40 - 4474448 ____R (Swearware) C:\Users\Lyn\Desktop\ComboFix.exe
2012-04-24 01:48 - 2009-10-12 19:27 - 0001725 ____A C:\Windows\System32\ServiceFilter.ini
2012-04-23 18:25 - 2012-04-23 18:25 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-23 18:25 - 2012-04-23 18:25 - 0000000 ____D C:\Windows\System32\Macromed
2012-04-23 18:25 - 2011-06-23 09:12 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-04-23 18:16 - 2012-04-01 11:06 - 0000000 ____D C:\Users\Lyn\Desktop\New folder
2012-04-23 18:03 - 2012-04-23 18:03 - 0594944 ____A (OldTimer Tools) C:\Users\Lyn\Desktop\OTL.exe
2012-04-20 10:21 - 2009-10-05 17:43 - 0000000 ____D C:\Users\All Users\Adobe
2012-04-20 10:21 - 2009-10-05 17:43 - 0000000 ____D C:\ProgramData\Adobe
2012-04-20 10:20 - 2009-10-05 16:52 - 0000000 ____D C:\Users\Lyn\AppData\Roaming\Adobe
2012-04-13 19:11 - 2012-04-13 04:52 - 0000000 ____D C:\Users\Lyn\AppData\Local\PMB Files
2012-04-13 07:05 - 2012-04-13 07:05 - 0000937 ____A C:\Users\UpdatusUser\Desktop\Forsaken World.lnk
2012-04-13 06:30 - 2012-04-13 06:30 - 0000000 ____D C:\Perfect World Entertainment
2012-04-13 05:00 - 2012-04-13 06:21 - 0258352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\unicows.dll
2012-04-13 04:53 - 2012-04-13 04:52 - 0000000 ____D C:\Users\All Users\PMB Files
2012-04-13 04:53 - 2012-04-13 04:52 - 0000000 ____D C:\ProgramData\PMB Files
2012-04-11 23:23 - 2012-04-11 23:23 - 0000000 ____D C:\Program Files (x86)\The Elder Scrolls V Skyrim
2012-04-11 23:21 - 2012-04-10 12:50 - 0000000 ____D C:\Users\Public\Documents\skyrim-verified
2012-04-10 23:38 - 2009-07-13 20:45 - 0019792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-10 23:38 - 2009-07-13 20:45 - 0019792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-10 21:26 - 2012-04-10 21:26 - 0357766 ____A C:\Users\Lyn\Desktop\HostsXpert.zip
2012-04-10 13:02 - 2012-04-07 05:37 - 0001866 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2012-04-10 13:02 - 2012-04-07 05:37 - 0001864 ____A C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
2012-04-10 13:02 - 2012-04-07 05:37 - 0000000 ____D C:\Program Files (x86)\McAfee Security Scan
2012-04-09 14:57 - 2009-10-05 16:46 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-04-09 05:09 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2012-04-07 10:42 - 2009-10-12 19:27 - 0002192 ____A C:\Windows\System32\AutoRunFilter.ini
2012-04-07 10:41 - 2009-10-05 20:01 - 0000000 ____D C:\Windows\Panther
2012-04-07 10:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ru-RU
2012-04-07 10:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ru-RU
2012-04-07 10:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-04-07 10:38 - 2012-04-07 10:32 - 0004118 ____A C:\Windows\IE9_main.log
2012-04-07 10:35 - 2012-04-07 10:35 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-04-07 10:35 - 2012-04-07 10:35 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-04-07 10:35 - 2012-04-07 10:35 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-07 10:35 - 2012-04-07 10:35 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-07 10:35 - 2012-04-07 10:35 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-07 10:35 - 2012-04-07 10:35 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-04-07 10:35 - 2012-04-07 10:35 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-04-07 10:35 - 2012-04-07 10:35 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-04-07 10:35 - 2012-04-07 10:35 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-04-07 10:35 - 2012-04-07 10:35 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-04-07 10:35 - 2012-04-07 10:35 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-04-07 10:35 - 2012-04-07 10:35 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-04-07 10:35 - 2012-04-07 10:35 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-04-07 10:35 - 2012-04-07 10:35 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-04-07 10:35 - 2012-04-07 10:35 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-04-07 10:34 - 2012-04-07 10:34 - 4068864 ____A (Microsoft Corporation) C:\Windows\System32\mf.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 3181568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 1888256 ____A (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2012-04-07 10:34 - 2012-04-07 10:34 - 1863680 ____A (Microsoft Corporation) C:\Windows\System32\ExplorerFrame.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 1619456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2012-04-07 10:34 - 2012-04-07 10:34 - 1540608 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 1495040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 1133568 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0982912 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2012-04-07 10:34 - 2012-04-07 10:34 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0662528 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0470016 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0283648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0265088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2012-04-07 10:34 - 2012-04-07 10:34 - 0257024 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0229888 ____A (Microsoft Corporation) C:\Windows\System32\XpsRasterService.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0206848 ____A (Microsoft Corporation) C:\Windows\System32\mfps.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0196608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2012-04-07 10:34 - 2012-04-07 10:34 - 0135168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2012-04-07 05:44 - 2012-04-07 05:44 - 0000000 ____D C:\Program Files (x86)\ESET
2012-04-07 05:37 - 2012-04-07 05:37 - 0000000 ____D C:\Users\All Users\McAfee Security Scan
2012-04-07 05:37 - 2012-04-07 05:37 - 0000000 ____D C:\ProgramData\McAfee Security Scan
2012-04-07 05:36 - 2012-04-07 05:36 - 0002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-04-07 05:36 - 2012-04-07 05:36 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-04-07 05:36 - 2009-10-05 17:41 - 0000000 ____D C:\Users\Lyn\AppData\Local\Adobe
2012-04-05 15:34 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-04-02 16:31 - 2009-07-13 19:20 - 0000000 __RHD C:\Users\Public\Libraries
2012-04-01 16:42 - 2010-07-27 15:35 - 0000000 ____D C:\Users\Lyn\AppData\Roaming\vlc
2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-03-31 07:14 - 2012-03-31 07:14 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-03-31 07:14 - 2012-03-25 17:04 - 0000000 ____D C:\Windows\ERDNT
2012-03-31 07:14 - 2009-07-13 18:34 - 68419584 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-03-31 07:14 - 2009-07-13 18:34 - 17301504 ____A C:\Windows\System32\config\SYSTEM.bak
2012-03-31 07:14 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\SECURITY.bak
2012-03-31 07:14 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\SAM.bak
2012-03-31 07:14 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\DEFAULT.bak
2012-03-30 08:03 - 2012-03-30 08:03 - 0000162 ___AH C:\Users\Lyn\Desktop\~$rvice Plan.rtf
2012-03-29 13:55 - 2009-10-13 20:19 - 0000000 ____D C:\Users\Lyn\AppData\Local\ElevatedDiagnostics
2012-03-29 13:55 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-03-29 11:34 - 2012-03-29 11:34 - 0011678 ____A C:\Users\Lyn\Desktop\Hi Inge.docx
2012-03-25 17:47 - 2012-03-25 17:47 - 0000000 ____A C:\Windows\SysWOW64\config.nt
2012-03-25 17:46 - 2012-03-25 17:46 - 0000000 ____D C:\Users\All Users\AVAST Software
2012-03-25 17:46 - 2012-03-25 17:46 - 0000000 ____D C:\ProgramData\AVAST Software
2012-03-25 17:46 - 2012-03-25 17:46 - 0000000 ____D C:\Program Files\AVAST Software
2012-03-25 17:37 - 2011-12-11 07:25 - 0002324 ____A C:\Windows\epplauncher.mif
2012-03-25 17:32 - 2009-10-05 16:34 - 0000000 ____D C:\Users\All Users\avg8
2012-03-25 17:32 - 2009-10-05 16:34 - 0000000 ____D C:\Users\All Users\AVG Security Toolbar
2012-03-25 17:32 - 2009-10-05 16:34 - 0000000 ____D C:\ProgramData\avg8
2012-03-25 17:32 - 2009-10-05 16:34 - 0000000 ____D C:\ProgramData\AVG Security Toolbar
2012-03-25 17:21 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Default
2012-03-15 02:57 - 2010-03-21 18:16 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-03-14 08:33 - 2009-10-13 08:11 - 0000000 ____D C:\$AVG8.VAULT$
2012-03-12 05:26 - 2011-12-05 06:44 - 0000000 ____D C:\Users\All Users\AVG Secure Search
2012-03-12 05:26 - 2011-12-05 06:44 - 0000000 ____D C:\ProgramData\AVG Secure Search
2012-03-11 06:51 - 2009-10-05 16:40 - 0000000 ____D C:\Program Files (x86)\SpywareBlaster
2012-03-06 15:15 - 2012-03-25 17:47 - 0258520 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-03-06 15:15 - 2012-03-25 17:46 - 0201352 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-03-06 15:15 - 2012-03-25 17:46 - 0041184 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-03-06 15:04 - 2012-03-25 17:47 - 0819032 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-03-06 15:04 - 2012-03-25 17:47 - 0337240 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-03-06 15:02 - 2012-03-25 17:47 - 0053080 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-03-06 15:01 - 2012-03-25 17:47 - 0069976 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-03-06 15:01 - 2012-03-25 17:47 - 0059224 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-03-06 15:01 - 2012-03-25 17:47 - 0024408 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-03-01 05:28 - 2010-02-01 12:47 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-03-01 05:28 - 2010-02-01 12:47 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-02-27 17:34 - 2012-02-27 17:34 - 0000010 ____A C:\Users\Public\homegroup.txt
2012-02-27 12:24 - 2009-07-13 21:08 - 0032576 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-02-27 05:04 - 2012-02-27 05:04 - 0000000 ____A C:\Windows\setuperr.log
2012-02-27 05:04 - 2011-12-07 17:01 - 0000000 ____D C:\Program Files (x86)\Iminent
2012-02-26 13:56 - 2012-02-26 13:56 - 0001047 ____A C:\Users\Public\DriverTuner.lnk
2012-02-26 13:56 - 2012-02-26 13:56 - 0000000 ____D C:\Program Files (x86)\DriverTuner
2012-02-26 13:47 - 2012-02-26 13:47 - 0000249 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog
2012-02-26 13:42 - 2012-02-26 13:42 - 0004478 ____A C:\Users\Lyn\Documents\cc_20120226_164250.reg
2012-02-26 13:42 - 2009-10-05 16:44 - 0000000 ____D C:\Users\Lyn\AppData\Roaming\BitTorrent
2012-02-26 13:41 - 2009-10-05 18:25 - 0000000 ____D C:\Windows\Minidump
2012-02-26 13:40 - 2011-12-07 18:55 - 0000000 ____D C:\Program Files\CCleaner
2012-02-26 13:05 - 2012-02-26 13:05 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-02-26 13:05 - 2012-02-26 13:05 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-02-26 13:05 - 2012-02-26 13:05 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-02-26 13:05 - 2010-06-01 10:52 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-02-26 13:03 - 2009-10-11 11:25 - 0000000 ____D C:\Program Files (x86)\Java
2012-02-26 11:16 - 2012-02-26 11:16 - 0000000 ____D C:\Users\Public\HIJACK
2012-02-25 09:19 - 2012-02-25 09:19 - 0001113 ____A C:\Users\Public\Malwarebytes Anti-Malware.lnk
2012-02-25 09:19 - 2010-02-01 13:27 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-23 06:18 - 2009-10-05 16:18 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-11 20:43 - 2009-10-05 16:12 - 0000000 ____D C:\users\Lyn

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2009-07-13 15:38] - [2010-04-07 22:01] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

C:\Windows\SysWOW64\User32.dll
[2009-07-13 15:24] - [2010-04-07 22:01] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 11%
Total physical RAM: 6143.04 MB
Available physical RAM: 5431.36 MB
Total Pagefile: 6141.18 MB
Available Pagefile: 5419.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:244.5 GB) (Free:117.87 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:221.16 GB) (Free:168.86 GB) NTFS
4 Drive g: () (Removable) (Total:3.75 GB) (Free:1.12 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 1024 KB 
Disk 1 Online 3840 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 244 GB 101 MB
Partition 0 Extended 221 GB 244 GB
Partition 3 Logical 221 GB 244 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 244 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D DATA NTFS Partition 221 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3839 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 3839 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-04-29 06:15

======================= End Of Log ==========================


----------



## Glaswegian (Dec 5, 2004)

Hi again

I think you perhaps misunderstood my previous post. Rather than a full log, this should produce a much shorter log - we are searching for file names. We do need to use *FRST* though, but just a different function. Please follow these instructions carefully

Using your flash drive:

In Vista or Windows 7: Boot to System Recovery Options and run* FRST.*
Type the following in the *edit box* after "*Search*".

*user32.dll**

It then should look like this:

*Search: user32.dll**

Click *Search* button and post the log (Search.txt) it makes to your reply.


----------



## tanusgreystar (Oct 15, 2007)

Sorry. I'll redo it.


----------



## tanusgreystar (Oct 15, 2007)

Farbar Recovery Scan Tool Version: 22-04-2012
Ran by SYSTEM at 2012-04-30 22:52:30
Running from G:\

================== Search: "user32.dll*" ===================

C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2009-07-13 15:24] - [2009-07-13 17:11] - 0833024 ____A (Microsoft Corporation) E8B0FFC209E504CB7E79FC24E6C085F0

C:\Windows\winsxs\wow64_microsoft-windows-user32.resources_31bf3856ad364e35_6.1.7600.16385_ru-ru_ed68ab77ca33fe56\user32.dll.mui
[2009-08-03 09:11] - [2009-08-03 09:11] - 0019968 ____A (Microsoft Corporation) 7F44160E679FD0BEEAF25BFE04553CCD

C:\Windows\winsxs\wow64_microsoft-windows-user32.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a44793c3792f02af\user32.dll.mui
[2009-07-13 21:35] - [2009-07-13 18:03] - 0017920 ____A (Microsoft Corporation) D448B52149F95F1250100F9BD0ED7152

C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009-07-13 15:38] - [2009-07-13 17:41] - 1008640 ____A (Microsoft Corporation) 72D7B3EA16946E8F0CF7458150031CC6

C:\Windows\winsxs\amd64_microsoft-windows-user32.resources_31bf3856ad364e35_6.1.7600.16385_ru-ru_e314012595d33c5b\user32.dll.mui
[2009-08-03 09:11] - [2009-08-03 09:11] - 0019968 ____A (Microsoft Corporation) 688BA0F29CA43CF339CDF4893237AB40

C:\Windows\winsxs\amd64_microsoft-windows-user32.resources_31bf3856ad364e35_6.1.7600.16385_en-us_99f2e97144ce40b4\user32.dll.mui
[2009-07-13 21:35] - [2009-07-13 18:26] - 0017920 ____A (Microsoft Corporation) 7CA57982056C7BCED0B96A892F595802

C:\Windows\SysWOW64\user32.dll
[2009-07-13 15:24] - [2010-04-07 22:01] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

C:\Windows\SysWOW64\user32.dll.bak
[2009-07-13 15:24] - [2009-07-13 17:11] - 0833024 ____A (Microsoft Corporation) E8B0FFC209E504CB7E79FC24E6C085F0

C:\Windows\SysWOW64\ru-RU\user32.dll.mui
[2009-08-03 09:11] - [2009-08-03 09:11] - 0019968 ____A (Microsoft Corporation) 7F44160E679FD0BEEAF25BFE04553CCD

C:\Windows\SysWOW64\en-US\user32.dll.mui
[2009-07-13 21:35] - [2009-07-13 18:03] - 0017920 ____A (Microsoft Corporation) D448B52149F95F1250100F9BD0ED7152

C:\Windows\System32\user32.dll
[2009-07-13 15:38] - [2010-04-07 22:01] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

C:\Windows\System32\user32.dll.bak
[2009-07-13 15:38] - [2009-07-13 17:41] - 1008640 ____A (Microsoft Corporation) 72D7B3EA16946E8F0CF7458150031CC6

C:\Windows\System32\ru-RU\user32.dll.mui
[2009-08-03 09:11] - [2009-08-03 09:11] - 0019968 ____A (Microsoft Corporation) 688BA0F29CA43CF339CDF4893237AB40

C:\Windows\System32\en-US\user32.dll.mui
[2009-07-13 21:35] - [2009-07-13 18:26] - 0017920 ____A (Microsoft Corporation) 7CA57982056C7BCED0B96A892F595802

====== End Of Search ======


----------



## Glaswegian (Dec 5, 2004)

Hi again

Thanks for that log  now we can try replacing those files.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as *fixlist.txt*

*Plug the flashdrive into the infected PC.*


```
Replace: C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll C:\Windows\SysWOW64\user32.dll 
Replace: C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll C:\Windows\System32\user32.dll
```
*NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system*

On Vista or Windows 7: Now please enter *System Recovery Options*.
Run * FRST* and press the *Fix* button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


----------



## tanusgreystar (Oct 15, 2007)

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 22-04-2012
Ran by SYSTEM at 2012-05-01 14:12:42 R:2
Running from G:\

==============================================

C:\Windows\SysWOW64\user32.dll moved successfully.
C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll copied successfully to C:\Windows\SysWOW64\user32.dll 
C:\Windows\System32\user32.dll moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll copied successfully to C:\Windows\System32\user32.dll

==== End of Fixlog ====


Hi. Could my other 2 pc's be infected if they're on the same network? They're not redirecting or anything. Just wondering. Thanks!


----------



## Glaswegian (Dec 5, 2004)

Hi again

How is your system running now?

The other 2 could be infected but if there are no symptoms then it's unlikely they have caught anything.


----------



## tanusgreystar (Oct 15, 2007)

I'll have to see. I'll let you know. Thanks!


----------



## tanusgreystar (Oct 15, 2007)

Still redirecting. : (


----------



## Glaswegian (Dec 5, 2004)

Hi again

Please download *TDSSKiller.zip* and extract TDSSKiller.exe to your *desktop*.

Execute TDSSKiller.exe by doubleclicking on it. Press *Start Scan*.











If Malicious objects are found, ensure *Cure* is selected (it should be by default)










Click *Continue* then click *Reboot now*










Once complete, a log will be produced at the root drive which is typically C:\

For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt.

Please attach that log.


----------



## tanusgreystar (Oct 15, 2007)

13:50:05.0739 5072	TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
13:50:06.0056 5072	============================================================
13:50:06.0056 5072	Current date / time: 2012/05/02 13:50:06.0056
13:50:06.0056 5072	SystemInfo:
13:50:06.0056 5072	
13:50:06.0056 5072	OS Version: 6.1.7600 ServicePack: 0.0
13:50:06.0056 5072	Product type: Workstation
13:50:06.0056 5072	ComputerName: LYN-PC
13:50:06.0056 5072	UserName: Lyn
13:50:06.0056 5072	Windows directory: C:\Windows
13:50:06.0056 5072	System windows directory: C:\Windows
13:50:06.0056 5072	Running under WOW64
13:50:06.0056 5072	Processor architecture: Intel x64
13:50:06.0056 5072	Number of processors: 2
13:50:06.0056 5072	Page size: 0x1000
13:50:06.0056 5072	Boot type: Normal boot
13:50:06.0057 5072	============================================================
13:50:06.0574 5072	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:50:06.0593 5072	============================================================
13:50:06.0593 5072	\Device\Harddisk0\DR0:
13:50:06.0594 5072	MBR partitions:
13:50:06.0594 5072	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:50:06.0594 5072	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1E901800
13:50:06.0612 5072	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E934800, BlocksNum 0x1BA51000
13:50:06.0612 5072	============================================================
13:50:06.0654 5072	C: <-> \Device\Harddisk0\DR0\Partition1
13:50:06.0700 5072	D: <-> \Device\Harddisk0\DR0\Partition2
13:50:06.0701 5072	============================================================
13:50:06.0701 5072	Initialize success
13:50:06.0701 5072	============================================================
13:50:10.0243 5468	============================================================
13:50:10.0243 5468	Scan started
13:50:10.0243 5468	Mode: Manual; 
13:50:10.0243 5468	============================================================
13:50:12.0004 5468	1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
13:50:12.0027 5468	1394ohci - ok
13:50:12.0075 5468	ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
13:50:12.0090 5468	ACPI - ok
13:50:12.0125 5468	AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
13:50:12.0128 5468	AcpiPmi - ok
13:50:12.0235 5468	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:50:12.0237 5468	AdobeARMservice - ok
13:50:12.0424 5468	AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:50:12.0430 5468	AdobeFlashPlayerUpdateSvc - ok
13:50:12.0487 5468	adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:50:12.0511 5468	adp94xx - ok
13:50:12.0550 5468	adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:50:12.0564 5468	adpahci - ok
13:50:12.0599 5468	adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:50:12.0603 5468	adpu320 - ok
13:50:12.0684 5468	ADSMService (c0bf554d2277f7a4c735d475ade2e3b2) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
13:50:12.0694 5468	ADSMService - ok
13:50:12.0715 5468	AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:50:12.0718 5468	AeLookupSvc - ok
13:50:12.0770 5468	AFBAgent (0eb929809bf744fc16578e052515bab2) C:\Windows\system32\FBAgent.exe
13:50:12.0784 5468	AFBAgent - ok
13:50:12.0845 5468	AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
13:50:12.0861 5468	AFD - ok
13:50:12.0891 5468	agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
13:50:12.0895 5468	agp440 - ok
13:50:12.0938 5468	ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:50:12.0941 5468	ALG - ok
13:50:12.0971 5468	aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
13:50:12.0973 5468	aliide - ok
13:50:12.0995 5468	amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
13:50:12.0998 5468	amdide - ok
13:50:13.0017 5468	AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:50:13.0020 5468	AmdK8 - ok
13:50:13.0079 5468	AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:50:13.0082 5468	AmdPPM - ok
13:50:13.0102 5468	amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
13:50:13.0106 5468	amdsata - ok
13:50:13.0123 5468	amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:50:13.0127 5468	amdsbs - ok
13:50:13.0143 5468	amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
13:50:13.0144 5468	amdxata - ok
13:50:13.0177 5468	AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
13:50:13.0180 5468	AppID - ok
13:50:13.0214 5468	AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:50:13.0215 5468	AppIDSvc - ok
13:50:13.0252 5468	Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
13:50:13.0255 5468	Appinfo - ok
13:50:13.0366 5468	Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:50:13.0443 5468	Apple Mobile Device - ok
13:50:13.0484 5468	AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
13:50:13.0490 5468	AppMgmt - ok
13:50:13.0513 5468	arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:50:13.0516 5468	arc - ok
13:50:13.0545 5468	arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:50:13.0548 5468	arcsas - ok
13:50:13.0578 5468	AsDsm (88fbc8bebfd38566235eaa5e4dbc4e05) C:\Windows\system32\drivers\AsDsm.sys
13:50:13.0579 5468	AsDsm - ok
13:50:13.0641 5468	ASLDRService (eb1807795cd3eeaa3288b4a30de254e8) C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
13:50:13.0642 5468	ASLDRService - ok
13:50:13.0702 5468	ASMMAP64 (2db34edd17d3a8da7105a19c95a3dd68) C:\Program Files\ATKGFNEX\ASMMAP64.sys
13:50:13.0703 5468	ASMMAP64 - ok
13:50:13.0857 5468	aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:50:13.0913 5468	aspnet_state - ok
13:50:13.0999 5468	aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
13:50:14.0001 5468	aswFsBlk - ok
13:50:14.0047 5468	aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
13:50:14.0048 5468	aswMonFlt - ok
13:50:14.0095 5468	aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
13:50:14.0097 5468	aswRdr - ok
13:50:14.0163 5468	aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
13:50:14.0170 5468	aswSnx - ok
13:50:14.0214 5468	aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
13:50:14.0217 5468	aswSP - ok
13:50:14.0234 5468	aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
13:50:14.0235 5468	aswTdi - ok
13:50:14.0271 5468	AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:50:14.0273 5468	AsyncMac - ok
13:50:14.0298 5468	atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
13:50:14.0299 5468	atapi - ok
13:50:14.0415 5468	athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
13:50:14.0477 5468	athr - ok
13:50:14.0551 5468	ATKGFNEXSrv (7c157574a181b19b9dcf5f339e25337e) C:\Program Files\ATKGFNEX\GFNEXSrv.exe
13:50:14.0553 5468	ATKGFNEXSrv - ok
13:50:14.0694 5468	atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
13:50:14.0697 5468	atksgt - ok
13:50:14.0752 5468	AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
13:50:14.0771 5468	AudioEndpointBuilder - ok
13:50:14.0780 5468	AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
13:50:14.0786 5468	AudioSrv - ok
13:50:14.0881 5468	avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
13:50:14.0882 5468	avast! Antivirus - ok
13:50:14.0925 5468	AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
13:50:14.0929 5468	AxInstSV - ok
13:50:14.0981 5468	b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:50:15.0039 5468	b06bdrv - ok
13:50:15.0108 5468	b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:50:15.0114 5468	b57nd60a - ok
13:50:15.0155 5468	BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:50:15.0159 5468	BDESVC - ok
13:50:15.0172 5468	Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:50:15.0183 5468	Beep - ok
13:50:15.0263 5468	BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
13:50:15.0299 5468	BFE - ok
13:50:15.0350 5468	BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
13:50:15.0388 5468	BITS - ok
13:50:15.0446 5468	blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:50:15.0449 5468	blbdrive - ok
13:50:15.0534 5468	Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
13:50:15.0548 5468	Bonjour Service - ok
13:50:15.0570 5468	bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
13:50:15.0573 5468	bowser - ok
13:50:15.0599 5468	BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:50:15.0602 5468	BrFiltLo - ok
13:50:15.0613 5468	BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:50:15.0616 5468	BrFiltUp - ok
13:50:15.0659 5468	BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:50:15.0662 5468	BridgeMP - ok
13:50:15.0690 5468	Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
13:50:15.0695 5468	Browser - ok
13:50:15.0722 5468	Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:50:15.0739 5468	Brserid - ok
13:50:15.0841 5468	BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:50:15.0844 5468	BrSerWdm - ok
13:50:15.0861 5468	BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:50:15.0864 5468	BrUsbMdm - ok
13:50:15.0880 5468	BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:50:15.0883 5468	BrUsbSer - ok
13:50:15.0896 5468	BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:50:15.0899 5468	BTHMODEM - ok
13:50:15.0941 5468	bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:50:15.0945 5468	bthserv - ok
13:50:15.0974 5468	catchme - ok
13:50:16.0002 5468	cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:50:16.0006 5468	cdfs - ok
13:50:16.0030 5468	cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
13:50:16.0034 5468	cdrom - ok
13:50:16.0068 5468	CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
13:50:16.0072 5468	CertPropSvc - ok
13:50:16.0214 5468	CFUACProxy_officeguardianv2n (23f5d8aee57f208e18e4edff16ee0df9) C:\ProgramData\OfficeGuardianV2N\UACProxy.exe
13:50:16.0338 5468	CFUACProxy_officeguardianv2n - ok
13:50:16.0406 5468	circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:50:16.0409 5468	circlass - ok
13:50:16.0448 5468	CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:50:16.0462 5468	CLFS - ok
13:50:16.0553 5468	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:50:16.0608 5468	clr_optimization_v2.0.50727_32 - ok
13:50:16.0664 5468	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:50:16.0730 5468	clr_optimization_v2.0.50727_64 - ok
13:50:16.0813 5468	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:50:16.0997 5468	clr_optimization_v4.0.30319_32 - ok
13:50:17.0054 5468	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:50:17.0148 5468	clr_optimization_v4.0.30319_64 - ok
13:50:17.0188 5468	CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:50:17.0190 5468	CmBatt - ok
13:50:17.0207 5468	cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
13:50:17.0210 5468	cmdide - ok
13:50:17.0239 5468	CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
13:50:17.0259 5468	CNG - ok
13:50:17.0285 5468	Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:50:17.0286 5468	Compbatt - ok
13:50:17.0326 5468	CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:50:17.0329 5468	CompositeBus - ok
13:50:17.0346 5468	COMSysApp - ok
13:50:17.0405 5468	cpuz133 (641243746597fbd650e5000d95811ea3) C:\Windows\system32\drivers\cpuz133_x64.sys
13:50:17.0407 5468	cpuz133 - ok
13:50:17.0428 5468	crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:50:17.0431 5468	crcdisk - ok
13:50:17.0484 5468	CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
13:50:17.0490 5468	CryptSvc - ok
13:50:17.0521 5468	CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
13:50:17.0544 5468	CSC - ok
13:50:17.0587 5468	CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
13:50:17.0610 5468	CscService - ok
13:50:17.0728 5468	DAUpdaterSvc (914a7156b0c0f10be645a02e13f576b2) C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
13:50:17.0730 5468	DAUpdaterSvc - ok
13:50:17.0779 5468	DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
13:50:17.0802 5468	DcomLaunch - ok
13:50:17.0831 5468	defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:50:17.0847 5468	defragsvc - ok
13:50:17.0904 5468	DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
13:50:17.0907 5468	DfsC - ok
13:50:17.0961 5468	Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
13:50:17.0976 5468	Dhcp - ok
13:50:17.0993 5468	discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:50:17.0996 5468	discache - ok
13:50:18.0031 5468	Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:50:18.0034 5468	Disk - ok
13:50:18.0075 5468	Dnscache (676108c4e3aa6f6b34633748bd0bebd9) C:\Windows\System32\dnsrslvr.dll
13:50:18.0081 5468	Dnscache - ok
13:50:18.0102 5468	dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
13:50:18.0119 5468	dot3svc - ok
13:50:18.0140 5468	DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
13:50:18.0146 5468	DPS - ok
13:50:18.0177 5468	drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:50:18.0218 5468	drmkaud - ok
13:50:18.0287 5468	DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
13:50:18.0295 5468	DXGKrnl - ok
13:50:18.0339 5468	EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:50:18.0345 5468	EapHost - ok
13:50:18.0498 5468	ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:50:18.0592 5468	ebdrv - ok
13:50:18.0704 5468	EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
13:50:18.0711 5468	EFS - ok
13:50:18.0767 5468	ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
13:50:18.0797 5468	ehRecvr - ok
13:50:18.0824 5468	ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:50:18.0828 5468	ehSched - ok
13:50:18.0895 5468	EIO64 (343ada10d948db29251f2d9c809af204) C:\Windows\system32\DRIVERS\EIO64.sys
13:50:18.0898 5468	EIO64 - ok
13:50:18.0950 5468	elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:50:18.0972 5468	elxstor - ok
13:50:19.0002 5468	enecir (a9ec08727c64d985678f5b64c03823f0) C:\Windows\system32\DRIVERS\enecir.sys
13:50:19.0005 5468	enecir - ok
13:50:19.0019 5468	ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
13:50:19.0021 5468	ErrDev - ok
13:50:19.0210 5468	EST_BusEnum (3826bfb7e92b5bfb4ee1dd9bf2554fa1) C:\Windows\system32\DRIVERS\GenBus.sys
13:50:19.0212 5468	EST_BusEnum - ok
13:50:19.0262 5468	EST_Server (0a8856179f85947278c8342cb2a7df91) C:\Windows\system32\DRIVERS\GenHC.sys
13:50:19.0268 5468	EST_Server - ok
13:50:19.0317 5468	EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:50:19.0338 5468	EventSystem - ok
13:50:19.0371 5468	exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:50:19.0376 5468	exfat - ok
13:50:19.0401 5468	fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:50:19.0406 5468	fastfat - ok
13:50:19.0459 5468	Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
13:50:19.0489 5468	Fax - ok
13:50:19.0518 5468	fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:50:19.0521 5468	fdc - ok
13:50:19.0558 5468	fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:50:19.0562 5468	fdPHost - ok
13:50:19.0570 5468	FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:50:19.0575 5468	FDResPub - ok
13:50:19.0594 5468	FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:50:19.0597 5468	FileInfo - ok
13:50:19.0612 5468	Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:50:19.0615 5468	Filetrace - ok
13:50:19.0634 5468	flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:50:19.0638 5468	flpydisk - ok
13:50:19.0666 5468	FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
13:50:19.0682 5468	FltMgr - ok
13:50:19.0750 5468	FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll
13:50:19.0794 5468	FontCache - ok
13:50:19.0854 5468	FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:50:19.0857 5468	FontCache3.0.0.0 - ok
13:50:19.0890 5468	FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:50:19.0893 5468	FsDepends - ok
13:50:19.0911 5468	Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:50:19.0912 5468	Fs_Rec - ok
13:50:19.0962 5468	fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:50:19.0967 5468	fvevol - ok
13:50:19.0991 5468	gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:50:19.0995 5468	gagp30kx - ok
13:50:20.0062 5468	GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:50:20.0063 5468	GEARAspiWDM - ok
13:50:20.0141 5468	ghaio (7d66ebde8b7f9b4e00beefeee82670d4) C:\Program Files (x86)\ASUS\NB Probe\SPM\ghaio.sys
13:50:20.0142 5468	ghaio - ok
13:50:20.0196 5468	gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
13:50:20.0225 5468	gpsvc - ok
13:50:20.0237 5468	hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:50:20.0292 5468	hcw85cir - ok
13:50:20.0342 5468	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
13:50:20.0356 5468	HdAudAddService - ok
13:50:20.0400 5468	HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:50:20.0403 5468	HDAudBus - ok
13:50:20.0421 5468	HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:50:20.0424 5468	HidBatt - ok
13:50:20.0440 5468	HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:50:20.0444 5468	HidBth - ok
13:50:20.0470 5468	HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:50:20.0473 5468	HidIr - ok
13:50:20.0506 5468	hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
13:50:20.0512 5468	hidserv - ok
13:50:20.0537 5468	HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
13:50:20.0540 5468	HidUsb - ok
13:50:20.0563 5468	hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
13:50:20.0570 5468	hkmsvc - ok
13:50:20.0596 5468	HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
13:50:20.0613 5468	HomeGroupListener - ok
13:50:20.0642 5468	HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
13:50:20.0660 5468	HomeGroupProvider - ok
13:50:20.0694 5468	HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
13:50:20.0697 5468	HpSAMD - ok
13:50:20.0747 5468	HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
13:50:20.0776 5468	HTTP - ok
13:50:20.0794 5468	hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
13:50:20.0796 5468	hwpolicy - ok
13:50:20.0841 5468	i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
13:50:20.0844 5468	i8042prt - ok
13:50:20.0885 5468	iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
13:50:20.0889 5468	iaStor - ok
13:50:20.0926 5468	iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
13:50:20.0939 5468	iaStorV - ok
13:50:21.0024 5468	idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:50:21.0062 5468	idsvc - ok
13:50:21.0097 5468	iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:50:21.0100 5468	iirsp - ok
13:50:21.0163 5468	IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
13:50:21.0203 5468	IKEEXT - ok
13:50:21.0308 5468	IntcAzAudAddService (f5aa166953fc4c03503e1345ef2d429a) C:\Windows\system32\drivers\RTKVHD64.sys
13:50:21.0408 5468	IntcAzAudAddService - ok
13:50:21.0496 5468	intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
13:50:21.0499 5468	intelide - ok
13:50:21.0523 5468	intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:50:21.0526 5468	intelppm - ok
13:50:21.0560 5468	IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:50:21.0566 5468	IPBusEnum - ok
13:50:21.0580 5468	IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:50:21.0583 5468	IpFilterDriver - ok
13:50:21.0665 5468	iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
13:50:21.0686 5468	iphlpsvc - ok
13:50:21.0710 5468	IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
13:50:21.0713 5468	IPMIDRV - ok
13:50:21.0752 5468	IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:50:21.0755 5468	IPNAT - ok
13:50:21.0853 5468	iPod Service (f8e8676d1b6b2cc12df9aa6b1a43d929) C:\Program Files\iPod\bin\iPodService.exe
13:50:21.0891 5468	iPod Service - ok
13:50:21.0896 5468	ipswuio - ok
13:50:21.0921 5468	IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:50:21.0924 5468	IRENUM - ok
13:50:21.0951 5468	isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
13:50:21.0953 5468	isapnp - ok
13:50:21.0974 5468	iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
13:50:21.0978 5468	iScsiPrt - ok
13:50:22.0071 5468	ISODrive (9c6f3f69163133fb8e56ac4a6e163452) C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
13:50:22.0073 5468	ISODrive - ok
13:50:22.0095 5468	kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:50:22.0097 5468	kbdclass - ok
13:50:22.0138 5468	kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
13:50:22.0141 5468	kbdhid - ok
13:50:22.0171 5468	KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
13:50:22.0176 5468	KeyIso - ok
13:50:22.0196 5468	KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
13:50:22.0199 5468	KSecDD - ok
13:50:22.0223 5468	KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
13:50:22.0227 5468	KSecPkg - ok
13:50:22.0247 5468	ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:50:22.0250 5468	ksthunk - ok
13:50:22.0308 5468	KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:50:22.0333 5468	KtmRm - ok
13:50:22.0368 5468	LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
13:50:22.0393 5468	LanmanServer - ok
13:50:22.0425 5468	LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
13:50:22.0444 5468	LanmanWorkstation - ok
13:50:22.0480 5468	lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
13:50:22.0482 5468	lirsgt - ok
13:50:22.0517 5468	lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:50:22.0521 5468	lltdio - ok
13:50:22.0570 5468	lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:50:22.0588 5468	lltdsvc - ok
13:50:22.0607 5468	lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:50:22.0614 5468	lmhosts - ok
13:50:22.0646 5468	LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:50:22.0649 5468	LSI_FC - ok
13:50:22.0685 5468	LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:50:22.0689 5468	LSI_SAS - ok
13:50:22.0704 5468	LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:50:22.0707 5468	LSI_SAS2 - ok
13:50:22.0724 5468	LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:50:22.0728 5468	LSI_SCSI - ok
13:50:22.0751 5468	luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:50:22.0755 5468	luafv - ok
13:50:22.0805 5468	lullaby (37b2618e3646d427771ae1719edadf9c) C:\Windows\system32\DRIVERS\lullaby.sys
13:50:22.0806 5468	lullaby - ok
13:50:22.0909 5468	McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
13:50:22.0925 5468	McComponentHostService - ok
13:50:22.0961 5468	mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
13:50:22.0964 5468	mcdbus - ok
13:50:22.0994 5468	Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
13:50:23.0001 5468	Mcx2Svc - ok
13:50:23.0025 5468	megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:50:23.0029 5468	megasas - ok
13:50:23.0060 5468	MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:50:23.0076 5468	MegaSR - ok
13:50:23.0153 5468	Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
13:50:23.0157 5468	Microsoft Office Groove Audit Service - ok
13:50:23.0185 5468	MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:50:23.0192 5468	MMCSS - ok
13:50:23.0210 5468	Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:50:23.0214 5468	Modem - ok
13:50:23.0254 5468	monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:50:23.0256 5468	monitor - ok
13:50:23.0281 5468	mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:50:23.0283 5468	mouclass - ok
13:50:23.0303 5468	mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:50:23.0305 5468	mouhid - ok
13:50:23.0328 5468	mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
13:50:23.0332 5468	mountmgr - ok
13:50:23.0357 5468	mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
13:50:23.0362 5468	mpio - ok
13:50:23.0378 5468	mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:50:23.0382 5468	mpsdrv - ok
13:50:23.0461 5468	MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
13:50:23.0512 5468	MpsSvc - ok
13:50:23.0534 5468	MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
13:50:23.0539 5468	MRxDAV - ok
13:50:23.0567 5468	mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:50:23.0572 5468	mrxsmb - ok
13:50:23.0598 5468	mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:50:23.0614 5468	mrxsmb10 - ok
13:50:23.0630 5468	mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:50:23.0634 5468	mrxsmb20 - ok
13:50:23.0663 5468	msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
13:50:23.0665 5468	msahci - ok
13:50:23.0689 5468	msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
13:50:23.0694 5468	msdsm - ok
13:50:23.0729 5468	MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:50:23.0738 5468	MSDTC - ok
13:50:23.0769 5468	Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:50:23.0772 5468	Msfs - ok
13:50:23.0786 5468	mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:50:23.0789 5468	mshidkmdf - ok
13:50:23.0801 5468	msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
13:50:23.0803 5468	msisadrv - ok
13:50:23.0838 5468	MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:50:23.0857 5468	MSiSCSI - ok
13:50:23.0861 5468	msiserver - ok
13:50:23.0902 5468	MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:50:23.0905 5468	MSKSSRV - ok
13:50:23.0927 5468	MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:50:23.0930 5468	MSPCLOCK - ok
13:50:23.0948 5468	MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:50:23.0952 5468	MSPQM - ok
13:50:23.0978 5468	MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
13:50:23.0994 5468	MsRPC - ok
13:50:24.0014 5468	mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
13:50:24.0015 5468	mssmbios - ok
13:50:24.0020 5468	MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:50:24.0021 5468	MSTEE - ok
13:50:24.0034 5468	MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:50:24.0036 5468	MTConfig - ok
13:50:24.0065 5468	MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
13:50:24.0066 5468	MTsensor - ok
13:50:24.0080 5468	Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:50:24.0082 5468	Mup - ok
13:50:24.0120 5468	napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
13:50:24.0146 5468	napagent - ok
13:50:24.0195 5468	NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:50:24.0212 5468	NativeWifiP - ok
13:50:24.0261 5468	NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
13:50:24.0284 5468	NDIS - ok
13:50:24.0309 5468	NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:50:24.0312 5468	NdisCap - ok
13:50:24.0332 5468	NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:50:24.0335 5468	NdisTapi - ok
13:50:24.0353 5468	Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
13:50:24.0356 5468	Ndisuio - ok
13:50:24.0377 5468	NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:50:24.0381 5468	NdisWan - ok
13:50:24.0398 5468	NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
13:50:24.0401 5468	NDProxy - ok
13:50:24.0413 5468	NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:50:24.0415 5468	NetBIOS - ok
13:50:24.0434 5468	NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
13:50:24.0439 5468	NetBT - ok
13:50:24.0460 5468	Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
13:50:24.0464 5468	Netlogon - ok
13:50:24.0495 5468	Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:50:24.0512 5468	Netman - ok
13:50:24.0585 5468	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:50:24.0612 5468	NetMsmqActivator - ok
13:50:24.0629 5468	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:50:24.0632 5468	NetPipeActivator - ok
13:50:24.0672 5468	netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:50:24.0697 5468	netprofm - ok
13:50:24.0702 5468	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:50:24.0704 5468	NetTcpActivator - ok
13:50:24.0710 5468	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:50:24.0713 5468	NetTcpPortSharing - ok
13:50:24.0787 5468	nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:50:24.0790 5468	nfrd960 - ok
13:50:24.0828 5468	NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
13:50:24.0852 5468	NlaSvc - ok
13:50:24.0870 5468	Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:50:24.0874 5468	Npfs - ok
13:50:24.0993 5468	NPWService (7e9c6bd6cfb752e0d5084c4c0725d49e) C:\Program Files (x86)\Generic\Network Printer Wizard\NPWService.exe
13:50:24.0999 5468	NPWService - ok
13:50:25.0021 5468	nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:50:25.0027 5468	nsi - ok
13:50:25.0050 5468	nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:50:25.0072 5468	nsiproxy - ok
13:50:25.0141 5468	Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
13:50:25.0200 5468	Ntfs - ok
13:50:25.0298 5468	Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:50:25.0300 5468	Null - ok
13:50:25.0929 5468	nvlddmkm (a963c2c276a97b088ded5d7a83be8052) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:50:25.0997 5468	nvlddmkm - ok
13:50:26.0120 5468	nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
13:50:26.0124 5468	nvraid - ok
13:50:26.0149 5468	nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
13:50:26.0154 5468	nvstor - ok
13:50:26.0268 5468	nvsvc (dd9d86051b8f7669aabf693530f380fe) C:\Windows\system32\nvvsvc.exe
13:50:26.0304 5468	nvsvc - ok
13:50:26.0469 5468	nvUpdatusService (4472183de09f80cb1b56f217d8e0ab9b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
13:50:26.0501 5468	nvUpdatusService - ok
13:50:26.0605 5468	nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
13:50:26.0610 5468	nv_agp - ok
13:50:26.0729 5468	odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:50:26.0743 5468	odserv - ok
13:50:26.0761 5468	ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
13:50:26.0765 5468	ohci1394 - ok
13:50:26.0792 5468	ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:50:26.0797 5468	ose - ok
13:50:26.0829 5468	p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:50:26.0852 5468	p2pimsvc - ok
13:50:26.0894 5468	p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:50:26.0919 5468	p2psvc - ok
13:50:26.0955 5468	Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:50:26.0959 5468	Parport - ok
13:50:26.0981 5468	partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
13:50:26.0985 5468	partmgr - ok
13:50:27.0008 5468	PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:50:27.0026 5468	PcaSvc - ok
13:50:27.0045 5468	pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
13:50:27.0048 5468	pci - ok
13:50:27.0066 5468	pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
13:50:27.0068 5468	pciide - ok
13:50:27.0091 5468	pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:50:27.0096 5468	pcmcia - ok
13:50:27.0108 5468	pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:50:27.0110 5468	pcw - ok
13:50:27.0142 5468	PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:50:27.0167 5468	PEAUTH - ok
13:50:27.0240 5468	PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
13:50:27.0304 5468	PeerDistSvc - ok
13:50:27.0370 5468	PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:50:27.0377 5468	PerfHost - ok
13:50:27.0497 5468	pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
13:50:27.0548 5468	pla - ok
13:50:27.0604 5468	PlugPlay (23157d583244400e1d7fbaee2e4b31b7) C:\Windows\system32\umpnpmgr.dll
13:50:27.0630 5468	PlugPlay - ok
13:50:27.0642 5468	PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:50:27.0650 5468	PNRPAutoReg - ok
13:50:27.0676 5468	PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:50:27.0685 5468	PNRPsvc - ok
13:50:27.0736 5468	PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
13:50:27.0780 5468	PolicyAgent - ok
13:50:27.0807 5468	Power  (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:50:27.0825 5468	Power - ok
13:50:27.0874 5468	PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
13:50:27.0878 5468	PptpMiniport - ok
13:50:27.0895 5468	Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:50:27.0900 5468	Processor - ok
13:50:27.0931 5468	ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
13:50:27.0950 5468	ProfSvc - ok
13:50:27.0982 5468	ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
13:50:27.0987 5468	ProtectedStorage - ok
13:50:28.0030 5468	Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
13:50:28.0035 5468	Psched - ok
13:50:28.0107 5468	ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:50:28.0157 5468	ql2300 - ok
13:50:28.0299 5468	ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:50:28.0304 5468	ql40xx - ok
13:50:28.0336 5468	QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:50:28.0354 5468	QWAVE - ok
13:50:28.0372 5468	QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:50:28.0376 5468	QWAVEdrv - ok
13:50:28.0391 5468	RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:50:28.0395 5468	RasAcd - ok
13:50:28.0419 5468	RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:50:28.0422 5468	RasAgileVpn - ok
13:50:28.0441 5468	RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:50:28.0450 5468	RasAuto - ok
13:50:28.0488 5468	Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:50:28.0492 5468	Rasl2tp - ok
13:50:28.0518 5468	RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
13:50:28.0544 5468	RasMan - ok
13:50:28.0566 5468	RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:50:28.0570 5468	RasPppoe - ok
13:50:28.0607 5468	RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:50:28.0611 5468	RasSstp - ok
13:50:28.0634 5468	rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
13:50:28.0650 5468	rdbss - ok
13:50:28.0661 5468	rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:50:28.0664 5468	rdpbus - ok
13:50:28.0676 5468	RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:50:28.0679 5468	RDPCDD - ok
13:50:28.0700 5468	RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
13:50:28.0703 5468	RDPDR - ok
13:50:28.0722 5468	RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:50:28.0723 5468	RDPENCDD - ok
13:50:28.0729 5468	RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:50:28.0731 5468	RDPREFMP - ok
13:50:28.0749 5468	RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
13:50:28.0753 5468	RDPWD - ok
13:50:28.0785 5468	rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
13:50:28.0790 5468	rdyboost - ok
13:50:28.0817 5468	RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:50:28.0822 5468	RemoteAccess - ok
13:50:28.0848 5468	RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:50:28.0855 5468	RemoteRegistry - ok
13:50:28.0885 5468	rimmptsk  (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys
13:50:28.0888 5468	rimmptsk - ok
13:50:28.0900 5468	rimsptsk (67f50c31713106fd1b0f286f86aa2b2e) C:\Windows\system32\DRIVERS\rimspx64.sys
13:50:28.0904 5468	rimsptsk - ok
13:50:28.0935 5468	rismxdp (4d7ef3d46346ec4c58784db964b365de) C:\Windows\system32\DRIVERS\rixdpx64.sys
13:50:28.0939 5468	rismxdp - ok
13:50:28.0952 5468	RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:50:28.0959 5468	RpcEptMapper - ok
13:50:28.0982 5468	RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:50:28.0987 5468	RpcLocator - ok
13:50:29.0013 5468	RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\System32\rpcss.dll
13:50:29.0021 5468	RpcSs - ok
13:50:29.0058 5468	rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:50:29.0061 5468	rspndr - ok
13:50:29.0101 5468	RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:50:29.0105 5468	RTL8167 - ok
13:50:29.0121 5468	s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
13:50:29.0147 5468	s3cap - ok
13:50:29.0287 5468	SacNetAgentService_C57C4F854F53 (4e548fc2c427455836b37a7c7d9923db) C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe
13:50:29.0289 5468	SacNetAgentService_C57C4F854F53 - ok
13:50:29.0323 5468	salmosa (6916a7c117888c6d1b28f7010a84654d) C:\Windows\system32\drivers\salmosa.sys
13:50:29.0327 5468	salmosa - ok
13:50:29.0357 5468	SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
13:50:29.0363 5468	SamSs - ok
13:50:29.0420 5468	sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
13:50:29.0425 5468	sbp2port - ok
13:50:29.0536 5468	SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
13:50:29.0604 5468	SBSDWSCService - ok
13:50:29.0631 5468	SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:50:29.0650 5468	SCardSvr - ok
13:50:29.0700 5468	scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
13:50:29.0704 5468	scfilter - ok
13:50:29.0765 5468	Schedule (ec56b171f85c7e855e7b0588ac503eea) C:\Windows\system32\schedsvc.dll
13:50:29.0833 5468	Schedule - ok
13:50:29.0869 5468	SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
13:50:29.0871 5468	SCPolicySvc - ok
13:50:29.0907 5468	sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
13:50:29.0911 5468	sdbus - ok
13:50:29.0931 5468	SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
13:50:29.0949 5468	SDRSVC - ok
13:50:29.0985 5468	secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:50:29.0988 5468	secdrv - ok
13:50:30.0004 5468	seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
13:50:30.0013 5468	seclogon - ok
13:50:30.0033 5468	SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
13:50:30.0051 5468	SENS - ok
13:50:30.0071 5468	SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:50:30.0077 5468	SensrSvc - ok
13:50:30.0097 5468	Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:50:30.0101 5468	Serenum - ok
13:50:30.0138 5468	Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:50:30.0142 5468	Serial - ok
13:50:30.0177 5468	sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:50:30.0181 5468	sermouse - ok
13:50:30.0225 5468	SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
13:50:30.0253 5468	SessionEnv - ok
13:50:30.0266 5468	sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
13:50:30.0268 5468	sffdisk - ok
13:50:30.0283 5468	sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
13:50:30.0286 5468	sffp_mmc - ok
13:50:30.0290 5468	sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
13:50:30.0292 5468	sffp_sd - ok
13:50:30.0305 5468	sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:50:30.0308 5468	sfloppy - ok
13:50:30.0352 5468	SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:50:30.0368 5468	SharedAccess - ok
13:50:30.0400 5468	ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
13:50:30.0417 5468	ShellHWDetection - ok
13:50:30.0439 5468	SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:50:30.0442 5468	SiSRaid2 - ok
13:50:30.0470 5468	SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:50:30.0473 5468	SiSRaid4 - ok
13:50:30.0492 5468	Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:50:30.0495 5468	Smb - ok
13:50:30.0525 5468	SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:50:30.0532 5468	SNMPTRAP - ok
13:50:30.0539 5468	spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:50:30.0541 5468	spldr - ok
13:50:30.0613 5468	spmgr (739db668dbd812285ecc553e64a5e212) C:\Program Files (x86)\ASUS\NB Probe\SPM\spmgr.exe
13:50:30.0615 5468	spmgr - ok
13:50:30.0665 5468	Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
13:50:30.0705 5468	Spooler - ok
13:50:30.0857 5468	sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
13:50:30.0965 5468	sppsvc - ok
13:50:31.0085 5468	sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:50:31.0093 5468	sppuinotify - ok
13:50:31.0148 5468	srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
13:50:31.0167 5468	srv - ok
13:50:31.0200 5468	srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
13:50:31.0214 5468	srv2 - ok
13:50:31.0241 5468	srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
13:50:31.0246 5468	srvnet - ok
13:50:31.0279 5468	SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:50:31.0297 5468	SSDPSRV - ok
13:50:31.0314 5468	SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:50:31.0334 5468	SstpSvc - ok
13:50:31.0446 5468	Stereo Service (a2abc52cd8a5b60262b220a17a92eb31) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
13:50:31.0450 5468	Stereo Service - ok
13:50:31.0475 5468	stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:50:31.0479 5468	stexstor - ok
13:50:31.0534 5468	stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
13:50:31.0565 5468	stisvc - ok
13:50:31.0583 5468	storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
13:50:31.0585 5468	storflt - ok
13:50:31.0600 5468	storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
13:50:31.0603 5468	storvsc - ok
13:50:31.0621 5468	swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
13:50:31.0623 5468	swenum - ok
13:50:31.0661 5468	swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:50:31.0684 5468	swprv - ok
13:50:31.0738 5468	SynTP (be7311da9d6833fa69ed04b744a1c8f8) C:\Windows\system32\DRIVERS\SynTP.sys
13:50:31.0742 5468	SynTP - ok
13:50:31.0829 5468	SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
13:50:31.0900 5468	SysMain - ok
13:50:32.0005 5468	TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
13:50:32.0036 5468	TabletInputService - ok
13:50:32.0262 5468	TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
13:50:32.0290 5468	TapiSrv - ok
13:50:32.0335 5468	TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:50:32.0346 5468	TBS - ok
13:50:32.0517 5468	Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
13:50:32.0573 5468	Tcpip - ok
13:50:32.0761 5468	TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
13:50:32.0775 5468	TCPIP6 - ok
13:50:33.0017 5468	tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
13:50:33.0021 5468	tcpipreg - ok
13:50:33.0043 5468	TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:50:33.0048 5468	TDPIPE - ok
13:50:33.0068 5468	TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
13:50:33.0072 5468	TDTCP - ok
13:50:33.0095 5468	tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
13:50:33.0099 5468	tdx - ok
13:50:33.0113 5468	TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
13:50:33.0115 5468	TermDD - ok
13:50:33.0159 5468	TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
13:50:33.0204 5468	TermService - ok
13:50:33.0221 5468	Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:50:33.0232 5468	Themes - ok
13:50:33.0266 5468	THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:50:33.0271 5468	THREADORDER - ok
13:50:33.0295 5468	TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:50:33.0306 5468	TrkWks - ok
13:50:33.0351 5468	TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
13:50:33.0403 5468	TrustedInstaller - ok
13:50:33.0423 5468	tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:50:33.0427 5468	tssecsrv - ok
13:50:33.0469 5468	tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
13:50:33.0473 5468	tunnel - ok
13:50:33.0504 5468	uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:50:33.0509 5468	uagp35 - ok
13:50:33.0532 5468	udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
13:50:33.0547 5468	udfs - ok
13:50:33.0604 5468	UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:50:33.0614 5468	UI0Detect - ok
13:50:33.0633 5468	uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
13:50:33.0638 5468	uliagpkx - ok
13:50:33.0658 5468	umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
13:50:33.0660 5468	umbus - ok
13:50:33.0681 5468	UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:50:33.0682 5468	UmPass - ok
13:50:33.0710 5468	UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
13:50:33.0728 5468	UmRdpService - ok
13:50:33.0753 5468	upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:50:33.0776 5468	upnphost - ok
13:50:33.0806 5468	usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
13:50:33.0809 5468	usbccgp - ok
13:50:33.0839 5468	usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
13:50:33.0843 5468	usbcir - ok
13:50:33.0864 5468	usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
13:50:33.0867 5468	usbehci - ok
13:50:33.0900 5468	usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
13:50:33.0916 5468	usbhub - ok
13:50:33.0939 5468	usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
13:50:33.0942 5468	usbohci - ok
13:50:34.0031 5468	usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:50:34.0035 5468	usbprint - ok
13:50:34.0099 5468	usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
13:50:34.0104 5468	usbscan - ok
13:50:34.0117 5468	USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:50:34.0122 5468	USBSTOR - ok
13:50:34.0137 5468	usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
13:50:34.0142 5468	usbuhci - ok
13:50:34.0181 5468	usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
13:50:34.0187 5468	usbvideo - ok
13:50:34.0236 5468	usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
13:50:34.0240 5468	usb_rndisx - ok
13:50:34.0269 5468	UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:50:34.0289 5468	UxSms - ok
13:50:34.0321 5468	VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
13:50:34.0326 5468	VaultSvc - ok
13:50:34.0368 5468	VClone (c5e70c4e64666db9d69c9f2fdae22428) C:\Windows\system32\DRIVERS\VClone.sys
13:50:34.0372 5468	VClone - ok
13:50:34.0395 5468	vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
13:50:34.0397 5468	vdrvroot - ok
13:50:34.0442 5468	vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
13:50:34.0471 5468	vds - ok
13:50:34.0500 5468	vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:50:34.0504 5468	vga - ok
13:50:34.0519 5468	VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:50:34.0523 5468	VgaSave - ok
13:50:34.0543 5468	vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
13:50:34.0550 5468	vhdmp - ok
13:50:34.0568 5468	viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
13:50:34.0572 5468	viaide - ok
13:50:34.0589 5468	vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
13:50:34.0596 5468	vmbus - ok
13:50:34.0616 5468	VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
13:50:34.0619 5468	VMBusHID - ok
13:50:34.0638 5468	volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
13:50:34.0641 5468	volmgr - ok
13:50:34.0665 5468	volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
13:50:34.0681 5468	volmgrx - ok
13:50:34.0699 5468	volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
13:50:34.0704 5468	volsnap - ok
13:50:34.0744 5468	vpcbus (abd9b4a7e2d0ae51a3b8df1af3152d61) C:\Windows\system32\DRIVERS\vpchbus.sys
13:50:34.0749 5468	vpcbus - ok
13:50:34.0789 5468	vpcnfltr (8acda395841538ce9713a67fe8b2a3eb) C:\Windows\system32\DRIVERS\vpcnfltr.sys
13:50:34.0791 5468	vpcnfltr - ok
13:50:34.0821 5468	vpcusb (31924e31bc315773e6d149b157db46d5) C:\Windows\system32\DRIVERS\vpcusb.sys
13:50:34.0825 5468	vpcusb - ok
13:50:34.0873 5468	vpcvmm (c5b651e52540e6f46da66574c74b4898) C:\Windows\system32\drivers\vpcvmm.sys
13:50:34.0877 5468	vpcvmm - ok
13:50:34.0916 5468	vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:50:34.0922 5468	vsmraid - ok
13:50:35.0012 5468	VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
13:50:35.0071 5468	VSS - ok
13:50:35.0171 5468	vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:50:35.0175 5468	vwifibus - ok
13:50:35.0200 5468	vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:50:35.0204 5468	vwififlt - ok
13:50:35.0239 5468	W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:50:35.0264 5468	W32Time - ok
13:50:35.0279 5468	WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:50:35.0283 5468	WacomPen - ok
13:50:35.0309 5468	WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:50:35.0313 5468	WANARP - ok
13:50:35.0318 5468	Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:50:35.0321 5468	Wanarpv6 - ok
13:50:35.0382 5468	wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
13:50:35.0436 5468	wbengine - ok
13:50:35.0535 5468	WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:50:35.0553 5468	WbioSrvc - ok
13:50:35.0636 5468	WBVGAservice (8dd42f233ec1317e5f7b0fc61e3d9bc2) C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe
13:50:35.0637 5468	WBVGAservice - ok
13:50:35.0691 5468	wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
13:50:35.0718 5468	wcncsvc - ok
13:50:35.0733 5468	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:50:35.0744 5468	WcsPlugInService - ok
13:50:35.0798 5468	Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:50:35.0802 5468	Wd - ok
13:50:35.0846 5468	Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:50:35.0879 5468	Wdf01000 - ok
13:50:35.0907 5468	WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:50:35.0926 5468	WdiServiceHost - ok
13:50:35.0931 5468	WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:50:35.0941 5468	WdiSystemHost - ok
13:50:35.0970 5468	WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
13:50:35.0987 5468	WebClient - ok
13:50:36.0014 5468	Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:50:36.0032 5468	Wecsvc - ok
13:50:36.0050 5468	wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:50:36.0070 5468	wercplsupport - ok
13:50:36.0095 5468	WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:50:36.0103 5468	WerSvc - ok
13:50:36.0180 5468	WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:50:36.0184 5468	WfpLwf - ok
13:50:36.0204 5468	WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:50:36.0208 5468	WIMMount - ok
13:50:36.0262 5468	WinDefend - ok
13:50:36.0273 5468	WinHttpAutoProxySvc - ok
13:50:36.0338 5468	Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:50:36.0372 5468	Winmgmt - ok
13:50:36.0468 5468	WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
13:50:36.0541 5468	WinRM - ok
13:50:36.0692 5468	WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
13:50:36.0696 5468	WinUsb - ok
13:50:36.0751 5468	Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:50:36.0813 5468	Wlansvc - ok
13:50:36.0833 5468	WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:50:36.0837 5468	WmiAcpi - ok
13:50:36.0889 5468	wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:50:36.0895 5468	wmiApSrv - ok
13:50:36.0946 5468	WMPNetworkSvc - ok
13:50:36.0976 5468	WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:50:36.0987 5468	WPCSvc - ok
13:50:37.0010 5468	WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
13:50:37.0018 5468	WPDBusEnum - ok
13:50:37.0040 5468	ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:50:37.0058 5468	ws2ifsl - ok
13:50:37.0095 5468	wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
13:50:37.0104 5468	wscsvc - ok
13:50:37.0108 5468	WSearch - ok
13:50:37.0208 5468	wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
13:50:37.0286 5468	wuauserv - ok
13:50:37.0384 5468	WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
13:50:37.0389 5468	WudfPf - ok
13:50:37.0420 5468	WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:50:37.0426 5468	WUDFRd - ok
13:50:37.0452 5468	wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
13:50:37.0461 5468	wudfsvc - ok
13:50:37.0479 5468	WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:50:37.0497 5468	WwanSvc - ok
13:50:37.0532 5468	MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:50:37.0598 5468	\Device\Harddisk0\DR0 - ok
13:50:37.0609 5468	Boot (0x1200) (30b1c92547ff7bd3cb77d06fde61eb10) \Device\Harddisk0\DR0\Partition0
13:50:37.0611 5468	\Device\Harddisk0\DR0\Partition0 - ok
13:50:37.0626 5468	Boot (0x1200) (183c968b1021fabdf800cbcbd3c7cd1c) \Device\Harddisk0\DR0\Partition1
13:50:37.0629 5468	\Device\Harddisk0\DR0\Partition1 - ok
13:50:37.0650 5468	Boot (0x1200) (e2b63ec515e9aed2ea5bb91429989fb2) \Device\Harddisk0\DR0\Partition2
13:50:37.0652 5468	\Device\Harddisk0\DR0\Partition2 - ok
13:50:37.0653 5468	============================================================
13:50:37.0653 5468	Scan finished
13:50:37.0653 5468	============================================================
13:50:37.0663 2440	Detected object count: 0
13:50:37.0663 2440	Actual detected object count: 0
13:50:49.0275 5392	Deinitialize success


----------



## Glaswegian (Dec 5, 2004)

Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)

Click *Scan*

Upon completion of the scan, click *Save log* and save it to your desktop, and post that log in your next reply for review. * Note - do NOT attempt any Fix yet. *

You will also notice another file created on the desktop named *MBR.dat*. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.


----------



## tanusgreystar (Oct 15, 2007)

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-02 16:37:53
-----------------------------
16:37:53.023 OS Version: Windows x64 6.1.7600 
16:37:53.023 Number of processors: 2 586 0x170A
16:37:53.024 ComputerName: LYN-PC UserName: Lyn
16:37:54.019 Initialize success
16:37:54.086 AVAST engine defs: 12050201
16:37:57.419 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:37:57.422 Disk 0 Vendor: ST950032 0002 Size: 476940MB BusType: 3
16:37:57.488 Disk 0 MBR read successfully
16:37:57.491 Disk 0 MBR scan
16:37:57.495 Disk 0 Windows 7 default MBR code
16:37:57.510 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:37:57.514 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 250371 MB offset 206848
16:37:57.518 Disk 0 Partition - 00 0F Extended LBA 226467 MB offset 512966656
16:37:57.551 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 226466 MB offset 512968704
16:37:57.586 Disk 0 scanning C:\Windows\system32\drivers
16:38:08.089 Service scanning
16:38:34.926 Modules scanning
16:38:34.936 Disk 0 trace - called modules:
16:38:35.007 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
16:38:35.013 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80072f4060]
16:38:35.019 3 CLASSPNP.SYS[fffff880013bc43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80061e2050]
16:38:37.189 AVAST engine scan C:\Windows
16:38:39.369 AVAST engine scan C:\Windows\system32
16:41:15.930 AVAST engine scan C:\Windows\system32\drivers
16:41:30.400 AVAST engine scan C:\Users\Lyn
16:47:53.226 Disk 0 MBR has been saved successfully to "C:\Users\Lyn\Desktop\MBR.dat"
16:47:53.232 The log file has been saved successfully to "C:\Users\Lyn\Desktop\aswMBR.txt"


----------



## Glaswegian (Dec 5, 2004)

Hi again

*Scan With RootKitUnHooker*


Please Download *Rootkit Unhooker* Save it to your desktop.
Now double-click on *RKUnhookerLE.exe *to run it.
Click the *Report *tab, then click *Scan*.
Check (Tick) *Drivers, Stealth*. Uncheck the rest. then Click *OK*.
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
Wait till the scanner has finished and then click *File, Save Report*.
Save the report somewhere where you can find it. Click *Close*.
Copy the entire contents of the report and paste it into a reply here.

*Note*** you may get the following warning - just click OK and continue.

*"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"*


----------



## tanusgreystar (Oct 15, 2007)

Exception code : 0xC0000005
Instruction address : 0x00402EAA
Attempt to read at address : 0xFFFFFFFF

I couldn't run it because Avast was running but then couldn't run it after stopping Avast and got this log.


----------



## Glaswegian (Dec 5, 2004)

Hi again

No worries  well use this instead.

Please download *RogueKiller*


Save it to the *Desktop*
Close *all* windows and browsers
*Windows Vista/7: Right-click the downloaded file and select 'Run as Administrator'*
Press: *SCAN*
A report will open on the Desktop: _*RKreport.txt*_

Please copy/paste the *RKreport.txt*, and post it in your reply.

*Note:*
If RogueKiller is blocked, do not hesitate to try running it again. 
If it still fails to run, right-click on the downloaded icon and select: *Rename*
Then, rename it to_ winlogon.exe _and try again.


----------



## tanusgreystar (Oct 15, 2007)

ok, will do Fri morning. Off to work!


----------



## tanusgreystar (Oct 15, 2007)

RogueKiller V7.4.3 [05/04/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Lyn [Admin rights]
Mode: Scan -- Date: 05/04/2012 11:31:36

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : SacReminderHDDV2N (C:\ProgramData\OfficeGuardianV2N\reminder\SacReminder.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-2867500651-1516734084-2197057008-1001[...]\Run : SacReminderHDDV2N (C:\ProgramData\OfficeGuardianV2N\reminder\SacReminder.exe) -> FOUND
[SUSP PATH] task9683075.job @ : C:\Users\Lyn\AppData\Local\Temp\0.1596429672686126.exe -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Rans.Gendarm ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost
216.240.133.193 www.google-analytics.com.
216.240.133.193 ad-emea.doubleclick.net.
216.240.133.193 www.statcounter.com.
69.72.252.254 www.google-analytics.com.
69.72.252.254 ad-emea.doubleclick.net.
69.72.252.254 www.statcounter.com.

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] a58cc3b39c0188e808b1512c10731f74
[BSP] c83f6d3cdea8c218388548da794008b8 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 250371 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 512966656 | Size: 226467 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt


----------



## Glaswegian (Dec 5, 2004)

Hi again

On the*RogueKiller* console, click the _Hosts_ tab.
Make sure the entries there are checked, if there is an option to do so.
Then, press the [HostFix] button.

Please provide the RKreport  (Mode: Delete) created on the Desktop.
(The _RKreport_ also opens using the _Report_ button on the console.)


----------



## tanusgreystar (Oct 15, 2007)

RogueKiller V7.4.3 [05/04/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Lyn [Admin rights]
Mode: HOSTSFix -- Date: 05/04/2012 22:36:34

¤¤¤ Bad processes: 3 ¤¤¤
[SUSP PATH] UACProxy.exe -- C:\ProgramData\OfficeGuardianV2N\UACProxy.exe -> KILLED [TermProc]
[SUSP PATH] SacNetAgent.exe -- C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe -> KILLED [TermProc]
[SUSP PATH] SacReminder.exe -- C:\ProgramData\OfficeGuardianV2N\Reminder\SacReminder.exe -> KILLED [TermProc]

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost
216.240.133.193 www.google-analytics.com.
216.240.133.193 ad-emea.doubleclick.net.
216.240.133.193 www.statcounter.com.
69.72.252.254 www.google-analytics.com.
69.72.252.254 ad-emea.doubleclick.net.
69.72.252.254 www.statcounter.com.

¤¤¤ Resetted HOSTS: ¤¤¤
127.0.0.1	localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt


----------



## Glaswegian (Dec 5, 2004)

Hi again

Please tell me if your system is running any better.


----------



## tanusgreystar (Oct 15, 2007)

Hi. Still redirecting and getting a popup window on the lower right of the screen advertising and offering spyware/virus removal. Thanks!


----------



## Glaswegian (Dec 5, 2004)

Hi again

Please *delete* your current copy of ComboFix (drag and drop on Recycle Bin) and download an updated version from one of these locations
*Link 1*
*Link 2*

Then double click ComboFix to run it - please include the log *C:\ComboFix.txt* in your next reply for further review.


----------



## tanusgreystar (Oct 15, 2007)

Hi. I hoped we would be done by now, but I'm going on vacation starting tomorrow so I won't be able to get back to you until after the 12th. I don't want to get booted, but I'm not able to bring the infected laptop with me. Not sure what to do about that. Thanks for your help! Hopefully we can pick it up again in a week.


----------



## Glaswegian (Dec 5, 2004)

Sure - simply post back here and I'll be able to pick up the thread.


----------



## tanusgreystar (Oct 15, 2007)

Hi. I'm still on vacation. Will be back Saturday. Thanks again!


----------



## Glaswegian (Dec 5, 2004)

OK - no worries.


----------



## tanusgreystar (Oct 15, 2007)

Running the scan in a moment.


----------



## tanusgreystar (Oct 15, 2007)

ComboFix 12-05-12.01 - Lyn 05/12/2012 18:13:47.9.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6143.4506 [GMT -4:00]
Running from: c:\users\Lyn\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-04-12 to 2012-05-12 )))))))))))))))))))))))))))))))
.
.
2012-05-12 22:22 . 2012-05-12 22:22	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-05-12 22:22 . 2012-05-12 22:22	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-05-06 15:13 . 2012-05-06 15:13	--------	d-----w-	c:\program files\iPod
2012-05-06 15:13 . 2012-05-06 15:14	--------	d-----w-	c:\program files\iTunes
2012-05-06 15:13 . 2012-05-06 15:14	--------	d-----w-	c:\program files (x86)\iTunes
2012-05-06 15:11 . 2012-05-06 15:11	--------	d-----w-	c:\program files (x86)\Apple Software Update
2012-05-06 15:10 . 2012-05-06 15:10	--------	d-----w-	c:\program files\Bonjour
2012-05-06 15:10 . 2012-05-06 15:10	--------	d-----w-	c:\program files (x86)\Bonjour
2012-05-04 17:03 . 2012-05-04 17:03	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2012-05-04 17:03 . 2012-05-04 17:03	157352	----a-w-	c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-04 17:03 . 2012-05-04 17:03	129976	----a-w-	c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-03 01:53 . 2012-05-03 01:57	35712	----a-w-	c:\windows\SysWow64\drivers\BlackBox.sys
2012-05-02 20:14 . 2012-05-02 20:14	--------	d-----w-	c:\users\Lyn\AppData\Local\Skyrim
2012-05-02 19:29 . 2012-05-02 19:42	--------	d-----w-	c:\program files (x86)\Black_Box
2012-04-26 07:25 . 2012-04-30 05:32	--------	d-----w-	C:\FRST
2012-04-24 02:25 . 2012-04-24 02:25	418464	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-24 02:25 . 2012-04-24 02:25	--------	d-----w-	c:\windows\system32\Macromed
2012-04-15 09:52 . 2012-03-20 07:51	8669240	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F3930A6F-6FDE-4FC8-B558-B2B94D132A46}\mpengine.dll
2012-04-13 14:30 . 2012-04-13 14:30	--------	d-----w-	C:\Perfect World Entertainment
2012-04-13 14:21 . 2012-04-13 13:00	258352	----a-w-	c:\windows\SysWow64\unicows.dll
2012-04-13 12:52 . 2012-04-14 03:11	--------	d-----w-	c:\users\Lyn\AppData\Local\PMB Files
2012-04-13 12:52 . 2012-04-13 12:53	--------	d-----w-	c:\programdata\PMB Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-24 02:25 . 2011-06-23 17:12	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-07 18:35 . 2012-04-07 18:35	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-04-07 18:35 . 2012-04-07 18:35	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-04-07 18:35 . 2012-04-07 18:35	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2012-04-07 18:35 . 2012-04-07 18:35	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2012-04-07 18:35 . 2012-04-07 18:35	76800	----a-w-	c:\windows\system32\tdc.ocx
2012-04-07 18:35 . 2012-04-07 18:35	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-04-07 18:35 . 2012-04-07 18:35	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2012-04-07 18:35 . 2012-04-07 18:35	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2012-04-07 18:35 . 2012-04-07 18:35	49664	----a-w-	c:\windows\system32\imgutil.dll
2012-04-07 18:35 . 2012-04-07 18:35	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2012-04-07 18:35 . 2012-04-07 18:35	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-04-07 18:35 . 2012-04-07 18:35	448512	----a-w-	c:\windows\system32\html.iec
2012-04-07 18:35 . 2012-04-07 18:35	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-04-07 18:35 . 2012-04-07 18:35	367104	----a-w-	c:\windows\SysWow64\html.iec
2012-04-07 18:35 . 2012-04-07 18:35	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2012-04-07 18:35 . 2012-04-07 18:35	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-04-07 18:35 . 2012-04-07 18:35	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-04-07 18:35 . 2012-04-07 18:35	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2012-04-07 18:35 . 2012-04-07 18:35	2308096	----a-w-	c:\windows\system32\jscript9.dll
2012-04-07 18:35 . 2012-04-07 18:35	222208	----a-w-	c:\windows\system32\msls31.dll
2012-04-07 18:35 . 2012-04-07 18:35	1798656	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-04-07 18:35 . 2012-04-07 18:35	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-04-07 18:35 . 2012-04-07 18:35	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2012-04-07 18:35 . 2012-04-07 18:35	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2012-04-07 18:35 . 2012-04-07 18:35	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2012-04-07 18:35 . 2012-04-07 18:35	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-04-07 18:35 . 2012-04-07 18:35	1427456	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-04-07 18:35 . 2012-04-07 18:35	1390080	----a-w-	c:\windows\system32\wininet.dll
2012-04-07 18:35 . 2012-04-07 18:35	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-04-07 18:35 . 2012-04-07 18:35	12288	----a-w-	c:\windows\system32\mshta.exe
2012-04-07 18:35 . 2012-04-07 18:35	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2012-04-07 18:35 . 2012-04-07 18:35	114176	----a-w-	c:\windows\system32\admparse.dll
2012-04-07 18:35 . 2012-04-07 18:35	1127424	----a-w-	c:\windows\SysWow64\wininet.dll
2012-04-07 18:35 . 2012-04-07 18:35	111616	----a-w-	c:\windows\system32\iesysprep.dll
2012-04-07 18:35 . 2012-04-07 18:35	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2012-04-07 18:35 . 2012-04-07 18:35	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2012-04-07 18:35 . 2012-04-07 18:35	85504	----a-w-	c:\windows\system32\iesetup.dll
2012-04-07 18:35 . 2012-04-07 18:35	603648	----a-w-	c:\windows\system32\vbscript.dll
2012-04-07 18:35 . 2012-04-07 18:35	30720	----a-w-	c:\windows\system32\licmgr10.dll
2012-04-07 18:35 . 2012-04-07 18:35	165888	----a-w-	c:\windows\system32\iexpress.exe
2012-04-07 18:35 . 2012-04-07 18:35	160256	----a-w-	c:\windows\system32\wextract.exe
2012-04-07 18:35 . 2012-04-07 18:35	1493504	----a-w-	c:\windows\system32\inetcpl.cpl
2012-04-07 18:34 . 2012-04-07 18:34	982912	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2012-04-07 18:34 . 2012-04-07 18:34	902656	----a-w-	c:\windows\system32\d2d1.dll
2012-04-07 18:34 . 2012-04-07 18:34	739840	----a-w-	c:\windows\SysWow64\d2d1.dll
2012-04-07 18:34 . 2012-04-07 18:34	662528	----a-w-	c:\windows\system32\XpsPrint.dll
2012-04-07 18:34 . 2012-04-07 18:34	470016	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2012-04-07 18:34 . 2012-04-07 18:34	442880	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2012-04-07 18:34 . 2012-04-07 18:34	4068864	----a-w-	c:\windows\system32\mf.dll
2012-04-07 18:34 . 2012-04-07 18:34	320512	----a-w-	c:\windows\system32\d3d10_1core.dll
2012-04-07 18:34 . 2012-04-07 18:34	3181568	----a-w-	c:\windows\SysWow64\mf.dll
2012-04-07 18:34 . 2012-04-07 18:34	283648	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2012-04-07 18:34 . 2012-04-07 18:34	265088	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2012-04-07 18:34 . 2012-04-07 18:34	257024	----a-w-	c:\windows\system32\mfreadwrite.dll
2012-04-07 18:34 . 2012-04-07 18:34	229888	----a-w-	c:\windows\system32\XpsRasterService.dll
2012-04-07 18:34 . 2012-04-07 18:34	218624	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2012-04-07 18:34 . 2012-04-07 18:34	206848	----a-w-	c:\windows\system32\mfps.dll
2012-04-07 18:34 . 2012-04-07 18:34	197120	----a-w-	c:\windows\system32\d3d10_1.dll
2012-04-07 18:34 . 2012-04-07 18:34	196608	----a-w-	c:\windows\SysWow64\mfreadwrite.dll
2012-04-07 18:34 . 2012-04-07 18:34	1888256	----a-w-	c:\windows\system32\WMVDECOD.DLL
2012-04-07 18:34 . 2012-04-07 18:34	1863680	----a-w-	c:\windows\system32\ExplorerFrame.dll
2012-04-07 18:34 . 2012-04-07 18:34	1837568	----a-w-	c:\windows\system32\d3d10warp.dll
2012-04-07 18:34 . 2012-04-07 18:34	1619456	----a-w-	c:\windows\SysWow64\WMVDECOD.DLL
2012-04-07 18:34 . 2012-04-07 18:34	161792	----a-w-	c:\windows\SysWow64\d3d10_1.dll
2012-04-07 18:34 . 2012-04-07 18:34	1540608	----a-w-	c:\windows\system32\DWrite.dll
2012-04-07 18:34 . 2012-04-07 18:34	1495040	----a-w-	c:\windows\SysWow64\ExplorerFrame.dll
2012-04-07 18:34 . 2012-04-07 18:34	144384	----a-w-	c:\windows\system32\cdd.dll
2012-04-07 18:34 . 2012-04-07 18:34	135168	----a-w-	c:\windows\SysWow64\XpsRasterService.dll
2012-04-07 18:34 . 2012-04-07 18:34	1170944	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2012-04-07 18:34 . 2012-04-07 18:34	1133568	----a-w-	c:\windows\system32\FntCache.dll
2012-04-07 18:34 . 2012-04-07 18:34	1074176	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-03-06 23:15 . 2012-03-26 01:46	41184	----a-w-	c:\windows\avastSS.scr
2012-03-06 23:15 . 2012-03-26 01:46	201352	----a-w-	c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2012-03-26 01:47	258520	----a-w-	c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2012-03-26 01:47	819032	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:04 . 2012-03-26 01:47	337240	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2012-03-26 01:47	53080	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-03-06 23:01 . 2012-03-26 01:47	59224	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2012-03-26 01:47	69976	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2012-03-26 01:47	24408	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-02-26 21:05 . 2010-06-01 18:52	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-02-23 14:18 . 2009-10-06 00:18	279656	------w-	c:\windows\system32\MpSigStub.exe
2009-04-08 14:31 . 2009-04-08 14:31	106496	----a-w-	c:\program files (x86)\Common Files\CPInstallAction.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-04-09_22.34.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-31 03:05 . 2011-08-31 03:05	50536 c:\windows\SysWOW64\jdns_sd.dll
+ 2011-08-31 03:05 . 2011-08-31 03:05	73064 c:\windows\SysWOW64\dnssd.dll
+ 2011-08-31 03:05 . 2011-08-31 03:05	83816 c:\windows\SysWOW64\dns-sd.exe
+ 2009-07-14 04:54 . 2012-05-12 22:24	16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-09 22:31	16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-12 22:24	32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-09 22:31	32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-09 22:31	16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-12 22:24	16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-06 00:29 . 2012-05-12 10:11	70646 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-12 10:11	49642 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-04-09 22:35	49642 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-10-06 00:15 . 2012-05-12 10:11	16750 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2867500651-1516734084-2197057008-1001_UserData.bin
+ 2011-08-31 03:05 . 2011-08-31 03:05	61288 c:\windows\system32\jdns_sd.dll
- 2009-07-14 05:30 . 2012-01-03 00:06	86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-05-06 15:11	86016 c:\windows\system32\DriverStore\infpub.dat
+ 2012-02-15 15:01 . 2012-02-15 15:01	52736 c:\windows\system32\DriverStore\FileRepository\usbaapl64.inf_amd64_neutral_c111aaecb61e9a2b\usbaapl64.sys
+ 2011-08-02 20:38 . 2011-08-02 20:38	22528 c:\windows\system32\DriverStore\FileRepository\netaapl64.inf_amd64_neutral_dc2cbd989eec1514\netaapl64.sys
+ 2011-08-31 03:05 . 2011-08-31 03:05	85864 c:\windows\system32\dnssd.dll
+ 2011-08-31 03:05 . 2011-08-31 03:05	96104 c:\windows\system32\dns-sd.exe
- 2009-10-06 03:07 . 2012-04-07 18:34	16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-06 03:07 . 2012-05-03 12:05	16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-06 03:07 . 2012-04-07 18:34	32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-06 03:07 . 2012-05-03 12:05	32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-03 12:05	16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-07 18:34	16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-04-11 06:56	76568 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-05-06 15:11 . 2012-05-06 15:11	27136 c:\windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
+ 2010-02-25 06:28 . 2012-04-20 02:13	3576 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-04-09 23:12 . 2012-04-09 23:12	9560 c:\windows\system32\NetworkList\Icons\{21D61C80-3B95-4F67-AB46-0F17AEE619E6}_48.bin
+ 2012-04-09 23:12 . 2012-04-09 23:12	4280 c:\windows\system32\NetworkList\Icons\{21D61C80-3B95-4F67-AB46-0F17AEE619E6}_32.bin
+ 2012-04-09 23:12 . 2012-04-09 23:12	2456 c:\windows\system32\NetworkList\Icons\{21D61C80-3B95-4F67-AB46-0F17AEE619E6}_24.bin
- 2012-04-09 22:30 . 2012-04-09 22:30	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-12 22:24 . 2012-05-12 22:24	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-12 22:24 . 2012-05-12 22:24	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-09 22:30 . 2012-04-09 22:30	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-13 23:24 . 2009-07-14 01:11	833024 c:\windows\SysWOW64\user32.dll
- 2009-07-13 23:24 . 2010-04-08 06:01	833024 c:\windows\SysWOW64\user32.dll
+ 2012-04-24 02:25 . 2012-04-24 02:25	353440 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_Plugin.exe
+ 2012-04-24 02:25 . 2012-04-24 02:25	253088 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2011-08-31 03:05 . 2011-08-31 03:05	178536 c:\windows\SysWOW64\dnssdX.dll
+ 2009-10-07 03:54 . 2012-05-12 22:08	357362 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-08-03 17:13 . 2012-05-12 17:33	732750 c:\windows\system32\perfh019.dat
- 2009-08-03 17:13 . 2012-04-01 19:05	732750 c:\windows\system32\perfh019.dat
+ 2009-07-14 02:36 . 2012-05-12 17:33	670178 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-01 19:05	670178 c:\windows\system32\perfh009.dat
- 2009-08-03 17:13 . 2012-04-01 19:05	154362 c:\windows\system32\perfc019.dat
+ 2009-08-03 17:13 . 2012-05-12 17:33	154362 c:\windows\system32\perfc019.dat
+ 2009-07-14 02:36 . 2012-05-12 17:33	125322 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-01 19:05	125322 c:\windows\system32\perfc009.dat
+ 2012-04-24 02:25 . 2012-04-24 02:25	630944 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_233_Plugin.exe
+ 2009-07-14 05:30 . 2012-05-06 15:11	143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-01-03 00:06	143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-01-03 00:04	143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-05-06 15:11	143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-08-31 03:05 . 2011-08-31 03:05	212840 c:\windows\system32\dnssdX.dll
+ 2009-07-14 05:01 . 2012-05-12 22:23	387248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-09 22:30	387248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-13 01:49 . 2012-04-16 03:42	387248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2867500651-1516734084-2197057008-1001-4096.dat
+ 2011-04-04 21:28 . 2012-05-12 22:23	929760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2867500651-1516734084-2197057008-1001-12288.dat
+ 2012-05-06 15:14 . 2012-05-06 15:14	380928 c:\windows\Installer\{CF8FFD12-602B-422D-AF1D-511B411E7632}\iTunesIco.exe
+ 2012-02-15 15:02 . 2012-02-15 15:02	236904 c:\windows\Installer\$PatchCache$\Managed\A977DA8BAD2856347A0DDAD3FC5CC5FF\5.1.1\OutlookChangeNotifierAddIn_x64.dll
+ 2012-02-15 15:02 . 2012-02-15 15:02	227176 c:\windows\Installer\$PatchCache$\Managed\A977DA8BAD2856347A0DDAD3FC5CC5FF\5.1.1\OutlookChangeNotifierAddIn.dll
+ 2012-04-24 02:25 . 2012-04-24 02:25	8797344 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
+ 2009-07-13 23:38 . 2009-07-14 01:41	1008640 c:\windows\system32\user32.dll
- 2009-07-13 23:38 . 2010-04-08 06:01	1008640 c:\windows\system32\user32.dll
+ 2012-02-15 15:01 . 2012-02-15 15:01	4547944 c:\windows\system32\DriverStore\FileRepository\usbaapl64.inf_amd64_neutral_c111aaecb61e9a2b\usbaaplrc.dll
+ 2010-04-20 00:29 . 2010-04-20 00:29	1721576 c:\windows\system32\DriverStore\FileRepository\netaapl64.inf_amd64_neutral_dc2cbd989eec1514\wdfcoinstaller01009.dll
- 2009-07-14 04:45 . 2011-09-23 03:35	3610726 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-04-11 06:26	3610726 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-03-07 00:42 . 2012-03-07 00:42	2323456 c:\windows\Installer\5e9fdfc.msi
+ 2012-03-07 00:39 . 2012-03-07 00:39	2682368 c:\windows\Installer\5e9fd18.msi
+ 2009-07-14 02:34 . 2012-05-12 10:58	10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-04-09 13:18	10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-04-24 02:25 . 2012-04-24 02:25	11589280 c:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll
+ 2011-02-06 04:55 . 2012-05-12 22:23	12470832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2867500651-1516734084-2197057008-1001-8192.dat
+ 2012-03-27 11:59 . 2012-03-27 11:59	49125888 c:\windows\Installer\5ea07e1.msi
+ 2012-03-07 00:33 . 2012-03-07 00:33	11105280 c:\windows\Installer\5e9fd77.msi
+ 2012-03-26 16:18 . 2012-03-26 16:18	20396032 c:\windows\Installer\5e9fca5.msi
+ 2012-04-04 13:32 . 2012-04-04 13:32	16613376 c:\windows\Installer\24203.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 21:08	143360	----a-w-	c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SacReminderHDDV2N"="c:\programdata\OfficeGuardianV2N\reminder\SacReminder.exe" [2010-11-18 862032]
"chromium"="c:\users\Lyn\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-04-28 1224176]
"MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2011-11-14 435672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DirectConsole2"="c:\program files (x86)\ASUS\Direct Console\Direct Console.exe" [2009-04-07 2861624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-07 159744]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Turbo Gear Help"="c:\program files (x86)\ASUS\Turbo Gear Extreme\GearHelp.exe" [2009-08-06 1026048]
"Turbo Gear"="c:\program files (x86)\ASUS\Turbo Gear Extreme\TurboGear.exe" [2009-08-06 2987520]
"Salmosa"="c:\program files (x86)\Razer\Salmosa\razerhid.exe" [2008-08-21 139264]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\Lyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2010-9-15 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 253088]
R3 BlackBox;BlackBox SR2; [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 EST_Server;Network USB Device;c:\windows\system32\DRIVERS\GenHC.sys [x]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-04 129976]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 CFUACProxy_officeguardianv2n;CFUACProxy_officeguardianv2n;c:\programdata\OfficeGuardianV2N\UACProxy.exe [2010-11-18 83792]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [x]
S2 NPWService;NPWService;c:\program files (x86)\Generic\Network Printer Wizard\NPWService.exe [2009-01-15 788480]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 SacNetAgentService_C57C4F854F53;SacNetAgentService_C57C4F854F53;c:\programdata\OfficeGuardianV2N\Reminder\SacNetAgent.exe [2010-11-18 163664]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-08 378472]
S2 WBVGAservice;WB VGA Service;c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [2009-02-06 72248]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\DRIVERS\GenBus.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 salmosa;Razer Salmosa;c:\windows\system32\drivers\salmosa.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 02:25]
.
2012-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001Core.job
- c:\users\Lyn\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-18 15:59]
.
2012-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001UA.job
- c:\users\Lyn\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-18 15:59]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15	135408	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 20:52	159744	----a-w-	c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-20 1833504]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 2184520]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Lyn\AppData\Roaming\Mozilla\Firefox\Profiles\d5d88x05.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2867500651-1516734084-2197057008-1001\Software\SecuROM\License information*]
"datasecu"=hex:7f,43,c7,10,e5,e7,73,fc,6a,5d,61,48,76,5a,80,1a,2c,03,81,57,ec,
57,f4,3d,3b,a3,47,dc,32,a3,33,5a,bf,b1,29,ad,e5,66,f6,50,96,de,92,ca,a5,17,\
"rkeysecu"=hex:de,c7,f0,77,cc,44,e2,a7,6d,05,f1,c1,86,cd,a4,c6
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\Razer\Salmosa\razertra.exe
c:\program files (x86)\Razer\Salmosa\razerofa.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\ASUS\NB Probe\SPM\spmgr.exe
c:\program files (x86)\ASUS\Net4Switch\Net4Switch.exe
c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe
.
**************************************************************************
.
Completion time: 2012-05-12 18:41:56 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-12 22:41
ComboFix2.txt 2012-04-24 20:23
ComboFix3.txt 2012-04-18 17:13
ComboFix4.txt 2012-04-10 03:47
ComboFix5.txt 2012-05-12 22:11
.
Pre-Run: 124,065,005,568 bytes free
Post-Run: 123,652,329,472 bytes free
.
- - End Of File - - F44DD5F2802345BB7C5EF847F2310346


----------



## Glaswegian (Dec 5, 2004)

Hi again

I'm still not seeing anything - do you still have the same issues?


----------



## tanusgreystar (Oct 15, 2007)

I just asked my fiance and there's been no redirects but she has popups. I've been having trouble seeing other computers on the network, especially the infected laptop. My other laptop and main pc intermittently. Could this be related? Thanks!


----------



## Glaswegian (Dec 5, 2004)

Hi

Not sure - Networking is not something I'm very familiar with, I'm afraid.

I want to have one last deep scan.

Download *Yorkyt.exe* and save to your Desktop.

Double click the *Yorkyt.exe* to run it, Vista or Windows 7 user right click and "Run as Administrator"










Select Yes to restart at the prompt.










Let it restart again when prompted.










Be patient as the tool is working after the 2nd reboot.










When you see the above, test to see if browser redirects are present or not.

Attach the Yorkyt.exe.log to your next message (it should be on your desktop)


----------



## tanusgreystar (Oct 15, 2007)

2012-05-14 22:24:29: ****************************************************
2012-05-14 22:24:29: Starting UP ... v 0.0.0.220
2012-05-14 22:24:29: ****************************************************
2012-05-14 22:24:29: Stop TPSRV returns: 2
2012-05-14 22:24:44: Listing processes...
2012-05-14 22:24:44: :[System Process]:0
2012-05-14 22:24:44: :System:4
2012-05-14 22:24:44: :smss.exe:364
2012-05-14 22:24:44: :csrss.exe:540
2012-05-14 22:24:44: :wininit.exe:584
2012-05-14 22:24:44: :csrss.exe:604
2012-05-14 22:24:44: :services.exe:648
2012-05-14 22:24:44: :lsass.exe:664
2012-05-14 22:24:44: :lsm.exe:672
2012-05-14 22:24:44: :svchost.exe:772
2012-05-14 22:24:44: :nvvsvc.exe:848
2012-05-14 22:24:44: :svchost.exe:876
2012-05-14 22:24:44: :svchost.exe:932
2012-05-14 22:24:44: :svchost.exe:984
2012-05-14 22:24:44: :svchost.exe:112
2012-05-14 22:24:44: :svchost.exe:1032
2012-05-14 22:24:44: :winlogon.exe:1104
2012-05-14 22:24:44: :svchost.exe:1188
2012-05-14 22:24:44: :FBAgent.exe:1292
2012-05-14 22:24:44: :AsLdrSrv.exe:1316
2012-05-14 22:24:44: :GFNEXSrv.exe:1360
2012-05-14 22:24:44: :AvastSvc.exe:1384
2012-05-14 22:24:44: :spoolsv.exe:1612
2012-05-14 22:24:44: :NvXDSync.exe:1632
2012-05-14 22:24:44: :nvvsvc.exe:1644
2012-05-14 22:24:44: :svchost.exe:1764
2012-05-14 22:24:44: :armsvc.exe:1416
2012-05-14 22:24:44: :AppleMobileDeviceService.exe:2036
2012-05-14 22:24:44: :mDNSResponder.exe:2084
2012-05-14 22:24:44: :UACProxy.exe:2124
2012-05-14 22:24:44: :svchost.exe:2152
2012-05-14 22:24:44: :NPWService.exe:2284
2012-05-14 22:24:44: :svchost.exe:2328
2012-05-14 22:24:44: :SacNetAgent.exe:2372
2012-05-14 22:24:44: :nvSCPAPISvr.exe:2420
2012-05-14 22:24:44: :svchost.exe:2448
2012-05-14 22:24:44: :WBVGAservice.exe:2528
2012-05-14 22:24:44: :svchost.exe:2552
2012-05-14 22:24:44: :SDWinSec.exe:2712
2012-05-14 22:24:44: :wbctlvga.exe:2804
2012-05-14 22:24:44: :daemonu.exe:2656
2012-05-14 22:24:44: :SearchIndexer.exe:2620
2012-05-14 22:24:44: :taskhost.exe:1776
2012-05-14 22:24:44: :taskeng.exe:2616
2012-05-14 22:24:44: :dwm.exe:3144
2012-05-14 22:24:44: :explorer.exe:3196
2012-05-14 22:24:44: :ControlDeckStartUp.exe:3212
2012-05-14 22:24:44: CHelper.exe:3232
2012-05-14 22:24:44: :ASPG.exe:3244
2012-05-14 22:24:44: :sensorsrv.exe:3260
2012-05-14 22:24:44: :ALU.exe:3268
2012-05-14 22:24:44: :wbctlvga.exe:3292
2012-05-14 22:24:44: :WmiPrvSE.exe:3428
2012-05-14 22:24:44: :HControl.exe:3496
2012-05-14 22:24:44: :MsgTranAgt64.exe:3552
2012-05-14 22:24:44: :Atouch64.exe:3592
2012-05-14 22:24:44: :wcourier.exe:3644
2012-05-14 22:24:44: :SynTPEnh.exe:3756
2012-05-14 22:24:44: :ATKOSD.exe:3768
2012-05-14 22:24:44: :nvtray.exe:3796
2012-05-14 22:24:44: :BJMYPRT.EXE:3820
2012-05-14 22:24:44: :WDC.exe:3940
2012-05-14 22:24:44: :SacReminder.exe:4012
2012-05-14 22:24:44: :chrome.exe:4020
2012-05-14 22:24:44: :MyTomTomSA.exe:4044
2012-05-14 22:24:44: :SSScheduler.exe:4072
2012-05-14 22:24:44: :MagicDisc.exe:3540
2012-05-14 22:24:44: :chrome.exe:1284
2012-05-14 22:24:44: :SynTPHelper.exe:3516
2012-05-14 22:24:44: :chrome.exe:3616
2012-05-14 22:24:44: :wmpnetwk.exe:4268
2012-05-14 22:24:44: :WmiPrvSE.exe:4448
2012-05-14 22:24:44: irect Console.exe:4504
2012-05-14 22:24:44: Media.exe:4576
2012-05-14 22:24:44: :ATKOSD2.exe:4608
2012-05-14 22:24:44: :GearHelp.exe:4716
2012-05-14 22:24:44: :TurboGear.exe:4728
2012-05-14 22:24:44: :WinMail.exe:4752
2012-05-14 22:24:44: :razerhid.exe:4760
2012-05-14 22:24:44: :jusched.exe:4776
2012-05-14 22:24:44: :AvastUI.exe:4784
2012-05-14 22:24:44: :iTunesHelper.exe:4808
2012-05-14 22:24:44: :razertra.exe:4984
2012-05-14 22:24:44: :iPodService.exe:5092
2012-05-14 22:24:44: :razerofa.exe:4216
2012-05-14 22:24:44: :OUTLOOK.EXE:4676
2012-05-14 22:24:44: :ADSMSrv.exe:5792
2012-05-14 22:24:44: :ADSMTray.exe:5800
2012-05-14 22:24:44: :spmgr.exe:5848
2012-05-14 22:24:44: :RAVCpl64.exe:5988
2012-05-14 22:24:44: :Net4Switch.exe:4904
2012-05-14 22:24:44: :wcourier.exe:1980
2012-05-14 22:24:44: :svchost.exe:4312
2012-05-14 22:24:44: :GoogleCrashHandler.exe:4900
2012-05-14 22:24:44: :GoogleCrashHandler64.exe:4596
2012-05-14 22:24:44: :firefox.exe:5812
2012-05-14 22:24:44: :SearchProtocolHost.exe:5712
2012-05-14 22:24:44: :SearchFilterHost.exe:2108
2012-05-14 22:24:44: :taskeng.exe:5708
2012-05-14 22:24:44: :audiodg.exe:5596
2012-05-14 22:24:44: :yorkyt.exe:4172
2012-05-14 22:24:44: :WmiPrvSE.exe:5000
2012-05-14 22:24:44: 
2012-05-14 22:24:44: Setting restore point
2012-05-14 22:25:12: RUN mode
2012-05-14 22:25:12: Determining autonomous or dropped mode...
2012-05-14 22:25:12: Autonomus mode
2012-05-14 22:25:12: ---------------------------------------------------------------------
2012-05-14 22:25:12: Found Service: AeLookupSvc
2012-05-14 22:25:12: Real Path: C:\Windows\System32\aelupsvc.dll
2012-05-14 22:25:12: Display Name: @%SystemRoot%\system32\aelupsvc.dll,-1
2012-05-14 22:25:12: Description: @%SystemRoot%\system32\aelupsvc.dll,-2
2012-05-14 22:25:12: ServiceDLL: System32\aelupsvc.dll
2012-05-14 22:25:12: File size: 0
2012-05-14 22:25:12: DLL File name: aelupsvc.dll
2012-05-14 22:25:12: Original File Name: aelupsvc.dll.mui
2012-05-14 22:25:12: Company: 
2012-05-14 22:25:12: Mod/Cre/Acc time: 
2012-05-14 22:25:12: ---------------------------------------------------------------------
2012-05-14 22:25:12: Found Service: AppIDSvc
2012-05-14 22:25:12: Real Path: C:\Windows\System32\appidsvc.dll
2012-05-14 22:25:12: Display Name: @%systemroot%\system32\appidsvc.dll,-100
2012-05-14 22:25:12: Description: @%systemroot%\system32\appidsvc.dll,-101
2012-05-14 22:25:12: ServiceDLL: System32\appidsvc.dll
2012-05-14 22:25:12: File size: 0
2012-05-14 22:25:12: DLL File name: appidsvc.dll
2012-05-14 22:25:12: Original File Name: appidsvc.dll.mui
2012-05-14 22:25:12: Company: 
2012-05-14 22:25:12: Mod/Cre/Acc time: 
2012-05-14 22:25:12: ---------------------------------------------------------------------
2012-05-14 22:25:12: Found Service: Appinfo
2012-05-14 22:25:12: Real Path: C:\Windows\System32\appinfo.dll
2012-05-14 22:25:12: Display Name: @%systemroot%\system32\appinfo.dll,-100
2012-05-14 22:25:12: Description: @%systemroot%\system32\appinfo.dll,-101
2012-05-14 22:25:12: ServiceDLL: System32\appinfo.dll
2012-05-14 22:25:12: File size: 0
2012-05-14 22:25:12: DLL File name: appinfo.dll
2012-05-14 22:25:12: Original File Name: appinfo.dll.mui
2012-05-14 22:25:12: Company: 
2012-05-14 22:25:12: Mod/Cre/Acc time: 
2012-05-14 22:25:12: ---------------------------------------------------------------------
2012-05-14 22:25:12: Found Service: AppMgmt
2012-05-14 22:25:12: Real Path: C:\Windows\System32\appmgmts.dll
2012-05-14 22:25:12: Display Name: @appmgmts.dll,-3250
2012-05-14 22:25:12: Description: @appmgmts.dll,-3251
2012-05-14 22:25:12: ServiceDLL: System32\appmgmts.dll
2012-05-14 22:25:12: File size: 149504
2012-05-14 22:25:12: DLL File name: appmgmts.dll
2012-05-14 22:25:12: Original File Name: appmgmts.dll.mui
2012-05-14 22:25:12: Company: 
2012-05-14 22:25:12: Mod/Cre/Acc time: 20090713211453 20090713193834 20090713193834
2012-05-14 22:25:12: ---------------------------------------------------------------------
2012-05-14 22:25:12: Found Service: AudioEndpointBuilder
2012-05-14 22:25:12: Real Path: C:\Windows\System32\Audiosrv.dll
2012-05-14 22:25:12: Display Name: @%SystemRoot%\system32\audiosrv.dll,-204
2012-05-14 22:25:12: Description: @%SystemRoot%\System32\audiosrv.dll,-205
2012-05-14 22:25:12: ServiceDLL: System32\Audiosrv.dll
2012-05-14 22:25:12: File size: 0
2012-05-14 22:25:12: DLL File name: Audiosrv.dll
2012-05-14 22:25:12: Original File Name: audiosrv.dll.mui
2012-05-14 22:25:12: Company: 
2012-05-14 22:25:12: Mod/Cre/Acc time: 
2012-05-14 22:25:12: ---------------------------------------------------------------------
2012-05-14 22:25:12: Found Service: AudioSrv
2012-05-14 22:25:12: Real Path: C:\Windows\System32\Audiosrv.dll
2012-05-14 22:25:12: Display Name: @%SystemRoot%\system32\audiosrv.dll,-200
2012-05-14 22:25:12: Description: @%SystemRoot%\System32\audiosrv.dll,-201
2012-05-14 22:25:12: ServiceDLL: System32\Audiosrv.dll
2012-05-14 22:25:12: File size: 0
2012-05-14 22:25:12: DLL File name: Audiosrv.dll
2012-05-14 22:25:12: Original File Name: audiosrv.dll.mui
2012-05-14 22:25:12: Company: 
2012-05-14 22:25:12: Mod/Cre/Acc time: 
2012-05-14 22:25:12: ---------------------------------------------------------------------
2012-05-14 22:25:12: Found Service: AxInstSV
2012-05-14 22:25:12: Real Path: C:\Windows\System32\AxInstSV.dll
2012-05-14 22:25:12: Display Name: @%SystemRoot%\system32\AxInstSV.dll,-103
2012-05-14 22:25:12: Description: @%SystemRoot%\system32\AxInstSV.dll,-104
2012-05-14 22:25:12: ServiceDLL: System32\AxInstSV.dll
2012-05-14 22:25:12: File size: 0
2012-05-14 22:25:12: DLL File name: AxInstSV.dll
2012-05-14 22:25:12: Original File Name: AxInstSv.dll.mui
2012-05-14 22:25:12: Company: 
2012-05-14 22:25:12: Mod/Cre/Acc time: 
2012-05-14 22:25:12: ---------------------------------------------------------------------
2012-05-14 22:25:12: Found Service: BDESVC
2012-05-14 22:25:12: Real Path: C:\Windows\System32\bdesvc.dll
2012-05-14 22:25:12: Display Name: @%SystemRoot%\system32\bdesvc.dll,-100
2012-05-14 22:25:12: Description: @%SystemRoot%\system32\bdesvc.dll,-101
2012-05-14 22:25:12: ServiceDLL: System32\bdesvc.dll
2012-05-14 22:25:12: File size: 0
2012-05-14 22:25:12: DLL File name: bdesvc.dll
2012-05-14 22:25:12: Original File Name: BDESVC.DLL.MUI
2012-05-14 22:25:12: Company: 
2012-05-14 22:25:12: Mod/Cre/Acc time: 
2012-05-14 22:25:13: ---------------------------------------------------------------------
2012-05-14 22:25:13: Found Service: BFE
2012-05-14 22:25:13: Real Path: C:\Windows\System32\bfe.dll
2012-05-14 22:25:13: Display Name: @%SystemRoot%\system32\bfe.dll,-1001
2012-05-14 22:25:13: Description: @%SystemRoot%\system32\bfe.dll,-1002
2012-05-14 22:25:13: ServiceDLL: System32\bfe.dll
2012-05-14 22:25:13: File size: 0
2012-05-14 22:25:13: DLL File name: bfe.dll
2012-05-14 22:25:13: Original File Name: BFE.DLL.MUI
2012-05-14 22:25:13: Company: 
2012-05-14 22:25:13: Mod/Cre/Acc time: 
2012-05-14 22:25:13: ---------------------------------------------------------------------
2012-05-14 22:25:13: Found Service: BITS
2012-05-14 22:25:13: Real Path: C:\Windows\system32\qmgr.dll
2012-05-14 22:25:13: Display Name: @%SystemRoot%\system32\qmgr.dll,-1000
2012-05-14 22:25:13: Description: @%SystemRoot%\system32\qmgr.dll,-1001
2012-05-14 22:25:13: ServiceDLL: system32\qmgr.dll
2012-05-14 22:25:13: File size: 0
2012-05-14 22:25:13: DLL File name: qmgr.dll
2012-05-14 22:25:13: Original File Name: qmgr.dll.mui
2012-05-14 22:25:13: Company: 
2012-05-14 22:25:13: Mod/Cre/Acc time: 
2012-05-14 22:25:13: ---------------------------------------------------------------------
2012-05-14 22:25:13: Found Service: Browser
2012-05-14 22:25:13: Real Path: C:\Windows\System32\browser.dll
2012-05-14 22:25:13: Display Name: @%systemroot%\system32\browser.dll,-100
2012-05-14 22:25:13: Description: @%systemroot%\system32\browser.dll,-101
2012-05-14 22:25:13: ServiceDLL: System32\browser.dll
2012-05-14 22:25:13: File size: 0
2012-05-14 22:25:13: DLL File name: browser.dll
2012-05-14 22:25:13: Original File Name: browser.dll.mui
2012-05-14 22:25:13: Company: 
2012-05-14 22:25:13: Mod/Cre/Acc time: 
2012-05-14 22:25:13: ---------------------------------------------------------------------
2012-05-14 22:25:13: Found Service: bthserv
2012-05-14 22:25:13: Real Path: C:\Windows\system32\bthserv.dll
2012-05-14 22:25:13: Display Name: @%SystemRoot%\System32\bthserv.dll,-101
2012-05-14 22:25:13: Description: @%SystemRoot%\System32\bthserv.dll,-102
2012-05-14 22:25:13: ServiceDLL: system32\bthserv.dll
2012-05-14 22:25:13: File size: 0
2012-05-14 22:25:13: DLL File name: bthserv.dll
2012-05-14 22:25:13: Original File Name: BTHSERV.DLL.MUI
2012-05-14 22:25:13: Company: 
2012-05-14 22:25:13: Mod/Cre/Acc time: 
2012-05-14 22:25:13: ---------------------------------------------------------------------
2012-05-14 22:25:13: Found Service: CertPropSvc
2012-05-14 22:25:13: Real Path: C:\Windows\System32\certprop.dll
2012-05-14 22:25:13: Display Name: @%SystemRoot%\System32\certprop.dll,-11
2012-05-14 22:25:13: Description: @%SystemRoot%\System32\certprop.dll,-12
2012-05-14 22:25:13: ServiceDLL: System32\certprop.dll
2012-05-14 22:25:13: File size: 0
2012-05-14 22:25:13: DLL File name: certprop.dll
2012-05-14 22:25:13: Original File Name: certprop.dll.mui
2012-05-14 22:25:13: Company: 
2012-05-14 22:25:13: Mod/Cre/Acc time: 
2012-05-14 22:25:13: ---------------------------------------------------------------------
2012-05-14 22:25:13: Found Service: CryptSvc
2012-05-14 22:25:13: Real Path: C:\Windows\system32\cryptsvc.dll
2012-05-14 22:25:13: Display Name: @%SystemRoot%\system32\cryptsvc.dll,-1001
2012-05-14 22:25:13: Description: @%SystemRoot%\system32\cryptsvc.dll,-1002
2012-05-14 22:25:13: ServiceDLL: system32\cryptsvc.dll
2012-05-14 22:25:13: File size: 135680
2012-05-14 22:25:13: DLL File name: cryptsvc.dll
2012-05-14 22:25:13: Original File Name: cryptsvc.dll.mui
2012-05-14 22:25:13: Company: 
2012-05-14 22:25:13: Mod/Cre/Acc time: 20090713211507 20090713193303 20090713193303
2012-05-14 22:25:13: ---------------------------------------------------------------------
2012-05-14 22:25:13: Found Service: CscService
2012-05-14 22:25:13: Real Path: C:\Windows\System32\cscsvc.dll
2012-05-14 22:25:13: Display Name: @%systemroot%\system32\cscsvc.dll,-200
2012-05-14 22:25:13: Description: @%systemroot%\system32\cscsvc.dll,-201
2012-05-14 22:25:13: ServiceDLL: System32\cscsvc.dll
2012-05-14 22:25:13: File size: 0
2012-05-14 22:25:13: DLL File name: cscsvc.dll
2012-05-14 22:25:13: Original File Name: cscsvc.dll.mui
2012-05-14 22:25:13: Company: 
2012-05-14 22:25:13: Mod/Cre/Acc time: 
2012-05-14 22:25:13: ---------------------------------------------------------------------
2012-05-14 22:25:13: Found Service: DcomLaunch
2012-05-14 22:25:13: Real Path: C:\Windows\system32\rpcss.dll
2012-05-14 22:25:13: Display Name: @oleres.dll,-5012
2012-05-14 22:25:13: Description: @oleres.dll,-5013
2012-05-14 22:25:13: ServiceDLL: system32\rpcss.dll
2012-05-14 22:25:13: File size: 0
2012-05-14 22:25:13: DLL File name: rpcss.dll
2012-05-14 22:25:13: Original File Name: rpcss.dll
2012-05-14 22:25:13: Company: 
2012-05-14 22:25:13: Mod/Cre/Acc time: 
2012-05-14 22:25:13: ---------------------------------------------------------------------
2012-05-14 22:25:13: Found Service: defragsvc
2012-05-14 22:25:13: Real Path: C:\Windows\System32\defragsvc.dll
2012-05-14 22:25:13: Display Name: @%SystemRoot%\system32\defragsvc.dll,-101
2012-05-14 22:25:13: Description: @%SystemRoot%\system32\defragsvc.dll,-102
2012-05-14 22:25:13: ServiceDLL: System32\defragsvc.dll
2012-05-14 22:25:13: File size: 0
2012-05-14 22:25:13: DLL File name: defragsvc.dll
2012-05-14 22:25:13: Original File Name: defragsvc.dll.mui
2012-05-14 22:25:13: Company: 
2012-05-14 22:25:13: Mod/Cre/Acc time: 
2012-05-14 22:25:13: ---------------------------------------------------------------------
2012-05-14 22:25:13: Found Service: Dhcp
2012-05-14 22:25:13: Real Path: C:\Windows\system32\dhcpcore.dll
2012-05-14 22:25:13: Display Name: @%SystemRoot%\system32\dhcpcore.dll,-100
2012-05-14 22:25:13: Description: @%SystemRoot%\system32\dhcpcore.dll,-101
2012-05-14 22:25:13: ServiceDLL: system32\dhcpcore.dll
2012-05-14 22:25:13: File size: 253440
2012-05-14 22:25:13: DLL File name: dhcpcore.dll
2012-05-14 22:25:13: Original File Name: dhcpcore.dll.mui
2012-05-14 22:25:13: Company: 
2012-05-14 22:25:13: Mod/Cre/Acc time: 20090713211511 20090713191216 20090713191216
2012-05-14 22:25:13: ---------------------------------------------------------------------
2012-05-14 22:25:13: Found Service: Dnscache
2012-05-14 22:25:13: Real Path: C:\Windows\System32\dnsrslvr.dll
2012-05-14 22:25:13: Display Name: @%SystemRoot%\System32\dnsapi.dll,-101
2012-05-14 22:25:13: Description: @%SystemRoot%\System32\dnsapi.dll,-102
2012-05-14 22:25:13: ServiceDLL: System32\dnsrslvr.dll
2012-05-14 22:25:13: File size: 0
2012-05-14 22:25:13: DLL File name: dnsrslvr.dll
2012-05-14 22:25:13: Original File Name: dnsrslvr.dll.mui
2012-05-14 22:25:13: Company: 
2012-05-14 22:25:13: Mod/Cre/Acc time: 
2012-05-14 22:25:13: ---------------------------------------------------------------------
2012-05-14 22:25:13: Found Service: dot3svc
2012-05-14 22:25:13: Real Path: C:\Windows\System32\dot3svc.dll
2012-05-14 22:25:13: Display Name: @%systemroot%\system32\dot3svc.dll,-1102
2012-05-14 22:25:13: Description: @%systemroot%\system32\dot3svc.dll,-1103
2012-05-14 22:25:13: ServiceDLL: System32\dot3svc.dll
2012-05-14 22:25:13: File size: 0
2012-05-14 22:25:13: DLL File name: dot3svc.dll
2012-05-14 22:25:13: Original File Name: dot3svc.dll.mui
2012-05-14 22:25:13: Company: 
2012-05-14 22:25:13: Mod/Cre/Acc time: 
2012-05-14 22:25:13: ---------------------------------------------------------------------
2012-05-14 22:25:13: Found Service: DPS
2012-05-14 22:25:13: Real Path: C:\Windows\system32\dps.dll
2012-05-14 22:25:13: Display Name: @%systemroot%\system32\dps.dll,-500
2012-05-14 22:25:13: Description: @%systemroot%\system32\dps.dll,-501
2012-05-14 22:25:13: ServiceDLL: system32\dps.dll
2012-05-14 22:25:13: File size: 0
2012-05-14 22:25:13: DLL File name: dps.dll
2012-05-14 22:25:13: Original File Name: dps.dll.mui
2012-05-14 22:25:13: Company: 
2012-05-14 22:25:13: Mod/Cre/Acc time: 
2012-05-14 22:25:13: ---------------------------------------------------------------------
2012-05-14 22:25:13: Found Service: EapHost
2012-05-14 22:25:13: Real Path: C:\Windows\System32\eapsvc.dll
2012-05-14 22:25:13: Display Name: @%systemroot%\system32\eapsvc.dll,-1
2012-05-14 22:25:13: Description: @%systemroot%\system32\eapsvc.dll,-2
2012-05-14 22:25:13: ServiceDLL: System32\eapsvc.dll
2012-05-14 22:25:13: File size: 0
2012-05-14 22:25:13: DLL File name: eapsvc.dll
2012-05-14 22:25:13: Original File Name: eapsvc.dll.mui
2012-05-14 22:25:13: Company: 
2012-05-14 22:25:13: Mod/Cre/Acc time: 
2012-05-14 22:25:14: ---------------------------------------------------------------------
2012-05-14 22:25:14: Found Service: EventSystem
2012-05-14 22:25:14: Real Path: C:\Windows\system32\es.dll
2012-05-14 22:25:14: Display Name: @comres.dll,-2450
2012-05-14 22:25:14: Description: @comres.dll,-2451
2012-05-14 22:25:14: ServiceDLL: system32\es.dll
2012-05-14 22:25:14: File size: 271360
2012-05-14 22:25:14: DLL File name: es.dll
2012-05-14 22:25:14: Original File Name: ES.DLL
2012-05-14 22:25:14: Company: 
2012-05-14 22:25:14: Mod/Cre/Acc time: 20090713211519 20090713194438 20090713194438
2012-05-14 22:25:14: ---------------------------------------------------------------------
2012-05-14 22:25:14: Found Service: fdPHost
2012-05-14 22:25:14: Real Path: C:\Windows\system32\fdPHost.dll
2012-05-14 22:25:14: Display Name: @%systemroot%\system32\fdPHost.dll,-100
2012-05-14 22:25:14: Description: @%systemroot%\system32\fdPHost.dll,-101
2012-05-14 22:25:14: ServiceDLL: system32\fdPHost.dll
2012-05-14 22:25:14: File size: 0
2012-05-14 22:25:14: DLL File name: fdPHost.dll
2012-05-14 22:25:14: Original File Name: fdPHost.dll.mui
2012-05-14 22:25:14: Company: 
2012-05-14 22:25:14: Mod/Cre/Acc time: 
2012-05-14 22:25:14: ---------------------------------------------------------------------
2012-05-14 22:25:14: Found Service: FDResPub
2012-05-14 22:25:14: Real Path: C:\Windows\system32\fdrespub.dll
2012-05-14 22:25:14: Display Name: @%systemroot%\system32\fdrespub.dll,-100
2012-05-14 22:25:14: Description: @%systemroot%\system32\fdrespub.dll,-101
2012-05-14 22:25:14: ServiceDLL: system32\fdrespub.dll
2012-05-14 22:25:14: File size: 0
2012-05-14 22:25:14: DLL File name: fdrespub.dll
2012-05-14 22:25:14: Original File Name: FDResPub.dll.mui
2012-05-14 22:25:14: Company: 
2012-05-14 22:25:14: Mod/Cre/Acc time: 
2012-05-14 22:25:14: !!!!!!!
2012-05-14 22:25:14: Found Service: FontCache
2012-05-14 22:25:14: Real Path: C:\Windows\system32\FntCache.dll
2012-05-14 22:25:14: Display Name: @%systemroot%\system32\FntCache.dll,-100
2012-05-14 22:25:14: Description: @%systemroot%\system32\FntCache.dll,-101
2012-05-14 22:25:14: ServiceDLL: system32\FntCache.dll
2012-05-14 22:25:14: File size: 0
2012-05-14 22:25:14: DLL File name: FntCache.dll
2012-05-14 22:25:14: Original File Name: FontCacheService
2012-05-14 22:25:14: Company: 
2012-05-14 22:25:14: Mod/Cre/Acc time: 
2012-05-14 22:25:14: !!!!!!!!!
2012-05-14 22:25:14: ---------------------------------------------------------------------
2012-05-14 22:25:14: Found Service: gpsvc
2012-05-14 22:25:14: Real Path: C:\Windows\System32\gpsvc.dll
2012-05-14 22:25:14: Display Name: @gpapi.dll,-112
2012-05-14 22:25:14: Description: @gpapi.dll,-113
2012-05-14 22:25:14: ServiceDLL: System32\gpsvc.dll
2012-05-14 22:25:14: File size: 0
2012-05-14 22:25:14: DLL File name: gpsvc.dll
2012-05-14 22:25:14: Original File Name: gpsvc.dll.mui
2012-05-14 22:25:14: Company: 
2012-05-14 22:25:14: Mod/Cre/Acc time: 
2012-05-14 22:25:14: ---------------------------------------------------------------------
2012-05-14 22:25:14: Found Service: hidserv
2012-05-14 22:25:14: Real Path: C:\Windows\System32\hidserv.dll
2012-05-14 22:25:14: Display Name: @%SystemRoot%\System32\hidserv.dll,-101
2012-05-14 22:25:14: Description: @%SystemRoot%\System32\hidserv.dll,-102
2012-05-14 22:25:14: ServiceDLL: System32\hidserv.dll
2012-05-14 22:25:14: File size: 49152
2012-05-14 22:25:14: DLL File name: hidserv.dll
2012-05-14 22:25:14: Original File Name: HIDSERV.DLL.MUI
2012-05-14 22:25:14: Company: 
2012-05-14 22:25:14: Mod/Cre/Acc time: 20090713211524 20090713195109 20090713195109
2012-05-14 22:25:14: ---------------------------------------------------------------------
2012-05-14 22:25:14: Found Service: hkmsvc
2012-05-14 22:25:14: Real Path: C:\Windows\system32\kmsvc.dll
2012-05-14 22:25:14: Display Name: @%SystemRoot%\system32\kmsvc.dll,-6
2012-05-14 22:25:14: Description: @%SystemRoot%\system32\kmsvc.dll,-7
2012-05-14 22:25:14: ServiceDLL: system32\kmsvc.dll
2012-05-14 22:25:14: File size: 0
2012-05-14 22:25:14: DLL File name: kmsvc.dll
2012-05-14 22:25:14: Original File Name: KmSvc.DLL.MUI
2012-05-14 22:25:14: Company: 
2012-05-14 22:25:14: Mod/Cre/Acc time: 
2012-05-14 22:25:14: ---------------------------------------------------------------------
2012-05-14 22:25:14: Found Service: HomeGroupListener
2012-05-14 22:25:14: Real Path: C:\Windows\system32\ListSvc.dll
2012-05-14 22:25:14: Display Name: @%SystemRoot%\System32\ListSvc.dll,-100
2012-05-14 22:25:14: Description: @%SystemRoot%\System32\ListSvc.dll,-101
2012-05-14 22:25:14: ServiceDLL: system32\ListSvc.dll
2012-05-14 22:25:14: File size: 0
2012-05-14 22:25:14: DLL File name: ListSvc.dll
2012-05-14 22:25:14: Original File Name: ListSvc.dll.mui
2012-05-14 22:25:14: Company: 
2012-05-14 22:25:14: Mod/Cre/Acc time: 
2012-05-14 22:25:14: ---------------------------------------------------------------------
2012-05-14 22:25:14: Found Service: HomeGroupProvider
2012-05-14 22:25:14: Real Path: C:\Windows\system32\provsvc.dll
2012-05-14 22:25:14: Display Name: @%SystemRoot%\System32\provsvc.dll,-100
2012-05-14 22:25:14: Description: @%SystemRoot%\System32\provsvc.dll,-101
2012-05-14 22:25:14: ServiceDLL: system32\provsvc.dll
2012-05-14 22:25:14: File size: 165376
2012-05-14 22:25:14: DLL File name: provsvc.dll
2012-05-14 22:25:14: Original File Name: provsvc.dll.mui
2012-05-14 22:25:14: Company: 
2012-05-14 22:25:14: Mod/Cre/Acc time: 20090713211612 20090713193941 20090713193941
2012-05-14 22:25:14: ---------------------------------------------------------------------
2012-05-14 22:25:14: Found Service: IKEEXT
2012-05-14 22:25:14: Real Path: C:\Windows\System32\ikeext.dll
2012-05-14 22:25:14: Display Name: @%SystemRoot%\system32\ikeext.dll,-501
2012-05-14 22:25:14: Description: @%SystemRoot%\system32\ikeext.dll,-502
2012-05-14 22:25:14: ServiceDLL: System32\ikeext.dll
2012-05-14 22:25:14: File size: 0
2012-05-14 22:25:14: DLL File name: ikeext.dll
2012-05-14 22:25:14: Original File Name: IKEEXT.DLL.MUI
2012-05-14 22:25:14: Company: 
2012-05-14 22:25:14: Mod/Cre/Acc time: 
2012-05-14 22:25:14: ---------------------------------------------------------------------
2012-05-14 22:25:14: Found Service: IPBusEnum
2012-05-14 22:25:14: Real Path: C:\Windows\system32\ipbusenum.dll
2012-05-14 22:25:14: Display Name: @%systemroot%\system32\IPBusEnum.dll,-102
2012-05-14 22:25:14: Description: @%systemroot%\system32\IPBusEnum.dll,-103
2012-05-14 22:25:14: ServiceDLL: system32\ipbusenum.dll
2012-05-14 22:25:14: File size: 0
2012-05-14 22:25:14: DLL File name: ipbusenum.dll
2012-05-14 22:25:14: Original File Name: IPBusEnum.dll.mui
2012-05-14 22:25:14: Company: 
2012-05-14 22:25:14: Mod/Cre/Acc time: 
2012-05-14 22:25:14: ---------------------------------------------------------------------
2012-05-14 22:25:14: Found Service: iphlpsvc
2012-05-14 22:25:14: Real Path: C:\Windows\System32\iphlpsvc.dll
2012-05-14 22:25:14: Display Name: @%SystemRoot%\system32\iphlpsvc.dll,-500
2012-05-14 22:25:14: Description: @%SystemRoot%\system32\iphlpsvc.dll,-501
2012-05-14 22:25:14: ServiceDLL: System32\iphlpsvc.dll
2012-05-14 22:25:14: File size: 0
2012-05-14 22:25:14: DLL File name: iphlpsvc.dll
2012-05-14 22:25:14: Original File Name: iphlpsvc.dll.mui
2012-05-14 22:25:14: Company: 
2012-05-14 22:25:14: Mod/Cre/Acc time: 
2012-05-14 22:25:14: ---------------------------------------------------------------------
2012-05-14 22:25:14: Found Service: KtmRm
2012-05-14 22:25:14: Real Path: C:\Windows\system32\msdtckrm.dll
2012-05-14 22:25:14: Display Name: @comres.dll,-2946
2012-05-14 22:25:14: Description: @comres.dll,-2947
2012-05-14 22:25:14: ServiceDLL: system32\msdtckrm.dll
2012-05-14 22:25:14: File size: 0
2012-05-14 22:25:14: DLL File name: msdtckrm.dll
2012-05-14 22:25:14: Original File Name: MSDTCKRM.DLL
2012-05-14 22:25:14: Company: 
2012-05-14 22:25:14: Mod/Cre/Acc time: 
2012-05-14 22:25:14: ---------------------------------------------------------------------
2012-05-14 22:25:14: Found Service: LanmanServer
2012-05-14 22:25:14: Real Path: C:\Windows\System32\srvsvc.dll
2012-05-14 22:25:14: Display Name: @%systemroot%\system32\srvsvc.dll,-100
2012-05-14 22:25:14: Description: @%systemroot%\system32\srvsvc.dll,-101
2012-05-14 22:25:14: ServiceDLL: System32\srvsvc.dll
2012-05-14 22:25:14: File size: 0
2012-05-14 22:25:14: DLL File name: srvsvc.dll
2012-05-14 22:25:14: Original File Name: SRVSVC.DLL.MUI
2012-05-14 22:25:14: Company: 
2012-05-14 22:25:14: Mod/Cre/Acc time: 
2012-05-14 22:25:15: ---------------------------------------------------------------------
2012-05-14 22:25:15: Found Service: LanmanWorkstation
2012-05-14 22:25:15: Real Path: C:\Windows\System32\wkssvc.dll
2012-05-14 22:25:15: Display Name: @%systemroot%\system32\wkssvc.dll,-100
2012-05-14 22:25:15: Description: @%systemroot%\system32\wkssvc.dll,-101
2012-05-14 22:25:15: ServiceDLL: System32\wkssvc.dll
2012-05-14 22:25:15: File size: 0
2012-05-14 22:25:15: DLL File name: wkssvc.dll
2012-05-14 22:25:15: Original File Name: WKSSVC.DLL.MUI
2012-05-14 22:25:15: Company: 
2012-05-14 22:25:15: Mod/Cre/Acc time: 
2012-05-14 22:25:15: ---------------------------------------------------------------------
2012-05-14 22:25:15: Found Service: lltdsvc
2012-05-14 22:25:15: Real Path: C:\Windows\System32\lltdsvc.dll
2012-05-14 22:25:15: Display Name: @%SystemRoot%\system32\lltdres.dll,-1
2012-05-14 22:25:15: Description: @%SystemRoot%\system32\lltdres.dll,-2
2012-05-14 22:25:15: ServiceDLL: System32\lltdsvc.dll
2012-05-14 22:25:15: File size: 0
2012-05-14 22:25:15: DLL File name: lltdsvc.dll
2012-05-14 22:25:15: Original File Name: LLTDSVC.DLL
2012-05-14 22:25:15: Company: 
2012-05-14 22:25:15: Mod/Cre/Acc time: 
2012-05-14 22:25:15: ---------------------------------------------------------------------
2012-05-14 22:25:15: Found Service: lmhosts
2012-05-14 22:25:15: Real Path: C:\Windows\System32\lmhsvc.dll
2012-05-14 22:25:15: Display Name: @%SystemRoot%\system32\lmhsvc.dll,-101
2012-05-14 22:25:15: Description: @%SystemRoot%\system32\lmhsvc.dll,-102
2012-05-14 22:25:15: ServiceDLL: System32\lmhsvc.dll
2012-05-14 22:25:15: File size: 0
2012-05-14 22:25:15: DLL File name: lmhsvc.dll
2012-05-14 22:25:15: Original File Name: lmhsvc.dll.mui
2012-05-14 22:25:15: Company: 
2012-05-14 22:25:15: Mod/Cre/Acc time: 
2012-05-14 22:25:15: ---------------------------------------------------------------------
2012-05-14 22:25:15: Found Service: Mcx2Svc
2012-05-14 22:25:15: Real Path: C:\Windows\system32\Mcx2Svc.dll
2012-05-14 22:25:15: Display Name: @%SystemRoot%\ehome\ehres.dll,-15501
2012-05-14 22:25:15: Description: @%SystemRoot%\ehome\ehres.dll,-15502
2012-05-14 22:25:15: ServiceDLL: system32\Mcx2Svc.dll
2012-05-14 22:25:15: File size: 0
2012-05-14 22:25:15: DLL File name: Mcx2Svc.dll
2012-05-14 22:25:15: Original File Name: Mcx2Svc.dll
2012-05-14 22:25:15: Company: 
2012-05-14 22:25:15: Mod/Cre/Acc time: 
2012-05-14 22:25:15: ---------------------------------------------------------------------
2012-05-14 22:25:15: Found Service: MMCSS
2012-05-14 22:25:15: Real Path: C:\Windows\system32\mmcss.dll
2012-05-14 22:25:15: Display Name: @%systemroot%\system32\mmcss.dll,-100
2012-05-14 22:25:15: Description: @%systemroot%\system32\mmcss.dll,-101
2012-05-14 22:25:15: ServiceDLL: system32\mmcss.dll
2012-05-14 22:25:15: File size: 0
2012-05-14 22:25:15: DLL File name: mmcss.dll
2012-05-14 22:25:15: Original File Name: mmcss.dll.mui
2012-05-14 22:25:15: Company: 
2012-05-14 22:25:15: Mod/Cre/Acc time: 
2012-05-14 22:25:15: ---------------------------------------------------------------------
2012-05-14 22:25:15: Found Service: MpsSvc
2012-05-14 22:25:15: Real Path: C:\Windows\system32\mpssvc.dll
2012-05-14 22:25:15: Display Name: @%SystemRoot%\system32\FirewallAPI.dll,-23090
2012-05-14 22:25:15: Description: @%SystemRoot%\system32\FirewallAPI.dll,-23091
2012-05-14 22:25:15: ServiceDLL: system32\mpssvc.dll
2012-05-14 22:25:15: File size: 0
2012-05-14 22:25:15: DLL File name: mpssvc.dll
2012-05-14 22:25:15: Original File Name: mpssvc.dll.mui
2012-05-14 22:25:15: Company: 
2012-05-14 22:25:15: Mod/Cre/Acc time: 
2012-05-14 22:25:15: ---------------------------------------------------------------------
2012-05-14 22:25:15: Found Service: MSiSCSI
2012-05-14 22:25:15: Real Path: C:\Windows\system32\iscsiexe.dll
2012-05-14 22:25:15: Display Name: @%SystemRoot%\system32\iscsidsc.dll,-5000
2012-05-14 22:25:15: Description: @%SystemRoot%\system32\iscsidsc.dll,-5001
2012-05-14 22:25:15: ServiceDLL: system32\iscsiexe.dll
2012-05-14 22:25:15: File size: 0
2012-05-14 22:25:15: DLL File name: iscsiexe.dll
2012-05-14 22:25:15: Original File Name: iscsiexe.exe.mui
2012-05-14 22:25:15: Company: 
2012-05-14 22:25:15: Mod/Cre/Acc time: 
2012-05-14 22:25:15: ---------------------------------------------------------------------
2012-05-14 22:25:15: Found Service: napagent
2012-05-14 22:25:15: Real Path: C:\Windows\system32\qagentRT.dll
2012-05-14 22:25:15: Display Name: @%SystemRoot%\system32\qagentrt.dll,-6
2012-05-14 22:25:15: Description: @%SystemRoot%\system32\qagentrt.dll,-7
2012-05-14 22:25:15: ServiceDLL: system32\qagentRT.dll
2012-05-14 22:25:15: File size: 0
2012-05-14 22:25:15: DLL File name: qagentRT.dll
2012-05-14 22:25:15: Original File Name: QAgentRT.DLL.MUI
2012-05-14 22:25:15: Company: 
2012-05-14 22:25:15: Mod/Cre/Acc time: 
2012-05-14 22:25:15: ---------------------------------------------------------------------
2012-05-14 22:25:15: Found Service: Netman
2012-05-14 22:25:15: Real Path: C:\Windows\System32\netman.dll
2012-05-14 22:25:15: Display Name: @%SystemRoot%\system32\netman.dll,-109
2012-05-14 22:25:15: Description: @%SystemRoot%\system32\netman.dll,-110
2012-05-14 22:25:15: ServiceDLL: System32\netman.dll
2012-05-14 22:25:15: File size: 0
2012-05-14 22:25:15: DLL File name: netman.dll
2012-05-14 22:25:15: Original File Name: netman.dll.mui
2012-05-14 22:25:15: Company: 
2012-05-14 22:25:15: Mod/Cre/Acc time: 
2012-05-14 22:25:15: ---------------------------------------------------------------------
2012-05-14 22:25:15: Found Service: netprofm
2012-05-14 22:25:15: Real Path: C:\Windows\System32\netprofm.dll
2012-05-14 22:25:15: Display Name: @%SystemRoot%\system32\netprofm.dll,-202
2012-05-14 22:25:15: Description: @%SystemRoot%\system32\netprofm.dll,-203
2012-05-14 22:25:15: ServiceDLL: System32\netprofm.dll
2012-05-14 22:25:15: File size: 360448
2012-05-14 22:25:15: DLL File name: netprofm.dll
2012-05-14 22:25:15: Original File Name: netprofm.dll.mui
2012-05-14 22:25:15: Company: 
2012-05-14 22:25:15: Mod/Cre/Acc time: 20090713211603 20090713195658 20090713195658
2012-05-14 22:25:15: ---------------------------------------------------------------------
2012-05-14 22:25:15: Found Service: NlaSvc
2012-05-14 22:25:15: Real Path: C:\Windows\System32\nlasvc.dll
2012-05-14 22:25:15: Display Name: @%SystemRoot%\System32\nlasvc.dll,-1
2012-05-14 22:25:15: Description: @%SystemRoot%\System32\nlasvc.dll,-2
2012-05-14 22:25:15: ServiceDLL: System32\nlasvc.dll
2012-05-14 22:25:15: File size: 0
2012-05-14 22:25:15: DLL File name: nlasvc.dll
2012-05-14 22:25:15: Original File Name: nlasvc.dll.mui
2012-05-14 22:25:15: Company: 
2012-05-14 22:25:15: Mod/Cre/Acc time: 
2012-05-14 22:25:15: ---------------------------------------------------------------------
2012-05-14 22:25:15: Found Service: nsi
2012-05-14 22:25:15: Real Path: C:\Windows\system32\nsisvc.dll
2012-05-14 22:25:15: Display Name: @%SystemRoot%\system32\nsisvc.dll,-200
2012-05-14 22:25:15: Description: @%SystemRoot%\system32\nsisvc.dll,-201
2012-05-14 22:25:15: ServiceDLL: system32\nsisvc.dll
2012-05-14 22:25:15: File size: 0
2012-05-14 22:25:15: DLL File name: nsisvc.dll
2012-05-14 22:25:15: Original File Name: nsisvc.dll.mui
2012-05-14 22:25:15: Company: 
2012-05-14 22:25:15: Mod/Cre/Acc time: 
2012-05-14 22:25:15: ---------------------------------------------------------------------
2012-05-14 22:25:15: Found Service: p2pimsvc
2012-05-14 22:25:15: Real Path: C:\Windows\system32\pnrpsvc.dll
2012-05-14 22:25:15: Display Name: @%SystemRoot%\system32\pnrpsvc.dll,-8004
2012-05-14 22:25:15: Description: @%SystemRoot%\system32\pnrpsvc.dll,-8005
2012-05-14 22:25:15: ServiceDLL: system32\pnrpsvc.dll
2012-05-14 22:25:15: File size: 0
2012-05-14 22:25:15: DLL File name: pnrpsvc.dll
2012-05-14 22:25:15: Original File Name: pnrpsvc.dll.mui
2012-05-14 22:25:15: Company: 
2012-05-14 22:25:15: Mod/Cre/Acc time: 
2012-05-14 22:25:15: ---------------------------------------------------------------------
2012-05-14 22:25:15: Found Service: p2psvc
2012-05-14 22:25:15: Real Path: C:\Windows\system32\p2psvc.dll
2012-05-14 22:25:15: Display Name: @%SystemRoot%\system32\p2psvc.dll,-8006
2012-05-14 22:25:15: Description: @%SystemRoot%\system32\p2psvc.dll,-8007
2012-05-14 22:25:15: ServiceDLL: system32\p2psvc.dll
2012-05-14 22:25:15: File size: 0
2012-05-14 22:25:15: DLL File name: p2psvc.dll
2012-05-14 22:25:15: Original File Name: p2psvc.dll.mui
2012-05-14 22:25:15: Company: 
2012-05-14 22:25:15: Mod/Cre/Acc time: 
2012-05-14 22:25:15: !!!!!!!
2012-05-14 22:25:15: Found Service: PcaSvc
2012-05-14 22:25:15: Real Path: C:\Windows\System32\pcasvc.dll
2012-05-14 22:25:15: Display Name: @%SystemRoot%\system32\pcasvc.dll,-1
2012-05-14 22:25:15: Description: @%SystemRoot%\system32\pcasvc.dll,-2
2012-05-14 22:25:15: ServiceDLL: System32\pcasvc.dll
2012-05-14 22:25:15: File size: 0
2012-05-14 22:25:15: DLL File name: pcasvc.dll
2012-05-14 22:25:15: Original File Name: 
2012-05-14 22:25:15: Company: 
2012-05-14 22:25:15: Mod/Cre/Acc time: 
2012-05-14 22:25:15: !!!!!!!!!
2012-05-14 22:25:15: ---------------------------------------------------------------------
2012-05-14 22:25:15: Found Service: PeerDistSvc
2012-05-14 22:25:15: Real Path: C:\Windows\system32\peerdistsvc.dll
2012-05-14 22:25:15: Display Name: @%SystemRoot%\system32\peerdistsvc.dll,-9000
2012-05-14 22:25:15: Description: @%SystemRoot%\system32\peerdistsvc.dll,-9001
2012-05-14 22:25:15: ServiceDLL: system32\peerdistsvc.dll
2012-05-14 22:25:15: File size: 0
2012-05-14 22:25:15: DLL File name: peerdistsvc.dll
2012-05-14 22:25:15: Original File Name: PeerDistSvc.dll.mui
2012-05-14 22:25:15: Company: 
2012-05-14 22:25:15: Mod/Cre/Acc time: 
2012-05-14 22:25:15: ---------------------------------------------------------------------
2012-05-14 22:25:15: Found Service: pla
2012-05-14 22:25:15: Real Path: C:\Windows\system32\pla.dll
2012-05-14 22:25:15: Display Name: @%systemroot%\system32\pla.dll,-500
2012-05-14 22:25:15: Description: @%systemroot%\system32\pla.dll,-501
2012-05-14 22:25:15: ServiceDLL: system32\pla.dll
2012-05-14 22:25:15: File size: 1508864
2012-05-14 22:25:15: DLL File name: pla.dll
2012-05-14 22:25:15: Original File Name: PLA.DLL.MUI
2012-05-14 22:25:15: Company: 
2012-05-14 22:25:15: Mod/Cre/Acc time: 20090713211612 20090713192013 20090713192013
2012-05-14 22:25:15: ---------------------------------------------------------------------
2012-05-14 22:25:15: Found Service: PlugPlay
2012-05-14 22:25:15: Real Path: C:\Windows\system32\umpnpmgr.dll
2012-05-14 22:25:15: Display Name: @%SystemRoot%\system32\umpnpmgr.dll,-100
2012-05-14 22:25:15: Description: @%SystemRoot%\system32\umpnpmgr.dll,-101
2012-05-14 22:25:15: ServiceDLL: system32\umpnpmgr.dll
2012-05-14 22:25:15: File size: 0
2012-05-14 22:25:15: DLL File name: umpnpmgr.dll
2012-05-14 22:25:15: Original File Name: Umpnpmgr.DLL.MUI
2012-05-14 22:25:15: Company: 
2012-05-14 22:25:15: Mod/Cre/Acc time: 
2012-05-14 22:25:16: ---------------------------------------------------------------------
2012-05-14 22:25:16: Found Service: PNRPAutoReg
2012-05-14 22:25:16: Real Path: C:\Windows\system32\pnrpauto.dll
2012-05-14 22:25:16: Display Name: @%SystemRoot%\system32\pnrpauto.dll,-8002
2012-05-14 22:25:16: Description: @%SystemRoot%\system32\pnrpauto.dll,-8003
2012-05-14 22:25:16: ServiceDLL: system32\pnrpauto.dll
2012-05-14 22:25:16: File size: 0
2012-05-14 22:25:16: DLL File name: pnrpauto.dll
2012-05-14 22:25:16: Original File Name: pnrpauto.dll.mui
2012-05-14 22:25:16: Company: 
2012-05-14 22:25:16: Mod/Cre/Acc time: 
2012-05-14 22:25:16: ---------------------------------------------------------------------
2012-05-14 22:25:16: Found Service: PNRPsvc
2012-05-14 22:25:16: Real Path: C:\Windows\system32\pnrpsvc.dll
2012-05-14 22:25:16: Display Name: @%SystemRoot%\system32\pnrpsvc.dll,-8000
2012-05-14 22:25:16: Description: @%SystemRoot%\system32\pnrpsvc.dll,-8001
2012-05-14 22:25:16: ServiceDLL: system32\pnrpsvc.dll
2012-05-14 22:25:16: File size: 0
2012-05-14 22:25:16: DLL File name: pnrpsvc.dll
2012-05-14 22:25:16: Original File Name: pnrpsvc.dll.mui
2012-05-14 22:25:16: Company: 
2012-05-14 22:25:16: Mod/Cre/Acc time: 
2012-05-14 22:25:16: ---------------------------------------------------------------------
2012-05-14 22:25:16: Found Service: PolicyAgent
2012-05-14 22:25:16: Real Path: C:\Windows\System32\ipsecsvc.dll
2012-05-14 22:25:16: Display Name: @%SystemRoot%\System32\polstore.dll,-5010
2012-05-14 22:25:16: Description: @%SystemRoot%\system32\polstore.dll,-5011
2012-05-14 22:25:16: ServiceDLL: System32\ipsecsvc.dll
2012-05-14 22:25:16: File size: 0
2012-05-14 22:25:16: DLL File name: ipsecsvc.dll
2012-05-14 22:25:16: Original File Name: ipsecsvc.dll.mui
2012-05-14 22:25:16: Company: 
2012-05-14 22:25:16: Mod/Cre/Acc time: 
2012-05-14 22:25:16: ---------------------------------------------------------------------
2012-05-14 22:25:16: Found Service: Power
2012-05-14 22:25:16: Real Path: C:\Windows\system32\umpo.dll
2012-05-14 22:25:16: Display Name: @%SystemRoot%\system32\umpo.dll,-100
2012-05-14 22:25:16: Description: @%SystemRoot%\system32\umpo.dll,-101
2012-05-14 22:25:16: ServiceDLL: system32\umpo.dll
2012-05-14 22:25:16: File size: 0
2012-05-14 22:25:16: DLL File name: umpo.dll
2012-05-14 22:25:16: Original File Name: Umpo.DLL.MUI
2012-05-14 22:25:16: Company: 
2012-05-14 22:25:16: Mod/Cre/Acc time: 
2012-05-14 22:25:16: ---------------------------------------------------------------------
2012-05-14 22:25:16: Found Service: ProfSvc
2012-05-14 22:25:16: Real Path: C:\Windows\system32\profsvc.dll
2012-05-14 22:25:16: Display Name: @%systemroot%\system32\profsvc.dll,-300
2012-05-14 22:25:16: Description: @%systemroot%\system32\profsvc.dll,-301
2012-05-14 22:25:16: ServiceDLL: system32\profsvc.dll
2012-05-14 22:25:16: File size: 0
2012-05-14 22:25:16: DLL File name: profsvc.dll
2012-05-14 22:25:16: Original File Name: ProfSvc.dll.mui
2012-05-14 22:25:16: Company: 
2012-05-14 22:25:16: Mod/Cre/Acc time: 
2012-05-14 22:25:16: ---------------------------------------------------------------------
2012-05-14 22:25:16: Found Service: QWAVE
2012-05-14 22:25:16: Real Path: C:\Windows\system32\qwave.dll
2012-05-14 22:25:16: Display Name: @%SystemRoot%\system32\qwave.dll,-1
2012-05-14 22:25:16: Description: @%SystemRoot%\system32\qwave.dll,-2
2012-05-14 22:25:16: ServiceDLL: system32\qwave.dll
2012-05-14 22:25:16: File size: 210944
2012-05-14 22:25:16: DLL File name: qwave.dll
2012-05-14 22:25:16: Original File Name: qwave.dll.mui
2012-05-14 22:25:16: Company: 
2012-05-14 22:25:16: Mod/Cre/Acc time: 20090713211612 20090713195415 20090713195415
2012-05-14 22:25:16: ---------------------------------------------------------------------
2012-05-14 22:25:16: Found Service: RasAuto
2012-05-14 22:25:16: Real Path: C:\Windows\System32\rasauto.dll
2012-05-14 22:25:16: Display Name: @%Systemroot%\system32\rasauto.dll,-200
2012-05-14 22:25:16: Description: @%Systemroot%\system32\rasauto.dll,-201
2012-05-14 22:25:16: ServiceDLL: System32\rasauto.dll
2012-05-14 22:25:16: File size: 0
2012-05-14 22:25:16: DLL File name: rasauto.dll
2012-05-14 22:25:16: Original File Name: rasauto.dll.mui
2012-05-14 22:25:16: Company: 
2012-05-14 22:25:16: Mod/Cre/Acc time: 
2012-05-14 22:25:16: ---------------------------------------------------------------------
2012-05-14 22:25:16: Found Service: RasMan
2012-05-14 22:25:16: Real Path: C:\Windows\System32\rasmans.dll
2012-05-14 22:25:16: Display Name: @%Systemroot%\system32\rasmans.dll,-200
2012-05-14 22:25:16: Description: @%Systemroot%\system32\rasmans.dll,-201
2012-05-14 22:25:16: ServiceDLL: System32\rasmans.dll
2012-05-14 22:25:16: File size: 0
2012-05-14 22:25:16: DLL File name: rasmans.dll
2012-05-14 22:25:16: Original File Name: Rasmans.dll.mui
2012-05-14 22:25:16: Company: 
2012-05-14 22:25:16: Mod/Cre/Acc time: 
2012-05-14 22:25:16: ---------------------------------------------------------------------
2012-05-14 22:25:16: Found Service: RemoteAccess
2012-05-14 22:25:16: Real Path: C:\Windows\System32\mprdim.dll
2012-05-14 22:25:16: Display Name: @%Systemroot%\system32\mprdim.dll,-200
2012-05-14 22:25:16: Description: @%Systemroot%\system32\mprdim.dll,-201
2012-05-14 22:25:16: ServiceDLL: System32\mprdim.dll
2012-05-14 22:25:16: File size: 75264
2012-05-14 22:25:16: DLL File name: mprdim.dll
2012-05-14 22:25:16: Original File Name: MPRDIM.DLL.MUI
2012-05-14 22:25:16: Company: 
2012-05-14 22:25:16: Mod/Cre/Acc time: 20090713211541 20090713195426 20090713195426
2012-05-14 22:25:16: ---------------------------------------------------------------------
2012-05-14 22:25:16: Found Service: RemoteRegistry
2012-05-14 22:25:16: Real Path: C:\Windows\system32\regsvc.dll
2012-05-14 22:25:16: Display Name: @regsvc.dll,-1
2012-05-14 22:25:16: Description: @regsvc.dll,-2
2012-05-14 22:25:16: ServiceDLL: system32\regsvc.dll
2012-05-14 22:25:16: File size: 0
2012-05-14 22:25:16: DLL File name: regsvc.dll
2012-05-14 22:25:16: Original File Name: REGSVC.DLL.MUI
2012-05-14 22:25:16: Company: 
2012-05-14 22:25:16: Mod/Cre/Acc time: 
2012-05-14 22:25:16: ---------------------------------------------------------------------
2012-05-14 22:25:16: Found Service: RpcEptMapper
2012-05-14 22:25:16: Real Path: C:\Windows\System32\RpcEpMap.dll
2012-05-14 22:25:16: Display Name: @%windir%\system32\RpcEpMap.dll,-1001
2012-05-14 22:25:16: Description: @%windir%\system32\RpcEpMap.dll,-1002
2012-05-14 22:25:16: ServiceDLL: System32\RpcEpMap.dll
2012-05-14 22:25:16: File size: 0
2012-05-14 22:25:16: DLL File name: RpcEpMap.dll
2012-05-14 22:25:16: Original File Name: RpcEpMap.dll.mui
2012-05-14 22:25:16: Company: 
2012-05-14 22:25:16: Mod/Cre/Acc time: 
2012-05-14 22:25:16: ---------------------------------------------------------------------
2012-05-14 22:25:16: Found Service: RpcSs
2012-05-14 22:25:16: Real Path: C:\Windows\System32\rpcss.dll
2012-05-14 22:25:16: Display Name: @oleres.dll,-5010
2012-05-14 22:25:16: Description: @oleres.dll,-5011
2012-05-14 22:25:16: ServiceDLL: System32\rpcss.dll
2012-05-14 22:25:16: File size: 0
2012-05-14 22:25:16: DLL File name: rpcss.dll
2012-05-14 22:25:16: Original File Name: rpcss.dll
2012-05-14 22:25:16: Company: 
2012-05-14 22:25:16: Mod/Cre/Acc time: 
2012-05-14 22:25:16: ---------------------------------------------------------------------
2012-05-14 22:25:16: Found Service: SCardSvr
2012-05-14 22:25:16: Real Path: C:\Windows\System32\SCardSvr.dll
2012-05-14 22:25:16: Display Name: @%SystemRoot%\System32\SCardSvr.dll,-1
2012-05-14 22:25:16: Description: @%SystemRoot%\System32\SCardSvr.dll,-5
2012-05-14 22:25:16: ServiceDLL: System32\SCardSvr.dll
2012-05-14 22:25:16: File size: 0
2012-05-14 22:25:16: DLL File name: SCardSvr.dll
2012-05-14 22:25:16: Original File Name: SCardSvr.exe.mui
2012-05-14 22:25:16: Company: 
2012-05-14 22:25:16: Mod/Cre/Acc time: 
2012-05-14 22:25:16: ---------------------------------------------------------------------
2012-05-14 22:25:16: Found Service: Schedule
2012-05-14 22:25:16: Real Path: C:\Windows\system32\schedsvc.dll
2012-05-14 22:25:16: Display Name: @%SystemRoot%\system32\schedsvc.dll,-100
2012-05-14 22:25:16: Description: @%SystemRoot%\system32\schedsvc.dll,-101
2012-05-14 22:25:16: ServiceDLL: system32\schedsvc.dll
2012-05-14 22:25:16: File size: 0
2012-05-14 22:25:16: DLL File name: schedsvc.dll
2012-05-14 22:25:16: Original File Name: schedsvc.dll.mui
2012-05-14 22:25:16: Company: 
2012-05-14 22:25:16: Mod/Cre/Acc time: 
2012-05-14 22:25:16: ---------------------------------------------------------------------
2012-05-14 22:25:16: Found Service: SCPolicySvc
2012-05-14 22:25:16: Real Path: C:\Windows\System32\certprop.dll
2012-05-14 22:25:16: Display Name: @%SystemRoot%\System32\certprop.dll,-13
2012-05-14 22:25:16: Description: @%SystemRoot%\System32\certprop.dll,-14
2012-05-14 22:25:16: ServiceDLL: System32\certprop.dll
2012-05-14 22:25:16: File size: 0
2012-05-14 22:25:16: DLL File name: certprop.dll
2012-05-14 22:25:16: Original File Name: certprop.dll.mui
2012-05-14 22:25:16: Company: 
2012-05-14 22:25:16: Mod/Cre/Acc time: 
2012-05-14 22:25:16: ---------------------------------------------------------------------
2012-05-14 22:25:16: Found Service: SDRSVC
2012-05-14 22:25:16: Real Path: C:\Windows\System32\SDRSVC.dll
2012-05-14 22:25:16: Display Name: @%SystemRoot%\system32\sdrsvc.dll,-107
2012-05-14 22:25:16: Description: @%SystemRoot%\system32\sdrsvc.dll,-102
2012-05-14 22:25:16: ServiceDLL: System32\SDRSVC.dll
2012-05-14 22:25:16: File size: 0
2012-05-14 22:25:16: DLL File name: SDRSVC.dll
2012-05-14 22:25:16: Original File Name: SDRSVC.DLL.MUI
2012-05-14 22:25:16: Company: 
2012-05-14 22:25:16: Mod/Cre/Acc time: 
2012-05-14 22:25:16: ---------------------------------------------------------------------
2012-05-14 22:25:16: Found Service: seclogon
2012-05-14 22:25:16: Real Path: C:\Windows\system32\seclogon.dll
2012-05-14 22:25:16: Display Name: @%SystemRoot%\system32\seclogon.dll,-7001
2012-05-14 22:25:16: Description: @%SystemRoot%\system32\seclogon.dll,-7000
2012-05-14 22:25:16: ServiceDLL: system32\seclogon.dll
2012-05-14 22:25:16: File size: 0
2012-05-14 22:25:16: DLL File name: seclogon.dll
2012-05-14 22:25:16: Original File Name: SECLOGON.EXE.MUI
2012-05-14 22:25:16: Company: 
2012-05-14 22:25:16: Mod/Cre/Acc time: 
2012-05-14 22:25:16: ---------------------------------------------------------------------
2012-05-14 22:25:16: Found Service: SENS
2012-05-14 22:25:16: Real Path: C:\Windows\system32\sens.dll
2012-05-14 22:25:16: Display Name: @%SystemRoot%\system32\Sens.dll,-200
2012-05-14 22:25:16: Description: @%SystemRoot%\system32\Sens.dll,-201
2012-05-14 22:25:16: ServiceDLL: system32\sens.dll
2012-05-14 22:25:16: File size: 49664
2012-05-14 22:25:16: DLL File name: sens.dll
2012-05-14 22:25:16: Original File Name: sens.dll.mui
2012-05-14 22:25:16: Company: 
2012-05-14 22:25:16: Mod/Cre/Acc time: 20090713211613 20090713192158 20090713192158
2012-05-14 22:25:16: ---------------------------------------------------------------------
2012-05-14 22:25:16: Found Service: SensrSvc
2012-05-14 22:25:16: Real Path: C:\Windows\system32\sensrsvc.dll
2012-05-14 22:25:16: Display Name: @%SystemRoot%\System32\sensrsvc.dll,-1000
2012-05-14 22:25:16: Description: @%SystemRoot%\System32\sensrsvc.dll,-1001
2012-05-14 22:25:16: ServiceDLL: system32\sensrsvc.dll
2012-05-14 22:25:16: File size: 0
2012-05-14 22:25:16: DLL File name: sensrsvc.dll
2012-05-14 22:25:16: Original File Name: sensrsvc.dll.mui
2012-05-14 22:25:16: Company: 
2012-05-14 22:25:16: Mod/Cre/Acc time: 
2012-05-14 22:25:16: ---------------------------------------------------------------------
2012-05-14 22:25:16: Found Service: SessionEnv
2012-05-14 22:25:16: Real Path: C:\Windows\system32\sessenv.dll
2012-05-14 22:25:16: Display Name: @%SystemRoot%\System32\SessEnv.dll,-1026
2012-05-14 22:25:16: Description: @%SystemRoot%\System32\SessEnv.dll,-1027
2012-05-14 22:25:16: ServiceDLL: system32\sessenv.dll
2012-05-14 22:25:16: File size: 99328
2012-05-14 22:25:16: DLL File name: sessenv.dll
2012-05-14 22:25:16: Original File Name: SessEnv.DLL.MUI
2012-05-14 22:25:16: Company: 
2012-05-14 22:25:16: Mod/Cre/Acc time: 20090713211613 20090713200228 20090713200228
2012-05-14 22:25:16: ---------------------------------------------------------------------
2012-05-14 22:25:16: Found Service: SharedAccess
2012-05-14 22:25:16: Real Path: C:\Windows\System32\ipnathlp.dll
2012-05-14 22:25:16: Display Name: @%SystemRoot%\system32\ipnathlp.dll,-106
2012-05-14 22:25:16: Description: @%SystemRoot%\system32\ipnathlp.dll,-107
2012-05-14 22:25:16: ServiceDLL: System32\ipnathlp.dll
2012-05-14 22:25:16: File size: 0
2012-05-14 22:25:16: DLL File name: ipnathlp.dll
2012-05-14 22:25:16: Original File Name: IPNATHLP.DLL.MUI
2012-05-14 22:25:16: Company: 
2012-05-14 22:25:16: Mod/Cre/Acc time: 
2012-05-14 22:25:17: ---------------------------------------------------------------------
2012-05-14 22:25:17: Found Service: ShellHWDetection
2012-05-14 22:25:17: Real Path: C:\Windows\System32\shsvcs.dll
2012-05-14 22:25:17: Display Name: @%SystemRoot%\System32\shsvcs.dll,-12288
2012-05-14 22:25:17: Description: @%SystemRoot%\System32\shsvcs.dll,-12289
2012-05-14 22:25:17: ServiceDLL: System32\shsvcs.dll
2012-05-14 22:25:17: File size: 328192
2012-05-14 22:25:17: DLL File name: shsvcs.dll
2012-05-14 22:25:17: Original File Name: SHSVCS.DLL.MUI
2012-05-14 22:25:17: Company: 
2012-05-14 22:25:17: Mod/Cre/Acc time: 20090713211614 20090713193928 20090713193928
2012-05-14 22:25:17: ---------------------------------------------------------------------
2012-05-14 22:25:17: Found Service: sppuinotify
2012-05-14 22:25:17: Real Path: C:\Windows\system32\sppuinotify.dll
2012-05-14 22:25:17: Display Name: @%SystemRoot%\system32\sppuinotify.dll,-103
2012-05-14 22:25:17: Description: @%SystemRoot%\system32\sppuinotify.dll,-102
2012-05-14 22:25:17: ServiceDLL: system32\sppuinotify.dll
2012-05-14 22:25:17: File size: 0
2012-05-14 22:25:17: DLL File name: sppuinotify.dll
2012-05-14 22:25:17: Original File Name: sppuinotify.dll.mui
2012-05-14 22:25:17: Company: 
2012-05-14 22:25:17: Mod/Cre/Acc time: 
2012-05-14 22:25:17: ---------------------------------------------------------------------
2012-05-14 22:25:17: Found Service: SSDPSRV
2012-05-14 22:25:17: Real Path: C:\Windows\System32\ssdpsrv.dll
2012-05-14 22:25:17: Display Name: @%systemroot%\system32\ssdpsrv.dll,-100
2012-05-14 22:25:17: Description: @%systemroot%\system32\ssdpsrv.dll,-101
2012-05-14 22:25:17: ServiceDLL: System32\ssdpsrv.dll
2012-05-14 22:25:17: File size: 0
2012-05-14 22:25:17: DLL File name: ssdpsrv.dll
2012-05-14 22:25:17: Original File Name: ssdpsrv.dll.mui
2012-05-14 22:25:17: Company: 
2012-05-14 22:25:17: Mod/Cre/Acc time: 
2012-05-14 22:25:17: ---------------------------------------------------------------------
2012-05-14 22:25:17: Found Service: SstpSvc
2012-05-14 22:25:17: Real Path: C:\Windows\system32\sstpsvc.dll
2012-05-14 22:25:17: Display Name: @%SystemRoot%\system32\sstpsvc.dll,-200
2012-05-14 22:25:17: Description: @%SystemRoot%\system32\sstpsvc.dll,-201
2012-05-14 22:25:17: ServiceDLL: system32\sstpsvc.dll
2012-05-14 22:25:17: File size: 0
2012-05-14 22:25:17: DLL File name: sstpsvc.dll
2012-05-14 22:25:17: Original File Name: sstpsvc.dll.mui
2012-05-14 22:25:17: Company: 
2012-05-14 22:25:17: Mod/Cre/Acc time: 
2012-05-14 22:25:17: ---------------------------------------------------------------------
2012-05-14 22:25:17: Found Service: stisvc
2012-05-14 22:25:17: Real Path: C:\Windows\System32\wiaservc.dll
2012-05-14 22:25:17: Display Name: @%SystemRoot%\system32\wiaservc.dll,-9
2012-05-14 22:25:17: Description: @%SystemRoot%\system32\wiaservc.dll,-10
2012-05-14 22:25:17: ServiceDLL: System32\wiaservc.dll
2012-05-14 22:25:17: File size: 0
2012-05-14 22:25:17: DLL File name: wiaservc.dll
2012-05-14 22:25:17: Original File Name: WIASERVC.DLL.MUI
2012-05-14 22:25:17: Company: 
2012-05-14 22:25:17: Mod/Cre/Acc time: 
2012-05-14 22:25:17: ---------------------------------------------------------------------
2012-05-14 22:25:17: Found Service: swprv
2012-05-14 22:25:17: Real Path: C:\Windows\System32\swprv.dll
2012-05-14 22:25:17: Display Name: @%SystemRoot%\System32\swprv.dll,-103
2012-05-14 22:25:17: Description: @%SystemRoot%\System32\swprv.dll,-102
2012-05-14 22:25:17: ServiceDLL: System32\swprv.dll
2012-05-14 22:25:17: File size: 0
2012-05-14 22:25:17: DLL File name: swprv.dll
2012-05-14 22:25:17: Original File Name: SWPRV.DLL.MUI
2012-05-14 22:25:17: Company: 
2012-05-14 22:25:17: Mod/Cre/Acc time: 
2012-05-14 22:25:17: ---------------------------------------------------------------------
2012-05-14 22:25:17: Found Service: SysMain
2012-05-14 22:25:17: Real Path: C:\Windows\system32\sysmain.dll
2012-05-14 22:25:17: Display Name: @%SystemRoot%\system32\sysmain.dll,-1000
2012-05-14 22:25:17: Description: @%SystemRoot%\system32\sysmain.dll,-1001
2012-05-14 22:25:17: ServiceDLL: system32\sysmain.dll
2012-05-14 22:25:17: File size: 0
2012-05-14 22:25:17: DLL File name: sysmain.dll
2012-05-14 22:25:17: Original File Name: sysmain.dll.mui
2012-05-14 22:25:17: Company: 
2012-05-14 22:25:17: Mod/Cre/Acc time: 
2012-05-14 22:25:17: ---------------------------------------------------------------------
2012-05-14 22:25:17: Found Service: TabletInputService
2012-05-14 22:25:17: Real Path: C:\Windows\System32\TabSvc.dll
2012-05-14 22:25:17: Display Name: @%SystemRoot%\system32\TabSvc.dll,-100
2012-05-14 22:25:17: Description: @%SystemRoot%\system32\TabSvc.dll,-101
2012-05-14 22:25:17: ServiceDLL: System32\TabSvc.dll
2012-05-14 22:25:17: File size: 0
2012-05-14 22:25:17: DLL File name: TabSvc.dll
2012-05-14 22:25:17: Original File Name: TabSvc.dll.mui
2012-05-14 22:25:17: Company: 
2012-05-14 22:25:17: Mod/Cre/Acc time: 
2012-05-14 22:25:17: ---------------------------------------------------------------------
2012-05-14 22:25:17: Found Service: TapiSrv
2012-05-14 22:25:17: Real Path: C:\Windows\System32\tapisrv.dll
2012-05-14 22:25:17: Display Name: @%SystemRoot%\system32\tapisrv.dll,-10100
2012-05-14 22:25:17: Description: @%SystemRoot%\system32\tapisrv.dll,-10101
2012-05-14 22:25:17: ServiceDLL: System32\tapisrv.dll
2012-05-14 22:25:17: File size: 241664
2012-05-14 22:25:17: DLL File name: tapisrv.dll
2012-05-14 22:25:17: Original File Name: TAPISRV.EXE.MUI
2012-05-14 22:25:17: Company: 
2012-05-14 22:25:17: Mod/Cre/Acc time: 20090713211615 20090713201955 20090713201955
2012-05-14 22:25:17: ---------------------------------------------------------------------
2012-05-14 22:25:17: Found Service: TBS
2012-05-14 22:25:17: Real Path: C:\Windows\System32\tbssvc.dll
2012-05-14 22:25:17: Display Name: @%SystemRoot%\system32\tbssvc.dll,-100
2012-05-14 22:25:17: Description: @%SystemRoot%\system32\tbssvc.dll,-101
2012-05-14 22:25:17: ServiceDLL: System32\tbssvc.dll
2012-05-14 22:25:17: File size: 0
2012-05-14 22:25:17: DLL File name: tbssvc.dll
2012-05-14 22:25:17: Original File Name: TBSSVC.DLL.MUI
2012-05-14 22:25:17: Company: 
2012-05-14 22:25:17: Mod/Cre/Acc time: 
2012-05-14 22:25:17: ---------------------------------------------------------------------
2012-05-14 22:25:17: Found Service: TermService
2012-05-14 22:25:17: Real Path: C:\Windows\System32\termsrv.dll
2012-05-14 22:25:17: Display Name: @%SystemRoot%\System32\termsrv.dll,-268
2012-05-14 22:25:17: Description: @%SystemRoot%\System32\termsrv.dll,-267
2012-05-14 22:25:17: ServiceDLL: System32\termsrv.dll
2012-05-14 22:25:17: File size: 0
2012-05-14 22:25:17: DLL File name: termsrv.dll
2012-05-14 22:25:17: Original File Name: termsrv.dll.mui
2012-05-14 22:25:17: Company: 
2012-05-14 22:25:17: Mod/Cre/Acc time: 
2012-05-14 22:25:17: ---------------------------------------------------------------------
2012-05-14 22:25:17: Found Service: Themes
2012-05-14 22:25:17: Real Path: C:\Windows\system32\themeservice.dll
2012-05-14 22:25:17: Display Name: @%SystemRoot%\System32\themeservice.dll,-8192
2012-05-14 22:25:17: Description: @%SystemRoot%\System32\themeservice.dll,-8193
2012-05-14 22:25:17: ServiceDLL: system32\themeservice.dll
2012-05-14 22:25:17: File size: 0
2012-05-14 22:25:17: DLL File name: themeservice.dll
2012-05-14 22:25:17: Original File Name: THEMESERVICE.DLL.MUI
2012-05-14 22:25:17: Company: 
2012-05-14 22:25:17: Mod/Cre/Acc time: 
2012-05-14 22:25:17: ---------------------------------------------------------------------
2012-05-14 22:25:17: Found Service: THREADORDER
2012-05-14 22:25:17: Real Path: C:\Windows\system32\mmcss.dll
2012-05-14 22:25:17: Display Name: @%systemroot%\system32\mmcss.dll,-102
2012-05-14 22:25:17: Description: @%systemroot%\system32\mmcss.dll,-103
2012-05-14 22:25:17: ServiceDLL: system32\mmcss.dll
2012-05-14 22:25:17: File size: 0
2012-05-14 22:25:17: DLL File name: mmcss.dll
2012-05-14 22:25:17: Original File Name: mmcss.dll.mui
2012-05-14 22:25:17: Company: 
2012-05-14 22:25:17: Mod/Cre/Acc time: 
2012-05-14 22:25:17: ---------------------------------------------------------------------
2012-05-14 22:25:17: Found Service: TrkWks
2012-05-14 22:25:17: Real Path: C:\Windows\System32\trkwks.dll
2012-05-14 22:25:17: Display Name: @%SystemRoot%\system32\trkwks.dll,-1
2012-05-14 22:25:17: Description: @%SystemRoot%\system32\trkwks.dll,-2
2012-05-14 22:25:17: ServiceDLL: System32\trkwks.dll
2012-05-14 22:25:17: File size: 0
2012-05-14 22:25:17: DLL File name: trkwks.dll
2012-05-14 22:25:17: Original File Name: trkwks.dll.mui
2012-05-14 22:25:17: Company: 
2012-05-14 22:25:17: Mod/Cre/Acc time: 
2012-05-14 22:25:17: ---------------------------------------------------------------------
2012-05-14 22:25:17: Found Service: UmRdpService
2012-05-14 22:25:17: Real Path: C:\Windows\System32\umrdp.dll
2012-05-14 22:25:17: Display Name: @%SystemRoot%\system32\umrdp.dll,-1000
2012-05-14 22:25:17: Description: @%SystemRoot%\system32\umrdp.dll,-1001
2012-05-14 22:25:17: ServiceDLL: System32\umrdp.dll
2012-05-14 22:25:17: File size: 0
2012-05-14 22:25:17: DLL File name: umrdp.dll
2012-05-14 22:25:17: Original File Name: umrdp.dll.mui
2012-05-14 22:25:17: Company: 
2012-05-14 22:25:17: Mod/Cre/Acc time: 
2012-05-14 22:25:17: !!!!!!!
2012-05-14 22:25:17: Found Service: upnphost
2012-05-14 22:25:17: Real Path: C:\Windows\System32\upnphost.dll
2012-05-14 22:25:17: Display Name: @%systemroot%\system32\upnphost.dll,-213
2012-05-14 22:25:17: Description: @%systemroot%\system32\upnphost.dll,-214
2012-05-14 22:25:17: ServiceDLL: System32\upnphost.dll
2012-05-14 22:25:17: File size: 266752
2012-05-14 22:25:17: DLL File name: upnphost.dll
2012-05-14 22:25:17: Original File Name: unpnhost.dll.mui
2012-05-14 22:25:17: Company: 
2012-05-14 22:25:17: Mod/Cre/Acc time: 20090713211617 20090713195541 20090713195541
2012-05-14 22:25:17: !!!!!!!!!
2012-05-14 22:25:17: ---------------------------------------------------------------------
2012-05-14 22:25:17: Found Service: UxSms
2012-05-14 22:25:17: Real Path: C:\Windows\System32\uxsms.dll
2012-05-14 22:25:17: Display Name: @%SystemRoot%\system32\dwm.exe,-2000
2012-05-14 22:25:17: Description: @%SystemRoot%\system32\dwm.exe,-2001
2012-05-14 22:25:17: ServiceDLL: System32\uxsms.dll
2012-05-14 22:25:17: File size: 0
2012-05-14 22:25:17: DLL File name: uxsms.dll
2012-05-14 22:25:17: Original File Name: UxSms.dll
2012-05-14 22:25:17: Company: 
2012-05-14 22:25:17: Mod/Cre/Acc time: 
2012-05-14 22:25:17: ---------------------------------------------------------------------
2012-05-14 22:25:17: Found Service: W32Time
2012-05-14 22:25:17: Real Path: C:\Windows\system32\w32time.dll
2012-05-14 22:25:17: Display Name: @%SystemRoot%\system32\w32time.dll,-200
2012-05-14 22:25:17: Description: @%SystemRoot%\system32\w32time.dll,-201
2012-05-14 22:25:17: ServiceDLL: system32\w32time.dll
2012-05-14 22:25:17: File size: 0
2012-05-14 22:25:17: DLL File name: w32time.dll
2012-05-14 22:25:17: Original File Name: w32time.dll.mui
2012-05-14 22:25:17: Company: 
2012-05-14 22:25:17: Mod/Cre/Acc time: 
2012-05-14 22:25:18: ---------------------------------------------------------------------
2012-05-14 22:25:18: Found Service: WbioSrvc
2012-05-14 22:25:18: Real Path: C:\Windows\System32\wbiosrvc.dll
2012-05-14 22:25:18: Display Name: @%systemroot%\system32\wbiosrvc.dll,-100
2012-05-14 22:25:18: Description: @%systemroot%\system32\wbiosrvc.dll,-101
2012-05-14 22:25:18: ServiceDLL: System32\wbiosrvc.dll
2012-05-14 22:25:18: File size: 0
2012-05-14 22:25:18: DLL File name: wbiosrvc.dll
2012-05-14 22:25:18: Original File Name: wbiosrvc.dll.mui
2012-05-14 22:25:18: Company: 
2012-05-14 22:25:18: Mod/Cre/Acc time: 
2012-05-14 22:25:18: ---------------------------------------------------------------------
2012-05-14 22:25:18: Found Service: wcncsvc
2012-05-14 22:25:18: Real Path: C:\Windows\System32\wcncsvc.dll
2012-05-14 22:25:18: Display Name: @%SystemRoot%\system32\wcncsvc.dll,-3
2012-05-14 22:25:18: Description: @%SystemRoot%\system32\wcncsvc.dll,-4
2012-05-14 22:25:18: ServiceDLL: System32\wcncsvc.dll
2012-05-14 22:25:18: File size: 276480
2012-05-14 22:25:18: DLL File name: wcncsvc.dll
2012-05-14 22:25:18: Original File Name: WCNCSVC.DLL.MUI
2012-05-14 22:25:18: Company: 
2012-05-14 22:25:18: Mod/Cre/Acc time: 20090713211618 20090713195312 20090713195312
2012-05-14 22:25:18: ---------------------------------------------------------------------
2012-05-14 22:25:18: Found Service: WcsPlugInService
2012-05-14 22:25:18: Real Path: C:\Windows\System32\WcsPlugInService.dll
2012-05-14 22:25:18: Display Name: @%SystemRoot%\system32\WcsPlugInService.dll,-200
2012-05-14 22:25:18: Description: @%SystemRoot%\system32\WcsPlugInService.dll,-201
2012-05-14 22:25:18: ServiceDLL: System32\WcsPlugInService.dll
2012-05-14 22:25:18: File size: 32768
2012-05-14 22:25:18: DLL File name: WcsPlugInService.dll
2012-05-14 22:25:18: Original File Name: WcsPlugInService.DLL.MUI
2012-05-14 22:25:18: Company: 
2012-05-14 22:25:18: Mod/Cre/Acc time: 20090713211618 20090713192513 20090713192513
2012-05-14 22:25:18: ---------------------------------------------------------------------
2012-05-14 22:25:18: Found Service: WdiServiceHost
2012-05-14 22:25:18: Real Path: C:\Windows\system32\wdi.dll
2012-05-14 22:25:18: Display Name: @%systemroot%\system32\wdi.dll,-502
2012-05-14 22:25:18: Description: @%systemroot%\system32\wdi.dll,-503
2012-05-14 22:25:18: ServiceDLL: system32\wdi.dll
2012-05-14 22:25:18: File size: 76288
2012-05-14 22:25:18: DLL File name: wdi.dll
2012-05-14 22:25:18: Original File Name: wdi.dll.mui
2012-05-14 22:25:18: Company: 
2012-05-14 22:25:18: Mod/Cre/Acc time: 20090713211618 20090713191947 20090713191947
2012-05-14 22:25:18: ---------------------------------------------------------------------
2012-05-14 22:25:18: Found Service: WdiSystemHost
2012-05-14 22:25:18: Real Path: C:\Windows\system32\wdi.dll
2012-05-14 22:25:18: Display Name: @%systemroot%\system32\wdi.dll,-500
2012-05-14 22:25:18: Description: @%systemroot%\system32\wdi.dll,-501
2012-05-14 22:25:18: ServiceDLL: system32\wdi.dll
2012-05-14 22:25:18: File size: 76288
2012-05-14 22:25:18: DLL File name: wdi.dll
2012-05-14 22:25:18: Original File Name: wdi.dll.mui
2012-05-14 22:25:18: Company: 
2012-05-14 22:25:18: Mod/Cre/Acc time: 20090713211618 20090713191947 20090713191947
2012-05-14 22:25:18: !!!!!!!
2012-05-14 22:25:18: Found Service: WebClient
2012-05-14 22:25:18: Real Path: C:\Windows\System32\webclnt.dll
2012-05-14 22:25:18: Display Name: @%systemroot%\system32\webclnt.dll,-100
2012-05-14 22:25:18: Description: @%systemroot%\system32\webclnt.dll,-101
2012-05-14 22:25:18: ServiceDLL: System32\webclnt.dll
2012-05-14 22:25:18: File size: 202240
2012-05-14 22:25:18: DLL File name: webclnt.dll
2012-05-14 22:25:18: Original File Name: davsvc.dll.mui
2012-05-14 22:25:18: Company: 
2012-05-14 22:25:18: Mod/Cre/Acc time: 20090713211618 20090713191427 20090713191427
2012-05-14 22:25:18: !!!!!!!!!
2012-05-14 22:25:18: ---------------------------------------------------------------------
2012-05-14 22:25:18: Found Service: Wecsvc
2012-05-14 22:25:18: Real Path: C:\Windows\system32\wecsvc.dll
2012-05-14 22:25:18: Display Name: @%SystemRoot%\system32\wecsvc.dll,-200
2012-05-14 22:25:18: Description: @%SystemRoot%\system32\wecsvc.dll,-201
2012-05-14 22:25:18: ServiceDLL: system32\wecsvc.dll
2012-05-14 22:25:18: File size: 0
2012-05-14 22:25:18: DLL File name: wecsvc.dll
2012-05-14 22:25:18: Original File Name: wecsvc.dll.mui
2012-05-14 22:25:18: Company: 
2012-05-14 22:25:18: Mod/Cre/Acc time: 
2012-05-14 22:25:18: !!!!!!!
2012-05-14 22:25:18: Found Service: wercplsupport
2012-05-14 22:25:18: Real Path: C:\Windows\System32\wercplsupport.dll
2012-05-14 22:25:18: Display Name: @%SystemRoot%\System32\wercplsupport.dll,-101
2012-05-14 22:25:18: Description: @%SystemRoot%\System32\wercplsupport.dll,-100
2012-05-14 22:25:18: ServiceDLL: System32\wercplsupport.dll
2012-05-14 22:25:18: File size: 0
2012-05-14 22:25:18: DLL File name: wercplsupport.dll
2012-05-14 22:25:18: Original File Name: ERC
2012-05-14 22:25:18: Company: 
2012-05-14 22:25:18: Mod/Cre/Acc time: 
2012-05-14 22:25:18: !!!!!!!!!
2012-05-14 22:25:18: !!!!!!!
2012-05-14 22:25:18: Found Service: WerSvc
2012-05-14 22:25:18: Real Path: C:\Windows\System32\WerSvc.dll
2012-05-14 22:25:18: Display Name: @%SystemRoot%\System32\wersvc.dll,-100
2012-05-14 22:25:18: Description: @%SystemRoot%\System32\wersvc.dll,-101
2012-05-14 22:25:18: ServiceDLL: System32\WerSvc.dll
2012-05-14 22:25:18: File size: 0
2012-05-14 22:25:18: DLL File name: WerSvc.dll
2012-05-14 22:25:18: Original File Name: wersvc
2012-05-14 22:25:18: Company: 
2012-05-14 22:25:18: Mod/Cre/Acc time: 
2012-05-14 22:25:18: !!!!!!!!!
2012-05-14 22:25:18: ---------------------------------------------------------------------
2012-05-14 22:25:18: Found Service: Winmgmt
2012-05-14 22:25:18: Real Path: C:\Windows\system32\wbem\WMIsvc.dll
2012-05-14 22:25:18: Display Name: @%Systemroot%\system32\wbem\wmisvc.dll,-205
2012-05-14 22:25:18: Description: @%Systemroot%\system32\wbem\wmisvc.dll,-204
2012-05-14 22:25:18: ServiceDLL: system32\wbem\WMIsvc.dll
2012-05-14 22:25:18: File size: 0
2012-05-14 22:25:18: DLL File name: WMIsvc.dll
2012-05-14 22:25:18: Original File Name: wmisvc.dll.mui
2012-05-14 22:25:18: Company: 
2012-05-14 22:25:18: Mod/Cre/Acc time: 
2012-05-14 22:25:18: ---------------------------------------------------------------------
2012-05-14 22:25:18: Found Service: WinRM
2012-05-14 22:25:18: Real Path: C:\Windows\system32\WsmSvc.dll
2012-05-14 22:25:18: Display Name: @%Systemroot%\system32\wsmsvc.dll,-101
2012-05-14 22:25:18: Description: @%Systemroot%\system32\wsmsvc.dll,-102
2012-05-14 22:25:18: ServiceDLL: system32\WsmSvc.dll
2012-05-14 22:25:18: File size: 1175040
2012-05-14 22:25:18: DLL File name: WsmSvc.dll
2012-05-14 22:25:18: Original File Name: WsmSvc.dll.mui
2012-05-14 22:25:18: Company: 
2012-05-14 22:25:18: Mod/Cre/Acc time: 20090713211620 20090713193143 20090713193143
2012-05-14 22:25:18: ---------------------------------------------------------------------
2012-05-14 22:25:18: Found Service: Wlansvc
2012-05-14 22:25:18: Real Path: C:\Windows\System32\wlansvc.dll
2012-05-14 22:25:18: Display Name: @%SystemRoot%\System32\wlansvc.dll,-257
2012-05-14 22:25:18: Description: @%SystemRoot%\System32\wlansvc.dll,-258
2012-05-14 22:25:18: ServiceDLL: System32\wlansvc.dll
2012-05-14 22:25:18: File size: 0
2012-05-14 22:25:18: DLL File name: wlansvc.dll
2012-05-14 22:25:18: Original File Name: wlansvc.dll.mui
2012-05-14 22:25:18: Company: 
2012-05-14 22:25:18: Mod/Cre/Acc time: 
2012-05-14 22:25:18: ---------------------------------------------------------------------
2012-05-14 22:25:18: Found Service: WPCSvc
2012-05-14 22:25:18: Real Path: C:\Windows\System32\wpcsvc.dll
2012-05-14 22:25:18: Display Name: @%SystemRoot%\system32\wpcsvc.dll,-100
2012-05-14 22:25:18: Description: @%SystemRoot%\system32\wpcsvc.dll,-101
2012-05-14 22:25:18: ServiceDLL: System32\wpcsvc.dll
2012-05-14 22:25:18: File size: 10752
2012-05-14 22:25:18: DLL File name: wpcsvc.dll
2012-05-14 22:25:18: Original File Name: wpcsvc.exe.mui
2012-05-14 22:25:18: Company: 
2012-05-14 22:25:18: Mod/Cre/Acc time: 20090713211620 20090713194010 20090713194010
2012-05-14 22:25:18: ---------------------------------------------------------------------
2012-05-14 22:25:18: Found Service: WPDBusEnum
2012-05-14 22:25:18: Real Path: C:\Windows\system32\wpdbusenum.dll
2012-05-14 22:25:18: Display Name: @%SystemRoot%\system32\wpdbusenum.dll,-100
2012-05-14 22:25:18: Description: @%SystemRoot%\system32\wpdbusenum.dll,-101
2012-05-14 22:25:18: ServiceDLL: system32\wpdbusenum.dll
2012-05-14 22:25:18: File size: 0
2012-05-14 22:25:18: DLL File name: wpdbusenum.dll
2012-05-14 22:25:18: Original File Name: WpdBusEnum.DLL.MUI
2012-05-14 22:25:18: Company: 
2012-05-14 22:25:18: Mod/Cre/Acc time: 
2012-05-14 22:25:18: ---------------------------------------------------------------------
2012-05-14 22:25:18: Found Service: wscsvc
2012-05-14 22:25:18: Real Path: C:\Windows\system32\wscsvc.dll
2012-05-14 22:25:18: Display Name: @%SystemRoot%\System32\wscsvc.dll,-200
2012-05-14 22:25:18: Description: @%SystemRoot%\System32\wscsvc.dll,-201
2012-05-14 22:25:18: ServiceDLL: system32\wscsvc.dll
2012-05-14 22:25:18: File size: 0
2012-05-14 22:25:18: DLL File name: wscsvc.dll
2012-05-14 22:25:18: Original File Name: wscsvc.dll.mui
2012-05-14 22:25:18: Company: 
2012-05-14 22:25:18: Mod/Cre/Acc time: 
2012-05-14 22:25:18: ---------------------------------------------------------------------
2012-05-14 22:25:18: Found Service: wuauserv
2012-05-14 22:25:18: Real Path: C:\Windows\system32\wuaueng.dll
2012-05-14 22:25:18: Display Name: @%systemroot%\system32\wuaueng.dll,-105
2012-05-14 22:25:18: Description: @%systemroot%\system32\wuaueng.dll,-106
2012-05-14 22:25:18: ServiceDLL: system32\wuaueng.dll
2012-05-14 22:25:18: File size: 0
2012-05-14 22:25:18: DLL File name: wuaueng.dll
2012-05-14 22:25:18: Original File Name: wuaueng.dll.mui
2012-05-14 22:25:18: Company: 
2012-05-14 22:25:18: Mod/Cre/Acc time: 
2012-05-14 22:25:19: ---------------------------------------------------------------------
2012-05-14 22:25:19: Found Service: wudfsvc
2012-05-14 22:25:19: Real Path: C:\Windows\System32\WUDFSvc.dll
2012-05-14 22:25:19: Display Name: @%SystemRoot%\system32\wudfsvc.dll,-1000
2012-05-14 22:25:19: Description: @%SystemRoot%\system32\wudfsvc.dll,-1001
2012-05-14 22:25:19: ServiceDLL: System32\WUDFSvc.dll
2012-05-14 22:25:19: File size: 0
2012-05-14 22:25:19: DLL File name: WUDFSvc.dll
2012-05-14 22:25:19: Original File Name: WUDFSvc.dll.mui
2012-05-14 22:25:19: Company: 
2012-05-14 22:25:19: Mod/Cre/Acc time: 
2012-05-14 22:25:19: ---------------------------------------------------------------------
2012-05-14 22:25:19: Found Service: WwanSvc
2012-05-14 22:25:19: Real Path: C:\Windows\System32\wwansvc.dll
2012-05-14 22:25:19: Display Name: @%SystemRoot%\System32\wwansvc.dll,-257
2012-05-14 22:25:19: Description: @%SystemRoot%\System32\wwansvc.dll,-258
2012-05-14 22:25:19: ServiceDLL: System32\wwansvc.dll
2012-05-14 22:25:19: File size: 0
2012-05-14 22:25:19: DLL File name: wwansvc.dll
2012-05-14 22:25:19: Original File Name: WwanSvc.dll.mui
2012-05-14 22:25:19: Company: 
2012-05-14 22:25:19: Mod/Cre/Acc time: 
2012-05-14 22:25:19: 
2012-05-14 22:25:19: Looking for SHELL key
2012-05-14 22:25:19: Now looking for bad DLL files in system32
2012-05-14 22:26:02: Folder: GAC
2012-05-14 22:26:02: Folder: GAC_32
2012-05-14 22:26:02: Folder: GAC_64
2012-05-14 22:26:02: Folder: GAC_MSIL
2012-05-14 22:26:02: Folder: NativeImages1_v1.1.4322
2012-05-14 22:26:02: Folder: NativeImages_v2.0.50727_32
2012-05-14 22:26:02: Folder: NativeImages_v2.0.50727_64
2012-05-14 22:26:02: Folder: NativeImages_v4.0.30319_32
2012-05-14 22:26:02: Folder: NativeImages_v4.0.30319_64
2012-05-14 22:26:02: Folder: temp
2012-05-14 22:26:02: Folder: tmp
2012-05-14 22:26:02: Checking for bad folder
2012-05-14 22:26:02: Found 1 folders.
2012-05-14 22:26:02: Checking C:\Windows\assembly\tmp
2012-05-14 22:26:02: ... Folder test returns: 1
2012-05-14 22:26:02: Done with folder list in C:\Windows\assembly\ tmp
2012-05-14 22:26:02: Autonomous mode, clearing out yt folder
2012-05-14 22:26:02: cmd.exe /c start "C:\Users\Lyn\Desktop\yorkyt.exe"
2012-05-14 22:26:11: Restarting...
2012-05-14 22:27:43: ****************************************************
2012-05-14 22:27:43: Starting UP ... v 0.0.0.220
2012-05-14 22:27:43: ****************************************************
2012-05-14 22:27:43: Stop TPSRV returns: 2
2012-05-14 22:28:00: Listing processes...
2012-05-14 22:28:00: :[System Process]:0
2012-05-14 22:28:00: :System:4
2012-05-14 22:28:00: :smss.exe:364
2012-05-14 22:28:00: :csrss.exe:536
2012-05-14 22:28:00: :wininit.exe:588
2012-05-14 22:28:00: :csrss.exe:600
2012-05-14 22:28:00: :services.exe:644
2012-05-14 22:28:00: :lsass.exe:660
2012-05-14 22:28:00: :lsm.exe:668
2012-05-14 22:28:00: :svchost.exe:776
2012-05-14 22:28:00: :nvvsvc.exe:848
2012-05-14 22:28:00: :svchost.exe:876
2012-05-14 22:28:00: :svchost.exe:928
2012-05-14 22:28:00: :svchost.exe:988
2012-05-14 22:28:00: :svchost.exe:108
2012-05-14 22:28:00: :audiodg.exe:452
2012-05-14 22:28:00: :svchost.exe:1028
2012-05-14 22:28:00: :winlogon.exe:1088
2012-05-14 22:28:00: :svchost.exe:1192
2012-05-14 22:28:00: :FBAgent.exe:1276
2012-05-14 22:28:00: :AsLdrSrv.exe:1300
2012-05-14 22:28:00: :GFNEXSrv.exe:1348
2012-05-14 22:28:00: :AvastSvc.exe:1380
2012-05-14 22:28:00: :spoolsv.exe:1628
2012-05-14 22:28:00: :NvXDSync.exe:1636
2012-05-14 22:28:00: :nvvsvc.exe:1648
2012-05-14 22:28:00: :svchost.exe:1764
2012-05-14 22:28:00: :armsvc.exe:1012
2012-05-14 22:28:00: :AppleMobileDeviceService.exe:2056
2012-05-14 22:28:00: :mDNSResponder.exe:2124
2012-05-14 22:28:00: :UACProxy.exe:2156
2012-05-14 22:28:00: :svchost.exe:2184
2012-05-14 22:28:00: :NPWService.exe:2308
2012-05-14 22:28:00: :svchost.exe:2356
2012-05-14 22:28:00: :SacNetAgent.exe:2400
2012-05-14 22:28:00: :nvSCPAPISvr.exe:2452
2012-05-14 22:28:00: :taskhost.exe:2548
2012-05-14 22:28:00: :taskeng.exe:2600
2012-05-14 22:28:00: :dwm.exe:2696
2012-05-14 22:28:00: :explorer.exe:2716
2012-05-14 22:28:00: :ALU.exe:2748
2012-05-14 22:28:00: :Net4Switch.exe:2756
2012-05-14 22:28:00: :ASPG.exe:2764
2012-05-14 22:28:00: CHelper.exe:2832
2012-05-14 22:28:00: :sensorsrv.exe:2840
2012-05-14 22:28:00: :HControl.exe:2960
2012-05-14 22:28:00: :MsgTranAgt64.exe:2976
2012-05-14 22:28:00: :Atouch64.exe:2996
2012-05-14 22:28:00: :ControlDeckStartUp.exe:3012
2012-05-14 22:28:00: :wcourier.exe:3040
2012-05-14 22:28:00: :svchost.exe:584
2012-05-14 22:28:00: :WBVGAservice.exe:2332
2012-05-14 22:28:00: :svchost.exe:1948
2012-05-14 22:28:00: :SDWinSec.exe:2896
2012-05-14 22:28:00: :wbctlvga.exe:2952
2012-05-14 22:28:00: :ATKOSD.exe:3292
2012-05-14 22:28:00: :WDC.exe:3316
2012-05-14 22:28:00: :WmiPrvSE.exe:3692
2012-05-14 22:28:00: :yorkyt.exe:3944
2012-05-14 22:28:00: :WmiPrvSE.exe:3984
2012-05-14 22:28:00: 
2012-05-14 22:28:00: Starting cleanup mode...
2012-05-14 22:29:11: ... Done with files, now folders
2012-05-14 22:29:16: All DONE


----------



## Glaswegian (Dec 5, 2004)

Hi again

Now please run *ComboFix* again - double click the icon to start.

Post back with the log.


----------



## tanusgreystar (Oct 15, 2007)

ComboFix 12-05-12.01 - Lyn 05/15/2012 22:56:18.10.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6143.4818 [GMT -4:00]
Running from: c:\users\Lyn\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-16 to 2012-05-16 )))))))))))))))))))))))))))))))
.
.
2012-05-16 03:10 . 2012-05-16 03:10	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-05-16 03:10 . 2012-05-16 03:10	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-05-06 15:13 . 2012-05-06 15:13	--------	d-----w-	c:\program files\iPod
2012-05-06 15:13 . 2012-05-06 15:14	--------	d-----w-	c:\program files\iTunes
2012-05-06 15:13 . 2012-05-06 15:14	--------	d-----w-	c:\program files (x86)\iTunes
2012-05-06 15:11 . 2012-05-06 15:11	--------	d-----w-	c:\program files (x86)\Apple Software Update
2012-05-06 15:10 . 2012-05-06 15:10	--------	d-----w-	c:\program files\Bonjour
2012-05-06 15:10 . 2012-05-06 15:10	--------	d-----w-	c:\program files (x86)\Bonjour
2012-05-04 17:03 . 2012-05-04 17:03	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2012-05-04 17:03 . 2012-05-04 17:03	157352	----a-w-	c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-04 17:03 . 2012-05-04 17:03	129976	----a-w-	c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-03 01:53 . 2012-05-03 01:57	35712	----a-w-	c:\windows\SysWow64\drivers\BlackBox.sys
2012-05-02 20:14 . 2012-05-02 20:14	--------	d-----w-	c:\users\Lyn\AppData\Local\Skyrim
2012-05-02 19:29 . 2012-05-02 19:42	--------	d-----w-	c:\program files (x86)\Black_Box
2012-04-26 07:25 . 2012-04-30 05:32	--------	d-----w-	C:\FRST
2012-04-24 02:25 . 2012-04-24 02:25	418464	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-24 02:25 . 2012-04-24 02:25	--------	d-----w-	c:\windows\system32\Macromed
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-24 02:25 . 2011-06-23 17:12	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-13 13:00 . 2012-04-13 14:21	258352	----a-w-	c:\windows\SysWow64\unicows.dll
2012-04-07 18:35 . 2012-04-07 18:35	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-04-07 18:35 . 2012-04-07 18:35	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-04-07 18:35 . 2012-04-07 18:35	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2012-04-07 18:35 . 2012-04-07 18:35	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2012-04-07 18:35 . 2012-04-07 18:35	76800	----a-w-	c:\windows\system32\tdc.ocx
2012-04-07 18:35 . 2012-04-07 18:35	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-04-07 18:35 . 2012-04-07 18:35	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2012-04-07 18:35 . 2012-04-07 18:35	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2012-04-07 18:35 . 2012-04-07 18:35	49664	----a-w-	c:\windows\system32\imgutil.dll
2012-04-07 18:35 . 2012-04-07 18:35	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2012-04-07 18:35 . 2012-04-07 18:35	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-04-07 18:35 . 2012-04-07 18:35	448512	----a-w-	c:\windows\system32\html.iec
2012-04-07 18:35 . 2012-04-07 18:35	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-04-07 18:35 . 2012-04-07 18:35	367104	----a-w-	c:\windows\SysWow64\html.iec
2012-04-07 18:35 . 2012-04-07 18:35	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2012-04-07 18:35 . 2012-04-07 18:35	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-04-07 18:35 . 2012-04-07 18:35	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-04-07 18:35 . 2012-04-07 18:35	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2012-04-07 18:35 . 2012-04-07 18:35	2308096	----a-w-	c:\windows\system32\jscript9.dll
2012-04-07 18:35 . 2012-04-07 18:35	222208	----a-w-	c:\windows\system32\msls31.dll
2012-04-07 18:35 . 2012-04-07 18:35	1798656	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-04-07 18:35 . 2012-04-07 18:35	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-04-07 18:35 . 2012-04-07 18:35	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2012-04-07 18:35 . 2012-04-07 18:35	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2012-04-07 18:35 . 2012-04-07 18:35	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2012-04-07 18:35 . 2012-04-07 18:35	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-04-07 18:35 . 2012-04-07 18:35	1427456	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-04-07 18:35 . 2012-04-07 18:35	1390080	----a-w-	c:\windows\system32\wininet.dll
2012-04-07 18:35 . 2012-04-07 18:35	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-04-07 18:35 . 2012-04-07 18:35	12288	----a-w-	c:\windows\system32\mshta.exe
2012-04-07 18:35 . 2012-04-07 18:35	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2012-04-07 18:35 . 2012-04-07 18:35	114176	----a-w-	c:\windows\system32\admparse.dll
2012-04-07 18:35 . 2012-04-07 18:35	1127424	----a-w-	c:\windows\SysWow64\wininet.dll
2012-04-07 18:35 . 2012-04-07 18:35	111616	----a-w-	c:\windows\system32\iesysprep.dll
2012-04-07 18:35 . 2012-04-07 18:35	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2012-04-07 18:35 . 2012-04-07 18:35	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2012-04-07 18:35 . 2012-04-07 18:35	85504	----a-w-	c:\windows\system32\iesetup.dll
2012-04-07 18:35 . 2012-04-07 18:35	603648	----a-w-	c:\windows\system32\vbscript.dll
2012-04-07 18:35 . 2012-04-07 18:35	30720	----a-w-	c:\windows\system32\licmgr10.dll
2012-04-07 18:35 . 2012-04-07 18:35	165888	----a-w-	c:\windows\system32\iexpress.exe
2012-04-07 18:35 . 2012-04-07 18:35	160256	----a-w-	c:\windows\system32\wextract.exe
2012-04-07 18:35 . 2012-04-07 18:35	1493504	----a-w-	c:\windows\system32\inetcpl.cpl
2012-04-07 18:34 . 2012-04-07 18:34	982912	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2012-04-07 18:34 . 2012-04-07 18:34	902656	----a-w-	c:\windows\system32\d2d1.dll
2012-04-07 18:34 . 2012-04-07 18:34	739840	----a-w-	c:\windows\SysWow64\d2d1.dll
2012-04-07 18:34 . 2012-04-07 18:34	662528	----a-w-	c:\windows\system32\XpsPrint.dll
2012-04-07 18:34 . 2012-04-07 18:34	470016	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2012-04-07 18:34 . 2012-04-07 18:34	442880	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2012-04-07 18:34 . 2012-04-07 18:34	4068864	----a-w-	c:\windows\system32\mf.dll
2012-04-07 18:34 . 2012-04-07 18:34	320512	----a-w-	c:\windows\system32\d3d10_1core.dll
2012-04-07 18:34 . 2012-04-07 18:34	3181568	----a-w-	c:\windows\SysWow64\mf.dll
2012-04-07 18:34 . 2012-04-07 18:34	283648	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2012-04-07 18:34 . 2012-04-07 18:34	265088	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2012-04-07 18:34 . 2012-04-07 18:34	257024	----a-w-	c:\windows\system32\mfreadwrite.dll
2012-04-07 18:34 . 2012-04-07 18:34	229888	----a-w-	c:\windows\system32\XpsRasterService.dll
2012-04-07 18:34 . 2012-04-07 18:34	218624	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2012-04-07 18:34 . 2012-04-07 18:34	206848	----a-w-	c:\windows\system32\mfps.dll
2012-04-07 18:34 . 2012-04-07 18:34	197120	----a-w-	c:\windows\system32\d3d10_1.dll
2012-04-07 18:34 . 2012-04-07 18:34	196608	----a-w-	c:\windows\SysWow64\mfreadwrite.dll
2012-04-07 18:34 . 2012-04-07 18:34	1888256	----a-w-	c:\windows\system32\WMVDECOD.DLL
2012-04-07 18:34 . 2012-04-07 18:34	1863680	----a-w-	c:\windows\system32\ExplorerFrame.dll
2012-04-07 18:34 . 2012-04-07 18:34	1837568	----a-w-	c:\windows\system32\d3d10warp.dll
2012-04-07 18:34 . 2012-04-07 18:34	1619456	----a-w-	c:\windows\SysWow64\WMVDECOD.DLL
2012-04-07 18:34 . 2012-04-07 18:34	161792	----a-w-	c:\windows\SysWow64\d3d10_1.dll
2012-04-07 18:34 . 2012-04-07 18:34	1540608	----a-w-	c:\windows\system32\DWrite.dll
2012-04-07 18:34 . 2012-04-07 18:34	1495040	----a-w-	c:\windows\SysWow64\ExplorerFrame.dll
2012-04-07 18:34 . 2012-04-07 18:34	144384	----a-w-	c:\windows\system32\cdd.dll
2012-04-07 18:34 . 2012-04-07 18:34	135168	----a-w-	c:\windows\SysWow64\XpsRasterService.dll
2012-04-07 18:34 . 2012-04-07 18:34	1170944	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2012-04-07 18:34 . 2012-04-07 18:34	1133568	----a-w-	c:\windows\system32\FntCache.dll
2012-04-07 18:34 . 2012-04-07 18:34	1074176	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-03-20 07:51 . 2012-04-15 09:52	8669240	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F3930A6F-6FDE-4FC8-B558-B2B94D132A46}\mpengine.dll
2012-03-06 23:15 . 2012-03-26 01:46	41184	----a-w-	c:\windows\avastSS.scr
2012-03-06 23:15 . 2012-03-26 01:46	201352	----a-w-	c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2012-03-26 01:47	258520	----a-w-	c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2012-03-26 01:47	819032	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:04 . 2012-03-26 01:47	337240	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2012-03-26 01:47	53080	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-03-06 23:01 . 2012-03-26 01:47	59224	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2012-03-26 01:47	69976	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2012-03-26 01:47	24408	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-02-26 21:05 . 2010-06-01 18:52	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-02-23 14:18 . 2009-10-06 00:18	279656	------w-	c:\windows\system32\MpSigStub.exe
2009-04-08 14:31 . 2009-04-08 14:31	106496	----a-w-	c:\program files (x86)\Common Files\CPInstallAction.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-05-12_22.26.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-06 11:20 . 2007-02-17 14:21	63488 c:\windows\xcacls.exe
- 2009-07-14 04:54 . 2012-05-12 22:24	16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-16 03:27	16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-05-12 22:24	32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-16 03:27	32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-16 03:27	16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-12 22:24	16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-06 00:29 . 2012-05-14 10:01	70670 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-16 02:55	49978 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-10-06 00:15 . 2012-05-15 10:00	16866 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2867500651-1516734084-2197057008-1001_UserData.bin
- 2009-10-06 03:07 . 2012-05-03 12:05	16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-06 03:07 . 2012-05-15 21:31	16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-06 03:07 . 2012-05-03 12:05	32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-06 03:07 . 2012-05-15 21:31	32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-15 21:31	16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-03 12:05	16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-05-12 22:24 . 2012-05-12 22:24	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-16 03:26 . 2012-05-16 03:26	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-12 22:24 . 2012-05-12 22:24	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-16 03:26 . 2012-05-16 03:26	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-10-07 03:54 . 2012-05-15 21:29	357576 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 05:01 . 2012-05-16 03:26	387248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-05-12 22:23	387248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-04-04 21:28 . 2012-05-16 03:26	929760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2867500651-1516734084-2197057008-1001-12288.dat
- 2011-04-04 21:28 . 2012-05-12 22:23	929760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2867500651-1516734084-2197057008-1001-12288.dat
- 2009-07-14 02:34 . 2012-05-12 10:58	10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-05-15 03:19	10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-02-06 04:55 . 2012-05-16 02:15	13204584 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2867500651-1516734084-2197057008-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 21:08	143360	----a-w-	c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SacReminderHDDV2N"="c:\programdata\OfficeGuardianV2N\reminder\SacReminder.exe" [2010-11-18 862032]
"chromium"="c:\users\Lyn\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-04-28 1224176]
"MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2011-11-14 435672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DirectConsole2"="c:\program files (x86)\ASUS\Direct Console\Direct Console.exe" [2009-04-07 2861624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-07 159744]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Turbo Gear Help"="c:\program files (x86)\ASUS\Turbo Gear Extreme\GearHelp.exe" [2009-08-06 1026048]
"Turbo Gear"="c:\program files (x86)\ASUS\Turbo Gear Extreme\TurboGear.exe" [2009-08-06 2987520]
"Salmosa"="c:\program files (x86)\Razer\Salmosa\razerhid.exe" [2008-08-21 139264]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\Lyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2010-9-15 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 253088]
R3 BlackBox;BlackBox SR2; [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 EST_Server;Network USB Device;c:\windows\system32\DRIVERS\GenHC.sys [x]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-04 129976]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 CFUACProxy_officeguardianv2n;CFUACProxy_officeguardianv2n;c:\programdata\OfficeGuardianV2N\UACProxy.exe [2010-11-18 83792]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [x]
S2 NPWService;NPWService;c:\program files (x86)\Generic\Network Printer Wizard\NPWService.exe [2009-01-15 788480]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 SacNetAgentService_C57C4F854F53;SacNetAgentService_C57C4F854F53;c:\programdata\OfficeGuardianV2N\Reminder\SacNetAgent.exe [2010-11-18 163664]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-08 378472]
S2 WBVGAservice;WB VGA Service;c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [2009-02-06 72248]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\DRIVERS\GenBus.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 salmosa;Razer Salmosa;c:\windows\system32\drivers\salmosa.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 02:25]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001Core.job
- c:\users\Lyn\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-18 15:59]
.
2012-05-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2867500651-1516734084-2197057008-1001UA.job
- c:\users\Lyn\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-18 15:59]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15	135408	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 20:52	159744	----a-w-	c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-20 1833504]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 2184520]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Lyn\AppData\Roaming\Mozilla\Firefox\Profiles\d5d88x05.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2867500651-1516734084-2197057008-1001\Software\SecuROM\License information*]
"datasecu"=hex:7f,43,c7,10,e5,e7,73,fc,6a,5d,61,48,76,5a,80,1a,2c,03,81,57,ec,
57,f4,3d,3b,a3,47,dc,32,a3,33,5a,bf,b1,29,ad,e5,66,f6,50,96,de,92,ca,a5,17,\
"rkeysecu"=hex:de,c7,f0,77,cc,44,e2,a7,6d,05,f1,c1,86,cd,a4,c6
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\Razer\Salmosa\razertra.exe
c:\program files (x86)\Razer\Salmosa\razerofa.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
c:\program files (x86)\ASUS\NB Probe\SPM\spmgr.exe
c:\program files (x86)\ASUS\Net4Switch\Net4Switch.exe
c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe
.
**************************************************************************
.
Completion time: 2012-05-15 23:43:52 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-16 03:43
ComboFix2.txt 2012-05-12 22:42
ComboFix3.txt 2012-04-24 20:23
ComboFix4.txt 2012-04-18 17:13
ComboFix5.txt 2012-05-16 02:55
.
Pre-Run: 122,789,949,440 bytes free
Post-Run: 122,516,254,720 bytes free
.
- - End Of File - - C30733555D13D1B49DCC67D42B56508F


----------



## Glaswegian (Dec 5, 2004)

Hi again

I'm still not seeing anything in the logs - are you still having problems?

Have your tried disconnecting this system from your network or cabling it direct to the internet to see if there are any problems?


----------



## tanusgreystar (Oct 15, 2007)

I'll try that


----------



## tanusgreystar (Oct 15, 2007)

I just realized that I've been disconnecting anyway everytime I run a scan. BTW no redirects in a while, and no popups. But I'll keep an eye out. Thanks!


----------



## Glaswegian (Dec 5, 2004)

OK - sounds as though this particular system may be fine. Perhaps it's another computer that has problems?


----------



## tanusgreystar (Oct 15, 2007)

possibly. I have a main desktop pc and another laptop.


----------



## Glaswegian (Dec 5, 2004)

Hi again

This system was pretty clean  some minor stuff but thats all.

As far as I can see all your logs are clean. If there are no more problems well just tidy up and Ill let you go, along with my recommendations for staying safe and secure. If you think one of your other systems may be infected then please start a new thread.

The following procedure will clear out the tools we've used as well as the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.

Referring to the image below










Click *All Programs > Accessories > Run* and copy/paste, or type the following bold text into the Run box and click *OK*:

*
ComboFix /Uninstall
*

Run *OTL* and click the CleanUp button  this will clear out OTL and the other tools.

Now that you are clean, to help protect your computer in the future I recommend that you get the following *free* programs:

*
General Protection*
Spyware Blaster to help prevent spyware from installing in the first place.
Spyware Guard to catch and block spyware before it can execute.
Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here.

*
MVPS Hosts File*
The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. *Note that if you use a company provided HOSTS file you should not use the MVPS HOSTS file.*

*Alternate Browsers*
Try the following free alternate browsers rather than Internet Explorer
Firefox
Opera
Chrome
Maxthon
Safari

*Other Protection*
Winpatrol - Download and install the free version of Winpatrol. A tutorial for this product is located here:
Using Winpatrol to protect your computer.

*Web of Trust*
WOT warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

Green to go 
Yellow for caution 
Red to stop
 WOT has an addon available for both Firefox and IE.

*Do Not Track +*
DNT+ protects your online privacy and prevents advertising companies and social networks from collecting personal information. This means they cannot serve you adverts nor follow you throughout the web. Every time you go online you are being watched and your habits recorded. DNT+ allows you to control your personal details. How DNT+ works.

*Additional Reading*
In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

PC Safety & Security - What Do I Need?.
Making Internet Explorer Safer.
Think Prevention!

Have a look here if your PC is still running a bit slow
Is your PC running slow...?

Keep *clean* and *safe* and enjoy your computing!

*Please respond to this thread one more time so we can mark this thread as resolved.*


----------



## tanusgreystar (Oct 15, 2007)

Hi. Thanks! Should I post a hijack this or combofix log for another pc?


----------



## Glaswegian (Dec 5, 2004)

If you think there might be a problem, then yes - follow the guidance here.

http://forums.techguy.org/virus-other-malware-removal/943214-everyone-must-read-before-posting.html


----------



## tanusgreystar (Oct 15, 2007)

I downloaded spywareguard and am running it but I keep getting a popup saying that my homepage in ie keeps being changed from www.google.com to www.google.com. I allow the change but it keeps popping up. I looked it up and it said that it may be caused by hijacking!


----------



## Glaswegian (Dec 5, 2004)

Hi

I would uninstall Spywareguard, reboot and then re-install - I've seen this happen now and again.


----------



## tanusgreystar (Oct 15, 2007)

Ok I'll try that. Thanks for your help!


----------

