# Virus or just a bug?



## Tedejc (Jan 3, 2006)

Hi Guys.

Not sure where this should go but I'm having trouble with internet explorer. I'm getting a bunch of pop-ups even though the blocker is up. I cannot open some windows, seems my Java scrip is no good. I tried to update it but it's telling me I have the latest update?
[Windows Live ID requires JavaScript to sign in. This web browser either does not support JavaScripts, or scripts are being blocked].

Thank you so much for taking the time.

I ran an HJT log.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:02:21 PM, on 9/14/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
F:\SpywareGuard\sgmain.exe
C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
F:\SpywareGuard\sgbhp.exe
C:\Users\Owner\Desktop\HijackThis.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O1 - Hosts: 64.46.36.178 www.google-analytics.com.
O1 - Hosts: 64.46.36.178 ad-emea.doubleclick.net.
O1 - Hosts: 64.46.36.178 www.statcounter.com.
O1 - Hosts: 64.27.10.42 www.google-analytics.com.
O1 - Hosts: 64.27.10.42 ad-emea.doubleclick.net.
O1 - Hosts: 64.27.10.42 www.statcounter.com.
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - F:\SpywareGuard\dlprotect.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Aeria Ignite] "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe"
O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
O4 - Startup: SpywareGuard.lnk = F:\SpywareGuard\sgmain.exe
O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.in.honda.com/Rraaapps/RRAAsec/Codebase/RRAAINAX/RYXAINAX_LandscapePrintingActiveX.cab
O16 - DPF: {297DE2B6-509A-4B36-93C5-A65276606900} (RRAAINAX_02.RRAAINAX) - http://www.in.honda.com/rraaapps/rraasec/codebase/RRAAINAX/RraainAX.CAB
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://usergroups.webex.com/client/WBXclient-T27L10NSP28EP2-12243/webex/ieatgpc1.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Device Handle Service - ASUSTeK Computer Inc. - C:\Windows\SysWOW64\AsHookDevice.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12486 bytes


----------



## Phantom010 (Mar 9, 2009)

Did you add those entries to your HOSTS file yourself?

If not, *Reset your HOSTS File Back to Default*.


----------



## Tedejc (Jan 3, 2006)

Followed the Directions, finally got it to work. made no difference. Not sure what Hosts files are and i never added anything to them. 'google-Analytics? statecounter? emea and 1 localhost? I have no idea. I have been researching state tax deeds and real-estate investing, never put anything in to the host though.
And what the heck is BHO anyway. Every time on turn on my computer I get all these pop-ups asking me permission to keep the new BHO'S, same ones over and over again weather I keep them or not. I end up 'X' them out until they stop popping up. pain in the neck, more annoying then anything else.

new HJT log and there still there. Should I get rid of them? (not touching anything unless I get the OK from you all).
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:21:55 PM, on 9/15/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Users\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O1 - Hosts: 64.46.36.178 www.google-analytics.com.
O1 - Hosts: 64.46.36.178 ad-emea.doubleclick.net.
O1 - Hosts: 64.46.36.178 www.statcounter.com.
O1 - Hosts: 64.27.10.42 www.google-analytics.com.
O1 - Hosts: 64.27.10.42 ad-emea.doubleclick.net.
O1 - Hosts: 64.27.10.42 www.statcounter.com.
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - F:\SpywareGuard\dlprotect.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Aeria Ignite] "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe"
O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: SpywareGuard.lnk = F:\SpywareGuard\sgmain.exe
O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.in.honda.com/Rraaapps/RRAAsec/Codebase/RRAAINAX/RYXAINAX_LandscapePrintingActiveX.cab
O16 - DPF: {297DE2B6-509A-4B36-93C5-A65276606900} (RRAAINAX_02.RRAAINAX) - http://www.in.honda.com/rraaapps/rraasec/codebase/RRAAINAX/RraainAX.CAB
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://usergroups.webex.com/client/WBXclient-T27L10NSP28EP2-12243/webex/ieatgpc1.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Device Handle Service - ASUSTeK Computer Inc. - C:\Windows\SysWOW64\AsHookDevice.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12762 bytes


----------



## Phantom010 (Mar 9, 2009)

You probably have malware preventing any change to the corrupted HOSTS file.

Please wait for instructions from a Malware Removal Specialist.


----------



## Tedejc (Jan 3, 2006)

I forgot to add that, when I run the HJT log I get this warring first, seems to go in line with what you asked about the Hosts files, this may be a problem other than a bug?! \should I ask this to be moved to the Malware removal forum?



> For some reason your system denied write access to the Hosts file. If
> any hijacked domains are in this file, HijackThis may NOT be able to fix
> this.
> If that happens, you need to edit the file yourself. To do this, click Start,
> ...


----------



## Phantom010 (Mar 9, 2009)

If Windows is denying access to the Hosts file, run HijackThis as Administrator or *disable the UAC* first.


----------



## Tedejc (Jan 3, 2006)

I just ran HJT as Administrator, no difference as far as I can see. 

"UAC? is this abut the BHO's?" I wouldn't have as much of a problem with them if I only Knew what they were and weather they were any good or not.


----------



## Phantom010 (Mar 9, 2009)

Click *How to Disable UAC*.

It has nothing to do with BHOs.

BHO stands for *Browser Helper Object*.


----------



## Tedejc (Jan 3, 2006)

OK I ran HJT as administrator and was able to disable the UAC. Nothing changed. 
I ran HJT again and clicked on the [Info on Selected Item..] for some of the hosts, and this is what it's saying:



> A change in the 'Hosts' System file Windows uses to lookup domain names before queing internet DNS servers' effectively making Windows believe that 'auto.search.msn.com' has a diffrent IP than it really has and thus making IE open the wrong pave whenever you enter sn invalid domain name in the IE address Bar.
> Infected example: 213.67.109.7 auto.search.msn.com
> (Action taken: Line is deleted from the host file,)


Holly molly, is there a way to copy this stuff or at least enlarge these? my eyes are bugging out trying to re- type this stuff?


----------



## Phantom010 (Mar 9, 2009)

Since you've been moved to the *Virus & Other Malware Removal* forum, a malware removal specialist obviously believed your computer was infected. So, please wait for further instructions. He/she will have you run special tools to get rid of the infection. Be patient though. They are very busy. You should get an answer within the next 48 hours.


----------



## Tedejc (Jan 3, 2006)

Thank you very much Phantom, I really appreciate your help.


----------



## Tedejc (Jan 3, 2006)

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Owner at 6:10:03 on 2012-09-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2780 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\AsHookDevice.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\splwow64.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Users\Owner\Desktop\HijackThis.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://asus.msn.com
uInternet Settings,ProxyOverride = *.local;<local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - F:\SpywareGuard\dlprotect.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Akamai NetSession Interface] "C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Aeria Ignite] "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: blizzard.com\us
Trusted Zone: thinkorswim.com\www
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxp://www.in.honda.com/Rraaapps/RRAAsec/Codebase/RRAAINAX/RYXAINAX_LandscapePrintingActiveX.cab
DPF: {297DE2B6-509A-4B36-93C5-A65276606900} - hxxp://www.in.honda.com/rraaapps/rraasec/codebase/RRAAINAX/RraainAX.CAB
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://usergroups.webex.com/client/WBXclient-T27L10NSP28EP2-12243/webex/ieatgpc1.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{5CD5CC2B-960F-4E87-B2FA-A1998EEF73A4} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - F:\SpywareGuard\spywareguard.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: SpywareGuardDLBLOCK.CBrowserHelper: {4A368E80-174F-4872-96B5-0B27DDD11DB2} - F:\SpywareGuard\dlprotect.dll
BHO-X64: SpywareGuard Download Protection - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Aeria Ignite] "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
SEH-X64: SpywareGuard.Handler: {81559C35-8464-49F7-BB0E-07A383BEF910} - F:\SpywareGuard\spywareguard.dll
Hosts: 64.46.36.178 www.google-analytics.com.
Hosts: 64.46.36.178 ad-emea.doubleclick.net.
Hosts: 64.46.36.178 www.statcounter.com.
Hosts: 64.27.10.42 www.google-analytics.com.
Hosts: 64.27.10.42 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\6cetgoy6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 Device Handle Service;Device Handle Service;C:\Windows\SysWOW64\AsHookDevice.exe [2011-4-21 203392]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-5 2255464]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-3 379496]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-13 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-12 250568]
S3 ahcix64s;ahcix64s;C:\Windows\system32\drivers\ahcix64s.sys --> C:\Windows\system32\drivers\ahcix64s.sys [?]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-13 116648]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 114144]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-09-17 23:00:59	9310152	----a-w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EB651541-9D3B-4DA4-9695-58346E09EDA9}\mpengine.dll
2012-09-16 22:35:51	9310152	----a-w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-16 12:53:07	--------	d-----w-	C:\Program Files (x86)\Aeria Games
2012-09-16 00:01:17	--------	d-----w-	C:\Windows\System32\drivers\etc\New folder\New folder
2012-09-15 23:59:35	--------	d-----w-	C:\Windows\System32\drivers\etc\New folder
2012-09-14 01:58:14	--------	d-----w-	C:\Users\Owner\AppData\Local\{133D816A-3DBF-46B5-98A6-D6DB91339A70}
2012-09-12 10:33:36	950128	----a-w-	C:\Windows\System32\drivers\ndis.sys
2012-09-12 10:33:35	41472	----a-w-	C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 10:33:34	574464	----a-w-	C:\Windows\System32\d3d10level9.dll
2012-09-12 10:33:34	490496	----a-w-	C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 10:33:33	376688	----a-w-	C:\Windows\System32\drivers\netio.sys
2012-09-12 10:33:33	288624	----a-w-	C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 10:33:33	1913200	----a-w-	C:\Windows\System32\drivers\tcpip.sys
2012-09-11 03:36:35	927800	------w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E864A501-7536-4551-B6A0-79E236ED4E0A}\gapaengine.dll
2012-09-11 03:33:33	--------	d-----w-	C:\Program Files (x86)\Microsoft Security Client
2012-09-11 03:33:30	--------	d-----w-	C:\Program Files\Microsoft Security Client
2012-09-11 03:25:54	--------	d-----w-	C:\$RECYCLE.BIN
2012-09-11 02:44:51	98816	----a-w-	C:\Windows\sed.exe
2012-09-11 02:44:51	518144	----a-w-	C:\Windows\SWREG.exe
2012-09-11 02:44:51	256000	----a-w-	C:\Windows\PEV.exe
2012-09-11 02:44:51	208896	----a-w-	C:\Windows\MBR.exe
2012-09-11 02:12:35	--------	d-sh--w-	C:\Windows\System32\%APPDATA%
2012-09-11 02:07:30	--------	d-----w-	C:\Users\Owner\AppData\Local\{6F74C42F-FBB5-11E1-8270-B8AC6F996F26}
2012-09-10 01:22:45	916456	----a-w-	C:\Windows\System32\deployJava1.dll
2012-09-10 01:22:45	1034216	----a-w-	C:\Windows\System32\npDeployJava1.dll
2012-09-10 01:22:37	108008	----a-w-	C:\Windows\System32\WindowsAccessBridge-64.dll
2012-09-10 01:20:26	--------	d-----w-	C:\ProgramData\McAfee Security Scan
2012-09-10 01:20:23	--------	d-----w-	C:\Program Files (x86)\McAfee Security Scan
.
==================== Find3M ====================
.
2012-09-10 01:20:19	73416	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-10 01:20:19	696520	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-18 18:15:06	3148800	----a-w-	C:\Windows\System32\win32k.sys
2012-07-06 02:06:30	772544	----a-w-	C:\Windows\SysWow64\npDeployJava1.dll
2012-07-04 22:13:27	59392	----a-w-	C:\Windows\System32\browcli.dll
2012-07-04 22:13:27	136704	----a-w-	C:\Windows\System32\browser.dll
2012-07-04 21:14:34	41984	----a-w-	C:\Windows\SysWow64\browcli.dll
2012-06-29 03:56:34	2312704	----a-w-	C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11	1392128	----a-w-	C:\Windows\System32\wininet.dll
2012-06-29 03:48:07	1494528	----a-w-	C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49	173056	----a-w-	C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48	2382848	----a-w-	C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58	1800704	----a-w-	C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01	1129472	----a-w-	C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59	1427968	----a-w-	C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43	142848	----a-w-	C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45	2382848	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2012-06-25 20:04:24	1394248	----a-w-	C:\Windows\SysWow64\msxml4.dll
.
============= FINISH: 6:10:42.07 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 10/5/2011 1:26:06 PM
System Uptime: 9/18/2012 5:54:12 AM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | CM1730,CM1830
Processor: AMD Athlon(tm) II X2 220 Processor | AM3 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 922 GiB total, 875.2 GiB free.
D: is Removable
E: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP251: 8/23/2012 8:11:51 AM - Microsoft Antimalware Checkpoint
RP252: 8/24/2012 11:56:48 PM - Windows Update
RP253: 8/26/2012 7:00:13 PM - Windows Backup
RP255: 8/28/2012 7:52:21 PM - Microsoft Antimalware Checkpoint
RP256: 8/28/2012 7:54:45 PM - Windows Update
RP257: 8/31/2012 11:56:39 PM - Windows Update
RP258: 9/2/2012 7:00:15 PM - Windows Backup
RP259: 9/4/2012 11:57:31 PM - Windows Update
RP261: 9/5/2012 12:11:15 AM - Microsoft Antimalware Checkpoint
RP262: 9/8/2012 11:57:07 PM - Windows Update
RP263: 9/9/2012 7:00:13 PM - Windows Backup
RP264: 9/9/2012 9:22:10 PM - Installed Java 7 Update 7 (64-bit)
RP265: 9/12/2012 11:43:31 PM - Windows Update
RP266: 9/13/2012 3:00:24 AM - Windows Update
RP267: 9/15/2012 7:17:34 PM - Installed Microsoft Fix it 50123
RP268: 9/15/2012 8:04:53 PM - Installed Microsoft Fix it 50267
RP269: 9/16/2012 7:38:32 AM - Windows Update
.
==== Hosts File Hijack ======================
.
Hosts: 64.46.36.178 www.google-analytics.com.
Hosts: 64.46.36.178 ad-emea.doubleclick.net.
Hosts: 64.46.36.178 www.statcounter.com.
Hosts: 64.27.10.42 www.google-analytics.com.
Hosts: 64.27.10.42 ad-emea.doubleclick.net.
Hosts: 64.27.10.42 www.statcounter.com.
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4) MUI
Aeria Ignite
AI Manager
Akamai NetSession Interface
AMD USB Filter Driver
Apple Application Support
Apple Software Update
ASUS Backup Wizard
ASUSUpdate
AsusVibe2.0
Best Buy pc app
Best Buy pc app - 1 
Bing Bar
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon MP Navigator EX 4.1
Canon MX420 series User Registration
Canon My Printer
Canon Solution Menu EX
Canon Speed Dial Utility
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco WebEx Meetings
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX de Windows Live Mesh para conexiones remotas
D3DX10
EPU-4 Engine
eReg
Galerie de photos Windows Live
Galería fotográfica de Windows Live
Google Chrome
Google Update Helper
GoToMeeting 5.3.0.977
iSEEK AnswerWorks English Runtime
Java Auto Updater
Java(TM) 7 Update 5
JavaFX 2.1.1
Junk Mail filter update
Mesh Runtime
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 15.0 (x86 en-US)
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Platform
Quicken 2012
QuickTime
Ralink RT2860 Wireless LAN Card
Realtek Ethernet Controller Driver
Safari
Secunia PSI (2.0.0.4003)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition 
Shaiya
SpywareBlaster 4.5
SpywareGuard v2.2
thinkorswim
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VIA Platform Device Manager
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
.
==== Event Viewer Messages From Past Week ========
.
9/17/2012 6:58:32 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
9/17/2012 6:58:32 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
9/15/2012 9:03:33 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Owner-PC\Owner SID (S-1-5-21-439902947-1435898956-2378105468-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
9/13/2012 3:19:50 AM, Error: Service Control Manager [7023] - The iPod Service service terminated with the following error: %%-2147417831
9/12/2012 3:14:52 PM, Error: Schannel [36887] - The following fatal alert was received: 80.
9/11/2012 10:47:55 PM, Error: volsnap [14] - The shadow copies of volume F: were aborted because of an IO failure on volume F:.
.
==== End Of File ===========================


----------



## kevinf80 (Mar 21, 2006)

Hello Tedejc and welcome to TSG,

I'm kevinf80 and I will be helping with any malware issues you may have with your system.


 Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
 Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
 Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
 Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin. Go *Here* and follow the instructions specific for your operating system.

Please proceed as follows :-

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

*Combofix*


 Ensure that Combofix is saved directly to the Desktop * <--- Very important*

 Disable all security programs as they will have a negative effect on Combofix, instructions available *Here* if required. Be aware the list may not have all programs listed, if you need more help please ask.

 Close any open browsers and any other programs you might have running

 Double click the







icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)

 Instructions for running Combofix available *Here* if required.

 If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.

 When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

*******Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze* ******

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read *Here* why disabling autoruns is recommended.

*EXTRA NOTES*

 If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
 *If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal*
 If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin


----------



## Tedejc (Jan 3, 2006)

Excellent, I just got home and starting this now.


----------



## Tedejc (Jan 3, 2006)

*OK, this is what it came up with:*

ComboFix 12-09-18.06 - Owner 09/18/2012 18:45:15.7.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2812 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-08-18 to 2012-09-18 )))))))))))))))))))))))))))))))
.
.
2012-09-18 22:49 . 2012-09-18 22:49	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-09-18 22:49 . 2012-09-18 22:49	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-09-18 22:49 . 2012-09-18 22:49	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-09-17 23:00 . 2012-08-28 05:49	9310152	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EB651541-9D3B-4DA4-9695-58346E09EDA9}\mpengine.dll
2012-09-16 22:35 . 2012-08-28 05:49	9310152	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-16 12:53 . 2012-09-16 12:53	--------	d-----w-	c:\program files (x86)\Aeria Games
2012-09-15 23:59 . 2012-09-16 00:01	--------	d-----w-	c:\windows\system32\drivers\etc\New folder
2012-09-12 10:33 . 2012-08-22 18:12	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-09-12 10:33 . 2012-07-04 20:26	41472	----a-w-	c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 10:33 . 2012-08-02 17:58	574464	----a-w-	c:\windows\system32\d3d10level9.dll
2012-09-12 10:33 . 2012-08-02 16:57	490496	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2012-09-12 10:33 . 2012-08-22 18:12	1913200	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-09-12 10:33 . 2012-08-22 18:12	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-09-12 10:33 . 2012-08-22 18:12	288624	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-11 03:36 . 2012-02-09 18:17	927800	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E864A501-7536-4551-B6A0-79E236ED4E0A}\gapaengine.dll
2012-09-11 03:33 . 2012-09-11 03:33	--------	d-----w-	c:\program files (x86)\Microsoft Security Client
2012-09-11 03:33 . 2012-09-11 03:33	--------	d-----w-	c:\program files\Microsoft Security Client
2012-09-11 02:12 . 2012-09-11 02:12	--------	d-sh--w-	c:\windows\system32\%APPDATA%
2012-09-11 02:07 . 2012-09-11 02:07	--------	d-----w-	c:\users\Owner\AppData\Local\{6F74C42F-FBB5-11E1-8270-B8AC6F996F26}
2012-09-10 01:22 . 2012-09-10 01:22	289768	----a-w-	c:\windows\system32\javaws.exe
2012-09-10 01:22 . 2012-09-10 01:22	916456	----a-w-	c:\windows\system32\deployJava1.dll
2012-09-10 01:22 . 2012-09-10 01:22	1034216	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-09-10 01:22 . 2012-09-10 01:22	108008	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2012-09-10 01:22 . 2012-09-10 01:22	189416	----a-w-	c:\windows\system32\javaw.exe
2012-09-10 01:22 . 2012-09-10 01:22	188904	----a-w-	c:\windows\system32\java.exe
2012-09-10 01:22 . 2012-09-10 01:22	--------	d-----w-	c:\program files\Java
2012-09-10 01:20 . 2012-09-10 01:20	--------	d-----w-	c:\programdata\McAfee Security Scan
2012-09-10 01:20 . 2012-09-10 01:20	--------	d-----w-	c:\program files (x86)\McAfee Security Scan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-13 07:00 . 2011-10-11 01:19	64462936	----a-w-	c:\windows\system32\MRT.exe
2012-09-10 01:20 . 2012-04-12 11:41	696520	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-10 01:20 . 2011-10-08 02:08	73416	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-18 18:15 . 2012-08-14 22:03	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-07-06 02:06 . 2012-07-18 01:42	772544	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-07-04 22:16 . 2012-08-14 22:03	73216	----a-w-	c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-14 22:03	59392	----a-w-	c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-14 22:03	136704	----a-w-	c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-14 22:03	41984	----a-w-	c:\windows\SysWow64\browcli.dll
2012-06-29 04:55 . 2012-08-15 07:03	17809920	----a-w-	c:\windows\system32\mshtml.dll
2012-06-29 04:09 . 2012-08-15 07:03	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-06-29 03:56 . 2012-08-15 07:03	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-06-29 03:49 . 2012-08-15 07:03	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-06-29 03:49 . 2012-08-15 07:03	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-06-29 03:48 . 2012-08-15 07:03	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-06-29 03:47 . 2012-08-15 07:03	237056	----a-w-	c:\windows\system32\url.dll
2012-06-29 03:45 . 2012-08-15 07:03	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-06-29 03:44 . 2012-08-15 07:03	816640	----a-w-	c:\windows\system32\jscript.dll
2012-06-29 03:43 . 2012-08-15 07:03	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-06-29 03:42 . 2012-08-15 07:03	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-06-29 03:40 . 2012-08-15 07:03	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-06-29 03:39 . 2012-08-15 07:03	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-06-29 03:35 . 2012-08-15 07:03	248320	----a-w-	c:\windows\system32\ieui.dll
2012-06-29 00:16 . 2012-08-15 07:03	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-06-29 00:09 . 2012-08-15 07:03	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-06-29 00:08 . 2012-08-15 07:03	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04 . 2012-08-15 07:03	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00 . 2012-08-15 07:03	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-06-25 20:04 . 2012-06-25 20:04	1394248	----a-w-	c:\windows\SysWow64\msxml4.dll
.
.
((((((((((((((((((((((((((((( [email protected]_02.52.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-09-15 01:08	45522 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-18 22:34	44384 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-05 17:44 . 2012-09-18 22:34	11476 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-439902947-1435898956-2378105468-1000_UserData.bin
+ 2009-07-14 05:30 . 2012-09-13 07:18	86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2012-08-22 20:40	86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 00:09 . 2009-07-14 00:09	19968 c:\windows\system32\DriverStore\FileRepository\netrndis.inf_amd64_neutral_0b46e86f0f566f5a\usb8023x.sys
+ 2009-07-14 00:09 . 2009-07-14 00:09	19968 c:\windows\system32\DriverStore\FileRepository\netrndis.inf_amd64_neutral_0b46e86f0f566f5a\usb80236.sys
+ 2012-09-12 10:33 . 2012-07-04 20:26	41472 c:\windows\system32\DriverStore\FileRepository\netrndis.inf_amd64_neutral_0b46e86f0f566f5a\rndismpx.sys
+ 2012-09-12 10:33 . 2012-07-04 20:26	35840 c:\windows\system32\DriverStore\FileRepository\netrndis.inf_amd64_neutral_0b46e86f0f566f5a\rndismp6.sys
+ 2011-10-05 17:29 . 2012-09-18 22:41	98304 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-05 17:29 . 2012-09-11 02:42	98304 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:46 . 2012-09-10 01:21	95984 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46 . 2012-09-15 23:10	95984 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-09-15 17:55 . 2012-09-15 17:55	25600 c:\windows\Installer\3a01177.msi
+ 2012-09-16 12:53 . 2012-09-16 12:53	34494 c:\windows\Installer\{815928D4-B230-40C7-AEEF-FCC3DC4B3C59}\application.exe
+ 2011-11-09 08:16 . 2012-09-12 01:41	5746 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-09-11 02:51 . 2012-09-11 02:51	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-18 22:50 . 2012-09-18 22:50	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-18 22:50 . 2012-09-18 22:50	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-09-11 02:51 . 2012-09-11 02:51	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-09-11 02:51	311296 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-09-18 22:32	311296 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-05 22:50 . 2012-09-18 09:34	376510 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2012-07-25 20:28	637702 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-09-18 22:36	637702 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-09-18 22:36	111318 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-25 20:28	111318 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:30 . 2012-09-13 07:18	143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-08-22 20:40	143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-09-13 07:18	143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2012-08-15 07:20	143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:31 . 2012-09-13 07:18	399360 c:\windows\system32\DriverStore\drvindex.dat
- 2009-07-14 05:31 . 2012-08-15 07:20	399360 c:\windows\system32\DriverStore\drvindex.dat
- 2009-07-14 04:54 . 2012-09-11 02:42	655360 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-18 22:41	655360 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:01 . 2012-09-18 22:49	275836 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-09-11 02:50	275836 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-04-27 07:01 . 2012-06-13 00:53	109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\SCEP.exe
+ 2012-04-27 07:01 . 2012-09-11 03:33	109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\SCEP.exe
- 2012-06-13 00:53 . 2012-06-13 00:53	123352 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\MSE.exe
+ 2012-09-11 03:33 . 2012-09-11 03:33	123352 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\MSE.exe
+ 2012-04-27 07:01 . 2012-09-11 03:33	109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\INTUNE.exe
- 2012-04-27 07:01 . 2012-06-13 00:53	109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\INTUNE.exe
- 2012-04-27 07:01 . 2012-06-13 00:53	109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\FEP.exe
+ 2012-04-27 07:01 . 2012-09-11 03:33	109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\FEP.exe
- 2012-04-27 07:01 . 2012-06-13 00:53	109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\EPP.exe
+ 2012-04-27 07:01 . 2012-09-11 03:33	109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\EPP.exe
- 2009-07-14 04:54 . 2012-09-11 02:51	3866624 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-18 22:32	3866624 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-10-05 17:29 . 2012-09-18 22:41	2326528 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-10-05 17:29 . 2012-09-11 02:42	2326528 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:45 . 2012-08-15 07:24	7188300 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-09-13 07:21	7188300 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-10-05 17:41 . 2012-09-18 09:53	4905455 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-439902947-1435898956-2378105468-1000-4096.dat
+ 2011-10-07 07:30 . 2012-09-18 22:49	4386292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-439902947-1435898956-2378105468-1000-12288.dat
+ 2012-09-10 18:08 . 2012-09-10 18:08	1945600 c:\windows\Installer\2bd82aa.msi
+ 2012-03-26 23:21 . 2012-03-26 23:21	7622656 c:\windows\Installer\1bc55.msi
+ 2009-07-14 04:54 . 2012-09-18 22:32	16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-11 02:51	16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 02:34 . 2012-08-15 07:21	10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-09-13 07:18	10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-10-05 17:41 . 2012-09-18 09:53	11322515 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-439902947-1435898956-2378105468-1000-8192.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Akamai NetSession Interface"="c:\users\Owner\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 98304]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-10-22 2489456]
"RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-12-23 232064]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Aeria Ignite"="c:\program files (x86)\Aeria Games\Ignite\aeriaignite.exe" [2012-09-10 1411224]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-21 548528]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-2-25 15776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-14 116648]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-10 250568]
R3 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [2009-11-10 234040]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-02-10 6368256]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-02-10 188416]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-14 116648]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-12 114144]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-05-20 702976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-07 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-10 202752]
S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-12-23 203392]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-05-10 174184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-10-01 1349232]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 01:20]
.
2012-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-14 01:42]
.
2012-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-14 01:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: blizzard.com\us
Trusted Zone: thinkorswim.com\www
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\6cetgoy6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-SpywareBlaster_is1 - f:\spywareblaster\unins000.exe
AddRemove-SpywareGuard_is1 - f:\spywareguard\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
.
**************************************************************************
.
Completion time: 2012-09-18 18:53:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-18 22:53
ComboFix2.txt 2012-09-11 03:28
ComboFix3.txt 2012-09-11 03:15
ComboFix4.txt 2012-09-11 02:55
ComboFix5.txt 2012-09-18 22:43
.
Pre-Run: 939,577,978,880 bytes free
Post-Run: 939,109,490,688 bytes free
.
- - End Of File - - 2CDAC2920BBAFB3F0E4924344A82CADF


----------



## Tedejc (Jan 3, 2006)

Nice, just restarted, ran an HJT log and all the host files are gone. Q- was it supposed to get rid of all the host files? no pop-ups, running better,


----------



## kevinf80 (Mar 21, 2006)

You appeared to have ran Combofix on more than one occasion, can you Navigate C:\Qoobox\Combofix5.txt and post that log please.

Also run this:

*Run ESET Online Scan*

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
*ESET OnlineScan*
Click the







button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on







to download the ESET Smart Installer. *Save* it to your desktop.
Double click on the







icon on your desktop.

Check








Click the







button.
Accept any security warnings from your browser.
Check








*Leave the tick out of remove found threats*
Push the *Start* button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push








Push







, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the







button.
Push








You can refer to *this animation* by *neomage* if needed.
Frequently asked questions available *Here* *Please read them before running the scan.*

*Also be aware this scan can take several hours to complete depending on the size of your system.*

ESET log can be found here *"C:\Program Files\ESET\EsetOnlineScanner\log.txt".*

Yes to your question regarding Hosts

Kevin


----------



## Tedejc (Jan 3, 2006)

it seems to get stuck at 99% for hours.


----------



## Tedejc (Jan 3, 2006)

*Wow, finally. Should I have uninstalled Combo before running ESET?*

ComboFix 12-06-12.03 - Owner 06/12/2012 21:40:03.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2818 [GMT -4:00]
Running from: c:\users\Owner\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-13 to 2012-06-13 )))))))))))))))))))))))))))))))
.
.
2012-06-13 01:43 . 2012-06-13 01:43	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-06-13 01:43 . 2012-06-13 01:43	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-13 00:55 . 2012-06-13 00:55	927800	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{75E20776-07D8-4628-8C83-059D2B50E8E1}\gapaengine.dll
2012-06-13 00:55 . 2012-05-08 14:02	8955792	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0F20FF65-33A5-4C91-B566-C99528FF15CA}\mpengine.dll
2012-06-13 00:53 . 2012-06-13 00:53	--------	d-----w-	c:\program files (x86)\Microsoft Security Client
2012-06-13 00:53 . 2012-06-13 00:53	--------	d-----w-	c:\program files\Microsoft Security Client
2012-06-06 04:11 . 2012-06-06 04:11	--------	d-sh--w-	c:\windows\SysWow64\%APPDATA%
2012-05-17 02:22 . 2012-05-17 02:23	--------	d-----w-	c:\program files (x86)\Safari
2012-05-17 02:22 . 2012-05-17 02:22	--------	d-----w-	c:\users\Owner\AppData\Local\Apple Computer
2012-05-17 02:22 . 2009-05-18 17:17	34152	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2012-05-17 02:22 . 2008-04-17 16:12	126312	----a-w-	c:\windows\system32\GEARAspi64.dll
2012-05-17 02:22 . 2008-04-17 16:12	107368	----a-w-	c:\windows\SysWow64\GEARAspi.dll
2012-05-17 02:21 . 2012-05-17 02:21	--------	d-----w-	c:\program files\iPod
2012-05-17 02:21 . 2012-05-17 02:22	--------	d-----w-	c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-05-17 02:21 . 2012-05-17 02:21	--------	d-----w-	c:\program files\iTunes
2012-05-17 02:21 . 2012-05-17 02:21	--------	d-----w-	c:\program files (x86)\iTunes
2012-05-17 02:19 . 2012-05-17 02:21	--------	d-----w-	c:\programdata\Apple Computer
2012-05-17 02:19 . 2012-05-17 02:20	--------	d-----w-	c:\program files (x86)\QuickTime
2012-05-17 02:19 . 2012-05-17 02:21	--------	d-----w-	c:\program files\Common Files\Apple
2012-05-17 02:18 . 2012-05-17 02:18	--------	d-----w-	c:\program files\Bonjour
2012-05-17 02:18 . 2012-05-17 02:18	--------	d-----w-	c:\program files (x86)\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 22:42 . 2012-04-12 11:41	419488	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-04 22:42 . 2011-10-08 02:08	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 22:42 . 2012-04-12 21:35	8744608	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-19 00:56 . 2012-04-19 00:56	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
2012-03-31 06:05 . 2012-05-11 18:58	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-11 18:58	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-11 18:58	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10 . 2012-05-11 18:58	3146240	----a-w-	c:\windows\system32\win32k.sys
2012-03-30 11:35 . 2012-05-11 18:58	1918320	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-03-21 00:44 . 2012-03-21 00:44	98688	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 00:44 . 2012-03-21 00:44	203888	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2012-03-17 07:58 . 2012-05-11 18:58	75120	----a-w-	c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((( [email protected]_00.07.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-06-13 01:34	41704 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-13 01:34	44208 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-05 17:29 . 2012-06-13 00:52	16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-05 17:29 . 2012-06-12 23:40	16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-05 17:29 . 2012-06-12 23:40	32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-10-05 17:29 . 2012-06-13 00:52	32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-12 23:40	16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-13 00:52	16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-05 17:44 . 2012-06-13 01:34	9816 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-439902947-1435898956-2378105468-1000_UserData.bin
- 2012-06-13 00:07 . 2012-06-13 00:07	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-13 01:44 . 2012-06-13 01:44	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-06-13 01:36	637702 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-13 01:36	111318 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-06-13 00:06	275068 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-13 01:44	275068 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-04-27 07:01 . 2012-04-27 07:01	109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\SCEP.exe
+ 2012-04-27 07:01 . 2012-06-13 00:53	109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\SCEP.exe
+ 2012-06-13 00:53 . 2012-06-13 00:53	123352 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\MSE.exe
- 2012-04-27 07:01 . 2012-04-27 07:01	109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\INTUNE.exe
+ 2012-04-27 07:01 . 2012-06-13 00:53	109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\INTUNE.exe
- 2012-04-27 07:01 . 2012-04-27 07:01	109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\FEP.exe
+ 2012-04-27 07:01 . 2012-06-13 00:53	109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\FEP.exe
- 2012-04-27 07:01 . 2012-04-27 07:01	109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\EPP.exe
+ 2012-04-27 07:01 . 2012-06-13 00:53	109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\EPP.exe
+ 2012-03-26 23:21 . 2012-03-26 23:21	7622656 c:\windows\Installer\50227.msi
+ 2011-10-05 17:41 . 2012-06-13 01:44	20090980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-439902947-1435898956-2378105468-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 98304]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-10-22 2489456]
"RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-12-23 232064]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SpywareGuard.lnk - f:\spywareguard\sgmain.exe [2003-8-29 360448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-21 548528]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-2-25 15776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
R3 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [x]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-12-23 203392]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 22:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: blizzard.com\us
Trusted Zone: thinkorswim.com\www
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\6cetgoy6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
.
**************************************************************************
.
Completion time: 2012-06-12 21:47:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-13 01:47
ComboFix2.txt 2012-06-13 00:46
ComboFix3.txt 2012-06-13 00:10
.
Pre-Run: 946,268,975,104 bytes free
Post-Run: 946,037,272,576 bytes free
.
- - End Of File - - 36E0B8103B1CE70DD4A61BF92A12BE97
ComboFix 12-09-10.04 - Owner 09/10/2012 22:46:05.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2461 [GMT -4:00]
Running from: c:\users\Owner\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\$recycle.bin\S-1-5-18\$85ee58701a9f6932c3ce887557e65d78\@
c:\$recycle.bin\S-1-5-18\$85ee58701a9f6932c3ce887557e65d78\n
c:\$recycle.bin\S-1-5-21-439902947-1435898956-2378105468-1000\$85ee58701a9f6932c3ce887557e65d78\n
c:\programdata\0C1D173D00547533199543F3F875F002
c:\programdata\0C1D173D00547533199543F3F875F002\0C1D173D00547533199543F3F875F002
c:\programdata\0C1D173D00547533199543F3F875F002\0C1D173D00547533199543F3F875F002.exe
c:\programdata\0C1D173D00547533199543F3F875F002\0C1D173D00547533199543F3F875F002.ico
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk
c:\users\Owner\AppData\Roaming\msctl.dll
c:\users\Owner\AppData\Roaming\spmpi.dll
c:\users\Owner\g2mdlhlpx.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-11 to 2012-09-11 )))))))))))))))))))))))))))))))
.
.
2012-09-11 02:50 . 2012-09-11 02:50	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-09-11 02:50 . 2012-09-11 02:50	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-09-11 02:50 . 2012-09-11 02:50	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-09-11 02:12 . 2012-09-11 02:12	--------	d-sh--w-	c:\windows\system32\%APPDATA%
2012-09-11 02:07 . 2012-09-11 02:07	--------	d-----w-	c:\users\Owner\AppData\Local\{6F74C42F-FBB5-11E1-8270-B8AC6F996F26}
2012-09-10 03:57 . 2012-08-23 08:26	9310152	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1C648CF-369B-429B-942E-31385E3B9989}\mpengine.dll
2012-09-10 01:22 . 2012-09-10 01:22	289768	----a-w-	c:\windows\system32\javaws.exe
2012-09-10 01:22 . 2012-09-10 01:22	916456	----a-w-	c:\windows\system32\deployJava1.dll
2012-09-10 01:22 . 2012-09-10 01:22	1034216	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-09-10 01:22 . 2012-09-10 01:22	108008	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2012-09-10 01:22 . 2012-09-10 01:22	189416	----a-w-	c:\windows\system32\javaw.exe
2012-09-10 01:22 . 2012-09-10 01:22	188904	----a-w-	c:\windows\system32\java.exe
2012-09-10 01:22 . 2012-09-10 01:22	--------	d-----w-	c:\program files\Java
2012-09-10 01:20 . 2012-09-10 01:20	--------	d-----w-	c:\programdata\McAfee Security Scan
2012-09-10 01:20 . 2012-09-10 01:20	--------	d-----w-	c:\program files (x86)\McAfee Security Scan
2012-09-09 03:57 . 2012-08-23 08:26	9310152	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-05 00:33 . 2012-09-05 00:33	73696	----a-w-	c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-15 03:09 . 2012-08-15 03:09	--------	d-----w-	c:\users\Owner\AppData\Local\Windows Live Writer
2012-08-15 03:09 . 2012-08-15 03:09	--------	d-----w-	c:\users\Owner\AppData\Roaming\Windows Live Writer
2012-08-14 23:07 . 2012-02-11 06:43	751104	----a-w-	c:\windows\system32\win32spl.dll
2012-08-14 23:07 . 2012-02-11 06:36	559104	----a-w-	c:\windows\system32\spoolsv.exe
2012-08-14 23:07 . 2012-02-11 06:36	67072	----a-w-	c:\windows\splwow64.exe
2012-08-14 23:07 . 2012-02-11 05:43	492032	----a-w-	c:\windows\SysWow64\win32spl.dll
2012-08-14 22:03 . 2012-05-05 08:36	503808	----a-w-	c:\windows\system32\srcore.dll
2012-08-14 22:03 . 2012-07-18 18:15	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-08-14 22:03 . 2012-05-05 07:46	43008	----a-w-	c:\windows\SysWow64\srclient.dll
2012-08-14 22:03 . 2012-07-04 22:16	73216	----a-w-	c:\windows\system32\netapi32.dll
2012-08-14 22:03 . 2012-07-04 22:13	59392	----a-w-	c:\windows\system32\browcli.dll
2012-08-14 22:03 . 2012-07-04 22:13	136704	----a-w-	c:\windows\system32\browser.dll
2012-08-14 22:03 . 2012-07-04 21:14	41984	----a-w-	c:\windows\SysWow64\browcli.dll
2012-08-14 22:03 . 2012-05-14 05:26	956928	----a-w-	c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-10 01:20 . 2012-04-12 11:41	696520	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-10 01:20 . 2011-10-08 02:08	73416	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 07:00 . 2011-10-11 01:19	62134624	----a-w-	c:\windows\system32\MRT.exe
2012-07-06 02:06 . 2012-07-18 01:42	772544	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-06-25 20:04 . 2012-06-25 20:04	1394248	----a-w-	c:\windows\SysWow64\msxml4.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Akamai NetSession Interface"="c:\users\Owner\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 98304]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-10-22 2489456]
"RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-12-23 232064]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Aeria Ignite"="c:\program files (x86)\Aeria Games\Ignite\aeriaignite.exe" [2012-07-20 1403032]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SpywareGuard.lnk - f:\spywareguard\sgmain.exe [2003-8-29 360448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-21 548528]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-2-25 15776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-14 116648]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-10 250568]
R3 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [2009-11-10 234040]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-02-10 6368256]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-02-10 188416]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-14 116648]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-05 114144]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-05-20 702976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-07 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-10 202752]
S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-12-23 203392]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-05-10 174184]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-10-01 1349232]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 01:20]
.
2012-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-14 01:42]
.
2012-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-14 01:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: blizzard.com\us
Trusted Zone: thinkorswim.com\www
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\6cetgoy6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-spmpi - c:\users\Owner\AppData\Roaming\spmpi.dll
Wow6432Node-HKCU-Run-msctl - c:\users\Owner\AppData\Roaming\msctl.dll
SafeBoot-MsMpSvc
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
.
**************************************************************************
.
Completion time: 2012-09-10 22:55:23 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-11 02:55
ComboFix2.txt 2012-06-13 01:47
.
Pre-Run: 938,933,858,304 bytes free
Post-Run: 938,874,765,312 bytes free
.
- - End Of File - - AE08A6DE64D8AF5E4B6C09462D122956
ComboFix 12-09-10.04 - Owner 09/10/2012 23:07:08.5.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2838 [GMT -4:00]
Running from: c:\users\Owner\Desktop\username123.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-11 to 2012-09-11 )))))))))))))))))))))))))))))))
.
.
2012-09-11 03:11 . 2012-09-11 03:11	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-09-11 03:11 . 2012-09-11 03:11	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-09-11 03:11 . 2012-09-11 03:11	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-09-11 02:12 . 2012-09-11 02:12	--------	d-sh--w-	c:\windows\system32\%APPDATA%
2012-09-11 02:07 . 2012-09-11 02:07	--------	d-----w-	c:\users\Owner\AppData\Local\{6F74C42F-FBB5-11E1-8270-B8AC6F996F26}
2012-09-10 03:57 . 2012-08-23 08:26	9310152	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1C648CF-369B-429B-942E-31385E3B9989}\mpengine.dll
2012-09-10 01:22 . 2012-09-10 01:22	289768	----a-w-	c:\windows\system32\javaws.exe
2012-09-10 01:22 . 2012-09-10 01:22	916456	----a-w-	c:\windows\system32\deployJava1.dll
2012-09-10 01:22 . 2012-09-10 01:22	1034216	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-09-10 01:22 . 2012-09-10 01:22	108008	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2012-09-10 01:22 . 2012-09-10 01:22	189416	----a-w-	c:\windows\system32\javaw.exe
2012-09-10 01:22 . 2012-09-10 01:22	188904	----a-w-	c:\windows\system32\java.exe
2012-09-10 01:22 . 2012-09-10 01:22	--------	d-----w-	c:\program files\Java
2012-09-10 01:20 . 2012-09-10 01:20	--------	d-----w-	c:\programdata\McAfee Security Scan
2012-09-10 01:20 . 2012-09-10 01:20	--------	d-----w-	c:\program files (x86)\McAfee Security Scan
2012-09-09 03:57 . 2012-08-23 08:26	9310152	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-05 00:33 . 2012-09-05 00:33	73696	----a-w-	c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-15 03:09 . 2012-08-15 03:09	--------	d-----w-	c:\users\Owner\AppData\Local\Windows Live Writer
2012-08-15 03:09 . 2012-08-15 03:09	--------	d-----w-	c:\users\Owner\AppData\Roaming\Windows Live Writer
2012-08-14 23:07 . 2012-02-11 06:43	751104	----a-w-	c:\windows\system32\win32spl.dll
2012-08-14 23:07 . 2012-02-11 06:36	559104	----a-w-	c:\windows\system32\spoolsv.exe
2012-08-14 23:07 . 2012-02-11 06:36	67072	----a-w-	c:\windows\splwow64.exe
2012-08-14 23:07 . 2012-02-11 05:43	492032	----a-w-	c:\windows\SysWow64\win32spl.dll
2012-08-14 22:03 . 2012-05-05 08:36	503808	----a-w-	c:\windows\system32\srcore.dll
2012-08-14 22:03 . 2012-07-18 18:15	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-08-14 22:03 . 2012-05-05 07:46	43008	----a-w-	c:\windows\SysWow64\srclient.dll
2012-08-14 22:03 . 2012-07-04 22:16	73216	----a-w-	c:\windows\system32\netapi32.dll
2012-08-14 22:03 . 2012-07-04 22:13	59392	----a-w-	c:\windows\system32\browcli.dll
2012-08-14 22:03 . 2012-07-04 22:13	136704	----a-w-	c:\windows\system32\browser.dll
2012-08-14 22:03 . 2012-07-04 21:14	41984	----a-w-	c:\windows\SysWow64\browcli.dll
2012-08-14 22:03 . 2012-05-14 05:26	956928	----a-w-	c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-10 01:20 . 2012-04-12 11:41	696520	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-10 01:20 . 2011-10-08 02:08	73416	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 07:00 . 2011-10-11 01:19	62134624	----a-w-	c:\windows\system32\MRT.exe
2012-07-06 02:06 . 2012-07-18 01:42	772544	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-06-25 20:04 . 2012-06-25 20:04	1394248	----a-w-	c:\windows\SysWow64\msxml4.dll
.
.
((((((((((((((((((((((((((((( [email protected]_02.52.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-09-11 02:59	44898 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-11 02:59	44368 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-05 17:44 . 2012-09-11 02:59	10950 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-439902947-1435898956-2378105468-1000_UserData.bin
+ 2011-10-05 17:29 . 2012-09-11 03:00	98304 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-05 17:29 . 2012-09-11 02:42	98304 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-09-11 03:12 . 2012-09-11 03:12	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-11 02:51 . 2012-09-11 02:51	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-11 02:51 . 2012-09-11 02:51	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-09-11 03:12 . 2012-09-11 03:12	2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-09-11 02:51	311296 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-09-11 03:12	311296 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-09-11 03:00	655360 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-11 02:42	655360 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:01 . 2012-09-11 03:11	275836 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-09-11 02:50	275836 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-09-11 02:51	3866624 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-11 03:12	3866624 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-10-05 17:29 . 2012-09-11 02:42	2326528 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-10-05 17:29 . 2012-09-11 03:00	2326528 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-11 03:12	16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-11 02:51	16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-10-05 17:41 . 2012-09-11 02:51	66938976 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-439902947-1435898956-2378105468-1000-8192.dat
+ 2011-10-05 17:41 . 2012-09-11 03:11	66938976 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-439902947-1435898956-2378105468-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Akamai NetSession Interface"="c:\users\Owner\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 98304]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-10-22 2489456]
"RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-12-23 232064]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Aeria Ignite"="c:\program files (x86)\Aeria Games\Ignite\aeriaignite.exe" [2012-07-20 1403032]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SpywareGuard.lnk - f:\spywareguard\sgmain.exe [2003-8-29 360448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-21 548528]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-2-25 15776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-14 116648]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-10 250568]
R3 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [2009-11-10 234040]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-02-10 6368256]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-02-10 188416]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-14 116648]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-05 114144]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-05-20 702976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-07 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-10 202752]
S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-12-23 203392]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-05-10 174184]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-10-01 1349232]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 01:20]
.
2012-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-14 01:42]
.
2012-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-14 01:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: blizzard.com\us
Trusted Zone: thinkorswim.com\www
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\6cetgoy6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
.
**************************************************************************
.
Completion time: 2012-09-10 23:15:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-11 03:15
ComboFix2.txt 2012-09-11 02:55
ComboFix3.txt 2012-06-13 01:47
.
Pre-Run: 938,900,733,952 bytes free
Post-Run: 938,786,717,696 bytes free
.
- - End Of File - - E156336622A16261C87C7627DFA1EAB5


----------



## Tedejc (Jan 3, 2006)

*This is the ESET Scan.*

C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\msctl.dll.vir	a variant of Win32/Medfos.DH trojan
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TZSK75T4\stream[1].htm	HTML/Iframe.B.Gen virus
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\6da4bd6-2187b1e0	multiple threats
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\2c186160-67bd2775	a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\2a742768-1a513ccd	a variant of Java/TrojanDownloader.Agent.NDJ trojan
F:\OWNER-PC\Backup Set 2011-11-08 213626\Backup Files 2011-11-27 215040\Backup files 1.zip	a variant of Java/Exploit.Blacole.AI trojan
F:\OWNER-PC\Backup Set 2011-11-08 213626\Backup Files 2011-12-18 212301\Backup files 1.zip	a variant of Java/Exploit.Blacole.AI trojan
F:\OWNER-PC\Backup Set 2011-12-26 093125\Backup Files 2012-01-23 065940\Backup files 1.zip	a variant of Java/TrojanDownloader.Agent.NDJ trojan
F:\OWNER-PC\Backup Set 2012-02-19 190000\Backup Files 2012-02-19 190000\Backup files 2.zip	a variant of Java/TrojanDownloader.Agent.NDJ trojan
F:\OWNER-PC\Backup Set 2012-04-09 062653\Backup Files 2012-05-07 072309\Backup files 1.zip	a variant of Java/TrojanDownloader.Agent.NDJ trojan
F:\OWNER-PC\Backup Set 2012-04-09 062653\Backup Files 2012-06-10 210007\Backup files 1.zip	multiple threats
F:\OWNER-PC\Backup Set 2012-06-24 190001\Backup Files 2012-06-24 190001\Backup files 2.zip	multiple threats
F:\OWNER-PC\Backup Set 2012-06-24 190001\Backup Files 2012-07-08 192349\Backup files 1.zip	multiple threats
F:\OWNER-PC\Backup Set 2012-09-02 190001\Backup Files 2012-09-02 190001\Backup files 2.zip	multiple threats


----------



## kevinf80 (Mar 21, 2006)

Hiya Ted,

There is no need to remove Combofix, please leave inplace c/w with Combofix.exe on the Desktop, we will UNinstall when we are sure system is clean. Note that the backups on F:\ drive have been identified as infected, i`ve listed these for removal with OTM.

OK, run the following:

*Step 1*

Please download *OTM by OldTimer*.
*Alternative Mirror 1*
*Alternative Mirror 2* 
Save it to your desktop. 
Double click *OTM.exe* to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion....

*Copy* the text from the code box belowbelow to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):


```
:Files
ipconfig /flushdns /c
c:\windows\system32\%APPDATA%
c:\users\Owner\AppData\Local\{6F74C42F-FBB5-11E1-8270-B8AC6F996F26}
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TZSK75T4\stream[1].htm
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\6da4bd6-2187b1e0
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\2c186160-67bd2775 
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\2a742768-1a513ccd
F:\OWNER-PC\Backup Set 2011-11-08 213626\Backup Files 2011-11-27 215040\Backup files 1.zip
F:\OWNER-PC\Backup Set 2011-11-08 213626\Backup Files 2011-12-18 212301\Backup files 1.zip
F:\OWNER-PC\Backup Set 2011-12-26 093125\Backup Files 2012-01-23 065940\Backup files 1.zip
F:\OWNER-PC\Backup Set 2012-02-19 190000\Backup Files 2012-02-19 190000\Backup files 2.zip
F:\OWNER-PC\Backup Set 2012-04-09 062653\Backup Files 2012-05-07 072309\Backup files 1.zip
F:\OWNER-PC\Backup Set 2012-04-09 062653\Backup Files 2012-06-10 210007\Backup files 1.zip
F:\OWNER-PC\Backup Set 2012-06-24 190001\Backup Files 2012-06-24 190001\Backup files 2.zip
F:\OWNER-PC\Backup Set 2012-06-24 190001\Backup Files 2012-07-08 192349\Backup files 1.zip
F:\OWNER-PC\Backup Set 2012-09-02 190001\Backup Files 2012-09-02 190001\Backup files 2.zip
:Commands
[EmptyTemp]
```

 Return to OTMoveIt3, right click in the *"Paste Instructions for Items to be Moved"* window (under the yellow bar) and choose *Paste*.
Click the red







button.
*Copy* everything in the Results window (under the green bar) to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close *OTM*
*Note:* If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose *Yes.*

If the machine reboots, the Results log can be found here:

*c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log*

Where mmddyyyy_hhmmss is the date of the tool run.

*Step 2*

Please download *AdwCleaner* by Xplode onto your Desktop.


 Please close all open programs and internet browsers.
 Double click on *Adwcleaner.exe* to run the tool.
 Click on Delete.
 Confirm each time with OK.
 Your computer will be rebooted automatically. A text file will open after the restart.
 Please post the content of that logfile in your reply.
 You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Post those two logs, let me know how your system is now responding, also if any issues or concerns remain...

Kevin


----------



## Tedejc (Jan 3, 2006)

_Note pad opened with this after it rebooted. I believe this is the Results Log?_

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache folder moved successfully.
c:\windows\system32\%APPDATA%\Microsoft\Windows folder moved successfully.
c:\windows\system32\%APPDATA%\Microsoft folder moved successfully.
c:\windows\system32\%APPDATA% folder moved successfully.
c:\users\Owner\AppData\Local\{6F74C42F-FBB5-11E1-8270-B8AC6F996F26}\chrome\content folder moved successfully.
c:\users\Owner\AppData\Local\{6F74C42F-FBB5-11E1-8270-B8AC6F996F26}\chrome folder moved successfully.
c:\users\Owner\AppData\Local\{6F74C42F-FBB5-11E1-8270-B8AC6F996F26} folder moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TZSK75T4\stream[1].htm moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\6da4bd6-2187b1e0 moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\2c186160-67bd2775 moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\2a742768-1a513ccd moved successfully.
F:\OWNER-PC\Backup Set 2011-11-08 213626\Backup Files 2011-11-27 215040\Backup files 1.zip moved successfully.
F:\OWNER-PC\Backup Set 2011-11-08 213626\Backup Files 2011-12-18 212301\Backup files 1.zip moved successfully.
F:\OWNER-PC\Backup Set 2011-12-26 093125\Backup Files 2012-01-23 065940\Backup files 1.zip moved successfully.
F:\OWNER-PC\Backup Set 2012-02-19 190000\Backup Files 2012-02-19 190000\Backup files 2.zip moved successfully.
F:\OWNER-PC\Backup Set 2012-04-09 062653\Backup Files 2012-05-07 072309\Backup files 1.zip moved successfully.
F:\OWNER-PC\Backup Set 2012-04-09 062653\Backup Files 2012-06-10 210007\Backup files 1.zip moved successfully.
F:\OWNER-PC\Backup Set 2012-06-24 190001\Backup Files 2012-06-24 190001\Backup files 2.zip moved successfully.
F:\OWNER-PC\Backup Set 2012-06-24 190001\Backup Files 2012-07-08 192349\Backup files 1.zip moved successfully.
F:\OWNER-PC\Backup Set 2012-09-02 190001\Backup Files 2012-09-02 190001\Backup files 2.zip moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 60108 bytes
->Temporary Internet Files folder emptied: 382508967 bytes
->Java cache emptied: 375885 bytes
->FireFox cache emptied: 61261163 bytes
->Google Chrome cache emptied: 45911283 bytes
->Flash cache emptied: 523 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16568 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 283223243 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 752 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 51053964 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 786.00 mb

OTM by OldTimer - Version 3.1.21.0 log created on 09202012_084736

Files moved on Reboot...
C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


----------



## Tedejc (Jan 3, 2006)

_OK, this is theadwcleanwer._

I couldn't get ESET on my desk top. it just ran and produced the results.

Other than that, seems fine. I left my real time protection 'ON' in Microsoft Security. not sure if I should have left that off or not.

# AdwCleaner v2.002 - Logfile created 09/20/2012 at 09:04:18
# Updated 16/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Owner - OWNER-PC
# Boot Mode : Normal
# Running from : C:\Users\Owner\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-21-439902947-1435898956-2378105468-1001\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default 
File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\6cetgoy6.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1321 octets] - [20/09/2012 09:04:18]

########## EOF - C:\AdwCleaner[S1].txt - [1381 octets] ##########


----------



## kevinf80 (Mar 21, 2006)

How is your system responding now, any issues or concerns?


----------



## Tedejc (Jan 3, 2006)

Hi Kevin

It seems OK, but I hardly had much chance to use it since I sent those last logs out. I had to get ready for work. I'll let you know when I get home tonight.


----------



## kevinf80 (Mar 21, 2006)

Hiya Ted,

use your system freely, when you are satisfied all is ok post back and we`ll clean up tools etc... If there are still issues/problems we`ll do more...

Kevin...


----------



## Tedejc (Jan 3, 2006)

*Hi Kevin. no issues, I ran this HJT log and the hosts files are all out. Let me know when you get the chance if it looks good.

Thank you very much for your help.*

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:38:21 PM, on 9/21/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Owner\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Aeria Ignite] "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe"
O4 - HKUS\S-1-5-21-439902947-1435898956-2378105468-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-439902947-1435898956-2378105468-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - S-1-5-21-439902947-1435898956-2378105468-1001 User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'UpdatusUser')
O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.in.honda.com/Rraaapps/RRAAsec/Codebase/RRAAINAX/RYXAINAX_LandscapePrintingActiveX.cab
O16 - DPF: {297DE2B6-509A-4B36-93C5-A65276606900} (RRAAINAX_02.RRAAINAX) - http://www.in.honda.com/rraaapps/rraasec/codebase/RRAAINAX/RraainAX.CAB
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://usergroups.webex.com/client/WBXclient-T27L10NSP28EP2-12243/webex/ieatgpc1.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Device Handle Service - ASUSTeK Computer Inc. - C:\Windows\SysWOW64\AsHookDevice.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12490 bytes


----------



## kevinf80 (Mar 21, 2006)

Hiya Ted,

HJT log looks good, lets clean up...

*Step 1*

Remove Combofix now that we're done with it

Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")









 Please follow the prompts to uninstall Combofix.
 You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
The above procedure will delete the following:

 ComboFix and its associated files and folders.
 VundoFix backups, if present
 The C:_OtMoveIt folder, if present
 Reset the clock settings.
 Hide file extensions, if required.
 Hide System/Hidden files, if required.
 Reset System Restore.

*It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.*

*Step 2*

Remove ESET online scanner:


 Click Start, type *Uninstall a Program* into the Search programs and files box, and then press ENTER.
 Click to select *ESET Online Scanner* from the listing of installed products, and then click Uninstall/Change from the bar that displays the available tasks. Uninstall *ESETonline Scanner*, only re-boot if prompted.

*Step 3*

Uninstall adwcleaner.exe

 Please close all open programs and internet browsers.
 Double click on adwcleaner.exe to run the tool.
 Click on *Uninstall*
 Click *Yes* at *Would you like to Uninstall Adwcleaner*

*Step 4*


Download *OTC* by OldTimer and save it to your *desktop.* *Alternative mirror*
Double click







icon to start the program. 
If you are using Vista or Windows 7 accept UAC
Then Click the big







button.
You will get a prompt saying "_Begining Cleanup Process_". Please select *Yes*.
Restart your computer when prompted.
This will remove tools we have used and itself.

*Any tools/logs remaining on the Desktop can be deleted.*

*Step 5*

Go here http://www.filehippo.com/updatechecker/ run the FileHippo Update Checker, update all applications as suggested by the Update Checker. Ignore any *Beta* updates.
*If Java or Adobe are updated please check under Start > Control Panel > Uninstall a Program, ensure any old versions are removed. <--- Very Important*

*Step 6*

Download







TFC to your desktop, from either of the following links
*Link 1*
*Link 2*

 Save any open work. TFC will close all open application windows.
 Double-click TFC.exe to run the program. Vista or Windows 7 users accept the UAC alert.
 If prompted, click "Yes" to reboot.
TFC will automatically close any open programs, *including your Desktop*. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not *Re-boot it yourself to complete cleaning process* *<---- Very Important *

Keep TFC it is an excellent, run weekly utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. *Always remember to re-boot after a run, even if not prompted*

Let me know if those steps complete OK, also if any remaining issues or concerns....

Thanks,

Kevin..


----------



## Tedejc (Jan 3, 2006)

OK, finished the last step. Q- When I did step #5 the filehippo, it has installed an Optimizer pro, that has run and is telling me I have over 8K items slowing down my computer. Now it's down to 1810 items after the TFC, Should I register for this? Should I now uninstall filehippo?


----------



## kevinf80 (Mar 21, 2006)

Which optimizer are you referring to? I`ve not seen the update checker do that before. Personally i`d UNinstall the optimizer or whatever it is.
Its your choice with File Hippo Update Checker, it has the facility to start with windows at boot, best to untick that version in settings, then you can just run the program manually as required.

If all is OK here are some tips to reduce the potential for malware infection in the future:

*Make proper use of your antivirus and firewall*

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

You should keep your antivirus and firewall guard enabled at all times, *NEVER* turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Install and use *WinPatrol* This will inform you of any attempted unauthorized changes to your system.

WinPatrol features explained *Here*

*Use a safer web browser*

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

*Firefox*,

*Opera*, and

*Chrome*.

All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial *HERE* which will help you to make IE *MUCH* safer.

These *browser add-ons* will help to make your browser safer:

*Web of Trust* warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

Available for *Firefox* and *Internet Explorer*.

*Green* to go, 
*Yellow* for caution, and 
*Red* to stop.

Available for *Firefox* only. *NoScript* helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

These are just a couple of the most popular add-ons, if you're interested in more, take a look at *THIS* article.

Here a couple of links by two security experts that will give some excellent tips and advice.

*So how did I get infected in the first place by Tony Klein*

*How to prevent Malware by Miekiemoes*

Finally this link *HERE* will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

If no remaining issues hit the Mark Solved tab at the top of the thread,

Take care,

Kevin


----------



## Tedejc (Jan 3, 2006)

Thank You very much Kevin for all you help with this.


----------



## kevinf80 (Mar 21, 2006)

You are very welcome Ted, it was a pleasure to work with you. Any more issues/concerns etc, don`t hesitate to come back...

Best regards,

Kevin...


----------



## Tedejc (Jan 3, 2006)

Hi Kevin. I don't think this is finished. Came home today and the wife said there's still something wrong with the computer. it was redirecting her searches again, and when I looked at it the Microsoft security essentials had the Live Real time protection turned off. I tried to turn it back on and it wouldn't budge, I tried to scan and it would not respond. uninstalled it and re-installed it. but it would not update with any new info. let me rune an HJT log again. no hosts files.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:27:56 PM, on 9/25/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
C:\program files (x86)\software assist\software assist-bg.exe
C:\Users\Owner\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: CrossriderApp0003026 - {11111111-1111-1111-1111-110011301126} - C:\Program Files (x86)\Software Assist\Software Assist.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Aeria Ignite] "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
O4 - HKUS\S-1-5-21-439902947-1435898956-2378105468-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-439902947-1435898956-2378105468-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - S-1-5-21-439902947-1435898956-2378105468-1001 User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'UpdatusUser')
O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.in.honda.com/Rraaapps/RRAAsec/Codebase/RRAAINAX/RYXAINAX_LandscapePrintingActiveX.cab
O16 - DPF: {297DE2B6-509A-4B36-93C5-A65276606900} (RRAAINAX_02.RRAAINAX) - http://www.in.honda.com/rraaapps/rraasec/codebase/RRAAINAX/RraainAX.CAB
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://usergroups.webex.com/client/WBXclient-T27L10NSP28EP2-12243/webex/ieatgpc1.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
O23 - Service: Device Handle Service - ASUSTeK Computer Inc. - C:\Windows\SysWOW64\AsHookDevice.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13420 bytes


----------



## kevinf80 (Mar 21, 2006)

Hiya Ted,

I marked your thread "In Progress" again, can you UNinstall *Optimizer Pro* so it is removed from your system. Also this entry in HJT

*O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe"*

Do you recognize that entry or know its purpose?

Can you tell me which browser the redirects occur from Internet Explorer, Firefox or Chrome etc...

Also run the following:

TDSSKiller canned:

*Please read carefully and follow these steps.*

Download *TDSSKiller* and save it to your Desktop.

Doubleclick on







to run the application.

The "Ready to scan" window will open, Click on* "Change parameters"*










Place a checkmark next to Verify *Driver Digital Signature* and *Detect TDLFS file system*, (Leave "Service & Drivers" and "Boot Sectors" ticked. Click OK.










Select "Start Scan"










If an infected file is detected, the default action will be *Cure*, click on *Continue.*










If a suspicious file is detected, the default action will be *Skip*, click on *Continue.*










It may ask you to reboot the computer to complete the process. Click on *Reboot Now*.










If no reboot is require, click on *Report*. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "*TDSSKiller.[Version]_[Date]_[Time]_log.txt*". Please copy and paste the contents of that file here.

Kevin...


----------



## Tedejc (Jan 3, 2006)

I uninstalled it again last night after I sent you the HJT log. Funny, there was an error uninstalling it, but when I went back to try again it was gone. Hmm.

Unfortunately I don't recognize almost everything on the HJt Log. I did compare it with an earlier saved log of HJT from the 18th, I did notice a few things that weren't on it this time from last.
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe"
this was on there on the 18th. However these below were not.

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe Aha, this looks interesting.C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe

I'm Running the TDSSKiller now. I'll repost when it's done.
Thanks Kevin.


----------



## Tedejc (Jan 3, 2006)

08:57:48.0058 5112 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
08:57:48.0391 5112 ============================================================
08:57:48.0391 5112 Current date / time: 2012/09/26 08:57:48.0391
08:57:48.0391 5112 SystemInfo:
08:57:48.0391 5112 
08:57:48.0391 5112 OS Version: 6.1.7601 ServicePack: 1.0
08:57:48.0391 5112 Product type: Workstation
08:57:48.0391 5112 ComputerName: OWNER-PC
08:57:48.0391 5112 UserName: Owner
08:57:48.0391 5112 Windows directory: C:\Windows
08:57:48.0391 5112 System windows directory: C:\Windows
08:57:48.0391 5112 Running under WOW64
08:57:48.0391 5112 Processor architecture: Intel x64
08:57:48.0391 5112 Number of processors: 2
08:57:48.0391 5112 Page size: 0x1000
08:57:48.0391 5112 Boot type: Normal boot
08:57:48.0391 5112 ============================================================
08:57:49.0912 5112 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:57:57.0268 5112 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:57:57.0346 5112 ============================================================
08:57:57.0346 5112 \Device\Harddisk0\DR0:
08:57:57.0346 5112 MBR partitions:
08:57:57.0346 5112 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1394800, BlocksNum 0x73371000
08:57:57.0346 5112 \Device\Harddisk1\DR1:
08:57:57.0348 5112 MBR partitions:
08:57:57.0348 5112 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74701AC1
08:57:57.0348 5112 ============================================================
08:57:57.0357 5112 C: <-> \Device\Harddisk0\DR0\Partition1
08:57:57.0396 5112 F: <-> \Device\Harddisk1\DR1\Partition1
08:57:57.0396 5112 ============================================================
08:57:57.0396 5112 Initialize success
08:57:57.0396 5112 ============================================================
08:59:58.0297 4824 ============================================================
08:59:58.0297 4824 Scan started
08:59:58.0297 4824 Mode: Manual; SigCheck; TDLFS; 
08:59:58.0297 4824 ============================================================
08:59:59.0736 4824 ================ Scan system memory ========================
08:59:59.0736 4824 System memory - ok
08:59:59.0736 4824 ================ Scan services =============================
08:59:59.0863 4824 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
08:59:59.0970 4824 1394ohci - ok
08:59:59.0991 4824 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:00:00.0009 4824 ACPI - ok
09:00:00.0020 4824 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:00:00.0062 4824 AcpiPmi - ok
09:00:00.0146 4824 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:00:00.0158 4824 AdobeARMservice - ok
09:00:00.0261 4824 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:00:00.0276 4824 AdobeFlashPlayerUpdateSvc - ok
09:00:00.0302 4824 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
09:00:00.0323 4824 adp94xx - ok
09:00:00.0334 4824 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
09:00:00.0351 4824 adpahci - ok
09:00:00.0369 4824 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
09:00:00.0383 4824 adpu320 - ok
09:00:00.0404 4824 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:00:00.0522 4824 AeLookupSvc - ok
09:00:00.0551 4824 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
09:00:00.0580 4824 AFD - ok
09:00:00.0596 4824 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
09:00:00.0608 4824 agp440 - ok
09:00:00.0639 4824 [ 4B4C16B50FDCD6B5CD21721EDA2ED54C ] ahcix64s C:\Windows\system32\drivers\ahcix64s.sys
09:00:00.0656 4824 ahcix64s - ok
09:00:00.0683 4824 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
09:00:00.0731 4824 ALG - ok
09:00:00.0741 4824 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
09:00:00.0753 4824 aliide - ok
09:00:00.0778 4824 [ E0FD88EAD5D8B1FAE64A500D1D825C6D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
09:00:00.0824 4824 AMD External Events Utility - ok
09:00:00.0839 4824 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
09:00:00.0851 4824 amdide - ok
09:00:00.0869 4824 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
09:00:00.0888 4824 AmdK8 - ok
09:00:01.0009 4824 [ 9337B5FABC03CA44CD355F700DA9B25B ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys
09:00:01.0164 4824 amdkmdag - ok
09:00:01.0175 4824 [ 560688A447E7A87F43774A2FF23A3E52 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
09:00:01.0202 4824 amdkmdap - ok
09:00:01.0219 4824 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:00:01.0245 4824 AmdPPM - ok
09:00:01.0289 4824 [ 53D8D46D51D390ABDB54ECA623165CB7 ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:00:01.0300 4824 amdsata - ok
09:00:01.0314 4824 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
09:00:01.0329 4824 amdsbs - ok
09:00:01.0343 4824 [ 75C51148154E34EB3D7BB84749A758D5 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:00:01.0353 4824 amdxata - ok
09:00:01.0385 4824 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
09:00:01.0497 4824 AppID - ok
09:00:01.0512 4824 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:00:01.0551 4824 AppIDSvc - ok
09:00:01.0565 4824 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
09:00:01.0614 4824 Appinfo - ok
09:00:01.0682 4824 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:00:01.0701 4824 Apple Mobile Device - ok
09:00:01.0733 4824 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
09:00:01.0747 4824 arc - ok
09:00:01.0765 4824 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
09:00:01.0778 4824 arcsas - ok
09:00:01.0826 4824 [ EDAA17CE771C696655B6585F7CAD2100 ] ASInsHelp C:\Windows\SysWow64\drivers\AsInsHelp64.sys
09:00:01.0836 4824 ASInsHelp - ok
09:00:01.0855 4824 [ FEF9DD9EA587F8886ADE43C1BEFBDAFE ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
09:00:01.0867 4824 AsIO - ok
09:00:01.0873 4824 [ 26D66E32E78D3059715B3A17BC679CD9 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys
09:00:01.0884 4824 AsUpIO - ok
09:00:01.0900 4824 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:00:01.0938 4824 AsyncMac - ok
09:00:01.0951 4824 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
09:00:01.0962 4824 atapi - ok
09:00:01.0989 4824 [ 77C149E6D702737B2E372DEE166FAEF8 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
09:00:02.0019 4824 AtiHdmiService - ok
09:00:02.0148 4824 [ 9337B5FABC03CA44CD355F700DA9B25B ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
09:00:02.0278 4824 atikmdag - ok
09:00:02.0314 4824 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\drivers\AtiPcie.sys
09:00:02.0324 4824 AtiPcie - ok
09:00:02.0355 4824 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:00:02.0411 4824 AudioEndpointBuilder - ok
09:00:02.0421 4824 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
09:00:02.0455 4824 AudioSrv - ok
09:00:02.0473 4824 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:00:02.0585 4824 AxInstSV - ok
09:00:02.0603 4824 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
09:00:02.0645 4824 b06bdrv - ok
09:00:02.0690 4824 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
09:00:02.0736 4824 b57nd60a - ok
09:00:02.0785 4824 [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
09:00:02.0799 4824 BBSvc - ok
09:00:02.0813 4824 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
09:00:02.0847 4824 BDESVC - ok
09:00:02.0858 4824 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
09:00:02.0891 4824 Beep - ok
09:00:02.0928 4824 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
09:00:02.0983 4824 BFE - ok
09:00:03.0026 4824 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
09:00:03.0077 4824 BITS - ok
09:00:03.0103 4824 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
09:00:03.0129 4824 blbdrive - ok
09:00:03.0180 4824 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:00:03.0196 4824 Bonjour Service - ok
09:00:03.0235 4824 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:00:03.0280 4824 bowser - ok
09:00:03.0305 4824 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
09:00:03.0336 4824 BrFiltLo - ok
09:00:03.0348 4824 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
09:00:03.0370 4824 BrFiltUp - ok
09:00:03.0386 4824 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
09:00:03.0427 4824 BridgeMP - ok
09:00:03.0457 4824 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
09:00:03.0475 4824 Browser - ok
09:00:03.0572 4824 [ 29E54364A884FF064B76FA1A2BEA3D60 ] Browser Manager C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
09:00:03.0619 4824 Browser Manager - ok
09:00:03.0638 4824 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:00:03.0679 4824 Brserid - ok
09:00:03.0696 4824 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:00:03.0725 4824 BrSerWdm - ok
09:00:03.0733 4824 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:00:03.0748 4824 BrUsbMdm - ok
09:00:03.0765 4824 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:00:03.0780 4824 BrUsbSer - ok
09:00:03.0795 4824 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
09:00:03.0811 4824 BTHMODEM - ok
09:00:03.0836 4824 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
09:00:03.0878 4824 bthserv - ok
09:00:03.0893 4824 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:00:03.0925 4824 cdfs - ok
09:00:03.0952 4824 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:00:03.0979 4824 cdrom - ok
09:00:03.0993 4824 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
09:00:04.0034 4824 CertPropSvc - ok
09:00:04.0050 4824 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
09:00:04.0065 4824 circlass - ok
09:00:04.0088 4824 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
09:00:04.0105 4824 CLFS - ok
09:00:04.0142 4824 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:00:04.0153 4824 clr_optimization_v2.0.50727_32 - ok
09:00:04.0174 4824 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:00:04.0186 4824 clr_optimization_v2.0.50727_64 - ok
09:00:04.0244 4824 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:00:04.0256 4824 clr_optimization_v4.0.30319_32 - ok
09:00:04.0276 4824 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:00:04.0288 4824 clr_optimization_v4.0.30319_64 - ok
09:00:04.0302 4824 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
09:00:04.0324 4824 CmBatt - ok
09:00:04.0337 4824 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:00:04.0349 4824 cmdide - ok
09:00:04.0377 4824 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
09:00:04.0437 4824 CNG - ok
09:00:04.0451 4824 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
09:00:04.0464 4824 Compbatt - ok
09:00:04.0481 4824 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
09:00:04.0505 4824 CompositeBus - ok
09:00:04.0521 4824 COMSysApp - ok
09:00:04.0532 4824 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
09:00:04.0544 4824 crcdisk - ok
09:00:04.0585 4824 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:00:04.0685 4824 CryptSvc - ok
09:00:04.0791 4824 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:00:04.0899 4824 DcomLaunch - ok
09:00:04.0925 4824 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
09:00:04.0965 4824 defragsvc - ok
09:00:04.0984 4824 [ 0A403702CB00432AC818523CD416BF67 ] Device Handle Service C:\Windows\SysWOW64\AsHookDevice.exe
09:00:04.0996 4824 Device Handle Service - ok
09:00:05.0011 4824 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:00:05.0047 4824 DfsC - ok
09:00:05.0076 4824 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
09:00:05.0123 4824 Dhcp - ok
09:00:05.0134 4824 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
09:00:05.0174 4824 discache - ok
09:00:05.0195 4824 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
09:00:05.0207 4824 Disk - ok
09:00:05.0218 4824 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:00:05.0275 4824 Dnscache - ok
09:00:05.0289 4824 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
09:00:05.0340 4824 dot3svc - ok
09:00:05.0354 4824 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
09:00:05.0402 4824 DPS - ok
09:00:05.0419 4824 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:00:05.0444 4824 drmkaud - ok
09:00:05.0466 4824 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:00:05.0494 4824 DXGKrnl - ok
09:00:05.0509 4824 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
09:00:05.0554 4824 EapHost - ok
09:00:05.0613 4824 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
09:00:05.0701 4824 ebdrv - ok
09:00:05.0722 4824 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
09:00:05.0771 4824 EFS - ok
09:00:05.0824 4824 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:00:05.0853 4824 ehRecvr - ok
09:00:05.0862 4824 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
09:00:05.0889 4824 ehSched - ok
09:00:05.0922 4824 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
09:00:05.0942 4824 elxstor - ok
09:00:05.0960 4824 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:00:05.0984 4824 ErrDev - ok
09:00:06.0012 4824 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
09:00:06.0056 4824 EventSystem - ok
09:00:06.0073 4824 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
09:00:06.0107 4824 exfat - ok
09:00:06.0127 4824 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:00:06.0173 4824 fastfat - ok
09:00:06.0198 4824 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
09:00:06.0247 4824 Fax - ok
09:00:06.0267 4824 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
09:00:06.0283 4824 fdc - ok
09:00:06.0312 4824 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
09:00:06.0352 4824 fdPHost - ok
09:00:06.0364 4824 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
09:00:06.0395 4824 FDResPub - ok
09:00:06.0408 4824 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:00:06.0421 4824 FileInfo - ok
09:00:06.0427 4824 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:00:06.0469 4824 Filetrace - ok
09:00:06.0485 4824 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
09:00:06.0499 4824 flpydisk - ok
09:00:06.0513 4824 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:00:06.0531 4824 FltMgr - ok
09:00:06.0555 4824 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
09:00:06.0592 4824 FontCache - ok
09:00:06.0621 4824 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:00:06.0631 4824 FontCache3.0.0.0 - ok
09:00:06.0642 4824 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:00:06.0655 4824 FsDepends - ok
09:00:06.0685 4824 [ C2E475625F2C6F7DCDE4E920523A0573 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
09:00:06.0700 4824 fssfltr - ok
09:00:06.0772 4824 [ 4E2E6FEDFE4A3445DBD0C623A242362D ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
09:00:06.0835 4824 fsssvc - ok
09:00:06.0859 4824 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:00:06.0872 4824 Fs_Rec - ok
09:00:06.0898 4824 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:00:06.0916 4824 fvevol - ok
09:00:06.0939 4824 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
09:00:06.0952 4824 gagp30kx - ok
09:00:06.0978 4824 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:00:06.0988 4824 GEARAspiWDM - ok
09:00:07.0011 4824 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
09:00:07.0062 4824 gpsvc - ok
09:00:07.0112 4824 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:00:07.0123 4824 gupdate - ok
09:00:07.0127 4824 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:00:07.0137 4824 gupdatem - ok
09:00:07.0151 4824 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:00:07.0176 4824 hcw85cir - ok
09:00:07.0203 4824 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:00:07.0230 4824 HdAudAddService - ok
09:00:07.0242 4824 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
09:00:07.0272 4824 HDAudBus - ok
09:00:07.0278 4824 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
09:00:07.0295 4824 HidBatt - ok
09:00:07.0306 4824 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
09:00:07.0327 4824 HidBth - ok
09:00:07.0341 4824 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
09:00:07.0356 4824 HidIr - ok
09:00:07.0375 4824 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
09:00:07.0407 4824 hidserv - ok
09:00:07.0431 4824 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:00:07.0443 4824 HidUsb - ok
09:00:07.0457 4824 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:00:07.0501 4824 hkmsvc - ok
09:00:07.0521 4824 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:00:07.0557 4824 HomeGroupListener - ok
09:00:07.0580 4824 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:00:07.0604 4824 HomeGroupProvider - ok
09:00:07.0625 4824 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:00:07.0638 4824 HpSAMD - ok
09:00:07.0662 4824 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:00:07.0712 4824 HTTP - ok
09:00:07.0724 4824 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:00:07.0737 4824 hwpolicy - ok
09:00:07.0756 4824 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
09:00:07.0770 4824 i8042prt - ok
09:00:07.0801 4824 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:00:07.0819 4824 iaStorV - ok
09:00:07.0877 4824 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:00:07.0910 4824 idsvc - ok
09:00:07.0922 4824 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
09:00:07.0934 4824 iirsp - ok
09:00:07.0956 4824 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
09:00:07.0996 4824 IKEEXT - ok
09:00:08.0016 4824 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
09:00:08.0028 4824 intelide - ok
09:00:08.0053 4824 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
09:00:08.0079 4824 intelppm - ok
09:00:08.0097 4824 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:00:08.0138 4824 IPBusEnum - ok
09:00:08.0152 4824 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:00:08.0191 4824 IpFilterDriver - ok
09:00:08.0199 4824 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:00:08.0213 4824 IPMIDRV - ok
09:00:08.0230 4824 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:00:08.0271 4824 IPNAT - ok
09:00:08.0326 4824 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:00:08.0350 4824 iPod Service - ok
09:00:08.0370 4824 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:00:08.0399 4824 IRENUM - ok
09:00:08.0413 4824 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:00:08.0425 4824 isapnp - ok
09:00:08.0444 4824 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:00:08.0460 4824 iScsiPrt - ok
09:00:08.0480 4824 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:00:08.0492 4824 kbdclass - ok
09:00:08.0500 4824 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
09:00:08.0524 4824 kbdhid - ok
09:00:08.0535 4824 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
09:00:08.0548 4824 KeyIso - ok
09:00:08.0575 4824 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:00:08.0587 4824 KSecDD - ok
09:00:08.0614 4824 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:00:08.0628 4824 KSecPkg - ok
09:00:08.0632 4824 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:00:08.0665 4824 ksthunk - ok
09:00:08.0676 4824 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
09:00:08.0720 4824 KtmRm - ok
09:00:08.0749 4824 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
09:00:08.0790 4824 LanmanServer - ok
09:00:08.0817 4824 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:00:08.0861 4824 LanmanWorkstation - ok
09:00:08.0955 4824 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
09:00:09.0000 4824 LBTServ - ok
09:00:09.0033 4824 [ ED7EC050CD6C20E1A93A4DAFB7EFD14D ] LEqdUsb C:\Windows\system32\DRIVERS\LEqdUsb.Sys
09:00:09.0045 4824 LEqdUsb - ok
09:00:09.0049 4824 [ 3267BC698E29474A8381E68904EB0390 ] LHidEqd C:\Windows\system32\DRIVERS\LHidEqd.Sys
09:00:09.0065 4824 LHidEqd - ok
09:00:09.0078 4824 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
09:00:09.0090 4824 LHidFilt - ok
09:00:09.0109 4824 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:00:09.0146 4824 lltdio - ok
09:00:09.0164 4824 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:00:09.0212 4824 lltdsvc - ok
09:00:09.0225 4824 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:00:09.0269 4824 lmhosts - ok
09:00:09.0288 4824 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
09:00:09.0300 4824 LMouFilt - ok
09:00:09.0325 4824 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
09:00:09.0338 4824 LSI_FC - ok
09:00:09.0366 4824 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
09:00:09.0379 4824 LSI_SAS - ok
09:00:09.0393 4824 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
09:00:09.0406 4824 LSI_SAS2 - ok
09:00:09.0419 4824 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
09:00:09.0432 4824 LSI_SCSI - ok
09:00:09.0449 4824 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
09:00:09.0488 4824 luafv - ok
09:00:09.0535 4824 [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
09:00:09.0549 4824 McComponentHostService - ok
09:00:09.0559 4824 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:00:09.0573 4824 Mcx2Svc - ok
09:00:09.0587 4824 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
09:00:09.0599 4824 megasas - ok
09:00:09.0625 4824 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
09:00:09.0641 4824 MegaSR - ok
09:00:09.0645 4824 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
09:00:09.0684 4824 MMCSS - ok
09:00:09.0696 4824 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
09:00:09.0733 4824 Modem - ok
09:00:09.0755 4824 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:00:09.0794 4824 monitor - ok
09:00:09.0812 4824 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:00:09.0824 4824 mouclass - ok
09:00:09.0872 4824 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:00:09.0894 4824 mouhid - ok
09:00:09.0915 4824 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:00:09.0929 4824 mountmgr - ok
09:00:09.0959 4824 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:00:09.0971 4824 MozillaMaintenance - ok
09:00:10.0005 4824 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
09:00:10.0024 4824 MpFilter - ok
09:00:10.0037 4824 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
09:00:10.0051 4824 mpio - ok
09:00:10.0070 4824 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:00:10.0102 4824 mpsdrv - ok
09:00:10.0115 4824 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:00:10.0140 4824 MRxDAV - ok
09:00:10.0160 4824 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:00:10.0195 4824 mrxsmb - ok
09:00:10.0210 4824 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:00:10.0225 4824 mrxsmb10 - ok
09:00:10.0233 4824 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:00:10.0247 4824 mrxsmb20 - ok
09:00:10.0262 4824 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
09:00:10.0274 4824 msahci - ok
09:00:10.0290 4824 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:00:10.0304 4824 msdsm - ok
09:00:10.0322 4824 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
09:00:10.0349 4824 MSDTC - ok
09:00:10.0365 4824 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:00:10.0395 4824 Msfs - ok
09:00:10.0417 4824 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:00:10.0456 4824 mshidkmdf - ok
09:00:10.0461 4824 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:00:10.0475 4824 msisadrv - ok
09:00:10.0498 4824 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:00:10.0537 4824 MSiSCSI - ok
09:00:10.0541 4824 msiserver - ok
09:00:10.0565 4824 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:00:10.0596 4824 MSKSSRV - ok
09:00:10.0634 4824 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
09:00:10.0648 4824 MsMpSvc - ok
09:00:10.0660 4824 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:00:10.0720 4824 MSPCLOCK - ok
09:00:10.0734 4824 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:00:10.0775 4824 MSPQM - ok
09:00:10.0792 4824 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:00:10.0809 4824 MsRPC - ok
09:00:10.0834 4824 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
09:00:10.0846 4824 mssmbios - ok
09:00:10.0865 4824 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:00:10.0896 4824 MSTEE - ok
09:00:10.0925 4824 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
09:00:10.0945 4824 MTConfig - ok
09:00:10.0971 4824 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\drivers\ASACPI.sys
09:00:10.0981 4824 MTsensor - ok
09:00:10.0987 4824 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
09:00:11.0000 4824 Mup - ok
09:00:11.0023 4824 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
09:00:11.0066 4824 napagent - ok
09:00:11.0099 4824 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:00:11.0137 4824 NativeWifiP - ok
09:00:11.0170 4824 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:00:11.0197 4824 NDIS - ok
09:00:11.0240 4824 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:00:11.0300 4824 NdisCap - ok
09:00:11.0316 4824 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:00:11.0355 4824 NdisTapi - ok
09:00:11.0365 4824 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:00:11.0403 4824 Ndisuio - ok
09:00:11.0422 4824 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:00:11.0464 4824 NdisWan - ok
09:00:11.0481 4824 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:00:11.0522 4824 NDProxy - ok
09:00:11.0554 4824 [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
09:00:11.0574 4824 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
09:00:11.0574 4824 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
09:00:11.0593 4824 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:00:11.0624 4824 NetBIOS - ok
09:00:11.0635 4824 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:00:11.0674 4824 NetBT - ok
09:00:11.0690 4824 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
09:00:11.0702 4824 Netlogon - ok
09:00:11.0727 4824 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
09:00:11.0763 4824 Netman - ok
09:00:11.0782 4824 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
09:00:11.0831 4824 netprofm - ok
09:00:11.0869 4824 [ 44D4BD55191624C82A2745296BA42814 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
09:00:11.0907 4824 netr28x - ok
09:00:11.0928 4824 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:00:11.0940 4824 NetTcpPortSharing - ok
09:00:11.0962 4824 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
09:00:11.0975 4824 nfrd960 - ok
09:00:12.0028 4824 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
09:00:12.0043 4824 NisDrv - ok
09:00:12.0062 4824 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
09:00:12.0083 4824 NisSrv - ok
09:00:12.0098 4824 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:00:12.0132 4824 NlaSvc - ok
09:00:12.0146 4824 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:00:12.0178 4824 Npfs - ok
09:00:12.0202 4824 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
09:00:12.0232 4824 nsi - ok
09:00:12.0246 4824 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:00:12.0284 4824 nsiproxy - ok
09:00:12.0325 4824 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:00:12.0373 4824 Ntfs - ok
09:00:12.0389 4824 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
09:00:12.0426 4824 Null - ok
09:00:12.0462 4824 [ 960E39A54E525DF58CB29193147DFFA1 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
09:00:12.0476 4824 NVHDA - ok
09:00:12.0683 4824 [ 9C1996DD3C0469BC8933321F15709F5A ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:00:12.0982 4824 nvlddmkm - ok
09:00:13.0003 4824 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:00:13.0017 4824 nvraid - ok
09:00:13.0029 4824 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:00:13.0043 4824 nvstor - ok
09:00:13.0097 4824 [ 34E5498528BB3D5A951F889F8756AD26 ] nvsvc C:\Windows\system32\nvvsvc.exe
09:00:13.0122 4824 nvsvc - ok
09:00:13.0168 4824 [ 4E5C5D88EB0A8D21824D5A3EB7327E69 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
09:00:13.0260 4824 nvUpdatusService - ok
09:00:13.0275 4824 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:00:13.0289 4824 nv_agp - ok
09:00:13.0345 4824 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:00:13.0362 4824 odserv - ok
09:00:13.0375 4824 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:00:13.0389 4824 ohci1394 - ok
09:00:13.0415 4824 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:00:13.0428 4824 ose - ok
09:00:13.0453 4824 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:00:13.0488 4824 p2pimsvc - ok
09:00:13.0509 4824 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
09:00:13.0527 4824 p2psvc - ok
09:00:13.0539 4824 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
09:00:13.0562 4824 Parport - ok
09:00:13.0586 4824 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:00:13.0599 4824 partmgr - ok
09:00:13.0615 4824 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:00:13.0633 4824 PcaSvc - ok
09:00:13.0658 4824 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
09:00:13.0674 4824 pci - ok
09:00:13.0688 4824 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
09:00:13.0700 4824 pciide - ok
09:00:13.0724 4824 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
09:00:13.0739 4824 pcmcia - ok
09:00:13.0754 4824 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
09:00:13.0769 4824 pcw - ok
09:00:13.0792 4824 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:00:13.0843 4824 PEAUTH - ok
09:00:13.0866 4824 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:00:13.0892 4824 PerfHost - ok
09:00:13.0939 4824 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
09:00:14.0009 4824 pla - ok
09:00:14.0044 4824 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:00:14.0067 4824 PlugPlay - ok
09:00:14.0082 4824 [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
09:00:14.0096 4824 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
09:00:14.0096 4824 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
09:00:14.0109 4824 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:00:14.0128 4824 PNRPAutoReg - ok
09:00:14.0144 4824 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:00:14.0158 4824 PNRPsvc - ok
09:00:14.0178 4824 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:00:14.0221 4824 PolicyAgent - ok
09:00:14.0250 4824 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
09:00:14.0284 4824 Power - ok
09:00:14.0311 4824 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:00:14.0354 4824 PptpMiniport - ok
09:00:14.0363 4824 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
09:00:14.0381 4824 Processor - ok
09:00:14.0404 4824 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
09:00:14.0428 4824 ProfSvc - ok
09:00:14.0445 4824 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:00:14.0457 4824 ProtectedStorage - ok
09:00:14.0472 4824 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:00:14.0503 4824 Psched - ok
09:00:14.0530 4824 [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
09:00:14.0555 4824 PSI - ok
09:00:14.0590 4824 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
09:00:14.0638 4824 ql2300 - ok
09:00:14.0659 4824 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
09:00:14.0674 4824 ql40xx - ok
09:00:14.0687 4824 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
09:00:14.0707 4824 QWAVE - ok
09:00:14.0718 4824 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:00:14.0749 4824 QWAVEdrv - ok
09:00:14.0769 4824 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:00:14.0811 4824 RasAcd - ok
09:00:14.0836 4824 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:00:14.0868 4824 RasAgileVpn - ok
09:00:14.0894 4824 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
09:00:14.0990 4824 RasAuto - ok
09:00:15.0052 4824 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:00:15.0094 4824 Rasl2tp - ok
09:00:15.0115 4824 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
09:00:15.0156 4824 RasMan - ok
09:00:15.0170 4824 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:00:15.0209 4824 RasPppoe - ok
09:00:15.0224 4824 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:00:15.0270 4824 RasSstp - ok
09:00:15.0287 4824 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:00:15.0330 4824 rdbss - ok
09:00:15.0342 4824 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
09:00:15.0357 4824 rdpbus - ok
09:00:15.0370 4824 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:00:15.0409 4824 RDPCDD - ok
09:00:15.0429 4824 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:00:15.0471 4824 RDPENCDD - ok
09:00:15.0486 4824 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:00:15.0517 4824 RDPREFMP - ok
09:00:15.0534 4824 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:00:15.0568 4824 RDPWD - ok
09:00:15.0580 4824 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:00:15.0594 4824 rdyboost - ok
09:00:15.0641 4824 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:00:15.0674 4824 RemoteAccess - ok
09:00:15.0686 4824 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:00:15.0719 4824 RemoteRegistry - ok
09:00:15.0727 4824 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:00:15.0758 4824 RpcEptMapper - ok
09:00:15.0776 4824 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
09:00:15.0802 4824 RpcLocator - ok
09:00:15.0820 4824 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
09:00:15.0854 4824 RpcSs - ok
09:00:15.0872 4824 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:00:15.0904 4824 rspndr - ok
09:00:15.0966 4824 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
09:00:15.0985 4824 RTL8167 - ok
09:00:15.0994 4824 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
09:00:16.0006 4824 SamSs - ok
09:00:16.0019 4824 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:00:16.0032 4824 sbp2port - ok
09:00:16.0051 4824 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:00:16.0099 4824 SCardSvr - ok
09:00:16.0125 4824 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:00:16.0155 4824 scfilter - ok
09:00:16.0181 4824 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
09:00:16.0247 4824 Schedule - ok
09:00:16.0272 4824 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
09:00:16.0301 4824 SCPolicySvc - ok
09:00:16.0313 4824 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:00:16.0335 4824 SDRSVC - ok
09:00:16.0370 4824 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
09:00:16.0385 4824 SeaPort - ok
09:00:16.0412 4824 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:00:16.0456 4824 secdrv - ok
09:00:16.0462 4824 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
09:00:16.0492 4824 seclogon - ok
09:00:16.0551 4824 [ 5B66DB4877BBAC9F7493AA8D84421E49 ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
09:00:16.0572 4824 Secunia PSI Agent - ok
09:00:16.0591 4824 [ 0E88FDF474F2CDD370A4A6CE77D018F0 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
09:00:16.0607 4824 Secunia Update Agent - ok
09:00:16.0619 4824 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS  C:\Windows\system32\sens.dll
09:00:16.0665 4824 SENS - ok
09:00:16.0679 4824 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:00:16.0738 4824 SensrSvc - ok
09:00:16.0754 4824 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
09:00:16.0774 4824 Serenum - ok
09:00:16.0795 4824 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
09:00:16.0823 4824 Serial - ok
09:00:16.0837 4824 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
09:00:16.0855 4824 sermouse - ok
09:00:16.0881 4824 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
09:00:16.0924 4824 SessionEnv - ok
09:00:16.0941 4824 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:00:16.0966 4824 sffdisk - ok
09:00:16.0981 4824 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:00:16.0996 4824 sffp_mmc - ok
09:00:17.0009 4824 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:00:17.0030 4824 sffp_sd - ok
09:00:17.0038 4824 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
09:00:17.0051 4824 sfloppy - ok
09:00:17.0070 4824 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:00:17.0111 4824 ShellHWDetection - ok
09:00:17.0129 4824 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
09:00:17.0142 4824 SiSRaid2 - ok
09:00:17.0159 4824 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
09:00:17.0177 4824 SiSRaid4 - ok
09:00:17.0206 4824 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:00:17.0238 4824 Smb - ok
09:00:17.0264 4824 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:00:17.0292 4824 SNMPTRAP - ok
09:00:17.0303 4824 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
09:00:17.0314 4824 spldr - ok
09:00:17.0342 4824 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
09:00:17.0372 4824 Spooler - ok
09:00:17.0427 4824 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
09:00:17.0548 4824 sppsvc - ok
09:00:17.0565 4824 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:00:17.0606 4824 sppuinotify - ok
09:00:17.0632 4824 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
09:00:17.0655 4824 srv - ok
09:00:17.0676 4824 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:00:17.0705 4824 srv2 - ok
09:00:17.0724 4824 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:00:17.0752 4824 srvnet - ok
09:00:17.0767 4824 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:00:17.0802 4824 SSDPSRV - ok
09:00:17.0816 4824 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:00:17.0861 4824 SstpSvc - ok
09:00:17.0910 4824 [ 9BF7E58D9113CE15CF4F1E1B18CEFF83 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
09:00:17.0926 4824 Stereo Service - ok
09:00:17.0947 4824 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
09:00:17.0960 4824 stexstor - ok
09:00:17.0988 4824 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
09:00:18.0020 4824 stisvc - ok
09:00:18.0024 4824 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
09:00:18.0038 4824 swenum - ok
09:00:18.0056 4824 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
09:00:18.0094 4824 swprv - ok
09:00:18.0128 4824 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
09:00:18.0186 4824 SysMain - ok
09:00:18.0204 4824 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:00:18.0222 4824 TabletInputService - ok
09:00:18.0234 4824 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
09:00:18.0281 4824 TapiSrv - ok
09:00:18.0298 4824 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
09:00:18.0330 4824 TBS - ok
09:00:18.0379 4824 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:00:18.0438 4824 Tcpip - ok
09:00:18.0479 4824 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:00:18.0512 4824 TCPIP6 - ok
09:00:18.0529 4824 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:00:18.0570 4824 tcpipreg - ok
09:00:18.0588 4824 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:00:18.0617 4824 TDPIPE - ok
09:00:18.0642 4824 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:00:18.0662 4824 TDTCP - ok
09:00:18.0674 4824 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:00:18.0720 4824 tdx - ok
09:00:18.0735 4824 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
09:00:18.0748 4824 TermDD - ok
09:00:18.0777 4824 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
09:00:18.0826 4824 TermService - ok
09:00:18.0841 4824 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
09:00:18.0868 4824 Themes - ok
09:00:18.0884 4824 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
09:00:18.0915 4824 THREADORDER - ok
09:00:18.0922 4824 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
09:00:18.0967 4824 TrkWks - ok
09:00:19.0013 4824 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:00:19.0053 4824 TrustedInstaller - ok
09:00:19.0074 4824 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:00:19.0103 4824 tssecsrv - ok
09:00:19.0130 4824 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:00:19.0155 4824 TsUsbFlt - ok
09:00:19.0164 4824 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
09:00:19.0180 4824 TsUsbGD - ok
09:00:19.0209 4824 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:00:19.0247 4824 tunnel - ok
09:00:19.0263 4824 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
09:00:19.0276 4824 uagp35 - ok
09:00:19.0297 4824 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:00:19.0331 4824 udfs - ok
09:00:19.0351 4824 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:00:19.0365 4824 UI0Detect - ok
09:00:19.0381 4824 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:00:19.0394 4824 uliagpkx - ok
09:00:19.0406 4824 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
09:00:19.0433 4824 umbus - ok
09:00:19.0448 4824 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
09:00:19.0461 4824 UmPass - ok
09:00:19.0479 4824 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
09:00:19.0514 4824 upnphost - ok
09:00:19.0547 4824 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
09:00:19.0576 4824 usbaudio - ok
09:00:19.0595 4824 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:00:19.0629 4824 usbccgp - ok
09:00:19.0644 4824 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:00:19.0670 4824 usbcir - ok
09:00:19.0687 4824 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:00:19.0711 4824 usbehci - ok
09:00:19.0731 4824 [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
09:00:19.0742 4824 usbfilter - ok
09:00:19.0768 4824 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:00:19.0792 4824 usbhub - ok
09:00:19.0810 4824 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
09:00:19.0831 4824 usbohci - ok
09:00:19.0853 4824 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:00:19.0868 4824 usbprint - ok
09:00:19.0891 4824 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:00:19.0912 4824 usbscan - ok
09:00:19.0924 4824 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:00:19.0962 4824 USBSTOR - ok
09:00:19.0979 4824 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
09:00:19.0998 4824 usbuhci - ok
09:00:20.0013 4824 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
09:00:20.0055 4824 UxSms - ok
09:00:20.0081 4824 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
09:00:20.0093 4824 VaultSvc - ok
09:00:20.0097 4824 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:00:20.0109 4824 vdrvroot - ok
09:00:20.0123 4824 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
09:00:20.0159 4824 vds - ok
09:00:20.0175 4824 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:00:20.0190 4824 vga - ok
09:00:20.0204 4824 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
09:00:20.0247 4824 VgaSave - ok
09:00:20.0264 4824 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:00:20.0278 4824 vhdmp - ok
09:00:20.0321 4824 [ D4944DBF92E07F1F641CB512065966E6 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
09:00:20.0366 4824 VIAHdAudAddService - ok
09:00:20.0380 4824 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
09:00:20.0392 4824 viaide - ok
09:00:20.0410 4824 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:00:20.0423 4824 volmgr - ok
09:00:20.0442 4824 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:00:20.0459 4824 volmgrx - ok
09:00:20.0472 4824 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:00:20.0488 4824 volsnap - ok
09:00:20.0514 4824 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
09:00:20.0528 4824 vsmraid - ok
09:00:20.0564 4824 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
09:00:20.0637 4824 VSS - ok
09:00:20.0647 4824 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
09:00:20.0687 4824 vwifibus - ok
09:00:20.0706 4824 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
09:00:20.0732 4824 vwififlt - ok
09:00:20.0753 4824 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
09:00:20.0799 4824 W32Time - ok
09:00:20.0822 4824 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
09:00:20.0843 4824 WacomPen - ok
09:00:20.0864 4824 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:00:20.0895 4824 WANARP - ok
09:00:20.0910 4824 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:00:20.0941 4824 Wanarpv6 - ok
09:00:20.0989 4824 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:00:21.0035 4824 WatAdminSvc - ok
09:00:21.0110 4824 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
09:00:21.0181 4824 wbengine - ok
09:00:21.0217 4824 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:00:21.0236 4824 WbioSrvc - ok
09:00:21.0246 4824 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:00:21.0276 4824 wcncsvc - ok
09:00:21.0291 4824 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:00:21.0336 4824 WcsPlugInService - ok
09:00:21.0351 4824 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
09:00:21.0363 4824 Wd - ok
09:00:21.0391 4824 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:00:21.0412 4824 Wdf01000 - ok
09:00:21.0437 4824 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:00:21.0495 4824 WdiServiceHost - ok
09:00:21.0499 4824 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:00:21.0517 4824 WdiSystemHost - ok
09:00:21.0548 4824 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
09:00:21.0576 4824 WebClient - ok
09:00:21.0591 4824 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:00:21.0633 4824 Wecsvc - ok
09:00:21.0648 4824 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:00:21.0689 4824 wercplsupport - ok
09:00:21.0706 4824 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
09:00:21.0738 4824 WerSvc - ok
09:00:21.0759 4824 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:00:21.0794 4824 WfpLwf - ok
09:00:21.0805 4824 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:00:21.0818 4824 WIMMount - ok
09:00:21.0852 4824 WinDefend - ok
09:00:21.0857 4824 WinHttpAutoProxySvc - ok
09:00:21.0911 4824 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:00:21.0965 4824 Winmgmt - ok
09:00:21.0999 4824 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
09:00:22.0081 4824 WinRM - ok
09:00:22.0141 4824 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:00:22.0183 4824 WinUsb - ok
09:00:22.0207 4824 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
09:00:22.0243 4824 Wlansvc - ok
09:00:22.0354 4824 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:00:22.0413 4824 wlidsvc - ok
09:00:22.0420 4824 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:00:22.0445 4824 WmiAcpi - ok
09:00:22.0475 4824 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:00:22.0497 4824 wmiApSrv - ok
09:00:22.0511 4824 WMPNetworkSvc - ok
09:00:22.0522 4824 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:00:22.0543 4824 WPCSvc - ok
09:00:22.0550 4824 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:00:22.0566 4824 WPDBusEnum - ok
09:00:22.0581 4824 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:00:22.0619 4824 ws2ifsl - ok
09:00:22.0654 4824 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
09:00:22.0676 4824 wscsvc - ok
09:00:22.0680 4824 WSearch - ok
09:00:22.0735 4824 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
09:00:22.0797 4824 wuauserv - ok
09:00:22.0809 4824 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:00:22.0839 4824 WudfPf - ok
09:00:22.0850 4824 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:00:22.0893 4824 WUDFRd - ok
09:00:22.0910 4824 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:00:22.0941 4824 wudfsvc - ok
09:00:22.0951 4824 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
09:00:22.0975 4824 WwanSvc - ok
09:00:22.0980 4824 ================ Scan global ===============================
09:00:23.0000 4824 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
09:00:23.0027 4824 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
09:00:23.0035 4824 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
09:00:23.0048 4824 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
09:00:23.0072 4824 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
09:00:23.0077 4824 [Global] - ok
09:00:23.0077 4824 ================ Scan MBR ==================================
09:00:23.0085 4824 [ 4976D4A7A40B83FC7F06EE4BDD84EB9B ] \Device\Harddisk0\DR0
09:00:23.0344 4824 \Device\Harddisk0\DR0 - ok
09:00:23.0803 4824 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk1\DR1
09:00:23.0997 4824 \Device\Harddisk1\DR1 - ok
09:00:23.0997 4824 ================ Scan VBR ==================================
09:00:24.0000 4824 [ C0D856478AD1CB0D4B9F97A8D63AA78F ] \Device\Harddisk0\DR0\Partition1
09:00:24.0001 4824 \Device\Harddisk0\DR0\Partition1 - ok
09:00:24.0006 4824 [ DB3698409FD401BD4D01DC511942C23C ] \Device\Harddisk1\DR1\Partition1
09:00:24.0009 4824 \Device\Harddisk1\DR1\Partition1 - ok
09:00:24.0010 4824 ============================================================
09:00:24.0010 4824 Scan finished
09:00:24.0010 4824 ============================================================
09:00:24.0025 3472 Detected object count: 2
09:00:24.0025 3472 Actual detected object count: 2
09:01:07.0517 3472 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
09:01:07.0517 3472 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:01:07.0518 3472 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
09:01:07.0518 3472 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip


----------



## kevinf80 (Mar 21, 2006)

Hiya Ted,

Thanks for the reply, couple of entries i`m suspicious of from HJT, run OTL and i`ll have a better look, i`ll then give a fix to remove them....

Download *OTL* from any of the following links and save to your desktop.

*Link 1*
*Link 2*
*Link 3*

Double click the icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)


 When the window appears, underneath *Output* at the top, make sure *Standard output* is selected.
 Select *Scan all users*
 Under the *Extra Registry* section, check *Use SafeList*
 In the lower right corner, checkmark *"LOP Check"* and checkmark *"Purity Check".*
 Click *Run Scan* and let the program run uninterrupted.
 When the scan is complete, two text files will be created on your Desktop.
 *OTL.Txt* <- this one will be opened
 *Extras.txt* <- this one will be minimized

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of *OTL.Txt* and the *Extras.txt* in your next reply.

Kevin


----------



## Tedejc (Jan 3, 2006)

this is the OTL.TXT I belive:

OTL logfile created on: 9/26/2012 11:12:10 AM - Run 1
OTL by OldTimer - Version 3.2.66.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.75 Gb Available Physical Memory | 68.80% Memory free
8.00 Gb Paging File | 5.84 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921.72 Gb Total Space | 883.71 Gb Free Space | 95.88% Space Free | Partition Type: NTFS
Drive F: | 931.50 Gb Total Space | 838.59 Gb Free Space | 90.03% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/26 11:10:24 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.com
PRC - [2012/09/23 11:48:07 | 001,701,400 | ---- | M] () -- C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
PRC - [2012/09/20 00:02:24 | 000,363,752 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2012/09/10 14:08:48 | 001,411,224 | ---- | M] (Aeria Games & Entertainment) -- C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
PRC - [2012/08/23 05:15:12 | 000,369,664 | ---- | M] (Babylon Ltd.) -- C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarsrv.exe
PRC - [2012/08/08 09:26:10 | 000,785,408 | ---- | M] (Software Assist) -- C:\Program Files (x86)\Software Assist\Software Assist-bg.exe
PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/01/17 11:07:58 | 000,505,736 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2011/10/14 02:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2011/10/14 02:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2011/08/03 07:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/08/03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/06/17 13:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011/02/25 14:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/11/20 23:23:51 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe
PRC - [2010/09/14 19:09:52 | 001,213,848 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2009/12/23 17:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\SysWOW64\AsHookDevice.exe
PRC - [2009/11/18 00:42:26 | 005,821,952 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe

========== Modules (No Company Name) ==========

MOD - [2012/09/24 22:21:17 | 000,450,560 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\dimgpr.dll
MOD - [2012/09/23 11:56:41 | 000,133,632 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\BabylonChromeToolBar.dll
MOD - [2012/09/23 11:48:07 | 002,098,200 | ---- | M] () -- C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
MOD - [2012/09/23 11:48:07 | 001,701,400 | ---- | M] () -- C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
MOD - [2012/08/21 08:43:12 | 000,058,880 | ---- | M] () -- C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\escortShld.dll
MOD - [2012/08/08 15:43:56 | 000,531,968 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\BabylonToolbar\CR\BUSolution.dll
MOD - [2012/06/20 17:23:00 | 000,599,419 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2012/06/13 14:36:00 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll
MOD - [2012/06/13 14:35:48 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll
MOD - [2012/06/13 14:35:45 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
MOD - [2012/06/13 14:35:39 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll
MOD - [2012/06/13 14:35:38 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
MOD - [2012/05/12 03:18:46 | 000,787,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bb40644f323a93fa9bc09be350918ef3\System.EnterpriseServices.ni.dll
MOD - [2012/05/12 03:18:46 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\67a386434938003bceb0752e979dabb3\System.Transactions.ni.dll
MOD - [2012/05/12 03:18:46 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bb40644f323a93fa9bc09be350918ef3\System.EnterpriseServices.Wrapper.dll
MOD - [2012/05/12 03:18:44 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8a9fac9cb825b5d2db0bdb867fff940e\System.Runtime.Serialization.ni.dll
MOD - [2012/05/12 03:18:42 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll
MOD - [2012/05/12 03:09:33 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll
MOD - [2012/05/12 03:07:11 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\99d0f7ba920eea1117e45dcd9fec0eb5\System.Data.ni.dll
MOD - [2012/05/12 03:07:04 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll
MOD - [2012/05/12 03:07:01 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
MOD - [2012/05/12 03:07:00 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MOD - [2012/05/12 03:06:55 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MOD - [2012/05/12 03:06:50 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/03/25 20:53:14 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
MOD - [2009/01/15 18:55:10 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll

========== Services (SafeList) ==========

SRV:*64bit:* - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:*64bit:* - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:*64bit:* - [2011/09/27 15:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:*64bit:* - [2010/02/10 10:05:46 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:*64bit:* - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/23 11:48:07 | 001,701,400 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager)
SRV - [2012/09/23 11:46:40 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/12 09:46:22 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 02:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/08/03 07:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/06/17 13:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/03/02 01:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 14:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/23 17:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysWOW64\AsHookDevice.exe -- (Device Handle Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:*64bit:* - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:*64bit:* - [2012/07/28 02:15:28 | 000,057,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:*64bit:* - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2011/09/02 02:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:*64bit:* - [2011/09/02 02:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:*64bit:* - [2011/09/02 02:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:*64bit:* - [2011/09/02 02:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:*64bit:* - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:*64bit:* - [2011/05/10 05:41:27 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:*64bit:* - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:*64bit:* - [2010/10/01 15:41:12 | 001,349,232 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:*64bit:* - [2010/09/01 04:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:*64bit:* - [2010/02/10 10:24:06 | 006,368,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:*64bit:* - [2010/02/10 10:24:06 | 006,368,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:*64bit:* - [2010/02/10 09:11:14 | 000,188,416 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:*64bit:* - [2010/01/27 21:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:*64bit:* - [2009/12/22 06:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:*64bit:* - [2009/11/10 12:11:32 | 000,234,040 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:*64bit:* - [2009/10/07 11:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2009/10/07 11:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2009/07/16 07:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:*64bit:* - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2009/05/20 01:48:42 | 000,702,976 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:*64bit:* - [2009/05/04 21:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/01/04 17:34:48 | 000,011,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys -- (ASInsHelp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP08&src=IE-SearchBox

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-439902947-1435898956-2378105468-1000\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://www.google.com/
IE - HKU\S-1-5-21-439902947-1435898956-2378105468-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-439902947-1435898956-2378105468-1000\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-439902947-1435898956-2378105468-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-439902947-1435898956-2378105468-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=111442&tt=120912_pcp_3812_2&babsrc=SP_ss&mntrId=3048710f00000000000014dae9587c67
IE - HKU\S-1-5-21-439902947-1435898956-2378105468-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-439902947-1435898956-2378105468-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

IE - HKU\S-1-5-21-439902947-1435898956-2378105468-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=111442&tt=120912_pcp_3812_2&babsrc=HP_ss&mntrId=3048710f00000000000014dae9587c67"
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=111442&tt=120912_pcp_3812_2&babsrc=KW_ss&mntrId=3048710f00000000000014dae9587c67&q="
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/12 09:46:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/12 09:45:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{6F74C42F-FBB5-11E1-8270-B8AC6F996F26}: C:\Users\Owner\AppData\Local\{6F74C42F-FBB5-11E1-8270-B8AC6F996F26}\
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012/09/23 11:48:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{AE8C1090-06B7-11E2-8271-B8AC6F996F26}: C:\Users\Owner\AppData\Local\{AE8C1090-06B7-11E2-8271-B8AC6F996F26}\ [2012/09/24 22:21:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/12 09:46:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/12 09:45:50 | 000,000,000 | ---D | M]

[2011/10/06 07:05:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2012/09/23 11:48:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\6cetgoy6.default\extensions
[2012/09/23 11:47:59 | 000,000,000 | ---D | M] ("Software Assist") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\6cetgoy6.default\extensions\[email protected]
[2012/09/23 11:48:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\6cetgoy6.default\extensions\[email protected]
[2012/09/23 11:48:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\6cetgoy6.default\extensions\staged
[2012/09/23 11:48:11 | 000,002,223 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\6cetgoy6.default\searchplugins\BabylonMngr.xml
[2012/09/12 09:45:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/24 22:21:17 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\OWNER\APPDATA\LOCAL\{AE8C1090-06B7-11E2-8271-B8AC6F996F26}
[2012/09/12 09:46:23 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/23 11:47:58 | 000,002,360 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/09/04 20:33:28 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/04 20:33:28 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://search.babylon.com/?affID=11...HP_ss&mntrId=3048710f00000000000014dae9587c67
CHR - default_search_provider: ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: http://search.babylon.com/?affID=11...HP_ss&mntrId=3048710f00000000000014dae9587c67
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jenkhamomijcoocoblchfbobohfabaff\1.20.68_0\crossrider
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jenkhamomijcoocoblchfbobohfabaff\1.20.68_0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/09/19 16:50:35 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:*64bit:* - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:*64bit:* - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Software Assist) - {11111111-1111-1111-1111-110011301126} - C:\Program Files (x86)\Software Assist\Software Assist.dll (Software Assist)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:*64bit:* - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:*64bit:* - HKLM..\Run: [dimgpr] C:\Users\Owner\AppData\Roaming\dimgpr.dll ()
O4:*64bit:* - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:*64bit:* - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Aeria Ignite] C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe (Aeria Games & Entertainment)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-439902947-1435898956-2378105468-1000..\Run: [Akamai NetSession Interface] C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-439902947-1435898956-2378105468-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-439902947-1435898956-2378105468-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-439902947-1435898956-2378105468-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-439902947-1435898956-2378105468-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-439902947-1435898956-2378105468-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-439902947-1435898956-2378105468-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O15 - HKU\S-1-5-21-439902947-1435898956-2378105468-1000\..Trusted Domains: blizzard.com ([us] https in Trusted sites)
O15 - HKU\S-1-5-21-439902947-1435898956-2378105468-1000\..Trusted Domains: thinkorswim.com ([www] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} http://www.in.honda.com/Rraaapps/RRAAsec/Codebase/RRAAINAX/RYXAINAX_LandscapePrintingActiveX.cab (MeadCo ScriptX)
O16 - DPF: {297DE2B6-509A-4B36-93C5-A65276606900} http://www.in.honda.com/rraaapps/rraasec/codebase/RRAAINAX/RraainAX.CAB (RRAAINAX_02.RRAAINAX)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://usergroups.webex.com/client/WBXclient-T27L10NSP28EP2-12243/webex/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CD5CC2B-960F-4E87-B2FA-A1998EEF73A4}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:*64bit:* - Protocol\Handler\livecall - No CLSID value found
O18:*64bit:* - Protocol\Handler\ms-help - No CLSID value found
O18:*64bit:* - Protocol\Handler\msnim - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlmailhtml - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlpg - No CLSID value found
O20 - AppInit_DLLs: (c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:*64bit:* - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = comfile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/26 11:10:11 | 000,601,600 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.com
[2012/09/26 08:57:48 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\44910385.sys
[2012/09/26 08:57:10 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe
[2012/09/25 21:59:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\WinPatrol
[2012/09/25 21:58:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2012/09/25 21:58:47 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/09/25 21:58:17 | 000,867,016 | ---- | C] (BillP Studios) -- C:\Users\Owner\Desktop\wpsetup.exe
[2012/09/25 21:52:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/25 21:36:37 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012/09/25 19:54:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/09/25 19:51:37 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/09/25 19:34:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/09/25 19:34:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/09/25 19:29:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/09/24 22:26:20 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/09/24 22:21:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{AE8C1090-06B7-11E2-8271-B8AC6F996F26}
[2012/09/24 22:20:28 | 000,180,224 | ---- | C] (Blue Ripple Sound ) -- C:\Users\Owner\AppData\Roaming\lorat.dll
[2012/09/23 19:34:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BillP Studios
[2012/09/23 12:13:27 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/09/23 12:12:38 | 000,000,000 | ---D | C] -- C:\Windows\es
[2012/09/23 12:12:34 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012/09/23 12:12:30 | 000,000,000 | ---D | C] -- C:\Windows\fr
[2012/09/23 12:12:23 | 000,000,000 | ---D | C] -- C:\Windows\nl
[2012/09/23 12:09:39 | 000,057,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2012/09/23 12:07:47 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2012/09/23 12:07:47 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2012/09/23 12:07:46 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2012/09/23 12:07:46 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2012/09/23 12:07:46 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2012/09/23 12:07:46 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2012/09/23 12:07:45 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2012/09/23 12:07:45 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2012/09/23 12:05:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
[2012/09/23 12:05:51 | 000,000,000 | R--D | C] -- C:\Users\Owner\SkyDrive
[2012/09/23 12:05:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2012/09/23 12:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/09/23 12:02:36 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012/09/23 12:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/09/23 12:01:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/09/23 12:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/09/23 12:01:59 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/09/23 11:52:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Media Player
[2012/09/23 11:50:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\vlc
[2012/09/23 11:49:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Easy Media Player
[2012/09/23 11:48:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
[2012/09/23 11:48:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\BabylonToolbar
[2012/09/23 11:48:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012/09/23 11:48:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar
[2012/09/23 11:47:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Software Assist
[2012/09/23 11:47:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Software Assist
[2012/09/23 11:47:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Babylon
[2012/09/23 11:47:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/09/23 11:44:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com
[2012/09/22 03:01:08 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/09/22 03:01:08 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/09/22 03:01:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/09/22 03:01:06 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/09/22 03:01:06 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/09/22 03:01:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/09/22 03:01:06 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/09/22 03:01:06 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/09/22 03:00:57 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/09/22 03:00:57 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/09/22 03:00:56 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/09/22 03:00:56 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/09/22 03:00:54 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/09/22 03:00:54 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/09/22 03:00:54 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/09/19 16:53:22 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/19 12:40:10 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/09/18 19:42:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2012/09/18 19:41:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2012/09/18 05:42:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\backups
[2012/09/16 08:53:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2012/09/16 08:53:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aeria Games
[2012/09/15 19:24:35 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\OneNote Notebooks
[2012/09/13 21:58:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{133D816A-3DBF-46B5-98A6-D6DB91339A70}
[2012/09/12 09:45:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/09/12 06:33:35 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012/09/12 06:33:34 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/09/12 06:33:33 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/09/12 06:33:33 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/09/10 22:12:35 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/09/09 21:22:45 | 001,034,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/09/09 21:22:45 | 000,916,456 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/09/09 21:22:45 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/09/09 21:22:37 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/09/09 21:22:37 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/09/09 21:22:37 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012/09/09 21:22:21 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/09/09 21:20:26 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012/09/09 21:20:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/09/09 21:20:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2012/08/30 22:03:48 | 000,128,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys

========== Files - Modified Within 30 Days ==========

[2012/09/26 11:12:57 | 000,006,531 | ---- | M] () -- C:\Users\Owner\AppData\Local\chromeupdate.crx
[2012/09/26 11:10:24 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.com
[2012/09/26 11:00:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/26 10:42:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/26 08:57:48 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\44910385.sys
[2012/09/26 08:57:10 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe
[2012/09/26 08:29:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/25 21:58:22 | 000,867,016 | ---- | M] (BillP Studios) -- C:\Users\Owner\Desktop\wpsetup.exe
[2012/09/25 21:39:15 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/25 21:39:15 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/25 21:36:48 | 000,741,650 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/25 21:36:48 | 000,635,574 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/25 21:36:48 | 000,110,290 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/25 21:32:06 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/25 21:31:45 | 3220,574,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/25 21:27:56 | 000,013,422 | ---- | M] () -- C:\Users\Owner\Desktop\hijackthis92512
[2012/09/25 19:47:27 | 000,002,121 | ---- | M] () -- C:\Users\Owner\Desktop\Microsoft Security Essentials.lnk
[2012/09/25 19:47:15 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/24 22:21:17 | 000,450,560 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\dimgpr.dll
[2012/09/24 22:20:28 | 000,180,224 | ---- | M] (Blue Ripple Sound ) -- C:\Users\Owner\AppData\Roaming\lorat.dll
[2012/09/23 12:02:38 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/23 11:48:07 | 000,000,315 | ---- | M] () -- C:\user.js
[2012/09/23 11:46:39 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/09/23 11:46:39 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/09/19 16:50:35 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/09/18 19:42:00 | 000,001,083 | ---- | M] () -- C:\Users\Owner\Desktop\SpywareBlaster.lnk
[2012/09/18 05:37:01 | 000,012,454 | ---- | M] () -- C:\Users\Owner\Desktop\hijackthis56
[2012/09/16 08:53:07 | 000,002,032 | ---- | M] () -- C:\Users\Public\Desktop\Aeria Ignite.lnk
[2012/09/15 19:44:57 | 000,001,096 | ---- | M] () -- C:\Users\Owner\Documents\host to hosts.rtf
[2012/09/15 19:26:59 | 000,012,784 | ---- | M] () -- C:\Users\Owner\Documents\New Hosts File.one
[2012/09/15 19:24:35 | 000,001,310 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/09/10 23:33:35 | 000,758,744 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/10 22:47:36 | 000,000,000 | ---- | M] () -- C:\Users\Owner\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
[2012/09/09 21:22:26 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012/09/09 21:22:24 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/09/09 21:22:24 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/09/09 21:22:24 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/09/09 21:22:23 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/09/09 21:22:23 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/09/09 21:20:24 | 000,002,170 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/09/01 11:56:54 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys
[2012/08/28 19:58:18 | 001,345,796 | ---- | M] () -- C:\Users\Owner\Desktop\p587.pdf
[2012/08/28 19:56:18 | 002,439,635 | ---- | M] () -- C:\Users\Owner\Desktop\p334.pdf
[2012/08/28 19:52:56 | 004,289,623 | ---- | M] () -- C:\Users\Owner\Desktop\p17.pdf

========== Files Created - No Company Name ==========

[2012/09/25 21:27:56 | 000,013,422 | ---- | C] () -- C:\Users\Owner\Desktop\hijackthis92512
[2012/09/25 19:47:27 | 000,002,121 | ---- | C] () -- C:\Users\Owner\Desktop\Microsoft Security Essentials.lnk
[2012/09/25 19:34:49 | 000,002,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/09/24 22:21:18 | 000,006,531 | ---- | C] () -- C:\Users\Owner\AppData\Local\chromeupdate.crx
[2012/09/24 22:21:16 | 000,450,560 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\dimgpr.dll
[2012/09/23 12:12:20 | 000,001,309 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2012/09/23 12:12:08 | 000,001,378 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2012/09/23 12:05:51 | 000,002,122 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2012/09/23 12:02:38 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/23 11:48:06 | 000,000,315 | ---- | C] () -- C:\user.js
[2012/09/18 19:42:00 | 000,001,083 | ---- | C] () -- C:\Users\Owner\Desktop\SpywareBlaster.lnk
[2012/09/18 05:37:01 | 000,012,454 | ---- | C] () -- C:\Users\Owner\Desktop\hijackthis56
[2012/09/16 08:53:07 | 000,002,032 | ---- | C] () -- C:\Users\Public\Desktop\Aeria Ignite.lnk
[2012/09/15 19:44:57 | 000,001,096 | ---- | C] () -- C:\Users\Owner\Documents\host to hosts.rtf
[2012/09/15 19:26:39 | 000,012,784 | ---- | C] () -- C:\Users\Owner\Documents\New Hosts File.one
[2012/09/15 19:24:35 | 000,001,310 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/09/10 22:07:30 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
[2012/09/09 21:20:24 | 000,002,170 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/08/28 19:58:18 | 001,345,796 | ---- | C] () -- C:\Users\Owner\Desktop\p587.pdf
[2012/08/28 19:56:18 | 002,439,635 | ---- | C] () -- C:\Users\Owner\Desktop\p334.pdf
[2012/08/28 19:52:56 | 004,289,623 | ---- | C] () -- C:\Users\Owner\Desktop\p17.pdf
[2012/01/21 14:20:09 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/10/11 08:55:07 | 000,758,744 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/04/21 21:15:03 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2011/04/21 21:14:34 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\ServiceHelp.dll
[2011/04/21 21:11:13 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011/04/21 21:10:57 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/04/21 21:10:56 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011/04/21 21:10:56 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011/04/21 21:07:31 | 000,024,078 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011/04/21 21:07:30 | 000,017,302 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/04/21 21:07:30 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2011/04/21 21:07:30 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/04/21 21:05:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/04/21 20:55:56 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2012/06/12 20:00:15 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{85ee5870-1a9f-6932-c3ce-887557e65d78}\L
[2012/06/12 20:00:15 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{85ee5870-1a9f-6932-c3ce-887557e65d78}\U
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\AppData\Local\{85ee5870-1a9f-6932-c3ce-887557e65d78}\L
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\AppData\Local\{85ee5870-1a9f-6932-c3ce-887557e65d78}\U
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/09/23 11:47:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Babylon
[2012/09/23 11:48:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BabylonToolbar
[2012/01/02 14:53:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Canon
[2012/02/05 14:53:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech
[2012/09/04 21:28:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\webex
[2012/08/14 23:09:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer
[2012/09/25 21:59:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinPatrol

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >


----------



## Tedejc (Jan 3, 2006)

And this should be hte Extras.txt:

OTL Extras logfile created on: 9/26/2012 11:12:10 AM - Run 1
OTL by OldTimer - Version 3.2.66.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.75 Gb Available Physical Memory | 68.80% Memory free
8.00 Gb Paging File | 5.84 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921.72 Gb Total Space | 883.71 Gb Free Space | 95.88% Space Free | Partition Type: NTFS
Drive F: | 931.50 Gb Total Space | 838.59 Gb Free Space | 90.03% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-439902947-1435898956-2378105468-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\Easy Media Player\emp.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\Easy Media Player\emp.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\Easy Media Player\emp.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\Easy Media Player\emp.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C798FBB-2BA6-D113-C055-936965550F33}" = ATI Catalyst Install Manager
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX420_series" = Canon MX420 series MP Drivers
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BA33BE3-20CF-4972-BD67-B44CEFA52DCB}" = Windows Live MIME IFilter
"{56BFB765-EC27-4BBE-4562-7D524A4E6876}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9301985B-D116-4A93-A93D-94580084FF86}" = 64 Bit HP CIO Components Installer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A62F9CD0-B2E0-4F2A-88F2-79254A3C8539}" = WinPatrol
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{C8B10C8E-46F0-4C9A-A688-78B8A2F720BD}" = Windows Live Family Safety
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"SP6" = Logitech SetPoint 6.32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00AA59D7-B92D-4A06-8D06-0596081C0E68}" = Photo Gallery
"{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}" = Quicken 2012
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{124C9BD0-8C52-40AB-8238-0605703B1C28}" = ASUS Backup Wizard
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{179C9DAD-8A7E-E177-A099-9881BA6DB7E1}" = CCC Help Korean
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{1951F3A1-110D-4F5B-8346-9D0E735A54E0}" = Windows Live Writer
"{1A2516F6-15CF-45F0-A14C-865742A647C3}" = Windows Live Messenger
"{1CA97896-6527-EFF2-15AF-F754A8345DB3}" = CCC Help Polish
"{1DE16DAD-6C8C-CE4B-6D0A-3B9C826EA7DF}" = Catalyst Control Center InstallProxy
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{207FE8B9-976B-8106-B8D8-75FD538B21AE}" = Catalyst Control Center Graphics Light
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2AE414B5-7FE6-49A3-93C8-D864162CDEBC}" = Windows Live UX Platform Language Pack
"{2CA12532-C407-66B7-7872-998E86EB078A}" = CCC Help Thai
"{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}" = Windows Live UX Platform Language Pack
"{2FAFE37E-D796-47B8-BA8F-D09819B12DF6}" = Windows Live Essentials
"{30646370-6577-DA44-F956-5179BD4FC81F}" = CCC Help Norwegian
"{36D8DF3D-B1E1-D8CA-C0F7-5FECF2ADB431}" = Catalyst Control Center Graphics Previews Vista
"{38547BC2-D932-4D3D-88DB-B0C33A34B469}" = Windows Live Messenger
"{3EAE58C0-7C36-40C3-ACED-0CABF2F46BCF}" = Windows Live Writer Resources
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}" = Movie Maker
"{43475DF9-3F29-4C45-9045-BDCEF39C17E8}" = Windows Live Writer
"{44E89CCA-BB20-4EA6-80EB-4126E886F83D}" = Windows Live Mail
"{46316411-80D8-4F68-8118-696E05FCE199}" = Windows Live Essentials
"{4689F012-C8E3-4F6E-BDEF-13671D53A6DC}" = Windows Live UX Platform Language Pack
"{46B14AF1-EDFA-4088-AB2B-22A8128A1C54}" = Photo Common
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF95DE2-B54D-4C3F-9494-FD3B558E2C2D}" = AI Manager
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5CC4C963-F772-4766-BFF2-DE551E205EE9}" = Photo Common
"{5E990010-3CFC-3451-1F07-ABD632895DED}" = Catalyst Control Center Localization All
"{60A1253C-2D51-4166-95C2-52E9CF4F8D64}" = Photo Gallery
"{60ADEF86-A867-47A0-9C8E-9B7E2AB3F87C}" = Windows Live Writer Resources
"{618F39BD-9720-47CF-A89C-108AB41B1493}" = Windows Live UX Platform Language Pack
"{62813F65-4D78-43AF-A53C-DFAFA122E065}" = Windows Live Messenger
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{653771EC-5AA7-9E1D-EBF9-BF6E9BDC0649}" = CCC Help Greek
"{698ED639-3A26-49EF-B1EF-CD89CB97C778}" = Windows Live Essentials
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BF29613-DEEF-44BA-93C1-431B9723041C}" = Windows Live Mail
"{704985E4-596B-B30C-1B01-49A4E6386DF7}" = CCC Help Italian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7388AE07-F4E0-503F-6ADD-4FB9BED4C47E}" = CCC Help Czech
"{73954A36-638C-4052-91BF-3FB59948B301}" = Windows Live Family Safety
"{7541F284-7167-4729-B1C1-0A3F7FC38EF3}" = Windows Live Messenger
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78F35489-621D-4FFD-BCE7-2C7C3897E47C}" = Windows Live
"{7F682A00-6497-4551-A2A6-063AE667D1CF}" = Movie Maker
"{803D4B7D-71CD-46B9-8F89-8BFD73920FAF}" = Windows Live UX Platform Language Pack
"{810EED37-2024-4C10-B266-5A8CCB3D1A65}" = Windows Live Writer
"{815928D4-B230-40C7-AEEF-FCC3DC4B3C59}" = Aeria Ignite
"{84BEAA30-1AF1-450B-9DD7-AD38B84004BA}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{884DF67C-F47D-4B09-B474-C3B7D51CA52A}" = Windows Live Family Safety
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AE34925-34D7-4E53-FE56-B38C003FCE59}" = CCC Help Chinese Traditional
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{913694EF-D62F-B372-7778-7C0DFD287EED}" = Catalyst Control Center Graphics Previews Common
"{93F8D79A-EEC2-11F6-DE59-70EA8E50CAE2}" = CCC Help German
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{959BC6D1-38C8-441F-9466-9ECCD4E68413}" = Galería de fotos
"{97373E60-D071-418A-87F1-A969EEEEBDAC}" = Windows Live Essentials
"{9846E46F-07E0-4BDF-985A-E3FBA8C15877}" = Movie Maker
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{98FBED7A-E9E1-5578-F5FD-391D51799524}" = CCC Help French
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{A259C1B6-7C3F-6827-657B-D6EDE5BF3CAE}" = CCC Help Finnish
"{A5D8B1C2-4B2E-42F1-ADB4-D0308A4F5C6F}" = Windows Live Writer
"{A6D87A37-8620-FE7B-54C2-E654F4F92B95}" = Catalyst Control Center Graphics Full New
"{A929A7EA-4DFB-48F9-AAF6-C880DF64FB73}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96174C8-BB27-8E86-2AA8-22486DDF7B4B}" = Catalyst Control Center Core Implementation
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI
"{AE9C87B3-0BF3-6FE1-404C-FA0EA33B4EC3}" = CCC Help Japanese
"{AFFBC271-AA8F-4908-BEAE-491B96AC57C4}" = Windows Live Mail
"{B19E03EA-067C-412F-A81E-271720E601AB}" = Fotogalerie
"{B1A1ACA0-54BF-6279-CD75-D4772DD16197}" = CCC Help Danish
"{B2091805-8B42-44C2-AE76-AD1183E63985}" = Windows Live Family Safety
"{B27FA0A3-D80F-41A9-8BAD-C5F2D859AB22}" = Photo Common
"{B2C78D7A-D4D2-A1EF-DFAA-48A4152A5771}" = ccc-core-static
"{B89EE842-D398-4EAC-A3DF-47280B285DD9}" = Windows Live Mail
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{C427F09B-25F5-49F7-9AD8-9AFD10EA925C}" = Windows Live Family Safety
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C7A9BAF2-DA72-8503-F27F-44C6C2FF9F49}" = CCC Help Swedish
"{CBB00A31-1E0F-458C-BA15-0BAFF0567772}" = Windows Live Mail
"{CCDB7ADB-1643-4C30-B39D-1562CFE51420}" = Movie Maker
"{CDA04BEC-2F20-4E3C-A0E0-D75C8DE255D8}" = Windows Live Writer Resources
"{D0873221-A48B-4A2F-9D34-5F0C21725CF5}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D531FC91-6F4E-49A7-B912-15289D05B6F8}" = Photo Common
"{D5348885-EB52-4355-C21B-27BD0E4CBA31}" = CCC Help Hungarian
"{D555C389-F793-443A-B012-A3D70590CF3D}" = Windows Live Writer Resources
"{D5E0FFD0-60DD-4E1A-A209-EB14E424467C}" = Windows Live Family Safety
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{D77A6FED-256C-4E2F-9873-59C92C854A4E}" = Photo Common
"{D780486E-4F96-B025-4BBB-30D56E3C9418}" = CCC Help Portuguese
"{DA22811F-4A83-4FE3-959F-1F26B64BA54B}" = Windows Live Writer
"{DE30220D-B7A6-EB8F-13E0-2521880E2F49}" = Catalyst Control Center Graphics Full Existing
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1DA4302-1C06-4533-AF6D-9D68B01FCB34}" = Movie Maker
"{E32BC396-8E51-BA3F-7001-EE463BB4EA75}" = CCC Help English
"{E481A482-A6A2-D3ED-0980-C741A9AAA96B}" = CCC Help Chinese Standard
"{E4AA1490-A0AE-5693-2C0B-4FF21C3721D8}" = CCC Help Dutch
"{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}" = BabylonObjectInstaller
"{E60D9CA8-14A6-4F56-BA12-D9D8C8004E09}" = Windows Live Messenger
"{EBF0AA20-D891-1908-10CB-010E289C36CD}" = CCC Help Russian
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0DA672E-15DB-4413-BE2D-887DD1513607}" = Windows Live Writer
"{F9B431CB-5ACF-A7C1-5B96-9DF33AA25290}" = CCC Help Spanish
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"{FE58D81E-30CE-4C73-9A52-28E886B62B91}" = Windows Live Writer Resources
"{FE8DFDD0-A543-4A83-B7A9-C411138194D5}" = Galerie de photos
"{FECB76C1-1C1D-4A84-8D47-5754C74B5A5E}" = Junk Mail filter update
"{FFE7F452-F093-5859-C96E-E75310248A10}" = CCC Help Turkish
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Aeria Ignite" = Aeria Ignite
"Aeria Ignite 1.10.1721" = Aeria Ignite
"Asus Vibe2.0" = AsusVibe2.0
"BabylonToolbar" = Babylon toolbar on IE
"Canon MX420 series User Registration" = Canon MX420 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Easy Media Player" = Easy Media Player 1.1.12
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"Mozilla Firefox 15.0 (x86 en-US)" = Mozilla Firefox 15.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"Shaiya" = Shaiya
"Software Assist" = Software Assist
"Speed Dial Utility" = Canon Speed Dial Utility
"SpywareBlaster_is1" = SpywareBlaster 4.6
"thinkorswim" = thinkorswim
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-439902947-1435898956-2378105468-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"48e4cff94f039634" = Best Buy pc app
"Akamai" = Akamai NetSession Interface
"e55b814e55744b76" = Best Buy pc app - 1 
"GoToMeeting" = GoToMeeting 5.3.0.977
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"SkyDriveSetup.exe" = Microsoft SkyDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/22/2012 7:09:33 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2013

Error - 9/22/2012 7:09:34 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/22/2012 7:09:34 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3011

Error - 9/22/2012 7:09:34 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3011

Error - 9/22/2012 7:09:35 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/22/2012 7:09:35 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4025

Error - 9/22/2012 7:09:35 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4025

Error - 9/23/2012 8:13:09 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 9/23/2012 10:43:35 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/23/2012 11:51:22 AM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: BabylonToolbarsrv.exe, version: 1.6.9.0,
time stamp: 0x5035f49f Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x6e697700 Faulting process id:
0xbcc Faulting application start time: 0x01cd99a34760c7f7 Faulting application path:
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarsrv.exe
Faulting
module path: unknown Report Id: 85852c51-0596-11e2-90fc-14dae9587c67

[ OSession Events ]
Error - 8/23/2012 9:15:29 AM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session 
lasted 276 seconds with 240 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/10/2012 11:37:16 PM | Computer Name = Owner-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.135.903.0 Update Source: %%859 Update Stage:
%%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error
code: 0x80240017 Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 9/11/2012 9:02:06 AM | Computer Name = Owner-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 9/11/2012 9:02:09 AM | Computer Name = Owner-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 9/11/2012 9:02:20 AM | Computer Name = Owner-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 9/11/2012 9:02:23 AM | Computer Name = Owner-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 9/11/2012 9:07:28 AM | Computer Name = Owner-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 9/11/2012 9:07:32 AM | Computer Name = Owner-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 9/11/2012 10:47:55 PM | Computer Name = Owner-PC | Source = volsnap | ID = 393230
Description = The shadow copies of volume F: were aborted because of an IO failure
on volume F:.

Error - 9/11/2012 10:49:25 PM | Computer Name = Owner-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 9/11/2012 10:50:56 PM | Computer Name = Owner-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

< End of report >


----------



## kevinf80 (Mar 21, 2006)

Re-Run







by double left click, Vista and Widows 7 users Right click, select "Run as Administrator, accept UAC alert.

Under the







box at the bottom, paste in the following


```
:OTL
PRC - [2012/08/23 05:15:12 | 000,369,664 | ---- | M] (Babylon Ltd.) -- C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarsrv.exe
PRC - [2012/08/08 09:26:10 | 000,785,408 | ---- | M] (Software Assist) -- C:\Program Files (x86)\Software Assist\Software Assist-bg.exe
MOD - [2012/09/24 22:21:17 | 000,450,560 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\dimgpr.dll
MOD - [2012/09/23 11:56:41 | 000,133,632 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\BabylonChrom eToolBar.dll
MOD - [2012/09/23 11:48:07 | 002,098,200 | ---- | M] () -- C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
MOD - [2012/09/23 11:48:07 | 001,701,400 | ---- | M] () -- C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
MOD - [2012/08/21 08:43:12 | 000,058,880 | ---- | M] () -- C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\escortShld.dll
MOD - [2012/08/08 15:43:56 | 000,531,968 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\BabylonToolbar\CR\BUSolution.dll
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP08&src=IE-SearchBox
IE - HKU\S-1-5-21-439902947-1435898956-2378105468-1000\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-439902947-1435898956-2378105468-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-439902947-1435898956-2378105468-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=111442&tt=120912_pcp_3812_2&babsrc=SP_ss&mntrId=3048 710f00000000000014dae9587c67
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=111442&tt=120912_pcp_3812_2&babsrc=HP_ss&mntrId=3048710f000000000000 14dae9587c67"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=111442&tt=120912_pcp_3812_2&babsrc=KW_ss&mntrId=3048710f000000000000 14dae9587c67&q="
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
[2012/09/23 11:47:59 | 000,000,000 | ---D | M] ("Software Assist") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\6cetgoy6.default\ex tensions\[email protected]
[2012/09/23 11:48:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\6cetgoy6.default\ex tensions\[email protected]
[2012/09/23 11:47:58 | 000,002,360 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/09/04 20:33:28 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/04 20:33:28 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
CHR - homepage: http://search.babylon.com/?affID=111...0014dae9587c67
O2 - BHO: (Software Assist) - {11111111-1111-1111-1111-110011301126} - C:\Program Files (x86)\Software Assist\Software Assist.dll (Software Assist)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [dimgpr] C:\Users\Owner\AppData\Roaming\dimgpr.dll ()
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20 - AppInit_DLLs: (c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34
:Services
Browser Manager
:Files
ipconfig /flushdns /c
c:\ProgramData\Browser Manager
C:\Program Files (x86)\Software Assist
C:\Windows\SysWow64\%APPDATA%
C:\Users\Owner\AppData\Local\{AE8C1090-06B7-11E2-8271-B8AC6F996F26}
C:\Users\Owner\AppData\Roaming\BabylonToolbar
C:\Users\Owner\AppData\Roaming\Babylon
C:\ProgramData\Babylon
C:\Users\Owner\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæ çèéêëìíîïðñòóôõö÷øùúûüýþÿ
C:\Users\Owner\AppData\Roaming\dimgpr.dll
C:\Windows\Installer\{85ee5870-1a9f-6932-c3ce-887557e65d78}
C:\Users\Owner\AppData\Local\{85ee5870-1a9f-6932-c3ce-887557e65d78
:Commands
[emptytemp]
[Reboot]
```

Then click







button at the top
Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose *Yes*. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter **.log* and press the Enter key, navigate to the *C:\_OTL\MovedFiles folder*, and open the newest *.log* file present, and copy/paste the contents of that document back here in your next post.

Next,

Run Malwarebytes, if installed run, update and do quick scan. Full instructions follow:

*Malwarebytes* Anti-Malware and save it to your desktop.
*Alernative D/L mirror*
*Alternative D/L mirror*

Double Click mbam-setup.exe to install the application.









Please download
 Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
 If an update is found, it will download and install the latest version.
 Once the program has loaded, select "Perform Quick Scan", then click Scan.
 The scan may take some time to finish,so please be patient.
 When the scan is complete, click OK, then Show Results to view the results.
 Make sure that everything is checked, and click Remove Selected.
 When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
 Please save the log to a location you will remember.
 The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
 Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Post both logs and give update on issues..

Kevin


----------



## Tedejc (Jan 3, 2006)

I ran the OTL Custom Scan, but I was not able to open as administrator. I still had the Custom Scans/Fixes and I pasted the Code you sent over. It did re-boot, and did a few funny things like switched my Search around and a few other things. This log cane up as soon as it restarted so I'm posting this. I didn't have to go in to notepad or "C:\_OTL\MovedFiles folder" to get it."

I hope this is right.

Going to stage 2 now with Malwarebytes.

Thanks.
All processes killed
========== OTL ==========
No active process named BabylonToolbarsrv.exe was found!
No active process named Software Assist-bg.exe was found!
Releasing module C:\Users\Owner\AppData\Roaming\dimgpr.dll
C:\Users\Owner\AppData\Roaming\dimgpr.dll moved successfully.
Releasing module C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll moved successfully.
Releasing module C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\escortShld.dll
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\escortShld.dll moved successfully.
Releasing module C:\Users\Owner\AppData\Roaming\BabylonToolbar\CR\BUSolution.dll
C:\Users\Owner\AppData\Roaming\BabylonToolbar\CR\BUSolution.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_USERS\S-1-5-21-439902947-1435898956-2378105468-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-439902947-1435898956-2378105468-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-439902947-1435898956-2378105468-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Prefs.js: "http://search.babylon.com/?affID=111442&tt=120912_pcp_3812_2&babsrc=HP_ss&mntrId=3048710f000000000000 14dae9587c67" removed from browser.startup.homepage
Prefs.js: "http://search.babylon.com/?affID=111442&tt=120912_pcp_3812_2&babsrc=KW_ss&mntrId=3048710f000000000000 14dae9587c67&q=" removed from keyword.URL
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Folder C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\6cetgoy6.default\ex tensions\[email protected]\ not found.
Folder C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\6cetgoy6.default\ex tensions\[email protected]\ not found.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\twitter.xml moved successfully.
Use Chrome's Settings page to change the HomePage.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011301126}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011301126}\ deleted successfully.
C:\Program Files (x86)\Software Assist\Software Assist.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
File C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0F4A166-B8D4-48b8-9D63-80849FE137CB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\dimgpr deleted successfully.
File C:\Users\Owner\AppData\Roaming\dimgpr.dll not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll deleted successfully.
File c:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll not found.
ADS C:\ProgramData\TEMP:5C321E34 deleted successfully.
========== SERVICES/DRIVERS ==========
Service Browser Manager stopped successfully!
Service Browser Manager deleted successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
c:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings folder moved successfully.
c:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\content folder moved successfully.
c:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components folder moved successfully.
c:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension folder moved successfully.
Folder move failed. c:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753} scheduled to be moved on reboot.
Folder move failed. c:\ProgramData\Browser Manager\2.2.643.41 scheduled to be moved on reboot.
Folder move failed. c:\ProgramData\Browser Manager scheduled to be moved on reboot.
C:\Program Files (x86)\Software Assist folder moved successfully.
C:\Windows\SysWow64\%APPDATA%\Microsoft\Windows\IETldCache folder moved successfully.
C:\Windows\SysWow64\%APPDATA%\Microsoft\Windows folder moved successfully.
C:\Windows\SysWow64\%APPDATA%\Microsoft folder moved successfully.
C:\Windows\SysWow64\%APPDATA% folder moved successfully.
C:\Users\Owner\AppData\Local\{AE8C1090-06B7-11E2-8271-B8AC6F996F26}\chrome\content folder moved successfully.
C:\Users\Owner\AppData\Local\{AE8C1090-06B7-11E2-8271-B8AC6F996F26}\chrome folder moved successfully.
C:\Users\Owner\AppData\Local\{AE8C1090-06B7-11E2-8271-B8AC6F996F26} folder moved successfully.
C:\Users\Owner\AppData\Roaming\BabylonToolbar\Shared folder moved successfully.
C:\Users\Owner\AppData\Roaming\BabylonToolbar\IE folder moved successfully.
C:\Users\Owner\AppData\Roaming\BabylonToolbar\FF folder moved successfully.
C:\Users\Owner\AppData\Roaming\BabylonToolbar\CR folder moved successfully.
C:\Users\Owner\AppData\Roaming\BabylonToolbar folder moved successfully.
C:\Users\Owner\AppData\Roaming\Babylon folder moved successfully.
C:\ProgramData\Babylon folder moved successfully.
File\Folder C:\Users\Owner\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæ çèéêëìíîïðñòóôõö÷øùúûüýþÿ not found.
File\Folder C:\Users\Owner\AppData\Roaming\dimgpr.dll not found.
C:\Windows\Installer\{85ee5870-1a9f-6932-c3ce-887557e65d78}\U folder moved successfully.
C:\Windows\Installer\{85ee5870-1a9f-6932-c3ce-887557e65d78}\L folder moved successfully.
C:\Windows\Installer\{85ee5870-1a9f-6932-c3ce-887557e65d78} folder moved successfully.
File\Folder C:\Users\Owner\AppData\Local\{85ee5870-1a9f-6932-c3ce-887557e65d78 not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 12622359 bytes
->Temporary Internet Files folder emptied: 38675787 bytes
->Java cache emptied: 4803 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 6810774 bytes
->Flash cache emptied: 506 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 80494 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 56.00 mb

OTL by OldTimer - Version 3.2.66.0 log created on 09262012_133034

Files\Folders moved on Reboot...
c:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings folder moved successfully.
c:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753} folder moved successfully.
c:\ProgramData\Browser Manager\2.2.643.41 folder moved successfully.
c:\ProgramData\Browser Manager folder moved successfully.
C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Owner\AppData\Local\Temp\REG1543.tmp moved successfully.
C:\Users\Owner\AppData\Local\Temp\REG1B24.tmp moved successfully.
C:\Users\Owner\AppData\Local\Temp\REG5541.tmp moved successfully.
C:\Users\Owner\AppData\Local\Temp\REG6011.tmp moved successfully.
C:\Users\Owner\AppData\Local\Temp\REG6A4B.tmp moved successfully.
C:\Users\Owner\AppData\Local\Temp\REG7D2F.tmp moved successfully.
C:\Users\Owner\AppData\Local\Temp\REG80D1.tmp moved successfully.
C:\Users\Owner\AppData\Local\Temp\REG9405.tmp moved successfully.
C:\Users\Owner\AppData\Local\Temp\REGC951.tmp moved successfully.
C:\Users\Owner\AppData\Local\Temp\REGD53F.tmp moved successfully.
C:\Users\Owner\AppData\Local\Temp\REGD7CC.tmp moved successfully.
C:\Users\Owner\AppData\Local\Temp\REGDD72.tmp moved successfully.
C:\Users\Owner\AppData\Local\Temp\REGFCBB.tmp moved successfully.
C:\Users\Owner\AppData\Local\Temp\REGFE34.tmp moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{7904EC3E-8B79-409B-A7FA-6D724E808A67}.tmp not found!
File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{9D2DE410-B685-4083-AE50-D4CB485C5813}.tmp not found!
File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{E90932C0-C27E-439C-B623-384A8BBA42F7}.tmp not found!
File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LO31BBDO\bind[1].htm not found!
File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LO31BBDO\canvas[1].htm not found!
File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LO31BBDO\display[1].htm not found!
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LO31BBDO\LocalStorage[1].htm moved successfully.
File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LO31BBDO\small-grey-disclosure-arrow-down[1].png not found!
File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LO31BBDO\verify_02[1].jpg not found!
File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LO31BBDO\www.bing.com_6a124c70-61d2-4ba3-9de3-32adc4f4e525[1].jpg not found!
File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HB8P9NKL\ads[4].js not found!
File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HB8P9NKL\blu_box_index620[1].png not found!
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CPVGSD1A\rd[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4CCTV7N2\index[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4CCTV7N2\montsplinks-ctxbab[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1QLI3MBV\index[1].htm moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


----------



## Tedejc (Jan 3, 2006)

It only found one rojan. Should I run a full scan?

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.26.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

9/26/2012 2:01:50 PM
mbam-log-2012-09-26 (14-01-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224343
Time elapsed: 2 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Owner\AppData\Roaming\lorat.dll (Trojan.Medfos) -> Quarantined and deleted successfully.

(end)


----------



## Tedejc (Jan 3, 2006)

Sorry, I ment Trojan.


----------



## kevinf80 (Mar 21, 2006)

How is your system responding now, try surfing around etc, see how it responds..


----------



## Tedejc (Jan 3, 2006)

Seems fine. it was redirecting us to different search engine then what we usually use or normally get directed to. I think it wouldn't of been as noticeable or strange, except it would do this when we were on an actual web site and if we clicked to another section it would redirect the page to open a search engine that would have similar other things to the site we were on.
My wife would be on face book, and if clicked to go somewhere on FB, she would be Out of FB and in to a search engine for Social sites. stuff like that.
Seems to work OK now. 
Wow, that's a lot of logs to go through for just one Trojan, you didn't actually go through each one line by line did you?


----------



## kevinf80 (Mar 21, 2006)

Hiya Ted

Unfortunately all lines in logs such as OTL have to be checked, I`m still not sure how the the issues re-started. The new fix I gave for OTL had several malicious files present which we had removed previously.
Lets just run your system the way it is for another 24 hours or so. Leave OTL on your Desktop, don`t remove it. If your system is ok after the 24 hours run another Scan with OTL and post the logs, i`d like to see if anything has came back again.

Kevin...


----------



## Tedejc (Jan 3, 2006)

Hi Kevin. I think it's all good now. havent had any problems with anything. What do you think?

OTL logfile created on: 10/1/2012 9:20:11 PM - Run 2
OTL by OldTimer - Version 3.2.66.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.77 Gb Available Physical Memory | 69.22% Memory free
8.00 Gb Paging File | 5.88 Gb Available in Paging File | 73.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921.72 Gb Total Space | 879.53 Gb Free Space | 95.42% Space Free | Partition Type: NTFS
Drive F: | 931.50 Gb Total Space | 845.74 Gb Free Space | 90.79% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/26 13:28:30 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.com
PRC - [2012/09/20 00:02:24 | 000,363,752 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2012/09/10 14:08:48 | 001,411,224 | ---- | M] (Aeria Games & Entertainment) -- C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/08/10 18:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/30 14:41:46 | 000,151,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/01/17 11:07:58 | 000,505,736 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2011/10/14 02:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2011/10/14 02:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2011/08/03 07:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/08/03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/06/17 13:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011/02/25 14:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/09/14 19:09:52 | 001,213,848 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2009/12/23 17:59:42 | 000,232,064 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
PRC - [2009/12/23 17:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\SysWOW64\AsHookDevice.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/20 17:23:00 | 000,599,419 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2012/06/13 14:36:00 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll
MOD - [2012/06/13 14:35:48 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll
MOD - [2012/06/13 14:35:45 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
MOD - [2012/06/13 14:35:39 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll
MOD - [2012/06/13 14:35:38 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
MOD - [2012/05/12 03:20:02 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0c2b0d52156447592f33edf4116b7e7d\System.Management.ni.dll
MOD - [2012/05/12 03:18:46 | 000,787,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bb40644f323a93fa9bc09be350918ef3\System.EnterpriseServices.ni.dll
MOD - [2012/05/12 03:18:46 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\67a386434938003bceb0752e979dabb3\System.Transactions.ni.dll
MOD - [2012/05/12 03:18:46 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bb40644f323a93fa9bc09be350918ef3\System.EnterpriseServices.Wrapper.dll
MOD - [2012/05/12 03:18:44 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8a9fac9cb825b5d2db0bdb867fff940e\System.Runtime.Serialization.ni.dll
MOD - [2012/05/12 03:18:42 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll
MOD - [2012/05/12 03:09:33 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll
MOD - [2012/05/12 03:07:11 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\99d0f7ba920eea1117e45dcd9fec0eb5\System.Data.ni.dll
MOD - [2012/05/12 03:07:04 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll
MOD - [2012/05/12 03:07:01 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
MOD - [2012/05/12 03:07:00 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MOD - [2012/05/12 03:06:55 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MOD - [2012/05/12 03:06:50 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

========== Services (SafeList) ==========

SRV:*64bit:* - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:*64bit:* - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:*64bit:* - [2011/09/27 15:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:*64bit:* - [2010/02/10 10:05:46 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:*64bit:* - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/23 11:46:40 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/12 09:46:22 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/30 14:41:46 | 000,151,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 02:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/08/03 07:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/06/17 13:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/03/02 01:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 14:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/23 17:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysWOW64\AsHookDevice.exe -- (Device Handle Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:*64bit:* - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:*64bit:* - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:*64bit:* - [2012/07/28 02:15:28 | 000,057,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:*64bit:* - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2011/09/02 02:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:*64bit:* - [2011/09/02 02:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:*64bit:* - [2011/09/02 02:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:*64bit:* - [2011/09/02 02:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:*64bit:* - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:*64bit:* - [2011/05/10 05:41:27 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:*64bit:* - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:*64bit:* - [2010/10/01 15:41:12 | 001,349,232 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:*64bit:* - [2010/09/01 04:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:*64bit:* - [2010/02/10 10:24:06 | 006,368,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:*64bit:* - [2010/02/10 10:24:06 | 006,368,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:*64bit:* - [2010/02/10 09:11:14 | 000,188,416 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:*64bit:* - [2010/01/27 21:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:*64bit:* - [2009/12/22 06:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:*64bit:* - [2009/11/10 12:11:32 | 000,234,040 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:*64bit:* - [2009/10/07 11:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2009/10/07 11:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2009/07/16 07:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:*64bit:* - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2009/05/20 01:48:42 | 000,702,976 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:*64bit:* - [2009/05/04 21:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/01/04 17:34:48 | 000,011,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys -- (ASInsHelp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=111442&tt=120912_pcp_3812_2&babsrc=HP_ss&mntrId=3048710f00000000000014dae9587c67"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.5.0
FF - prefs.js..extensions.enabledAddons: [email protected]:0.83.68
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=111442&tt=120912_pcp_3812_2&babsrc=KW_ss&mntrId=3048710f00000000000014dae9587c67&q="
FF - prefs.js..network.proxy.type: 0

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/12 09:46:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/12 09:45:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{6F74C42F-FBB5-11E1-8270-B8AC6F996F26}: C:\Users\Owner\AppData\Local\{6F74C42F-FBB5-11E1-8270-B8AC6F996F26}\
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{AE8C1090-06B7-11E2-8271-B8AC6F996F26}: C:\Users\Owner\AppData\Local\{AE8C1090-06B7-11E2-8271-B8AC6F996F26}\
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/12 09:46:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/12 09:45:50 | 000,000,000 | ---D | M]

[2011/10/06 07:05:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2012/09/29 19:04:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\6cetgoy6.default\extensions
[2012/09/29 19:04:09 | 000,000,000 | ---D | M] ("Software Assist") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\6cetgoy6.default\extensions\[email protected]
[2012/09/28 07:12:37 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\6cetgoy6.default\extensions\[email protected]
[2012/09/23 11:48:11 | 000,002,223 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\6cetgoy6.default\searchplugins\BabylonMngr.xml
[2012/09/12 09:45:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/12 09:46:23 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

========== Chrome ==========

CHR - homepage: http://search.babylon.com/?affID=11...HP_ss&mntrId=3048710f00000000000014dae9587c67
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://search.babylon.com/?affID=11...HP_ss&mntrId=3048710f00000000000014dae9587c67
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npatgpc.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Best Buy pc app Detector (Enabled) = C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: ChromeUpdateManager = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Software Assist = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jenkhamomijcoocoblchfbobohfabaff\1.20.68_0\crossrider
CHR - Extension: Software Assist = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jenkhamomijcoocoblchfbobohfabaff\1.20.68_0\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/09/19 16:50:35 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:*64bit:* - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:*64bit:* - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarTlbr.dll (Babylon Ltd.)
O4:*64bit:* - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:*64bit:* - HKLM..\Run: [dimgpr] "C:\Windows\System32\rundll32.exe" "C:\Users\Owner\AppData\Roaming\dimgpr.dll",ExecCodeModule File not found
O4:*64bit:* - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:*64bit:* - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Aeria Ignite] C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe (Aeria Games & Entertainment)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O15 - HKCU\..Trusted Domains: blizzard.com ([us] https in Trusted sites)
O15 - HKCU\..Trusted Domains: thinkorswim.com ([www] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} http://www.in.honda.com/Rraaapps/RRAAsec/Codebase/RRAAINAX/RYXAINAX_LandscapePrintingActiveX.cab (MeadCo ScriptX)
O16 - DPF: {297DE2B6-509A-4B36-93C5-A65276606900} http://www.in.honda.com/rraaapps/rraasec/codebase/RRAAINAX/RraainAX.CAB (RRAAINAX_02.RRAAINAX)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://usergroups.webex.com/client/WBXclient-T27L10NSP28EP2-12243/webex/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CD5CC2B-960F-4E87-B2FA-A1998EEF73A4}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:*64bit:* - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = comfile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/29 19:08:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Desktop
[2012/09/27 12:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2012/09/27 12:25:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012/09/27 12:23:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2012/09/26 21:34:21 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Graboid_Inc
[2012/09/26 21:28:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Graboid Inc
[2012/09/26 21:28:21 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Geckofx
[2012/09/26 21:27:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Graboid
[2012/09/26 13:57:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/26 13:57:11 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/26 13:57:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/09/26 13:56:21 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup-1.65.0.1400.exe
[2012/09/26 13:30:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/26 13:28:17 | 000,601,600 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.com
[2012/09/26 08:57:48 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\44910385.sys
[2012/09/26 08:57:10 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe
[2012/09/25 21:59:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\WinPatrol
[2012/09/25 21:58:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2012/09/25 21:58:47 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/09/25 21:58:17 | 000,867,016 | ---- | C] (BillP Studios) -- C:\Users\Owner\Desktop\wpsetup.exe
[2012/09/25 21:52:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/25 21:36:37 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012/09/25 19:51:37 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/09/25 19:34:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/09/25 19:34:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/09/23 19:34:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BillP Studios
[2012/09/23 12:13:27 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/09/23 12:12:38 | 000,000,000 | ---D | C] -- C:\Windows\es
[2012/09/23 12:12:34 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012/09/23 12:12:30 | 000,000,000 | ---D | C] -- C:\Windows\fr
[2012/09/23 12:12:23 | 000,000,000 | ---D | C] -- C:\Windows\nl
[2012/09/23 12:09:39 | 000,057,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2012/09/23 12:07:47 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2012/09/23 12:07:47 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2012/09/23 12:07:46 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2012/09/23 12:07:46 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2012/09/23 12:07:46 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2012/09/23 12:07:46 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2012/09/23 12:07:45 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2012/09/23 12:07:45 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2012/09/23 12:05:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
[2012/09/23 12:05:51 | 000,000,000 | R--D | C] -- C:\Users\Owner\SkyDrive
[2012/09/23 12:05:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2012/09/23 12:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/09/23 12:02:36 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012/09/23 12:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/09/23 12:01:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/09/23 12:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/09/23 12:01:59 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/09/23 11:52:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Media Player
[2012/09/23 11:50:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\vlc
[2012/09/23 11:49:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Easy Media Player
[2012/09/23 11:48:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
[2012/09/23 11:48:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar
[2012/09/23 11:47:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Software Assist
[2012/09/23 11:44:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com
[2012/09/22 03:01:08 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/09/22 03:01:08 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/09/22 03:01:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/09/22 03:01:06 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/09/22 03:01:06 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/09/22 03:01:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/09/22 03:01:06 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/09/22 03:01:06 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/09/22 03:00:57 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/09/22 03:00:57 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/09/22 03:00:56 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/09/22 03:00:56 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/09/22 03:00:54 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/09/22 03:00:54 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/09/22 03:00:54 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/09/19 16:53:22 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/19 12:40:10 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/09/18 19:42:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2012/09/18 19:41:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2012/09/18 05:42:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\backups
[2012/09/16 08:53:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2012/09/16 08:53:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aeria Games
[2012/09/15 19:24:35 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\OneNote Notebooks
[2012/09/13 21:58:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{133D816A-3DBF-46B5-98A6-D6DB91339A70}
[2012/09/12 09:45:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/09/12 06:33:35 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012/09/12 06:33:34 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/09/12 06:33:33 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/09/12 06:33:33 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/09/10 22:12:35 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/09/09 21:22:45 | 001,034,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/09/09 21:22:45 | 000,916,456 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/09/09 21:22:45 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/09/09 21:22:37 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/09/09 21:22:37 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/09/09 21:22:37 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012/09/09 21:22:21 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/09/09 21:20:26 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012/09/09 21:20:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/09/09 21:20:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan

========== Files - Modified Within 30 Days ==========

[2012/10/01 21:00:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/01 20:42:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/01 18:47:56 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/01 18:47:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/28 08:01:35 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/28 08:01:35 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/27 13:14:55 | 000,000,774 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012/09/27 06:38:33 | 000,002,378 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/09/26 14:13:47 | 000,741,650 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/26 14:13:47 | 000,635,574 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/26 14:13:47 | 000,110,290 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/26 14:09:17 | 3220,574,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/26 13:57:17 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/26 13:56:22 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup-1.65.0.1400.exe
[2012/09/26 13:28:30 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.com
[2012/09/26 08:57:48 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\44910385.sys
[2012/09/26 08:57:10 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe
[2012/09/25 21:58:22 | 000,867,016 | ---- | M] (BillP Studios) -- C:\Users\Owner\Desktop\wpsetup.exe
[2012/09/25 21:27:56 | 000,013,422 | ---- | M] () -- C:\Users\Owner\Desktop\hijackthis92512
[2012/09/25 19:47:27 | 000,002,121 | ---- | M] () -- C:\Users\Owner\Desktop\Microsoft Security Essentials.lnk
[2012/09/25 19:47:15 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/23 12:02:38 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/23 11:48:07 | 000,000,315 | ---- | M] () -- C:\user.js
[2012/09/23 11:46:39 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/09/23 11:46:39 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/09/19 16:50:35 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/09/18 19:42:00 | 000,001,083 | ---- | M] () -- C:\Users\Owner\Desktop\SpywareBlaster.lnk
[2012/09/18 05:37:01 | 000,012,454 | ---- | M] () -- C:\Users\Owner\Desktop\hijackthis56
[2012/09/16 08:53:07 | 000,002,032 | ---- | M] () -- C:\Users\Public\Desktop\Aeria Ignite.lnk
[2012/09/15 19:44:57 | 000,001,096 | ---- | M] () -- C:\Users\Owner\Documents\host to hosts.rtf
[2012/09/15 19:26:59 | 000,012,784 | ---- | M] () -- C:\Users\Owner\Documents\New Hosts File.one
[2012/09/15 19:24:35 | 000,001,310 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/09/10 23:33:35 | 000,758,744 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/10 22:47:36 | 000,000,000 | ---- | M] () -- C:\Users\Owner\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
[2012/09/09 21:22:26 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012/09/09 21:22:24 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/09/09 21:22:24 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/09/09 21:22:24 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/09/09 21:22:23 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/09/09 21:22:23 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/09/09 21:20:24 | 000,002,170 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/09/27 12:38:00 | 000,000,774 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012/09/26 13:57:17 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/25 21:27:56 | 000,013,422 | ---- | C] () -- C:\Users\Owner\Desktop\hijackthis92512
[2012/09/25 19:47:27 | 000,002,121 | ---- | C] () -- C:\Users\Owner\Desktop\Microsoft Security Essentials.lnk
[2012/09/25 19:34:49 | 000,002,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/09/23 12:12:20 | 000,001,309 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2012/09/23 12:12:08 | 000,001,378 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2012/09/23 12:05:51 | 000,002,122 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2012/09/23 12:02:38 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/23 11:48:06 | 000,000,315 | ---- | C] () -- C:\user.js
[2012/09/18 19:42:00 | 000,001,083 | ---- | C] () -- C:\Users\Owner\Desktop\SpywareBlaster.lnk
[2012/09/18 05:37:01 | 000,012,454 | ---- | C] () -- C:\Users\Owner\Desktop\hijackthis56
[2012/09/16 08:53:07 | 000,002,032 | ---- | C] () -- C:\Users\Public\Desktop\Aeria Ignite.lnk
[2012/09/15 19:44:57 | 000,001,096 | ---- | C] () -- C:\Users\Owner\Documents\host to hosts.rtf
[2012/09/15 19:26:39 | 000,012,784 | ---- | C] () -- C:\Users\Owner\Documents\New Hosts File.one
[2012/09/15 19:24:35 | 000,001,310 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/09/10 22:07:30 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
[2012/09/09 21:20:24 | 000,002,170 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/01/21 14:20:09 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/10/11 08:55:07 | 000,758,744 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/04/21 21:15:03 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2011/04/21 21:14:34 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\ServiceHelp.dll
[2011/04/21 21:11:13 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011/04/21 21:10:57 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/04/21 21:10:56 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011/04/21 21:10:56 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011/04/21 21:07:31 | 000,024,078 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011/04/21 21:07:30 | 000,017,302 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/04/21 21:07:30 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2011/04/21 21:07:30 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/04/21 21:05:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/04/21 20:55:56 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\AppData\Local\{85ee5870-1a9f-6932-c3ce-887557e65d78}\L
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Owner\AppData\Local\{85ee5870-1a9f-6932-c3ce-887557e65d78}\U
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >


----------



## kevinf80 (Mar 21, 2006)

Hiya Ted,

Thanks for the new log, unfortunately that log is showing a return of suspicious entries. Can you run the following please:

Download *Farbar Recovery Scan Toolx64* and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter *System Recovery Options* I give two methods, use whichever is convenient for you.

*To enter System Recovery Options from the Advanced Boot Options:*

Restart the computer.
As soon as the BIOS is loaded begin tapping the* F8* key until Advanced Boot Options appears.
Use the arrow keys to select the *Repair your computer* menu item.
Select *Your Country* as the keyboard language settings, and then click *Next*.
Select the operating system you want to repair, and then click *Next*.
Select your user account an click *Next*.

*To enter System Recovery Options by using Windows installation disc:*

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click *Repair your computer*.
Select *Your Country* as the keyboard language settings, and then click *Next*.
Select the operating system you want to repair, and then click *Next*.
Select your user account and click *Next*.

*On the System Recovery Options menu you will get the following options:*
*Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt*


Select *Command Prompt*
In the command window type in *notepad* and press *Enter*.
The notepad opens. Under File menu select *Open*.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type *e:\frst64*) and press *Enter* 
*Note:* Replace letter *e* with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press *Scan* button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Kevin


----------



## Tedejc (Jan 3, 2006)

Hi Kevin, I&#8217;m at work now and I&#8217;m going to attempt to download it on a flash drive.

I&#8217;m speculating that I would use the #2 suggestion &#8220;enter Recovery Options by using Windows Installation disc:&#8221; Will there be a choice of operating systems to repair? And if there is which one should I repair?

2 issues: first I don&#8217;t know if this had anything to do with it, but I tried to get on to WOW (a game I like to play when I do get some free time) and it was no longer on the C Drive, but was still on the separate F drive. I did reinstall it so I could play a quick game. Could this be a problem?

Secondly, I think there&#8217;s a problem with the filehippo.com I installed, I thought, well let me install this on the computer I use for work to update everything. Now I seem to have Malware on my working computer. Nothing to serious, just a lot of words underlined and in blue in any text that I look at on line with a pop-up whenever I scroll over the word. Some times there&#8217;s a double underline.

Thank you for your time in this.

Ted


----------



## kevinf80 (Mar 21, 2006)

Hiya Ted,

Regarding Operating system, it depends how many you have installed.

Regarding the WOW game, that depends where you d/l from, there is always a risk from certain sites...

With reference to FileHippo, i`ve never had any problems with that site before so am unsure if that could possibly been the reason for any malware. FileHippo.com always checks out clean...

When you use Farbar Recovery Scan Tool, always try option 1 first, option 2 only if required....

Kevin


----------



## Tedejc (Jan 3, 2006)

I don&#8217;t think it&#8217;s an operating system, that&#8217;s the F drive, just a one Terabyte hard drive for extra memory.

Bought the WOW game from Best Buy I think, or maybe it was Wal-Mart. Anyway, that was about 3 years ago, and of course once downed loaded the Disks, it in it took like 3 days to down loaded everything from the WOW site. Hence the separate hard drive.

I don&#8217;t know. We were doing a few things back on thread #28, I think it was, but things did get a little worse or at least different. I use my computer for work pretty much only for work and it&#8217;s been ages since I had a problem with it. The only thing I have done differently with it is I downloaded Filehippo on it. It&#8217;s now uninstalled, but now this computer is getting messed up. I&#8217;m going to try the HJT log on this and post it as a new to see what can be done.

PS: I did have driverboost on it for a bit, it didn&#8217;t hurt but never helped either. I&#8217;ve since uninstalled that as well.


----------



## Tedejc (Jan 3, 2006)

Dad Gummite, tried to run HJT and I got the same thing I had at home. How is this thing spreading? I check my email from both computers, could it be spreading through Email?


----------



## Tedejc (Jan 3, 2006)

Hi Kevin, Maybe you could advise me of weather I should repost this as new or not. I didn't want to open a new thread but I'm thinking there unrelated and I'm not sure that it would be fair to you. Also I never had problems on 2 different computers at near the same time before either so I'm not familiar with the process for this one. Thanks.

Problems with Malware I think.

I seem to be having a similar problem with the family computer, (Either that or I'm getting attack from the Toyota dealer down the road). I'm currently working with Kevinf80 with that computer. Would it be ok to ask Kevin to work on both at the same time, or should I keep them separate.

Tried to run an HJT log, this came up at the start:

For some reason your system denied access to the Hosts file. If any hijacked domains are in this file, HJT may not be able to fix this.
If that happens, you need to edit the file yourself. To do this, click Start, Run and type: notepad C:\Windows\System32\drivers\etc\hosts
And press Enter. Find the lines HJT reports and delete them. Save the file as 'hosts' (with quotes), and reboot.

The only thing I did differently on this computer is I tried to use Filehippo to update this thing.
It's now uninstalled. It said I needed to update the Java, so I did and that's when the problems started.

I'm using this computer exclusively for work; this is different than the one listed on my account with you guys. Dell, Optiplex 390 4.00 GB 32 bit OS. Windows 7 Professional service pack 1.

Here is the HJT log, would someone be able to take a look at this.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:40:42 PM, on 10/2/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\program files\giant savings\giant savings-bg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Users\Honda-7\Desktop\HiJackThis.exe
C:\Windows\system32\DeviceDisplayObjectProvider.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.in.honda.com/RRAAApps/RRAASec/Asp/rraalog.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: DealCabby - {0CEA3A96-19B9-4112-AB60-3CE534955C29} - C:\Users\Honda-7\AppData\Local\dealcabby\ie\dealcabby_20121001081501.dll
O2 - BHO: CrossriderApp0004479 - {11111111-1111-1111-1111-110011441179} - C:\Program Files\Giant Savings\Giant Savings.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\NETGEAR\WN111v2\jswtrayutil.exe"
O4 - HKLM\..\Run: [BingDesktop] C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe /fromkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\RunOnce: [RunMVSMyClean] "C:\Windows\System32\Cmd.exe" /c "C:\Windows\myclean.bat C:\PROGRA~1\McAfee\MANAGE~1 C:\PROGRA~1\McAfee"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: NETGEAR WN111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111v2\WN111v2.exe
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.164.109.25.72
O15 - Trusted Zone: *.207.130.86.35
O15 - Trusted Zone: *.acura.com
O15 - Trusted Zone: *.acuraclientpurchaseexperience.com
O15 - Trusted Zone: *.acurainfo.programhq.com
O15 - Trusted Zone: *.acuraspinplay.programhq.com
O15 - Trusted Zone: http://*.ds.adp.com
O15 - Trusted Zone: dsra1he.ds.adp.com
O15 - Trusted Zone: dsrac1he.ds.adp.com
O15 - Trusted Zone: dssda1he.ds.adp.com
O15 - Trusted Zone: dssda2he.ds.adp.com
O15 - Trusted Zone: *.adp.com
O15 - Trusted Zone: www.adpremotesupport.com
O15 - Trusted Zone: *.adpremotesupport.com
O15 - Trusted Zone: http://*.adpremotesupport.com
O15 - Trusted Zone: *.ahm-ownerlink.com
O15 - Trusted Zone: *.ahmdealer.com
O15 - Trusted Zone: *.C147787
O15 - Trusted Zone: *.honda.com
O15 - Trusted Zone: *.honda.vo.llnwd.net
O15 - Trusted Zone: *.hondaadcmd.com
O15 - Trusted Zone: *.hondacars.com
O15 - Trusted Zone: *.hondainfo.programhq.com
O15 - Trusted Zone: *.hondamap.com
O15 - Trusted Zone: *.hondaprofessional.com
O15 - Trusted Zone: *.hondaspinplay.programhq.com
O15 - Trusted Zone: *.hondasso.com
O15 - Trusted Zone: *.jdpa.com
O15 - Trusted Zone: *.jdpower.com
O15 - Trusted Zone: *.mylcchonda.com
O15 - Trusted Zone: *.pcsc.acurasrs.com
O15 - Trusted Zone: *.prospectingacurasrs.com
O15 - Trusted Zone: *.travelhq.com
O15 - Trusted Zone: *.xmradio.com
O15 - Trusted Zone: dsra1he.ds.adp.com (HKLM)
O15 - Trusted Zone: dsrac1he.ds.adp.com (HKLM)
O15 - Trusted Zone: dssda1he.ds.adp.com (HKLM)
O15 - Trusted Zone: dssda2he.ds.adp.com (HKLM)
O15 - Trusted Zone: *.adp.com (HKLM)
O15 - Trusted Zone: www.adpremotesupport.com (HKLM)
O15 - Trusted Zone: *.adpremotesupport.com (HKLM)
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.in.honda.com/Rraaapps/RRAAsec/Codebase/RRAAINAX/RYXAINAX_LandscapePrintingActiveX.cab
O16 - DPF: {297DE2B6-509A-4B36-93C5-A65276606900} (RRAAINAX_02.RRAAINAX) - http://www.in.honda.com/rraaapps/rraasec/codebase/RRAAINAX/RraainAX.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee McShield (McShield) - Unknown owner - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe (file missing)
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: SupportSoft Sprocket Service (smartagent) (sprtsvc_smartagent) - SupportSoft, Inc. - C:\Program Files\smartagent\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: SupportSoft Repair Service (smartagent) (tgsrvc_smartagent) - SupportSoft, Inc. - C:\Program Files\smartagent\bin\tgsrvc.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

--
End of file - 12251 bytes


----------



## kevinf80 (Mar 21, 2006)

Hiya Ted,

Not sure what you`re trying to do. Please do not run any scans on different PC`s in this thread. The last time you ran OTL as I requested it confirmed the presence of ZeroAccess infection.
I then requested that you run Farbar Recovery Scan Tool, please run that tool as instructed and post that log.

If you have another infected PC it will have to be listed in another thread and the logs posted from the requested scans in the stickie at the top of the Forum 
http://forums.techguy.org/virus-other-malware-removal/943214-everyone-must-read-before-posting.html

Kevin


----------



## Tedejc (Jan 3, 2006)

Understand. I just got home so I'll start this now and I'll repost the other problem in a new thread, thanks Kevin.


----------



## kevinf80 (Mar 21, 2006)

Okey Dokey....:up:


----------



## Tedejc (Jan 3, 2006)

Hi Kevin, I have been trying over and over again. Shut down the computer, restart it press and/or keep tapping the F8 key before the windows logo pops up. yet I can only get it in to the Select Boot Device mode, with: 
CD Rom: SS-ASUS DVDRam GH75N
SATA: 3M-ST31000524AS
USD: Micronet Fantom
and USB: USB Flash Disk
as my choices. no matter which I pick it just opens up in regular mode. I've done it with and without the zip drive plugged in, makes no difference. 
Still trying but I not having much luck with this step so far.


----------



## kevinf80 (Mar 21, 2006)

Go back to reply #48, read the instructions carefully. If you are having problems using the F8 key method to access the System Recovery Options from Advanced Boot, in that case use your Windows 7 Installation CD...


----------



## Tedejc (Jan 3, 2006)

Hi Kevin. I don't think this is exactly what your looking for. I finally got in to safe mode. I can only do this without the flash drive plugged in, nor can I have the Fandom drive connected either (the seprate hard drive, or F:drive). I would get as far as "Computer" in note pad in safe mode, but even when I plug the zip in afterwards it would not show up there. if I put in H:\frst64 it would go immediately to notepad with a bunch strange symbols that do not mean anything to me.
I just ran the frst64 in normal mode and this is what it came up with. it also wasn't to 'Tap the F8 key, but to hold down the F8 key' that's the Key you see.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-10-2012 01
Ran by Owner at 04-10-2012 21:57:18
Running from H:\
Service Pack 1 (X64) OS Language: English(US) 
Attention: Could not load system hive.ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.

==================== One Month Created Files and Folders ========

2012-09-27 12:38 - 2012-09-27 13:14 - 00000774 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
2012-09-27 12:25 - 2012-09-27 12:25 - 00000000 ____D C:\Users\All Users\Battle.net
2012-09-26 21:34 - 2012-09-26 21:34 - 00000000 ____D C:\Users\Owner\AppData\Local\Graboid_Inc
2012-09-26 21:28 - 2012-09-26 21:28 - 00001285 ____A C:\Users\UpdatusUser\Desktop\Graboid Video.lnk
2012-09-26 21:28 - 2012-09-26 21:28 - 00000000 ____D C:\Users\Owner\AppData\Local\Geckofx
2012-09-26 21:28 - 2012-09-26 21:28 - 00000000 ____D C:\Users\All Users\Graboid Inc
2012-09-26 21:27 - 2012-09-26 21:34 - 00000000 ____D C:\Program Files (x86)\Graboid
2012-09-26 13:57 - 2012-09-26 13:57 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-26 13:57 - 2012-09-26 13:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-26 13:57 - 2012-09-07 17:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-26 13:56 - 2012-09-26 13:56 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\Owner\Desktop\mbam-setup-1.65.0.1400.exe
2012-09-26 13:30 - 2012-09-26 13:30 - 00000000 ____D C:\_OTL
2012-09-26 13:28 - 2012-09-26 13:28 - 00601600 ____A (OldTimer Tools) C:\Users\Owner\Desktop\OTL.com
2012-09-26 11:19 - 2012-09-26 11:19 - 00058250 ____A C:\Users\Owner\Desktop\Extras.Txt
2012-09-26 11:18 - 2012-10-01 21:24 - 00115602 ____A C:\Users\Owner\Desktop\OTL.Txt
2012-09-26 08:57 - 2012-09-26 08:57 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Owner\Desktop\tdsskiller.exe
2012-09-26 08:57 - 2012-09-26 08:57 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\44910385.sys
2012-09-25 21:59 - 2012-09-26 13:47 - 00000000 ____D C:\Users\Owner\AppData\Roaming\WinPatrol
2012-09-25 21:58 - 2012-10-01 21:32 - 00000000 ____D C:\Users\All Users\InstallMate
2012-09-25 21:58 - 2012-09-25 21:58 - 00867016 ____A (BillP Studios) C:\Users\Owner\Desktop\wpsetup.exe
2012-09-25 21:36 - 2012-08-21 17:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-09-25 21:32 - 2012-10-04 21:54 - 00001904 ____A C:\Windows\setupact.log
2012-09-25 21:32 - 2012-09-25 21:32 - 00000000 ____A C:\Windows\setuperr.log
2012-09-25 21:27 - 2012-09-25 21:27 - 00013422 ____A C:\Users\Owner\Desktop\hijackthis92512
2012-09-25 19:51 - 2012-09-25 21:51 - 00000000 ___SD C:\32788R22FWJFW
2012-09-25 19:47 - 2012-09-25 19:47 - 00002121 ____A C:\Users\Owner\Desktop\Microsoft Security Essentials.lnk
2012-09-25 19:34 - 2012-09-25 19:34 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-09-25 19:34 - 2012-09-25 19:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-09-24 22:20 - 2012-09-24 22:20 - 00000012 ____A C:\Windows\srun.log
2012-09-23 19:34 - 2012-09-23 19:34 - 00000000 ____D C:\Program Files (x86)\BillP Studios
2012-09-23 12:42 - 2012-09-23 12:42 - 01239976 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\wlsetup-web (1).exe
2012-09-23 12:13 - 2012-09-23 12:13 - 00000000 ____D C:\Windows\en
2012-09-23 12:12 - 2012-09-23 12:12 - 00000000 ____D C:\Windows\nl
2012-09-23 12:12 - 2012-09-23 12:12 - 00000000 ____D C:\Windows\fr
2012-09-23 12:12 - 2012-09-23 12:12 - 00000000 ____D C:\Windows\es
2012-09-23 12:12 - 2012-09-23 12:12 - 00000000 ____D C:\Windows\de
2012-09-23 12:09 - 2012-07-28 02:15 - 00057280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fssfltr.sys
2012-09-23 12:07 - 2010-06-02 04:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2012-09-23 12:07 - 2010-06-02 04:55 - 00518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2012-09-23 12:07 - 2010-06-02 04:55 - 00077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2012-09-23 12:07 - 2010-06-02 04:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2012-09-23 12:07 - 2010-05-26 11:41 - 02526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2012-09-23 12:07 - 2010-05-26 11:41 - 02106216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2012-09-23 12:07 - 2010-05-26 11:41 - 00276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2012-09-23 12:07 - 2010-05-26 11:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2012-09-23 12:05 - 2012-09-23 12:05 - 00000000 ___RD C:\Users\Owner\SkyDrive
2012-09-23 12:05 - 2012-09-23 12:05 - 00000000 ____D C:\Users\All Users\Microsoft SkyDrive
2012-09-23 12:05 - 2012-09-23 12:05 - 00000000 ____D C:\Program Files (x86)\Microsoft SkyDrive
2012-09-23 12:03 - 2012-09-23 12:03 - 01239976 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\wlsetup-web.exe
2012-09-23 12:02 - 2012-09-23 12:02 - 00001787 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-09-23 12:02 - 2012-08-21 13:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-09-23 12:01 - 2012-09-23 12:02 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-23 12:01 - 2012-09-23 12:02 - 00000000 ____D C:\Program Files\iTunes
2012-09-23 12:01 - 2012-09-23 12:02 - 00000000 ____D C:\Program Files\iPod
2012-09-23 12:01 - 2012-09-23 12:02 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-09-23 11:57 - 2012-09-23 11:57 - 80521624 ____A (Apple Inc.) C:\Users\Owner\Downloads\iTunes64Setup (1).exe
2012-09-23 11:50 - 2012-09-23 11:52 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc
2012-09-23 11:49 - 2012-09-23 11:52 - 00000000 ____D C:\Program Files (x86)\Easy Media Player
2012-09-23 11:48 - 2012-09-23 11:48 - 00000315 ____A C:\user.js
2012-09-23 11:48 - 2012-09-23 11:48 - 00000000 ____D C:\Program Files (x86)\BabylonToolbar
2012-09-23 11:47 - 2012-09-23 11:47 - 29851377 ____A C:\Users\Owner\Downloads\Unconfirmed 193832.crdownload
2012-09-23 11:47 - 2012-09-23 11:47 - 00000000 ____D C:\Users\Owner\AppData\Local\Software Assist
2012-09-23 11:46 - 2012-09-23 11:47 - 28081906 ____A C:\Users\Owner\Downloads\Unconfirmed 633571.crdownload
2012-09-23 11:46 - 2012-09-23 11:46 - 00684432 ____A (Setup) C:\Users\Owner\Downloads\Flash PlayerInstaller (1).exe
2012-09-23 11:45 - 2012-09-23 11:46 - 00684432 ____A (Setup) C:\Users\Owner\Downloads\Flash PlayerInstaller.exe
2012-09-23 11:45 - 2012-09-23 11:45 - 10213296 ____A (Adobe Systems Incorporated) C:\Users\Owner\Downloads\install_flash_player.exe
2012-09-23 11:44 - 2012-09-23 19:31 - 00000000 ____D C:\Program Files (x86)\FileHippo.com
2012-09-22 03:01 - 2012-08-24 06:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-22 03:01 - 2012-08-24 06:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-09-22 03:01 - 2012-08-24 06:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-22 03:01 - 2012-08-24 06:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-22 03:01 - 2012-08-24 06:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-22 03:01 - 2012-08-24 02:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-09-22 03:01 - 2012-08-24 02:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-09-22 03:01 - 2012-08-24 02:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-09-22 03:01 - 2012-08-24 02:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-09-22 03:01 - 2012-08-24 02:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-09-22 03:01 - 2012-08-24 02:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-09-22 03:00 - 2012-08-24 07:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-22 03:00 - 2012-08-24 06:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-22 03:00 - 2012-08-24 06:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-09-22 03:00 - 2012-08-24 06:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-22 03:00 - 2012-08-24 06:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-22 03:00 - 2012-08-24 06:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-09-22 03:00 - 2012-08-24 06:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-22 03:00 - 2012-08-24 06:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-09-22 03:00 - 2012-08-24 06:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-09-22 03:00 - 2012-08-24 06:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-22 03:00 - 2012-08-24 06:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-22 03:00 - 2012-08-24 03:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-09-22 03:00 - 2012-08-24 03:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-09-22 03:00 - 2012-08-24 02:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-09-22 03:00 - 2012-08-24 02:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-09-22 03:00 - 2012-08-24 02:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-09-22 03:00 - 2012-08-24 02:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-09-22 03:00 - 2012-08-24 02:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-09-22 03:00 - 2012-08-24 02:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-09-22 03:00 - 2012-08-24 02:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-09-22 03:00 - 2012-08-24 02:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-09-20 21:34 - 2012-09-20 21:34 - 00037868 ____A C:\Users\Owner\Documents\Personalities.pptx
2012-09-19 15:51 - 2012-09-19 15:51 - 00023784 ____A C:\Users\Owner\Documents\comodo91912.txt
2012-09-19 12:40 - 2012-09-19 12:40 - 00000000 ____D C:\Windows\Sun
2012-09-18 19:42 - 2012-09-18 19:42 - 00001083 ____A C:\Users\Owner\Desktop\SpywareBlaster.lnk
2012-09-18 19:41 - 2012-09-18 19:58 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2012-09-18 19:10 - 2012-09-18 19:10 - 00012316 ____A C:\Users\Owner\Desktop\hijackthis91812.txt
2012-09-18 06:17 - 2012-09-18 06:17 - 00021891 ____A C:\Users\Owner\Documents\DDS.txt
2012-09-18 06:17 - 2012-09-18 06:17 - 00009845 ____A C:\Users\Owner\Documents\Attach.txt
2012-09-18 05:42 - 2012-09-18 05:52 - 00000000 ____D C:\Users\Owner\Desktop\backups
2012-09-18 05:37 - 2012-09-18 05:37 - 00012454 ____A C:\Users\Owner\Desktop\hijackthis56
2012-09-16 08:53 - 2012-09-16 08:53 - 00002032 ____A C:\Users\Public\Desktop\Aeria Ignite.lnk
2012-09-16 08:53 - 2012-09-16 08:53 - 00000000 ____D C:\Program Files (x86)\Aeria Games
2012-09-15 19:59 - 2012-09-15 20:01 - 00000000 ____D C:\Windows\System32\Drivers\etc\New folder
2012-09-15 19:51 - 2012-09-15 19:51 - 00000835 ____A C:\Users\Owner\Documents\Hosting.txt
2012-09-15 19:26 - 2012-09-15 19:26 - 00012784 ____A C:\Users\Owner\Documents\New Hosts File.one
2012-09-15 19:24 - 2012-09-15 19:24 - 00000000 ____D C:\Users\Owner\Documents\OneNote Notebooks
2012-09-15 19:17 - 2012-09-15 19:17 - 00985600 ____A C:\Users\Owner\Downloads\MicrosoftFixit50123.msi
2012-09-13 21:58 - 2012-09-13 21:58 - 00000000 ____D C:\Users\Owner\Downloads\New folder
2012-09-13 21:58 - 2012-09-13 21:58 - 00000000 ____D C:\Users\Owner\AppData\Local\{133D816A-3DBF-46B5-98A6-D6DB91339A70}
2012-09-13 21:39 - 2012-09-13 21:39 - 00000761 ____A C:\Windows\System32\Drivers\etc\hosts.old.txt
2012-09-12 09:45 - 2012-09-12 09:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-09-12 06:33 - 2012-08-22 14:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-09-12 06:33 - 2012-08-22 14:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-09-12 06:33 - 2012-08-22 14:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-09-12 06:33 - 2012-08-22 14:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-09-12 06:33 - 2012-08-02 13:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-09-12 06:33 - 2012-08-02 12:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-09-12 06:33 - 2012-07-04 16:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2012-09-11 06:26 - 2012-09-11 06:26 - 12621696 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall (3).exe
2012-09-10 23:32 - 2012-09-10 23:32 - 12621696 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall (2).exe
2012-09-10 23:29 - 2012-09-10 23:29 - 00020478 ____A C:\Users\Owner\Documents\username123.exeB.txt
2012-09-10 23:15 - 2012-09-10 23:15 - 00020445 ____A C:\Users\Owner\Documents\username123.exe2.txt
2012-09-10 22:43 - 2012-09-10 22:43 - 04748983 ____R (Swearware) C:\Users\Owner\Downloads\ComboFix.exe
2012-09-10 22:36 - 2012-09-10 22:37 - 12621696 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall (1).exe
2012-09-10 22:12 - 2012-09-10 22:12 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-09-10 22:07 - 2012-09-10 22:47 - 00000000 ____A C:\Users\Owner\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
2012-09-09 21:23 - 2012-09-09 21:23 - 32692200 ____A (Oracle Corporation) C:\Users\Owner\Downloads\jre-7u7-windows-x64(1).exe
2012-09-09 21:22 - 2012-09-09 21:22 - 01034216 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-09-09 21:22 - 2012-09-09 21:22 - 00916456 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-09-09 21:22 - 2012-09-09 21:22 - 00289768 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-09-09 21:22 - 2012-09-09 21:22 - 00189416 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-09-09 21:22 - 2012-09-09 21:22 - 00188904 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-09-09 21:22 - 2012-09-09 21:22 - 00108008 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2012-09-09 21:22 - 2012-09-09 21:22 - 00000000 ____D C:\Program Files\Java
2012-09-09 21:21 - 2012-09-09 21:21 - 32692200 ____A (Oracle Corporation) C:\Users\Owner\Downloads\jre-7u7-windows-x64.exe
2012-09-09 21:20 - 2012-09-09 21:20 - 00000000 ____D C:\Users\All Users\McAfee Security Scan
2012-09-09 21:20 - 2012-09-09 21:20 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan

==================== 3 Months Modified Files ==================

2012-10-04 21:56 - 2009-07-14 01:13 - 00741650 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-04 21:54 - 2012-09-25 21:32 - 00001904 ____A C:\Windows\setupact.log
2012-10-04 21:54 - 2012-07-13 21:42 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-10-04 21:54 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-04 21:31 - 2011-10-05 13:25 - 01831457 ____A C:\Windows\WindowsUpdate.log
2012-10-04 21:22 - 2009-07-14 00:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-04 21:22 - 2009-07-14 00:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-04 21:00 - 2012-07-13 21:42 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-10-04 20:42 - 2012-04-12 07:41 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-10-02 19:44 - 2009-07-14 01:08 - 00032548 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-10-01 21:24 - 2012-09-26 11:18 - 00115602 ____A C:\Users\Owner\Desktop\OTL.Txt
2012-09-27 13:14 - 2012-09-27 12:38 - 00000774 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
2012-09-27 06:38 - 2012-07-13 21:42 - 00002378 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-09-26 21:28 - 2012-09-26 21:28 - 00001285 ____A C:\Users\UpdatusUser\Desktop\Graboid Video.lnk
2012-09-26 14:09 - 2010-11-20 23:47 - 00192440 ____A C:\Windows\PFRO.log
2012-09-26 13:57 - 2012-09-26 13:57 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-26 13:56 - 2012-09-26 13:56 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\Owner\Desktop\mbam-setup-1.65.0.1400.exe
2012-09-26 13:28 - 2012-09-26 13:28 - 00601600 ____A (OldTimer Tools) C:\Users\Owner\Desktop\OTL.com
2012-09-26 11:19 - 2012-09-26 11:19 - 00058250 ____A C:\Users\Owner\Desktop\Extras.Txt
2012-09-26 08:57 - 2012-09-26 08:57 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Owner\Desktop\tdsskiller.exe
2012-09-26 08:57 - 2012-09-26 08:57 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\44910385.sys
2012-09-25 21:58 - 2012-09-25 21:58 - 00867016 ____A (BillP Studios) C:\Users\Owner\Desktop\wpsetup.exe
2012-09-25 21:32 - 2012-09-25 21:32 - 00000000 ____A C:\Windows\setuperr.log
2012-09-25 21:27 - 2012-09-25 21:27 - 00013422 ____A C:\Users\Owner\Desktop\hijackthis92512
2012-09-25 19:47 - 2012-09-25 19:47 - 00002121 ____A C:\Users\Owner\Desktop\Microsoft Security Essentials.lnk
2012-09-25 19:47 - 2011-10-11 08:55 - 00002198 ____A C:\Windows\epplauncher.mif
2012-09-24 22:20 - 2012-09-24 22:20 - 00000012 ____A C:\Windows\srun.log
2012-09-23 12:42 - 2012-09-23 12:42 - 01239976 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\wlsetup-web (1).exe
2012-09-23 12:06 - 2011-04-21 21:24 - 00000579 ____A C:\Windows\DirectX.log
2012-09-23 12:03 - 2012-09-23 12:03 - 01239976 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\wlsetup-web.exe
2012-09-23 12:02 - 2012-09-23 12:02 - 00001787 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-09-23 11:57 - 2012-09-23 11:57 - 80521624 ____A (Apple Inc.) C:\Users\Owner\Downloads\iTunes64Setup (1).exe
2012-09-23 11:48 - 2012-09-23 11:48 - 00000315 ____A C:\user.js
2012-09-23 11:47 - 2012-09-23 11:47 - 29851377 ____A C:\Users\Owner\Downloads\Unconfirmed 193832.crdownload
2012-09-23 11:47 - 2012-09-23 11:46 - 28081906 ____A C:\Users\Owner\Downloads\Unconfirmed 633571.crdownload
2012-09-23 11:46 - 2012-09-23 11:46 - 00684432 ____A (Setup) C:\Users\Owner\Downloads\Flash PlayerInstaller (1).exe
2012-09-23 11:46 - 2012-09-23 11:45 - 00684432 ____A (Setup) C:\Users\Owner\Downloads\Flash PlayerInstaller.exe
2012-09-23 11:46 - 2012-04-12 07:41 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-09-23 11:46 - 2011-10-07 22:08 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-09-23 11:45 - 2012-09-23 11:45 - 10213296 ____A (Adobe Systems Incorporated) C:\Users\Owner\Downloads\install_flash_player.exe
2012-09-20 21:34 - 2012-09-20 21:34 - 00037868 ____A C:\Users\Owner\Documents\Personalities.pptx
2012-09-19 16:50 - 2009-07-13 22:34 - 00000215 ____A C:\Windows\system.ini
2012-09-19 15:51 - 2012-09-19 15:51 - 00023784 ____A C:\Users\Owner\Documents\comodo91912.txt
2012-09-18 19:42 - 2012-09-18 19:42 - 00001083 ____A C:\Users\Owner\Desktop\SpywareBlaster.lnk
2012-09-18 19:10 - 2012-09-18 19:10 - 00012316 ____A C:\Users\Owner\Desktop\hijackthis91812.txt
2012-09-18 06:17 - 2012-09-18 06:17 - 00021891 ____A C:\Users\Owner\Documents\DDS.txt
2012-09-18 06:17 - 2012-09-18 06:17 - 00009845 ____A C:\Users\Owner\Documents\Attach.txt
2012-09-18 05:37 - 2012-09-18 05:37 - 00012454 ____A C:\Users\Owner\Desktop\hijackthis56
2012-09-16 08:53 - 2012-09-16 08:53 - 00002032 ____A C:\Users\Public\Desktop\Aeria Ignite.lnk
2012-09-15 19:51 - 2012-09-15 19:51 - 00000835 ____A C:\Users\Owner\Documents\Hosting.txt
2012-09-15 19:26 - 2012-09-15 19:26 - 00012784 ____A C:\Users\Owner\Documents\New Hosts File.one
2012-09-15 19:17 - 2012-09-15 19:17 - 00985600 ____A C:\Users\Owner\Downloads\MicrosoftFixit50123.msi
2012-09-13 21:39 - 2012-09-13 21:39 - 00000761 ____A C:\Windows\System32\Drivers\etc\hosts.old.txt
2012-09-13 03:00 - 2011-10-10 21:19 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-09-11 06:26 - 2012-09-11 06:26 - 12621696 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall (3).exe
2012-09-10 23:33 - 2011-10-11 08:55 - 00758744 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-09-10 23:32 - 2012-09-10 23:32 - 12621696 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall (2).exe
2012-09-10 23:29 - 2012-09-10 23:29 - 00020478 ____A C:\Users\Owner\Documents\username123.exeB.txt
2012-09-10 23:15 - 2012-09-10 23:15 - 00020445 ____A C:\Users\Owner\Documents\username123.exe2.txt
2012-09-10 22:47 - 2012-09-10 22:07 - 00000000 ____A C:\Users\Owner\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
2012-09-10 22:43 - 2012-09-10 22:43 - 04748983 ____R (Swearware) C:\Users\Owner\Downloads\ComboFix.exe
2012-09-10 22:37 - 2012-09-10 22:36 - 12621696 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall (1).exe
2012-09-09 21:23 - 2012-09-09 21:23 - 32692200 ____A (Oracle Corporation) C:\Users\Owner\Downloads\jre-7u7-windows-x64(1).exe
2012-09-09 21:22 - 2012-09-09 21:22 - 01034216 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-09-09 21:22 - 2012-09-09 21:22 - 00916456 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-09-09 21:22 - 2012-09-09 21:22 - 00289768 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-09-09 21:22 - 2012-09-09 21:22 - 00189416 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-09-09 21:22 - 2012-09-09 21:22 - 00188904 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-09-09 21:22 - 2012-09-09 21:22 - 00108008 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2012-09-09 21:21 - 2012-09-09 21:21 - 32692200 ____A (Oracle Corporation) C:\Users\Owner\Downloads\jre-7u7-windows-x64.exe
2012-09-07 17:04 - 2012-09-26 13:57 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-30 22:03 - 2012-08-30 22:03 - 00228768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-08-30 22:03 - 2012-08-30 22:03 - 00128456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-08-27 20:47 - 2012-08-27 20:47 - 00042473 ____A C:\Users\Owner\Downloads\image_png (4)
2012-08-27 20:47 - 2012-08-27 20:47 - 00042473 ____A C:\Users\Owner\Downloads\image_png (3)
2012-08-24 07:15 - 2012-09-22 03:00 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 06:39 - 2012-09-22 03:00 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 06:31 - 2012-09-22 03:00 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-24 06:22 - 2012-09-22 03:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 06:21 - 2012-09-22 03:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 06:20 - 2012-09-22 03:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-24 06:18 - 2012-09-22 03:01 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 06:17 - 2012-09-22 03:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 06:14 - 2012-09-22 03:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-24 06:14 - 2012-09-22 03:00 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-24 06:13 - 2012-09-22 03:00 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-24 06:12 - 2012-09-22 03:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 06:11 - 2012-09-22 03:00 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 06:10 - 2012-09-22 03:01 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 06:09 - 2012-09-22 03:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 06:04 - 2012-09-22 03:01 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-24 03:27 - 2012-09-22 03:00 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-24 03:03 - 2012-09-22 03:00 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-24 02:59 - 2012-09-22 03:00 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-24 02:51 - 2012-09-22 03:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-24 02:51 - 2012-09-22 03:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-24 02:51 - 2012-09-22 03:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-24 02:49 - 2012-09-22 03:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-24 02:48 - 2012-09-22 03:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-24 02:47 - 2012-09-22 03:01 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-24 02:47 - 2012-09-22 03:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-24 02:47 - 2012-09-22 03:00 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-24 02:45 - 2012-09-22 03:00 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-24 02:44 - 2012-09-22 03:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-24 02:44 - 2012-09-22 03:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-24 02:43 - 2012-09-22 03:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-24 02:40 - 2012-09-22 03:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-23 22:06 - 2012-08-23 22:06 - 00057856 ____A C:\Users\Owner\Desktop\Copy of project list.xls
2012-08-23 10:15 - 2012-08-23 10:15 - 00051342 ____A C:\Users\Owner\Documents\Estaven Genral partnership.pptm
2012-08-22 16:40 - 2012-08-22 16:40 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-08-22 14:12 - 2012-09-12 06:33 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 14:12 - 2012-09-12 06:33 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 14:12 - 2012-09-12 06:33 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 14:12 - 2012-09-12 06:33 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-21 17:01 - 2012-09-25 21:36 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-08-21 13:01 - 2012-09-23 12:02 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-08-21 13:01 - 2012-05-16 22:22 - 00125872 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
2012-08-21 13:01 - 2012-05-16 22:22 - 00106928 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
2012-08-15 03:25 - 2011-10-10 21:16 - 00002023 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-08-15 03:22 - 2009-07-14 00:45 - 00310896 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-07 16:18 - 2010-11-20 23:27 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-08-02 13:58 - 2012-09-12 06:33 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 12:57 - 2012-09-12 06:33 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-07-29 18:02 - 2012-07-29 18:02 - 00002284 ____A C:\Users\Owner\Desktop\Property cover sheet - Shortcut.lnk
2012-07-29 13:06 - 2012-07-29 13:06 - 02776576 ____A C:\Users\Owner\Desktop\Copy of Golden Goose Struct_1 copy.xls
2012-07-29 13:05 - 2012-07-29 13:05 - 00049152 ____A C:\Users\Owner\Desktop\Copy of Investment Path Selector.xls
2012-07-29 13:04 - 2012-07-29 13:04 - 00059392 ____A C:\Users\Owner\Desktop\Copy of Investor Due Dilige_1 copy.xls
2012-07-28 03:09 - 2012-07-28 03:09 - 00057792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sirenacm.dll
2012-07-28 02:54 - 2012-07-28 02:54 - 00321472 ____A (Microsoft Corporation) C:\Windows\WLXPGSS.SCR
2012-07-28 02:15 - 2012-09-23 12:09 - 00057280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fssfltr.sys
2012-07-26 19:08 - 2012-07-26 19:08 - 00862664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110.dll
2012-07-26 19:08 - 2012-07-26 19:08 - 00534480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110.dll
2012-07-26 19:08 - 2012-07-26 19:08 - 00251864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib110.dll
2012-07-26 19:08 - 2012-07-26 19:08 - 00153536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\atl110.dll
2012-07-26 19:08 - 2012-07-26 19:08 - 00115656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vcomp110.dll
2012-07-26 15:22 - 2012-07-26 15:22 - 00828872 ____A (Microsoft Corporation) C:\Windows\System32\msvcr110.dll
2012-07-26 15:22 - 2012-07-26 15:22 - 00661448 ____A (Microsoft Corporation) C:\Windows\System32\msvcp110.dll
2012-07-26 15:22 - 2012-07-26 15:22 - 00354264 ____A (Microsoft Corporation) C:\Windows\System32\vccorlib110.dll
2012-07-26 15:22 - 2012-07-26 15:22 - 00177096 ____A (Microsoft Corporation) C:\Windows\System32\atl110.dll
2012-07-26 15:22 - 2012-07-26 15:22 - 00124360 ____A (Microsoft Corporation) C:\Windows\System32\vcomp110.dll
2012-07-18 14:15 - 2012-08-14 18:03 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-18 00:06 - 2012-07-18 00:06 - 00001996 ____A C:\Users\Owner\Desktop\Sue Nelson's - Shortcut.lnk
2012-07-17 21:42 - 2012-07-17 21:42 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-07-17 21:42 - 2012-07-17 21:42 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-07-17 15:14 - 2012-07-17 15:14 - 00253184 ____A (Microsoft Corp.) C:\Windows\System32\LIVESSP.DLL
2012-07-17 14:49 - 2012-07-17 14:49 - 00209648 ____A (Microsoft Corp.) C:\Windows\SysWOW64\LIVESSP.DLL
2012-07-13 21:16 - 2012-07-13 21:16 - 00107052 ____A C:\Users\Owner\Desktop\SuesQuickCalculator.xlsx
2012-07-12 03:04 - 2012-07-12 03:04 - 00264948 ____A C:\Windows\msxml4-KB2721691-enu.LOG

ZeroAccess:
C:\Users\Owner\AppData\Local\{85ee5870-1a9f-6932-c3ce-887557e65d78}
C:\Users\Owner\AppData\Local\{85ee5870-1a9f-6932-c3ce-887557e65d78}\L
C:\Users\Owner\AppData\Local\{85ee5870-1a9f-6932-c3ce-887557e65d78}\U

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================

Restore point made on: 2012-09-25 21:52:40
Restore point made on: 2012-09-26 03:00:42
Restore point made on: 2012-09-26 21:27:18
Restore point made on: 2012-09-26 21:33:35
Restore point made on: 2012-09-29 08:59:11
Restore point made on: 2012-09-29 19:08:16
Restore point made on: 2012-09-30 19:00:20
Restore point made on: 2012-10-03 22:54:38

==================== Memory info ===========================

Percentage of memory in use: 34%
Total physical RAM: 4095.18 MB
Available physical RAM: 2690.12 MB
Total Pagefile: 8188.54 MB
Available Pagefile: 6636.83 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Partitions =============================

1 Drive c: (WIN7) (Fixed) (Total:921.72 GB) (Free:878.75 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
5 Drive h: () (Removable) (Total:0.12 GB) (Free:0.11 GB) FAT

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 1024 KB 
Disk 1 No Media 0 B 0 B 
Disk 2 No Media 0 B 0 B 
Disk 3 Online 123 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 9 GB 1024 KB
Partition 2 Primary 921 GB 9 GB

==================================================================================

Disk: 0
Partition 1
Type : 1B
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C WIN7 NTFS Partition 921 GB Healthy System (partition with boot components)

=========================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 123 MB 16 KB

==================================================================================

Disk: 3
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 H FAT Removable 123 MB Healthy

=========================================================

Last Boot: 2012-09-26 14:28

==================== End Of Log =============================


----------



## kevinf80 (Mar 21, 2006)

Hiya Ted,

Farbar Recover Scan tool has been run in Safe Mode which is no good, to get to that mode you must have had access to the Advanced Boot Options.

Leave your F:\Drive unplugged if it is USB interface.

Now boot to the Advanced Boot Options using the F8 key as you`ve just done. Next...

Use the arrow keys to select the Repair your computer menu item.
Select *Your Country* as the keyboard language settings, and then click *Next*.
Select the *operating system* you want to repair, and then click *Next*.
Select your *user account* an click *Next*.

*On the System Recovery Options menu you will get the following options:*
*Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt*


Select *Command Prompt*
In the command window type in *notepad* and press *Enter*.
The notepad opens. Under File menu select *Open*.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type *e:\frst64*) and press *Enter* 
*Note:* Replace letter *e* with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press *Scan* button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Kevin...


----------



## Tedejc (Jan 3, 2006)

This is what has been happening:

* Select *Command Prompt*

Yes I got this done.

* In the command window type in *notepad* and press *Enter*.

Yes, this worked.

* The notepad opens. Under File menu select *Open*.

Ok, it went without a hitch.

* Select "Computer" and find your flash drive letter and close the notepad.

I would select 'Computer' like you say but the Drive for the frst64 would not be listed, the 'H' drive was also not listed.

* In the command window type *e:\frst64*) and press *Enter*

I would do this anyway, but it would just run a note pat with a bunch of gobbledegook on it.

*Note:* Replace letter *e* with the drive letter of your flash drive.

I did this, the drive is H, so I would do H:\frst64, this got to the gobbledegook.

* The tool will start to run.

Never started.

* When the tool opens click Yes to disclaimer.

Never opened

* Press *Scan* button.

Never got a scan button in safe mode.

* It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Just got the Gobbeldegook on notepad, no log in the flash drive.

I think If I could get it to open in safe mode with the flash drive plugged in should fix this. Only I haven't been able to get it in to safe mode with it plugged in. I do have a disk that says Asus on it, but I couldn't find anything about starting in safe mode on it. only all the wonderful things about Asus. How do you start it in safe mode with the disk?

I'm so sorry Kevin, I'm doing the best I can.


----------



## kevinf80 (Mar 21, 2006)

Hiya Ted,

Don`t get yourself all worried about what i`m asking you to do. We have issues trying to run the FRST scanner, that is no big deal, we`ll try something else. The last time you ran OTL when I asked you to it was obvious some of the ZeroAccess infection files we`d already removed had come back. Lets try another way round this, don`t worry if we still have problems, we`ll try another way...

OK, you should still have OTL on your Desktop, i`d like you to boot your PC into normal mode and do the following:

*Step 1*

Re-Run







by double left click, Vista and Widows 7 users Right click, select "Run as Administrator, accept UAC alert.

Under the







box at the bottom, paste in the following


```
:OTL
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=111442&tt=120912_pcp_3812_2&babsrc=HP_ss&mntrId=3048710f000000000000 14dae9587c67"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.5.0
FF - prefs.js..extensions.enabledAddons: [email protected]:0.83.68
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=111442&tt=120912_pcp_3812_2&babsrc=KW_ss&mntrId=3048710f000000000000 14dae9587c67&q="
[2012/09/28 07:12:37 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\6cetgoy6.default\ex tensions\[email protected]
CHR - homepage: http://search.babylon.com/?affID=111...0014dae9587c67
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarTlbr.dll (Babylon Ltd.)
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34
:Files
ipconfig /flushdns /c
C:\Program Files (x86)\BabylonToolbar
C:\Users\Owner\AppData\Local\{133D816A-3DBF-46B5-98A6-D6DB91339A70}
C:\Users\Owner\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæ çèéêëìíîïðñòóôõö÷øùúûüýþÿ
C:\Users\Owner\AppData\Local\{85ee5870-1a9f-6932-c3ce-887557e65d78}
:Commands
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
```

Then click







button at the top
Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose *Yes*. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter **.log* and press the Enter key, navigate to the *C:\_OTL\MovedFiles folder*, and open the newest *.log* file present, and copy/paste the contents of that document back here in your next post.

*Step 2*

Go here http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html to Download Sophos tool.

Select the Download now tab as below:










In the new window select for Home User then fill out all necessary information:

The download should start automatically, if not select the link as below:










Save the download file to your Desktop, when complete double click the file







to install the tool. Windows 7 or Vista user accept UAC alert.

The tool will self extract as below:










In the new window select next, as below:










Agree the licence and select next, as below:










Leave the installation folder as default, select next, as below:










In the new window select "Install" as below:










The install will progress from:










To:










At the above image ensure "Launch Sophos Virus Removal tool" is checked, then select Finish:

In the new window select "Start scanning" as below:










When the tool completes the log can be found by Navigating *Start > Computer > C:\Program data \Sophos*. open the Sophos folder and expand to Logs.

Post the log from OTL fix and Sophos in your reply, let me know how your system is responding..

Kevin...:up:


----------



## Tedejc (Jan 3, 2006)

Awesome, I&#8217;ll get right on this as soon as I get home. Should be around 7pm.

Thanks Kevin.


----------



## kevinf80 (Mar 21, 2006)

Okey dokey, just do your best...:up:


----------



## Tedejc (Jan 3, 2006)

Got the4 OTL: now I'm on to the Sop Hos. back in a bit.

All processes killed
========== OTL ==========
Prefs.js: "http://search.babylon.com/?affID=111442&tt=120912_pcp_3812_2&babsrc=HP_ss&mntrId=3048710f000000000000 14dae9587c67" removed from browser.startup.homepage
Prefs.js: [email protected]:1.5.0 removed from extensions.enabledAddons
Prefs.js: [email protected]:0.83.68 removed from extensions.enabledAddons
Prefs.js: "http://search.babylon.com/?affID=111442&tt=120912_pcp_3812_2&babsrc=KW_ss&mntrId=3048710f000000000000 14dae9587c67&q=" removed from keyword.URL
Folder C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\6cetgoy6.default\ex tensions\[email protected]\ not found.
Use Chrome's Settings page to change the HomePage.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarTlbr.dll moved successfully.
ADS C:\ProgramData\TEMP:5C321E34 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\bh folder moved successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12 folder moved successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar folder moved successfully.
C:\Program Files (x86)\BabylonToolbar folder moved successfully.
C:\Users\Owner\AppData\Local\{133D816A-3DBF-46B5-98A6-D6DB91339A70} folder moved successfully.
File\Folder C:\Users\Owner\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæ çèéêëìíîïðñòóôõö÷øùúûüýþÿ not found.
C:\Users\Owner\AppData\Local\{85ee5870-1a9f-6932-c3ce-887557e65d78}\U folder moved successfully.
C:\Users\Owner\AppData\Local\{85ee5870-1a9f-6932-c3ce-887557e65d78}\L folder moved successfully.
C:\Users\Owner\AppData\Local\{85ee5870-1a9f-6932-c3ce-887557e65d78} folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 7855010 bytes
->Temporary Internet Files folder emptied: 67577435 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 54693408 bytes
->Google Chrome cache emptied: 236498074 bytes
->Flash cache emptied: 820 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1253610 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 607439 bytes

Total Files Cleaned = 351.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.66.0 log created on 10052012_203700

Files\Folders moved on Reboot...
C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Owner\AppData\Local\Temp\REG3C3D.tmp moved successfully.
C:\Users\Owner\AppData\Local\Temp\REG94BB.tmp moved successfully.
C:\Users\Owner\AppData\Local\Temp\REGA349.tmp moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{0AF68B12-39D9-4179-B3D0-3091D26187E4}.tmp not found!
File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{7BFA0656-A78B-46E1-8B63-C4DF95B3E222}.tmp not found!
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQD34L7R\LocalStorage[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UYWB4JSO\AjaxHistoryFrame[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UYWB4JSO\xmlProxy[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T6VBUGSA\RteFrameResources[1].htm moved successfully.
File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PFFL1S1S\default[1].htm not found!
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PFFL1S1S\Messenger[1].htm moved successfully.
File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DTLBA4NL\flextag[1].htm not found!
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DTLBA4NL\resourcespreload[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DTLBA4NL\xmlProxy[2].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DTLBA4NL\xmlProxy[3].htm moved successfully.
File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\79C695OP\1069009-virus-just-bug-5[1].htm not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


----------



## Tedejc (Jan 3, 2006)

*Got the So Hos, it's saying ti didnt find anything on the Removal tool.*

2012-10-05 20:51:18	Sophos Virus Removal Tool version 2.1
2012-10-05 20:51:18	Copyright (c) 2009-2012 Sophos Limited. All rights reserved.

2012-10-05 20:51:18	This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2012-10-05 20:51:18	Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
2012-10-05 20:51:18	Component SVRTcli.exe version 2.1
2012-10-05 20:51:18	Component control.dll version 2.1
2012-10-05 20:51:18	Component SVRTservice.exe version 2.1
2012-10-05 20:51:18	Component osdp.dll version 1.44.0.2001
2012-10-05 20:51:18	Component veex.dll version 3.35.1.2001
2012-10-05 20:51:18	Component savi.dll version 7.5.9.2001
2012-10-05 20:51:18	Component rkdisk.dll version 1.5.30.0
2012-10-05 20:51:24	Option all = no
2012-10-05 20:51:24	Option recurse = yes
2012-10-05 20:51:24	Option archive = no
2012-10-05 20:51:24	Option service = yes
2012-10-05 20:51:24	Option confirm = yes
2012-10-05 20:51:24	Option sxl = yes
2012-10-05 20:51:24	Option max-data-age = 35
2012-10-05 20:51:24	Version info:	Product version	2.1
2012-10-05 20:51:24	Version info:	Detection engine	3.35.1
2012-10-05 20:51:24	Version info:	Detection data	4.81
2012-10-05 20:51:24	Version info:	Virus data date	9/3/2012
2012-10-05 20:51:24	Version info:	Data files added	372

2012-10-05 21:38:54	Could not open C:\Boot\BCD
2012-10-05 21:38:55	Could not open C:\hiberfil.sys
2012-10-05 21:39:04	Could not open C:\pagefile.sys
2012-10-05 21:45:49	Could not open C:\System Volume Information\{22b77a78-0e92-11e2-8d97-14dae9587c67}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-10-05 21:45:49	Could not open C:\System Volume Information\{22b77ae8-0e92-11e2-8d97-14dae9587c67}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-10-05 21:45:49	Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-10-05 21:45:49	Could not open C:\System Volume Information\{43822faa-0805-11e2-933d-14dae9587c67}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-10-05 21:45:49	Could not open C:\System Volume Information\{43822fb8-0805-11e2-933d-14dae9587c67}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-10-05 21:45:49	Could not open C:\System Volume Information\{438230de-0805-11e2-933d-14dae9587c67}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-10-05 21:45:49	Could not open C:\System Volume Information\{43823134-0805-11e2-933d-14dae9587c67}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-10-05 21:45:49	Could not open C:\System Volume Information\{438231f6-0805-11e2-933d-14dae9587c67}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-10-05 21:45:49	Could not open C:\System Volume Information\{72f41284-0f4e-11e2-bab0-14dae9587c67}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-10-05 21:45:49	Could not open C:\System Volume Information\{d46089cb-0d74-11e2-9dbc-14dae9587c67}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-10-05 21:45:49	Could not open C:\System Volume Information\{e68fc8c6-0779-11e2-bc99-14dae9587c67}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-10-05 21:45:49	Could not open C:\System Volume Information\{e68fc907-0779-11e2-bc99-14dae9587c67}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-10-05 21:50:18	Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2012-10-05 21:50:18	Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2012-10-05 22:02:38	Could not open LOGICAL:0003:00000000
2012-10-05 22:02:38	Could not open D:\
2012-10-05 22:04:53	Password protected file F:\My Documents\Copy of Copy of Income99topresent2.8.12.xlsx
2012-10-05 22:04:53	Password protected file F:\My Documents\Copy of Income99topresent.xlsx
2012-10-05 22:05:07	Password protected file F:\My Documents\Income02.09.12.xlsx
2012-10-05 22:05:08	Password protected file F:\My Documents\Income02.15.12.xlsx
2012-10-05 22:05:08	Password protected file F:\My Documents\Income99topresent.xls
2012-10-05 22:13:11	Could not check F:\Program Files\iTunes\iTunes.Resources\nb.lproj\YahooLicense.rtf (virus scan failed)
2012-10-05 22:24:46	Could not open F:\System Volume Information\{22b77acf-0e92-11e2-8d97-14dae9587c67}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-10-05 22:24:46	Could not open F:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-10-05 22:25:59	Could not open LOGICAL:0006:00000000
2012-10-05 22:25:59	Could not open G:\
2012-10-05 22:25:59	Could not open PHYSICAL:0082:0000:0000:0001
2012-10-05 22:25:59	Could not open PHYSICAL:0083:0000:0000:0001


----------



## kevinf80 (Mar 21, 2006)

Thanks for the reply, Not sure if you still have Adwcleaner on your Desktop, If not I give the d/l link. Then use the instructions:

Please download *AdwCleaner* by Xplode onto your Desktop.


 Please close all open programs and internet browsers.
 Double click on *Adwcleaner.exe* to run the tool.
 Click on Delete.
 Confirm each time with OK.
 Your computer will be rebooted automatically. A text file will open after the restart.
 Please post the content of that logfile in your reply.
 You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Please post the log, let me know how your system is responding and if any issues/concerns remain..

Kevin..


----------



## Tedejc (Jan 3, 2006)

so far no issues. running good. this is the Adwcleaner:

# AdwCleaner v2.003 - Logfile created 10/06/2012 at 21:57:30
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Owner - OWNER-PC
# Boot Mode : Normal
# Running from : C:\Users\Owner\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\user.js
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\6cetgoy6.default\searchplugins\BabylonMngr.xml
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\Users\Owner\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\6cetgoy6.default\extensions\[email protected]

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\BrowserMngr
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\Software\BrowserMngr
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003026.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003026.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003026.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003026.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=111442&tt=120912_pcp_3812_2&babsrc=NT_ss&mntrId=3048710f00000000000014dae9587c67 --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default 
File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\6cetgoy6.default\prefs.js

C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\6cetgoy6.default\user.js ... Deleted !

Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=111442&tt=120912_pcp_3812_2&babsrc[...]
Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=111442&tt=120912_pcp_3812_2&[...]
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=111442&tt=120912_pcp_3812_2");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", "6");
Deleted : user_pref("extensions.BabylonToolbar.cntry", "US");
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.envrmnt", "production");
Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "57C010F1236486DDEA36E2BF55D126CA");
Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "3048710f00000000000014dae9587c67");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15606");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1211:48:09");
Deleted : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");
Deleted : user_pref("extensions.BabylonToolbar.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"33\",\"lastVrsn\":\"33\",\"vrsnLoad\[...]
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.sg", "azb");
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");
Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1211:48:09");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111442&tt=120912_pcp_3812_2");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1211:48:09");
Deleted : user_pref("extensions.crossriderapp3026.3026.InstallationThankYouPage", false);
Deleted : user_pref("extensions.crossriderapp3026.3026.InstallationTime", 1348415272);
Deleted : user_pref("extensions.crossriderapp3026.3026.InstallationUserSettings.searchUserConifrmation", false[...]
Deleted : user_pref("extensions.crossriderapp3026.3026.InstallationUserSettings.setHomepage", false);
Deleted : user_pref("extensions.crossriderapp3026.3026.InstallationUserSettings.setNewTab", false);
Deleted : user_pref("extensions.crossriderapp3026.3026.InstallationUserSettings.setSearch", false);
Deleted : user_pref("extensions.crossriderapp3026.3026.active", true);
Deleted : user_pref("extensions.crossriderapp3026.3026.addressbar", "");
Deleted : user_pref("extensions.crossriderapp3026.3026.backgroundjs", "\n\n//Crossrider\n\nappAPI.request.get([...]
Deleted : user_pref("extensions.crossriderapp3026.3026.backgroundver", 19);
Deleted : user_pref("extensions.crossriderapp3026.3026.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp3026.3026.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp3026.3026.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp3026.3026.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp3026.3026.cookie.InstallationTime.value", "1348415272");
Deleted : user_pref("extensions.crossriderapp3026.3026.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp3026.3026.cookie.aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0[...]
Deleted : user_pref("extensions.crossriderapp3026.3026.cookie.aoi.value", "%221348856882%22");
Deleted : user_pref("extensions.crossriderapp3026.3026.cookie.id.expiration", "Fri Feb 01 2030 00:00:00 GMT-05[...]
Deleted : user_pref("extensions.crossriderapp3026.3026.cookie.id.value", "%2222c5ad20-c599-40f5-a32a-4094e361f[...]
Deleted : user_pref("extensions.crossriderapp3026.3026.cookie.url.expiration", "Sun Oct 07 2012 21:56:59 GMT-0[...]
Deleted : user_pref("extensions.crossriderapp3026.3026.cookie.url.value", "%22hxxp%3A//static.software-assist.[...]
Deleted : user_pref("extensions.crossriderapp3026.3026.description", "Software Assist is an add on designed to[...]
Deleted : user_pref("extensions.crossriderapp3026.3026.domain", "");
Deleted : user_pref("extensions.crossriderapp3026.3026.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp3026.3026.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp3026.3026.group", 0);
Deleted : user_pref("extensions.crossriderapp3026.3026.homepage", "");
Deleted : user_pref("extensions.crossriderapp3026.3026.iframe", false);
Deleted : user_pref("extensions.crossriderapp3026.3026.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]
Deleted : user_pref("extensions.crossriderapp3026.3026.internaldb.InstallerIdentifiers.value", "%7B%22installe[...]
Deleted : user_pref("extensions.crossriderapp3026.3026.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp3026.3026.internaldb.Resources_appVer.value", "124");
Deleted : user_pref("extensions.crossriderapp3026.3026.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]
Deleted : user_pref("extensions.crossriderapp3026.3026.internaldb.Resources_lastVersion.value", "0");
Deleted : user_pref("extensions.crossriderapp3026.3026.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp3026.3026.internaldb.Resources_meta.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp3026.3026.internaldb.Resources_nextCheck.expiration", "Sun Oct 07[...]
Deleted : user_pref("extensions.crossriderapp3026.3026.internaldb.Resources_nextCheck.value", "true");
Deleted : user_pref("extensions.crossriderapp3026.3026.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]
Deleted : user_pref("extensions.crossriderapp3026.3026.internaldb.Resources_queue.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp3026.3026.js", "\n\ntry {\n\njQuery(document).ready(function() {\[...]
Deleted : user_pref("extensions.crossriderapp3026.3026.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp3026.3026.name", "Software Assist");
Deleted : user_pref("extensions.crossriderapp3026.3026.newtab", "");
Deleted : user_pref("extensions.crossriderapp3026.3026.opensearch", "");
Deleted : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Deleted : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_13.ver", 2);
Deleted : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Deleted : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_14.ver", 2);
Deleted : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_15.code", "(function(f){var u={};var e=M[...]
Deleted : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_15.name", "FacebookFFIE");
Deleted : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_15.ver", 1);
Deleted : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_16.code", "(function(f,b){if(typeof(b)==[...]
Deleted : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_16.ver", 3);
Deleted : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
Deleted : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_17.ver", 3);
Deleted : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_30.code", "if (!(/^hxxps\\:\\/\\//.test([...]
Deleted : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_30.name", "superfish");
Deleted : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_30.ver", 2);
Deleted : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]
Deleted : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_47.name", "resources_background");
Deleted : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_47.ver", 1);
Deleted : user_pref("extensions.crossriderapp3026.3026.plugins_lists.plugins_0", "17,14,16,47");
Deleted : user_pref("extensions.crossriderapp3026.3026.plugins_lists.plugins_1", "17,14,13,16,15,30");
Deleted : user_pref("extensions.crossriderapp3026.3026.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Deleted : user_pref("extensions.crossriderapp3026.3026.pluginsversion", 11);
Deleted : user_pref("extensions.crossriderapp3026.3026.publisher", "Software Assist");
Deleted : user_pref("extensions.crossriderapp3026.3026.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp3026.3026.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp3026.3026.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp3026.3026.thankyou", "");
Deleted : user_pref("extensions.crossriderapp3026.3026.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp3026.3026.ver", 127);
Deleted : user_pref("extensions.crossriderapp3026.adsOldValue", -1);
Deleted : user_pref("extensions.crossriderapp3026.apps", "3026");
Deleted : user_pref("extensions.crossriderapp3026.bic", "13a0c94171cf4d079fce257d44ffabee");
Deleted : user_pref("extensions.crossriderapp3026.cid", 3026);
Deleted : user_pref("extensions.crossriderapp3026.firstrun", false);
Deleted : user_pref("extensions.crossriderapp3026.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp3026.installationdate", 1348830763);
Deleted : user_pref("extensions.crossriderapp3026.lastcheck", 22492917);
Deleted : user_pref("extensions.crossriderapp3026.lastcheckitem", 22492917);
Deleted : user_pref("extensions.crossriderapp3026.modetype", "production");
Deleted : user_pref("extensions.enabledAddons", "[email protected]:1.5.0,[email protected]:0.[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.39] : homepage = "hxxp://search.babylon.com/?affID=111442&tt=120912_pcp_3812_2&babsrc=HP_ss&mntrId=3048710f00000000000014dae9587c67",
Deleted [l.43] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=111442&tt=120912_pcp_3812_2&babsrc=HP_ss&mntrId=3048710f00000000000014dae9587c67" ]
Deleted [l.1344] : homepage = "hxxp://search.babylon.com/?affID=111442&tt=120912_pcp_3812_2&babsrc=HP_ss&mntrId=3048710f00000000000014dae9587c67",
Deleted [l.1665] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=111442&tt=120912_pcp_3812_2&babsrc=HP_ss&mntrId=3048710f00000000000014dae9587c67" ]

*************************

AdwCleaner[S1].txt - [19833 octets] - [06/10/2012 21:57:30]

########## EOF - C:\AdwCleaner[S1].txt - [19894 octets] ##########


----------



## kevinf80 (Mar 21, 2006)

Hiya Ted,

If no more issues do the following :-

*Step 1*

Uninstall Sophos via start > control panel > Uninstall a Program...

*Step 2*

Uninstall adwcleaner.exe

 Please close all open programs and internet browsers.
 Double click on adwcleaner.exe to run the tool.
 Click on *Uninstall*
 Click *Yes* at *Would you like to Uninstall Adwcleaner*

*Step 3*


Download *OTC* by OldTimer and save it to your *desktop.* *Alternative mirror*
Double click







icon to start the program. 
If you are using Vista or Windows 7 accept UAC
Then Click the big







button.
You will get a prompt saying "_Begining Cleanup Process_". Please select *Yes*.
Restart your computer when prompted.
This will remove tools we have used and itself.

*Any tools/logs remaining on the Desktop can be deleted.*

If the above steps complete OK, and no more issues/concerns remain you can use the "Mark Solved" tab at the top of the thread...

Kevin


----------



## Tedejc (Jan 3, 2006)

Hi Kevin. just ran the Malwarebytes and it came up with this. no issues with the computer so I'm thinking it's just BS, But could you take a quick look see, and should/could I have something in place to prevent this?

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.09.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

10/9/2012 6:44:04 PM
mbam-log-2012-10-09 (18-44-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229026
Time elapsed: 3 minute(s), 53 second(s)

Memory Processes Detected: 1
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe (PUP.MyWebSearch) -> 3872 -> No action taken.

Memory Modules Detected: 5
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrstub.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zauxstb.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zdlghk.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zieovr.dll (PUP.MyWebSearch) -> No action taken.

Registry Keys Detected: 14
HKCR\CLSID\{93a3111f-4f74-4ed8-895e-d9708497629e} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{c547c6c2-561b-4169-a2a5-20ba771ca93b} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C547C6C2-561B-4169-A2A5-20BA771CA93B} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C547C6C2-561B-4169-A2A5-20BA771CA93B} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C547C6C2-561B-4169-A2A5-20BA771CA93B} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{69407823-3494-4400-8d49-612549e8f4ee} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{886f93ad-3cbb-4424-8442-a7340243540f} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC} (PUP.MyWebSearch) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\VideoDownloadConverter_4zService (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{312f84fb-8970-4fd3-bddb-7012eac4afc9} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoDownloadConverter_4zbar Uninstall (PUP.MyWebSearch) -> No action taken.

Registry Values Detected: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|VideoDownloadConverter_4z Browser Plugin Loader (PUP.MyWebSearch) -> Data: C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbrmon.exe -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{93A3111F-4F74-4ED8-895E-D9708497629E} (PUP.MyWebSearch) -> Data: -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|VideoDownloadConverter Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zsrchmn.exe" /m=2 /w /h -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 9
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrstub.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zauxstb.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zdlghk.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zieovr.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (PUP.MyWebSearch) -> No action taken.

(end)


----------



## kevinf80 (Mar 21, 2006)

Hiya Ted,

Malwarebytes has "No Action Taken" listed against all of the entries. I`d recommend you run MB again and remove all entries.
This is a Potentially Unwanted program. (PUP) While it is detected and removed by several antimalware and antivirus vendors, it is NOT harmful. This product provides features and services that are desirable to some computer users. This product may display targeted advertising and may collect information about your surfing and Internet searching habits. If you do not require this program, you may want to remove it from your computer.
Before installing any applications you should always do research to ensure what the total capabilities are, The EULA, (End User Licence Agreement) should ALWAYS be checked.

If you are now finished with this thread here are some tips to reduce the potential for malware infection in the future

*Make proper use of your antivirus and firewall*

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

You should keep your antivirus and firewall guard enabled at all times, *NEVER* turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Install and use *WinPatrol* This will inform you of any attempted unauthorized changes to your system.

WinPatrol features explained *Here*

*Use a safer web browser*

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

*Firefox*,

*Opera*, and

*Chrome*.

All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial *HERE* which will help you to make IE *MUCH* safer.

These *browser add-ons* will help to make your browser safer:

*Web of Trust* warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

Available for *Firefox* and *Internet Explorer*.

*Green* to go, 
*Yellow* for caution, and 
*Red* to stop.

Available for *Firefox* only. *NoScript* helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

These are just a couple of the most popular add-ons, if you're interested in more, take a look at *THIS* article.

Here a couple of links by two security experts that will give some excellent tips and advice.

*So how did I get infected in the first place by Tony Klein*

*How to prevent Malware by Miekiemoes*

Finally this link *HERE* will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

If no remaining issues hit the Mark Solved tab at the top of the thread,

Take care,

Kevin


----------



## Tedejc (Jan 3, 2006)

Excellent, thank you Kevin.


----------



## Tedejc (Jan 3, 2006)

One last Q question. Malwarebyts has on the more tools section a "FileASSASSIN" What would this be used for and is it useful?


----------



## kevinf80 (Mar 21, 2006)

It is exactly what it says, a File Assassin. Meaning it can be used to kill files. If you have a difficult file, either malicious or benign that you wish to remove and cannot delete the normal way, use that option in Malwarebytes...

Best regards,

Kevin


----------



## Tedejc (Jan 3, 2006)

Hi Kevin,

I just wanted to let you know that the Home computer is running fine, in fact better than it has in a long time. I really appreciate all that you have done for me in this. 
The file assassin seems to be a little more advanced then I would feel comfortable with, so I won&#8217;t touch that, unless I&#8217;m ever instructed to.
Still having problems with my back up but I haven&#8217;t heard anything from any one, It might be too far gone to do anything with, I don&#8217;t know.

Thank you very much for all that you have done for us.

Cheers.


----------

