Author Topic: Infection Help (Read 11402 times)

tara956 · « **on:** February 07, 2012, 02:49:26 PM »

Hi

Have been infected y malware that intially tried to open webpages, now unable to get any internet connection.
Running Avast, Malware Bytes and downloaded SuperrAntiSpyware and DDS as pernin structions....still no connection...

[year+ old attachment deleted by admin]

tara956 · « **Reply #1 on:** February 07, 2012, 02:52:07 PM »

and the others...

[year+ old attachment deleted by admin]

SuperDave · « **Reply #2 on:** February 07, 2012, 04:32:56 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be

helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not

solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this

issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I

am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask

you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to

download and transfer any programs to the computer you're using now and

transfer them to the infected computer with a CD-RW or a USB storage device. I

prefer a CD because a storage device can get infected. If you use a storage

device hold the shift key down while inserting the USB storage device

for about 10 secs. You will also have to transfer the logs you receive

back to the good computer using the same method until we can get the computer

back on-line.
*************************************************************************
Please download Farbar Service Scanner and run it on the computer with the issue.

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

tara956 · « **Reply #3 on:** February 07, 2012, 05:09:10 PM »

Thank you for your help!

Here is the log file

Farbar Service Scanner Version: 05-02-2012
Ran by Tara (administrator) on 07-02-2012 at 19:05:21
Running from "K:\"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 19:09] - [2009-07-13 20:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 18:36] - [2009-07-13 20:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-07-13 19:36] - [2009-07-13 20:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

SuperDave · « **Reply #4 on:** February 08, 2012, 12:19:28 PM »

Following steps involve registry editing. Please create new restore point before proceeding!!!

How to:
XP - Create new Restore Point
Vista and Seven - Create a new Restore Point

Download XP.zip file from here: XP.zip
Unzip the file.
You'll find six files inside.
Right click on MpsSvc.reg file, click "Merge".
Allow registry merge.
Restart computer and see if internet works.

If not ask please post fresh Farbar Service Scanner log.

tara956 · « **Reply #5 on:** February 08, 2012, 06:46:24 PM »

Thank you for your help!
It did not work...
One thing which may be pertinent is that each time I restart my computer, it does a crash dump before restating....also, the virus scanner is still reporting a threat dectected...

Farbar Service Scanner Version: 05-02-2012
Ran by Tara (administrator) on 08-02-2012 at 20:44:47
Running from "K:\"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 19:09] - [2009-07-13 20:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 18:36] - [2009-07-13 20:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-07-13 19:36] - [2009-07-13 20:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

SuperDave · « **Reply #6 on:** February 09, 2012, 12:26:47 PM »

Quote

Thank you for your help!
It did not work...

It fixed this problem.

Code: [Select]

MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

If this is a wireless connection did you try hard-wiring it to the Modem?
Please run this scan and post both logs.

Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.

1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )

tara956 · « **Reply #7 on:** February 09, 2012, 06:22:16 PM »

Computer is wired....it will connect to things like Steam, Skype, Paltalk and Yahoo Messenger, just no web pages....

Here is the log!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Tara at 20:16:32 on 2012-02-09
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.1686 [GMT -5:00]
.
AV: Kaspersky Internet Security *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AV: Kaspersky Internet Security *Enabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
SP: Kaspersky Internet Security *Enabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Disabled/Outdated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Internet Security *Enabled* {9626F52E-C560-D06F-0A42-2E08BA60B3D5}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\IOGEAR\11n USB Wireless LAN Utility\RtlService.exe
C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\WUDFHost.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Tara\AppData\Local\Akamai\netsession_win.exe
C:\Users\Tara\AppData\Roaming\ircred.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\IOGEAR\11n USB Wireless LAN Utility\RtWlan.exe
C:\Program Files (x86)\Zecter\ZumoCast\ZumoCast.exe
C:\Users\Tara\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Zecter\ZumoCast\bin\gst-thumbnailer.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {9565115D-C7D6-46D3-BD63-B67B481A4368} - No File
uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Facebook Update] "C:\Users\Tara\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [ZumoCast] C:\Program Files (x86)\Zecter\ZumoCast\ZumoLauncher.lnk
uRun: [Akamai NetSession Interface] "C:\Users\Tara\AppData\Local\Akamai\netsession_win.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} - hxxps://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.53.2.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CB065778-EBA4-4E06-A041-AEA7CBD1A7FB} : DhcpNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - No File
BHO-X64: ZoneAlarm Security Engine Registrar - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {9565115D-C7D6-46D3-BD63-B67B481A4368} - No File
mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
IE-X64: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tara\AppData\Roaming\Mozilla\Firefox\Profiles\k5dajkdz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.facebook.com
FF - prefs.js: keyword.URL - hxxp://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z082&partner_id=249&product_id=628&affiliate_id=&channel=3_
18&toolbar_id=200&toolbar_version=2.0&install_country=US&install_d
ate=20110718&user_guid=99A1C3327060408EBF4A42BC2183EADF&machine_id=f4fe9f64372f0e17747d32c0e7c7da9d&browser=FF&os=win&os_version=6.1-x64-SP0&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 52869
FF - prefs.js: network.proxy.type - 1
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-12-30 44768]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-11-18 635416]
R2 Realtek11nSU;Realtek11nSU;C:\Program Files (x86)\IOGEAR\11n USB Wireless LAN Utility\RtlService.exe [2011-9-29 36864]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-2-28 2253688]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech Webcam 500(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-1-18 1038088]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 20992]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-02-07 21:06:57   20480   ------w-   C:\Windows\svchost.exe
2012-02-07 20:51:14   --------   d-----w-   C:\Users\Tara\AppData\Roaming\SUPERAntiSpyware.com
2012-02-07 20:49:27   --------   d-----w-   C:\ProgramData\SUPERAntiSpyware.com
2012-02-07 20:49:27   --------   d-----w-   C:\Program Files\SUPERAntiSpyware
2012-02-07 20:18:28   --------   d-sh--w-   C:\$RECYCLE.BIN
2012-02-07 20:01:52   98816   ----a-w-   C:\Windows\sed.exe
2012-02-07 20:01:52   518144   ----a-w-   C:\Windows\SWREG.exe
2012-02-07 20:01:52   256000   ----a-w-   C:\Windows\PEV.exe
2012-02-07 20:01:52   208896   ----a-w-   C:\Windows\MBR.exe
2012-02-07 19:42:46   --------   d-----w-   C:\Users\Tara\AppData\Local\ElevatedDiagnostics
2012-02-07 13:14:09   81896   ------w-   C:\Users\Tara\AppData\Roaming\ircred.exe
2012-02-07 13:10:30   --------   d-----w-   C:\Users\Tara\AppData\Roaming\8C048
2012-02-07 12:15:05   --------   d-----w-   C:\Program Files (x86)\48EDE
2012-02-07 12:14:30   --------   d-----w-   C:\Program Files (x86)\LP
2012-02-07 10:40:36   --------   d-----w-   C:\Users\Tara\AppData\Local\{DDFC89E5-28DE-4083-89A6-128FD740AFA0}
2012-02-07 10:40:14   --------   d-----w-   C:\Users\Tara\AppData\Local\{2EF3351F-C241-4385-BD53-A7CBD1AD3D40}
2012-02-06 22:39:59   --------   d-----w-   C:\Users\Tara\AppData\Local\{9D5379AA-36B9-43BE-AE72-EE058A3D7318}
2012-02-06 22:39:24   --------   d-----w-   C:\Users\Tara\AppData\Local\{61E6FAAC-55A3-447D-A4DC-434683F77E37}
2012-02-06 10:39:11   --------   d-----w-   C:\Users\Tara\AppData\Local\{D3702CFE-6488-47C5-AD4D-D82A2C31149F}
2012-02-06 10:38:39   --------   d-----w-   C:\Users\Tara\AppData\Local\{4B939382-6408-4C25-ADB1-D5994B9ADE18}
2012-02-05 22:38:24   --------   d-----w-   C:\Users\Tara\AppData\Local\{FBBEC2C5-613D-47B4-AED4-CB068FBBCCC6}
2012-02-05 22:37:51   --------   d-----w-   C:\Users\Tara\AppData\Local\{FD5C59CA-D62F-44DF-8CCD-2F6BCA865672}
2012-02-05 10:37:38   --------   d-----w-   C:\Users\Tara\AppData\Local\{D7CE2805-6ED0-4AC8-A3A2-B30342D16421}
2012-02-05 10:37:16   --------   d-----w-   C:\Users\Tara\AppData\Local\{0361E3EB-E8E7-4E79-BBDB-20D0608DC18A}
2012-02-04 22:36:48   --------   d-----w-   C:\Users\Tara\AppData\Local\{3490974B-0224-4543-B586-E358873FD98A}
2012-02-04 22:36:26   --------   d-----w-   C:\Users\Tara\AppData\Local\{5C16FA61-8F0E-4A5E-AFBA-0EF3B912C674}
2012-02-04 10:36:11   --------   d-----w-   C:\Users\Tara\AppData\Local\{9E39FB06-38C3-4F6B-B959-ABBEF6C03642}
2012-02-04 10:35:37   --------   d-----w-   C:\Users\Tara\AppData\Local\{C25CC9A6-22FA-445D-B2AB-78AA578187D5}
2012-02-03 22:35:01   --------   d-----w-   C:\Users\Tara\AppData\Local\{45BFCBDB-C209-4C7E-BBD1-804B7621BD4E}
2012-02-03 22:34:35   --------   d-----w-   C:\Users\Tara\AppData\Local\{74F49B9B-0B85-4056-81C7-B35E8E6F9E9B}
2012-02-03 10:34:22   --------   d-----w-   C:\Users\Tara\AppData\Local\{02A62343-D18B-434E-B649-0819287788B5}
2012-02-03 10:33:49   --------   d-----w-   C:\Users\Tara\AppData\Local\{0C708B7C-0537-45EE-9485-51A1C6D86444}
2012-02-02 22:33:35   --------   d-----w-   C:\Users\Tara\AppData\Local\{3C5F186A-9BEF-406D-821A-E16F2FDBB57C}
2012-02-02 22:33:09   --------   d-----w-   C:\Users\Tara\AppData\Local\{ADF44F04-FD0F-451A-8BE7-BC40D18FA4F6}
2012-02-02 10:32:57   --------   d-----w-   C:\Users\Tara\AppData\Local\{DD64BEE0-119D-4027-A530-B46718755C67}
2012-02-02 10:32:24   --------   d-----w-   C:\Users\Tara\AppData\Local\{56863DA0-292B-416D-A60A-E614B48EA30E}
2012-02-01 22:32:11   --------   d-----w-   C:\Users\Tara\AppData\Local\{44A99AC2-821C-416A-8AC1-6EC86900653D}
2012-02-01 22:31:50   --------   d-----w-   C:\Users\Tara\AppData\Local\{3FE2E98A-22E1-4E67-822B-142D8E33B225}
2012-02-01 10:31:29   --------   d-----w-   C:\Users\Tara\AppData\Local\{27EA36EB-E5E4-49B8-867C-53C52628C294}
2012-02-01 10:31:02   --------   d-----w-   C:\Users\Tara\AppData\Local\{09FB33FA-0B2A-4ACA-AE41-6E077D9D3579}
2012-02-01 00:09:13   --------   d-----r-   C:\Program Files (x86)\Skype
2012-01-31 13:12:31   --------   d-----w-   C:\Users\Tara\AppData\Local\{8B9DE477-3DAA-4DFE-93A0-F83358E29528}
2012-01-31 13:12:09   --------   d-----w-   C:\Users\Tara\AppData\Local\{A6AF6001-E50C-468A-A778-4DCB259972E5}
2012-01-31 01:11:56   --------   d-----w-   C:\Users\Tara\AppData\Local\{1B60FBCE-D6E2-4FD1-ACA3-D9C36E0EEB16}
2012-01-31 01:11:00   --------   d-----w-   C:\Users\Tara\AppData\Local\{114702FB-CDBE-49CC-9C8B-77DA4CE770C1}
2012-01-30 07:01:10   --------   d-----w-   C:\Users\Tara\AppData\Local\{F7D6E8DD-DAA3-4242-B5CB-10683A7C4285}
2012-01-30 07:00:43   --------   d-----w-   C:\Users\Tara\AppData\Local\{041A173E-4984-4BE6-B003-480AB2B3A6D4}
2012-01-29 19:00:04   --------   d-----w-   C:\Users\Tara\AppData\Local\{7E7E29E0-4E65-4622-BDA3-1D8482D29F17}
2012-01-29 18:59:36   --------   d-----w-   C:\Users\Tara\AppData\Local\{8DD96138-19E8-4227-8E7B-3393CF0CAAF5}
2012-01-29 06:58:50   --------   d-----w-   C:\Users\Tara\AppData\Local\{1A87F7A1-154D-4329-92BC-512325E61F91}
2012-01-29 06:58:27   --------   d-----w-   C:\Users\Tara\AppData\Local\{29A90084-A58B-4B72-A86F-B7AFDF6274D1}
2012-01-28 18:58:13   --------   d-----w-   C:\Users\Tara\AppData\Local\{3C456F22-E5D2-4856-916C-52A3D260F7BF}
2012-01-28 18:57:46   --------   d-----w-   C:\Users\Tara\AppData\Local\{84642697-A84F-4C1F-8CB7-402C2A9469CD}
2012-01-19 10:24:36   --------   d-----w-   C:\Users\Tara\AppData\Local\{B65FF76F-C444-4C47-871D-918FF5FE3EF1}
2012-01-19 10:24:00   --------   d-----w-   C:\Users\Tara\AppData\Local\{B8FCD4DE-8D57-461C-8854-C0E45C418291}
2012-01-19 01:42:44   --------   d-----w-   C:\Windows\SysWow64\spool
2012-01-19 01:40:07   --------   d-----w-   C:\Program Files\Common Files\Macrovision Shared
2012-01-19 01:39:58   --------   d-----w-   C:\Program Files (x86)\Common Files\Macrovision Shared
2012-01-18 22:23:46   --------   d-----w-   C:\Users\Tara\AppData\Local\{5C166BDA-D4FF-406D-92AD-13CD653C710C}
2012-01-18 22:23:22   --------   d-----w-   C:\Users\Tara\AppData\Local\{4BEB22DE-95FA-402E-BFE3-8F69D30A266C}
2012-01-18 10:23:05   --------   d-----w-   C:\Users\Tara\AppData\Local\{D7274A2F-D8A7-4067-A2AC-A6C5DEE74855}
2012-01-18 10:22:53   --------   d-----w-   C:\Users\Tara\AppData\Local\{9845356E-F40F-4286-ABE5-20B6FFCB79BE}
2012-01-18 02:57:08   --------   d-----w-   C:\Users\Tara\AppData\Local\Akamai
2012-01-18 02:55:28   --------   d-----w-   C:\Users\Tara\AppData\Roaming\com.adobe.dmp.contentviewer
2012-01-18 02:55:05   --------   d-----w-   C:\Users\Tara\CS5.5 Master Collection
2012-01-18 02:54:11   --------   d-----w-   C:\Users\Tara\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
2012-01-18 01:41:47   --------   d-----w-   C:\Users\Tara\New folder (2)
2012-01-17 01:45:23   --------   d-----w-   C:\Users\Tara\AppData\Local\{49045295-E6BC-4129-B951-9CD4473055ED}
2012-01-17 01:44:59   --------   d-----w-   C:\Users\Tara\AppData\Local\{2AF1E9BF-0E41-4C48-BDC0-F0841A67D6D9}
2012-01-15 15:08:42   --------   d-----w-   C:\Users\Tara\AppData\Local\{EDDA800A-3155-4039-86C4-A486A1E62DE7}
2012-01-15 15:08:20   --------   d-----w-   C:\Users\Tara\AppData\Local\{412EF565-E89A-44C6-86F0-5B3CB032A126}
2012-01-15 03:08:06   --------   d-----w-   C:\Users\Tara\AppData\Local\{6A4140E4-C994-4FB2-A205-B84309AFE8FE}
2012-01-15 03:07:44   --------   d-----w-   C:\Users\Tara\AppData\Local\{60D181F1-5B14-431D-9E35-B3B503E9934A}
2012-01-14 15:07:30   --------   d-----w-   C:\Users\Tara\AppData\Local\{BAFAE275-233B-486B-A0DB-85BEEC216362}
2012-01-14 15:06:58   --------   d-----w-   C:\Users\Tara\AppData\Local\{F03C0890-CCCF-4336-B5C2-C2862CB9E954}
2012-01-14 03:06:44   --------   d-----w-   C:\Users\Tara\AppData\Local\{E95B4450-F7E8-4127-9AF4-2A4926E9BD9F}
2012-01-14 03:06:22   --------   d-----w-   C:\Users\Tara\AppData\Local\{9F928AFA-C763-4042-A1F9-848D867C7E27}
2012-01-13 15:06:08   --------   d-----w-   C:\Users\Tara\AppData\Local\{4ABA90F3-B298-431B-847E-CBF5F2DC06CD}
2012-01-13 15:05:35   --------   d-----w-   C:\Users\Tara\AppData\Local\{5868D44F-6542-4AF9-BE41-6210BF5A8E72}
2012-01-13 03:05:22   --------   d-----w-   C:\Users\Tara\AppData\Local\{B33A114B-3C03-4514-9CED-6E2554B249C0}
2012-01-13 03:04:46   --------   d-----w-   C:\Users\Tara\AppData\Local\{12E1E6F9-4415-43B4-816D-CDC3E5C0942C}
2012-01-12 15:04:32   --------   d-----w-   C:\Users\Tara\AppData\Local\{16A99CA7-14E7-4A7A-9E65-046F4F438C9E}
2012-01-12 15:04:12   --------   d-----w-   C:\Users\Tara\AppData\Local\{2D79885C-CDFE-4054-9D6D-1B78A3085023}
2012-01-12 03:03:39   --------   d-----w-   C:\Users\Tara\AppData\Local\{F31B843C-5F4B-48B8-A605-67E7D07CE503}
2012-01-12 03:03:28   --------   d-----w-   C:\Users\Tara\AppData\Local\{82A7309A-E5E9-4005-B007-92EA5C7A2CA1}
2012-01-11 18:03:31   1328640   ----a-w-   C:\Windows\SysWow64\quartz.dll
2012-01-11 18:03:30   1572864   ----a-w-   C:\Windows\System32\quartz.dll
2012-01-11 18:03:29   514560   ----a-w-   C:\Windows\SysWow64\qdvd.dll
2012-01-11 18:03:29   366592   ----a-w-   C:\Windows\System32\qdvd.dll
2012-01-11 18:03:26   1739160   ----a-w-   C:\Windows\System32\ntdll.dll
2012-01-11 18:03:26   1292592   ----a-w-   C:\Windows\SysWow64\ntdll.dll
2012-01-11 18:03:24   77312   ----a-w-   C:\Windows\System32\packager.dll
2012-01-11 18:03:23   67072   ----a-w-   C:\Windows\SysWow64\packager.dll
.
==================== Find3M ====================
.
2012-02-02 22:50:43   5265   ----a-w-   C:\Windows\SysWow64\nppt9x.vxd
2012-02-02 22:50:43   4774   ----a-w-   C:\Windows\SysWow64\npptNT2.sys
2011-12-10 20:24:08   23152   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2011-11-28 18:01:25   41184   ----a-w-   C:\Windows\avastSS.scr
2011-11-28 17:54:06   591192   ----a-w-   C:\Windows\System32\drivers\aswSnx.sys
2011-11-28 17:52:11   66904   ----a-w-   C:\Windows\System32\drivers\aswMonFlt.sys
2011-11-27 01:39:01   17   ----a-w-   C:\Windows\SysWow64\shoBA3.tmp
2011-11-24 05:00:47   3141632   ----a-w-   C:\Windows\System32\win32k.sys
2011-11-20 17:08:02   414368   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-17 07:17:03   152432   ----a-w-   C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 07:17:02   95088   ----a-w-   C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 07:15:08   460296   ----a-w-   C:\Windows\System32\drivers\cng.sys
2011-11-17 07:12:02   395776   ----a-w-   C:\Windows\System32\webio.dll
2011-11-17 07:11:33   28672   ----a-w-   C:\Windows\System32\sspisrv.dll
2011-11-17 07:11:33   136192   ----a-w-   C:\Windows\System32\sspicli.dll
2011-11-17 07:11:02   28160   ----a-w-   C:\Windows\System32\secur32.dll
2011-11-17 07:10:58   340992   ----a-w-   C:\Windows\System32\schannel.dll
2011-11-17 07:08:18   1446912   ----a-w-   C:\Windows\System32\lsasrv.dll
2011-11-17 07:05:16   31232   ----a-w-   C:\Windows\System32\lsass.exe
2011-11-17 05:39:28   314368   ----a-w-   C:\Windows\SysWow64\webio.dll
2011-11-17 05:39:21   224768   ----a-w-   C:\Windows\SysWow64\schannel.dll
2011-11-17 05:39:21   22016   ----a-w-   C:\Windows\SysWow64\secur32.dll
2011-11-17 05:35:13   96768   ----a-w-   C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 20:18:30.76 ===============

[year+ old attachment deleted by admin]

SuperDave · « **Reply #8 on:** February 10, 2012, 12:48:50 PM »

Did you try resetting your modem? Turn off the power supply for at least 30 seconds or more.

Please download MiniToolBox to Desktop and run it.

Checkmark the following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
List content of Hosts
List IP Configuration
Lst Last 10 Event Viewer Errors
List Users, Partitions and Memory Size
[/b]
Click Go and copy/paste the log (Result.txt) into your next post.
****************************************************************
Download OTL to your desktop.

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - No File
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {9565115D-C7D6-46D3-BD63-B67B481A4368} - No File
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64:     0x1 - No File
BHO-X64:     AcroIEHelperStub - No File
BHO-X64: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - No File
BHO-X64:     ZoneAlarm Security Engine Registrar - No File
TB-X64: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {9565115D-C7D6-46D3-BD63-B67B481A4368} - No File

:COMMANDS
[resethosts]
[purity]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.

tara956 · « **Reply #9 on:** February 11, 2012, 06:59:31 AM »

Thank you SO much! It worked after running mini tool box!!!

Should I still do the rest of the steps you said??

SuperDave · « **Reply #10 on:** February 11, 2012, 11:20:11 AM »

Quote

Should I still do the rest of the steps you said??

Yes Please, plus this one.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click ComboFix.exe to run it.

You will see the following image:

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

tara956 · « **Reply #11 on:** February 11, 2012, 04:30:22 PM »

OTL logfile created on: 2/11/2012 2:59:43 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Tara\Music\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 40.40% Memory free
7.50 Gb Paging File | 4.24 Gb Available in Paging File | 56.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 686.46 Gb Total Space | 424.70 Gb Free Space | 61.87% Space Free | Partition Type: NTFS
Drive D: | 12.08 Gb Total Space | 1.48 Gb Free Space | 12.22% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 437.22 Gb Free Space | 46.94% Space Free | Partition Type: NTFS

Computer Name: TARA-HP | User Name: Tara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012/02/11 14:58:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Tara\Music\Downloads\OTL(1).exe
PRC - [2012/02/02 02:44:30 | 003,329,824 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Tara\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/02/01 05:39:31 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/11/28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/10/18 19:39:44 | 000,179,152 | ---- | M] (Zecter Inc.) -- C:\Program Files (x86)\Zecter\ZumoCast\ZumoCast.exe
PRC - [2011/10/18 19:39:42 | 000,237,544 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\gst-thumbnailer.exe
PRC - [2011/08/16 22:11:52 | 013,876,224 | ---- | M] (Atomix Productions) -- C:\Program Files (x86)\VirtualDJ\virtualdj_home.exe
PRC - [2011/08/08 13:47:08 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/01/20 14:37:59 | 013,623,048 | ---- | M] (AVM Software Inc.) -- C:\Program Files (x86)\Paltalk Messenger\paltalk.exe
PRC - [2010/10/29 15:06:08 | 005,915,480 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
PRC - [2010/01/18 13:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

========== Modules (No Company Name) ==========

MOD - [2012/02/11 08:56:02 | 000,160,256 | ---- | M] () -- C:\Users\Tara\AppData\Local\Temp\Zumo
LocalGateway.dll5325527088882608635.lib
MOD - [2012/02/11 08:56:00 | 000,296,448 | ---- | M] () -- C:\Users\Tara\AppData\Local\Temp\WindowsFolderWatcher.
dll4915110326119188997.lib
MOD - [2012/02/11 08:55:35 | 000,379,904 | ---- | M] () -- C:\Users\Tara\AppData\Local\Temp\libsqlitejdbc-3747967753939171105.lib
MOD - [2012/02/11 08:55:23 | 000,200,704 | ---- | M] () -- C:\Users\Tara\AppData\Local\Temp\WindowsAPI.dll8787231156318467697.lib
MOD - [2012/02/08 20:31:25 | 014,415,144 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/02/08 20:31:22 | 000,853,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/02/08 20:31:22 | 000,155,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll
MOD - [2012/02/08 20:31:22 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll
MOD - [2012/02/08 20:31:21 | 000,914,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll
MOD - [2012/02/01 05:39:30 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/11/20 12:08:02 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/18 19:39:44 | 000,150,528 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstmpegdemux.dll
MOD - [2011/10/18 19:39:44 | 000,149,504 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstqtdemux.dll
MOD - [2011/10/18 19:39:44 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstogg.dll
MOD - [2011/10/18 19:39:44 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstqtmux.dll
MOD - [2011/10/18 19:39:44 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstvideoscale.dll
MOD - [2011/10/18 19:39:44 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstvideobox.dll
MOD - [2011/10/18 19:39:44 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgsttypefindfunctions.dll
MOD - [2011/10/18 19:39:44 | 000,054,784 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstsmpte.dll
MOD - [2011/10/18 19:39:44 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstvorbis.dll
MOD - [2011/10/18 19:39:44 | 000,051,712 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstsubparse.dll
MOD - [2011/10/18 19:39:44 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstwavpack.dll
MOD - [2011/10/18 19:39:44 | 000,047,616 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstmpegaudioparse.dll
MOD - [2011/10/18 19:39:44 | 000,041,984 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstwavparse.dll
MOD - [2011/10/18 19:39:44 | 000,039,424 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstmpegtsmux.dll
MOD - [2011/10/18 19:39:44 | 000,035,840 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstselector.dll
MOD - [2011/10/18 19:39:44 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstreplaygain.dll
MOD - [2011/10/18 19:39:44 | 000,034,304 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstvolume.dll
MOD - [2011/10/18 19:39:44 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstvideocrop.dll
MOD - [2011/10/18 19:39:44 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstpng.dll
MOD - [2011/10/18 19:39:44 | 000,025,600 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstmpegvideoparse.dll
MOD - [2011/10/18 19:39:44 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstmultipart.dll
MOD - [2011/10/18 19:39:44 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstvideorate.dll
MOD - [2011/10/18 19:39:44 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstmultifile.dll
MOD - [2011/10/18 19:39:44 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstmulaw.dll
MOD - [2011/10/18 19:39:44 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgsty4menc.dll
MOD - [2011/10/18 19:39:44 | 000,011,264 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libshift.dll
MOD - [2011/10/18 19:39:42 | 002,009,600 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstfluh264dec.dll
MOD - [2011/10/18 19:39:42 | 001,694,208 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstfluaacdec.dll
MOD - [2011/10/18 19:39:42 | 001,563,136 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstflump3enc.dll
MOD - [2011/10/18 19:39:42 | 001,520,128 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\libvorbisenc-2.dll
MOD - [2011/10/18 19:39:42 | 001,396,736 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\libxml2-2.dll
MOD - [2011/10/18 19:39:42 | 001,376,256 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstflump3dec.dll
MOD - [2011/10/18 19:39:42 | 000,682,496 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\libgstreamer-0.10.dll
MOD - [2011/10/18 19:39:42 | 000,563,712 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\liborc-0.4-0.dll
MOD - [2011/10/18 19:39:42 | 000,531,968 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstflumpeg4video.dll
MOD - [2011/10/18 19:39:42 | 000,363,008 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstflumpeg2video.dll
MOD - [2011/10/18 19:39:42 | 000,331,264 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\libFLAC-8.dll
MOD - [2011/10/18 19:39:42 | 000,276,992 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\libjpeg-8.dll
MOD - [2011/10/18 19:39:42 | 000,248,352 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\libopencore-amrnb.0.1.1.dll
MOD - [2011/10/18 19:39:42 | 000,237,544 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\gst-thumbnailer.exe
MOD - [2011/10/18 19:39:42 | 000,199,168 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\libgstbase-0.10.dll
MOD - [2011/10/18 19:39:42 | 000,196,608 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\libwavpack-1.dll
MOD - [2011/10/18 19:39:42 | 000,190,976 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\libpng14-14.dll
MOD - [2011/10/18 19:39:42 | 000,187,904 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstffmpegcolorspace.dll
MOD - [2011/10/18 19:39:42 | 000,179,712 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstcoreelements.dll
MOD - [2011/10/18 19:39:42 | 000,163,328 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstmatroska.dll
MOD - [2011/10/18 19:39:42 | 000,162,304 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\libvorbis-0.dll
MOD - [2011/10/18 19:39:42 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\libgstcontroller-0.10.dll
MOD - [2011/10/18 19:39:42 | 000,125,440 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\libgsttag-0.10.dll
MOD - [2011/10/18 19:39:42 | 000,123,947 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\libopencore-amrwb.0.1.1.dll
MOD - [2011/10/18 19:39:42 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstfluasfdemux.dll
MOD - [2011/10/18 19:39:42 | 000,122,368 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstavi.dll
MOD - [2011/10/18 19:39:42 | 000,119,296 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstflumpegdemux.dll
MOD - [2011/10/18 19:39:42 | 000,108,544 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\libgstaudio-0.10.dll
MOD - [2011/10/18 19:39:42 | 000,091,136 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstdshowdecwrapper.dll
MOD - [2011/10/18 19:39:42 | 000,088,064 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstflummssrc.dll
MOD - [2011/10/18 19:39:42 | 000,085,504 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\z.dll
MOD - [2011/10/18 19:39:42 | 000,083,968 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstdecodebin2.dll
MOD - [2011/10/18 19:39:42 | 000,079,872 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\libgstpbutils-0.10.dll
MOD - [2011/10/18 19:39:42 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstaudioconvert.dll
MOD - [2011/10/18 19:39:42 | 000,074,240 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstflv.dll
MOD - [2011/10/18 19:39:42 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstdshowsrcwrapper.dll
MOD - [2011/10/18 19:39:42 | 000,070,144 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\libgstrtp-0.10.dll
MOD - [2011/10/18 19:39:42 | 000,067,584 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstflac.dll
MOD - [2011/10/18 19:39:42 | 000,061,952 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstjpeg.dll
MOD - [2011/10/18 19:39:42 | 000,053,760 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\libgstinterfaces-0.10.dll
MOD - [2011/10/18 19:39:42 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstaudioresample.dll
MOD - [2011/10/18 19:39:42 | 000,048,640 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstalpha.dll
MOD - [2011/10/18 19:39:42 | 000,041,984 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\libgstriff-0.10.dll
MOD - [2011/10/18 19:39:42 | 000,038,912 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstaiff.dll
MOD - [2011/10/18 19:39:42 | 000,038,400 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\libgstapp-0.10.dll
MOD - [2011/10/18 19:39:42 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstgio.dll
MOD - [2011/10/18 19:39:42 | 000,037,376 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\libgstvideo-0.10.dll
MOD - [2011/10/18 19:39:42 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstflumch264enc.dll
MOD - [2011/10/18 19:39:42 | 000,035,840 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstinterleave.dll
MOD - [2011/10/18 19:39:42 | 000,034,304 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstid3tag.dll
MOD - [2011/10/18 19:39:42 | 000,033,280 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstflumcaacenc.dll
MOD - [2011/10/18 19:39:42 | 000,032,256 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstid3demux.dll
MOD - [2011/10/18 19:39:42 | 000,030,208 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstadder.dll
MOD - [2011/10/18 19:39:42 | 000,029,696 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstgdp.dll
MOD - [2011/10/18 19:39:42 | 000,029,184 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstautodetect.dll
MOD - [2011/10/18 19:39:42 | 000,029,184 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstautoconvert.dll
MOD - [2011/10/18 19:39:42 | 000,026,624 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstequalizer.dll
MOD - [2011/10/18 19:39:42 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\libogg-0.dll
MOD - [2011/10/18 19:39:42 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstamrnb.dll
MOD - [2011/10/18 19:39:42 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstaudiorate.dll
MOD - [2011/10/18 19:39:42 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstlevel.dll
MOD - [2011/10/18 19:39:42 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstauparse.dll
MOD - [2011/10/18 19:39:42 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\libgstdataprotocol-0.10.dll
MOD - [2011/10/18 19:39:42 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstalaw.dll
MOD - [2011/10/18 19:39:42 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstalphacolor.dll
MOD - [2011/10/18 19:39:42 | 000,016,896 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstcutter.dll
MOD - [2011/10/18 19:39:42 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstapetag.dll
MOD - [2011/10/18 19:39:42 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstamrwbdec.dll
MOD - [2011/10/18 19:39:42 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstadpcmdec.dll
MOD - [2011/10/18 19:39:42 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstcoreindexers.dll
MOD - [2011/10/18 19:39:42 | 000,008,192 | ---- | M] () -- C:\Program Files (x86)\Zecter\ZumoCast\bin\plugins\libgstapp.dll
MOD - [2011/05/26 12:42:00 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/01/20 14:38:03 | 000,048,368 | ---- | M] () -- C:\Program Files (x86)\Paltalk Messenger\ctrlkey.dll
MOD - [2010/10/29 15:02:38 | 000,751,616 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll
MOD - [2010/10/29 15:01:30 | 000,027,472 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\SDL.dll
MOD - [2010/01/18 13:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
MOD - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/10/14 13:36:34 | 000,181,592 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LvApi11\LvApi11.dll
MOD - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2009/10/14 10:08:36 | 000,670,720 | ---- | M] () -- C:\Program Files (x86)\Paltalk Messenger\h264lib_ipp4.dll
MOD - [2009/04/22 16:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll
MOD - [2009/04/12 15:10:58 | 000,102,400 | ---- | M] () -- C:\Users\Tara\My Documents\VirtualDJ\Plugins\VideoTransition\default.dll
MOD - [2009/04/09 18:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll
MOD - [2009/03/03 17:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
MOD - [2009/03/03 17:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll
MOD - [2009/03/03 17:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll
MOD - [2009/03/03 17:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll
MOD - [2009/03/03 17:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll
MOD - [2009/03/03 17:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll
MOD - [2009/03/03 17:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll
MOD - [2009/03/03 17:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll
MOD - [2009/03/03 17:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll
MOD - [2007/10/04 16:37:26 | 000,102,400 | ---- | M] () -- C:\Users\Tara\My Documents\VirtualDJ\Plugins\SoundEffect\brake.dll
MOD - [2007/10/04 16:35:40 | 000,102,400 | ---- | M] () -- C:\Users\Tara\My Documents\VirtualDJ\Plugins\SoundEffect\backspin.dll
MOD - [2007/01/02 21:34:32 | 000,098,304 | ---- | M] () -- C:\Users\Tara\My Documents\VirtualDJ\Plugins\SoundEffect\flanger.dll
MOD - [2006/08/07 10:11:56 | 000,557,056 | ---- | M] () -- C:\Users\Tara\My Documents\VirtualDJ\Plugins\SoundEffect\BeatGrid.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/01/18 20:40:07 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/05/11 10:16:12 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/10/07 01:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV - [2012/02/10 15:23:02 | 003,340,064 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai)
SRV - [2012/01/18 20:39:58 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/09/09 06:12:15 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/09/07 18:14:06 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/08/19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/06 11:36:00 | 004,005,936 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2011/01/27 10:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/01/19 06:47:16 | 000,186,760 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
SRV - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/06/12 21:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/04/16 15:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\IOGEAR\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/29 23:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/14 18:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/28 12:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/11/28 12:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/11/28 12:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/11/28 12:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/11/28 12:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/11/28 12:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/08/19 09:27:30 | 004,869,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam 500(UVC)
DRV:64bit: - [2011/08/19 09:27:30 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/01/14 07:56:27 | 000,353,296 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/05/11 10:46:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/11 09:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/10 10:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010/03/09 15:32:58 | 000,687,136 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192su.sys -- (RTL8192su)
DRV:64bit: - [2010/03/04 09:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/05 23:04:06 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/02/05 23:04:04 | 000,070,712 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/12/22 04:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/12/18 23:33:34 | 000,852,256 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV - [2012/02/02 17:50:43 | 000,004,774 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B6 ED 96 B5 62 DD CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.en gineName: "PageRage Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "www.facebook.com"
FF - prefs.js..extensions.enabledItems: *Blocked Russian URL*:9.0.0.736
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z082&partner_id=249&product_id=628&affiliate_
id=&channel=3_18&toolbar_id=200&toolbar_version=2.0&install_country=
US&install_date=20110718&user_guid=99A1C3327060408EBF4A42BC2183EADF&machine_id=f4fe9f64372f0e17747d32c0e7c7da9d&browser=FF&os=win&os_version=6.1-x64-SP0&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Tara\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Tara\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/30 15:04:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/07 07:52:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/13 13:38:34 | 000,000,000 | ---D | M]

[2011/01/08 16:13:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tara\AppData\Roaming\Mozilla\Extensions
[2011/12/30 15:02:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tara\AppData\Roaming\Mozilla\Firefox\Profiles\k5dajkdz.default\extensions
[2011/04/23 16:40:07 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Tara\AppData\Roaming\Mozilla\Firefox\Profiles\k5dajkdz.default\extensions\[email protected]
[2011/06/29 17:28:57 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Tara\AppData\Roaming\Mozilla\Firefox\Profiles\k5dajkdz.default\extensions\[email protected]
[2011/06/22 13:13:00 | 000,000,919 | ---- | M] () -- C:\Users\Tara\AppData\Roaming\Mozilla\Firefox\Profiles\k5dajkdz.default\searchplugins\conduit.xml
[2011/11/12 09:38:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/01 05:39:31 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/27 15:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2010/07/28 17:14:08 | 000,022,016 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiFFPlugin1.dll
[2011/10/13 06:47:23 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2011/11/12 09:38:35 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/07 15:07:44 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (no name) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - No CLSID value found.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9565115D-C7D6-46D3-BD63-B67B481A4368} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Tara\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Tara\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [ZumoCast] C:\Program Files (x86)\Zecter\ZumoCast\ZumoLauncher.lnk ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.53.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB065778-EBA4-4E06-A041-AEA7CBD1A7FB}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{57d606fe-e50b-11e0-b556-643150273f20}\Shell - "" = AutoRun
O33 - MountPoints2\{57d606fe-e50b-11e0-b556-643150273f20}\Shell\AutoRun\command - "" = E:\setup.exe -a
O33 - MountPoints2\{ac98e0d2-1b73-11e0-beff-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ac98e0d2-1b73-11e0-beff-806e6f6e6963}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
O37 - HKLM\...exe [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/02/11 08:55:09 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe
[2012/02/07 15:51:14 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Roaming\SUPERAntiSpyware.com
[2012/02/07 15:49:35 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/02/07 15:49:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/02/07 15:49:27 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/02/07 15:18:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/07 15:01:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/07 15:01:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/07 15:01:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/07 15:01:40 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/07 14:59:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/07 14:42:46 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\ElevatedDiagnostics
[2012/02/07 08:10:30 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Roaming\8C048
[2012/02/07 07:15:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\48EDE
[2012/02/07 07:14:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LP
[2012/02/07 05:40:36 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{DDFC89E5-28DE-4083-89A6-128FD740AFA0}
[2012/02/07 05:40:14 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{2EF3351F-C241-4385-BD53-A7CBD1AD3D40}
[2012/02/06 17:39:59 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{9D5379AA-36B9-43BE-AE72-EE058A3D7318}
[2012/02/06 17:39:24 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{61E6FAAC-55A3-447D-A4DC-434683F77E37}
[2012/02/06 05:39:11 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{D3702CFE-6488-47C5-AD4D-D82A2C31149F}
[2012/02/06 05:38:39 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{4B939382-6408-4C25-ADB1-D5994B9ADE18}
[2012/02/05 17:38:24 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{FBBEC2C5-613D-47B4-AED4-CB068FBBCCC6}
[2012/02/05 17:37:51 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{FD5C59CA-D62F-44DF-8CCD-2F6BCA865672}
[2012/02/05 05:37:38 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{D7CE2805-6ED0-4AC8-A3A2-B30342D16421}
[2012/02/05 05:37:16 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{0361E3EB-E8E7-4E79-BBDB-20D0608DC18A}
[2012/02/04 17:36:48 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{3490974B-0224-4543-B586-E358873FD98A}
[2012/02/04 17:36:26 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{5C16FA61-8F0E-4A5E-AFBA-0EF3B912C674}
[2012/02/04 05:36:11 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{9E39FB06-38C3-4F6B-B959-ABBEF6C03642}
[2012/02/04 05:35:37 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{C25CC9A6-22FA-445D-B2AB-78AA578187D5}
[2012/02/03 17:35:01 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{45BFCBDB-C209-4C7E-BBD1-804B7621BD4E}
[2012/02/03 17:34:35 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{74F49B9B-0B85-4056-81C7-B35E8E6F9E9B}
[2012/02/03 05:34:22 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{02A62343-D18B-434E-B649-0819287788B5}
[2012/02/03 05:33:49 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{0C708B7C-0537-45EE-9485-51A1C6D86444}
[2012/02/02 17:33:35 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{3C5F186A-9BEF-406D-821A-E16F2FDBB57C}
[2012/02/02 17:33:09 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{ADF44F04-FD0F-451A-8BE7-BC40D18FA4F6}
[2012/02/02 05:32:57 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{DD64BEE0-119D-4027-A530-B46718755C67}
[2012/02/02 05:32:24 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{56863DA0-292B-416D-A60A-E614B48EA30E}
[2012/02/01 17:32:11 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{44A99AC2-821C-416A-8AC1-6EC86900653D}
[2012/02/01 17:31:50 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{3FE2E98A-22E1-4E67-822B-142D8E33B225}
[2012/02/01 05:31:29 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{27EA36EB-E5E4-49B8-867C-53C52628C294}
[2012/02/01 05:31:02 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{09FB33FA-0B2A-4ACA-AE41-6E077D9D3579}
[2012/01/31 19:09:35 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Roaming\Skype
[2012/01/31 19:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/01/31 19:09:13 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/01/31 19:08:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/01/31 08:12:31 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{8B9DE477-3DAA-4DFE-93A0-F83358E29528}
[2012/01/31 08:12:09 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{A6AF6001-E50C-468A-A778-4DCB259972E5}
[2012/01/31 05:09:32 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/31 05:09:31 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/01/31 05:09:31 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/01/31 05:09:31 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/01/31 05:09:31 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/01/31 05:09:31 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/30 20:11:56 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{1B60FBCE-D6E2-4FD1-ACA3-D9C36E0EEB16}
[2012/01/30 20:11:00 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{114702FB-CDBE-49CC-9C8B-77DA4CE770C1}
[2012/01/30 02:01:10 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{F7D6E8DD-DAA3-4242-B5CB-10683A7C4285}
[2012/01/30 02:00:43 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{041A173E-4984-4BE6-B003-480AB2B3A6D4}
[2012/01/29 14:00:04 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{7E7E29E0-4E65-4622-BDA3-1D8482D29F17}
[2012/01/29 13:59:36 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{8DD96138-19E8-4227-8E7B-3393CF0CAAF5}
[2012/01/29 10:07:54 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/01/29 01:58:50 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{1A87F7A1-154D-4329-92BC-512325E61F91}
[2012/01/29 01:58:27 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{29A90084-A58B-4B72-A86F-B7AFDF6274D1}
[2012/01/28 13:58:13 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{3C456F22-E5D2-4856-916C-52A3D260F7BF}
[2012/01/28 13:57:46 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{84642697-A84F-4C1F-8CB7-402C2A9469CD}
[2012/01/20 06:16:24 | 000,000,000 | ---D | C] -- C:\Users\Tara\Desktop\STONE LOVE 2010 vs TONY MATTERON DUDUS DANCE PT2
[2012/01/19 05:24:36 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{B65FF76F-C444-4C47-871D-918FF5FE3EF1}
[2012/01/19 05:24:00 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{B8FCD4DE-8D57-461C-8854-C0E45C418291}
[2012/01/18 20:54:00 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2012/01/18 20:46:45 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/01/18 20:42:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2012/01/18 20:40:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2012/01/18 20:40:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/01/18 20:39:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2012/01/18 20:23:55 | 000,000,000 | ---D | C] -- C:\Users\Tara\Desktop\ps
[2012/01/18 17:23:46 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{5C166BDA-D4FF-406D-92AD-13CD653C710C}
[2012/01/18 17:23:22 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{4BEB22DE-95FA-402E-BFE3-8F69D30A266C}
[2012/01/18 05:23:05 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{D7274A2F-D8A7-4067-A2AC-A6C5DEE74855}
[2012/01/18 05:22:53 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{9845356E-F40F-4286-ABE5-20B6FFCB79BE}
[2012/01/17 21:57:08 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\Akamai
[2012/01/17 21:55:28 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Roaming\com.adobe.dmp.contentviewer
[2012/01/17 21:55:05 | 000,000,000 | ---D | C] -- C:\Users\Tara\CS5.5 Master Collection
[2012/01/17 21:54:11 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2012/01/17 20:41:47 | 000,000,000 | ---D | C] -- C:\Users\Tara\New folder (2)
[2012/01/16 20:45:23 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{49045295-E6BC-4129-B951-9CD4473055ED}
[2012/01/16 20:44:59 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{2AF1E9BF-0E41-4C48-BDC0-F0841A67D6D9}
[2012/01/15 10:08:42 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{EDDA800A-3155-4039-86C4-A486A1E62DE7}
[2012/01/15 10:08:20 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{412EF565-E89A-44C6-86F0-5B3CB032A126}
[2012/01/15 08:57:23 | 000,000,000 | ---D | C] -- C:\Users\Tara\Desktop\Jan 2012
[2012/01/14 22:08:06 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{6A4140E4-C994-4FB2-A205-B84309AFE8FE}
[2012/01/14 22:07:44 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{60D181F1-5B14-431D-9E35-B3B503E9934A}
[2012/01/14 10:07:30 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{BAFAE275-233B-486B-A0DB-85BEEC216362}
[2012/01/14 10:06:58 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{F03C0890-CCCF-4336-B5C2-C2862CB9E954}
[2012/01/13 22:06:44 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{E95B4450-F7E8-4127-9AF4-2A4926E9BD9F}
[2012/01/13 22:06:22 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{9F928AFA-C763-4042-A1F9-848D867C7E27}
[2012/01/13 10:06:08 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{4ABA90F3-B298-431B-847E-CBF5F2DC06CD}
[2012/01/13 10:05:35 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{5868D44F-6542-4AF9-BE41-6210BF5A8E72}
[2012/01/12 22:05:22 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{B33A114B-3C03-4514-9CED-6E2554B249C0}
[2012/01/12 22:04:46 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{12E1E6F9-4415-43B4-816D-CDC3E5C0942C}
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Tara\Documents\*.tmp files -> C:\Users\Tara\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/11 13:13:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1206376803-686451631-1135414628-1001UA.job
[2012/02/11 10:13:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1206376803-686451631-1135414628-1001Core.job
[2012/02/11 09:02:28 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/11 09:02:28 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/11 08:54:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/11 08:54:04 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012/02/11 08:53:57 | 3019,333,632 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/08 20:29:10 | 000,009,993 | ---- | M] () -- C:\Users\Tara\Documents\Seven.zip
[2012/02/07 15:49:36 | 000,001,810 | ---- | M] () -- C:\Users\Tara\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/02/07 15:07:44 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/07 15:01:33 | 000,780,156 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/07 15:01:33 | 000,660,732 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/07 15:01:33 | 000,121,402 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/07 14:33:37 | 000,000,029 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\lmhosts.sam
[2012/02/07 14:17:06 | 000,001,071 | ---- | M] () -- C:\Users\Tara\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/07 08:33:19 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/02 17:50:43 | 000,005,265 | ---- | M] () -- C:\Windows\SysWow64\nppt9x.vxd
[2012/02/02 17:50:43 | 000,004,774 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\npptNT2.sys
[2012/02/01 05:39:35 | 000,002,046 | ---- | M] () -- C:\Users\Tara\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/31 19:09:19 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/01/29 10:03:39 | 004,891,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/01/24 09:18:38 | 000,001,071 | ---- | M] () -- C:\Users\Tara\Malwarebytes Anti-Malware.lnk
[2012/01/19 05:46:02 | 000,001,160 | ---- | M] () -- C:\Users\Tara\Desktop\Adobe Photoshop CS4 (64 Bit).lnk
[2012/01/19 05:43:29 | 080,962,279 | ---- | M] () -- C:\Users\Tara\Desktop\zach1.psd
[2012/01/18 23:22:50 | 002,124,667 | ---- | M] () -- C:\Users\Tara\Desktop\zach.jpg
[2012/01/18 23:22:19 | 038,402,247 | ---- | M] () -- C:\Users\Tara\Desktop\zach.psd
[2012/01/14 17:20:04 | 000,156,583 | ---- | M] () -- C:\Windows\SysWow64\wbers.dat.dmp
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Tara\Documents\*.tmp files -> C:\Users\Tara\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/08 20:40:26 | 000,006,672 | ---- | C] () -- C:\Users\Tara\Documents\wuauserv.reg
[2012/02/08 20:40:26 | 000,003,364 | ---- | C] () -- C:\Users\Tara\Documents\mpssvc.reg
[2012/02/08 20:40:26 | 000,002,737 | ---- | C] () -- C:\Users\Tara\Documents\wscsvc.reg
[2012/02/08 20:40:26 | 000,002,382 | ---- | C] () -- C:\Users\Tara\Documents\sdrsvc.reg
[2012/02/08 20:40:26 | 000,001,495 | ---- | C] () -- C:\Users\Tara\Documents\bfe.reg
[2012/02/08 20:40:26 | 000,001,190 | ---- | C] () -- C:\Users\Tara\Documents\Legacy_nsiproxy.reg
[2012/02/08 20:40:26 | 000,001,136 | ---- | C] () -- C:\Users\Tara\Documents\Legacy_afd.reg
[2012/02/08 20:40:26 | 000,001,130 | ---- | C] () -- C:\Users\Tara\Documents\Legacy_tdx.reg
[2012/02/08 20:40:26 | 000,000,880 | ---- | C] () -- C:\Users\Tara\Documents\legacy_mpssvc.reg
[2012/02/08 20:40:26 | 000,000,866 | ---- | C] () -- C:\Users\Tara\Documents\legacy_wscsvc.reg
[2012/02/08 20:40:26 | 000,000,866 | ---- | C] () -- C:\Users\Tara\Documents\legacy_sdrsvc.reg
[2012/02/08 20:40:26 | 000,000,830 | ---- | C] () -- C:\Users\Tara\Documents\afd.reg
[2012/02/08 20:40:26 | 000,000,826 | ---- | C] () -- C:\Users\Tara\Documents\legacy_wuauserv.reg
[2012/02/08 20:40:26 | 000,000,738 | ---- | C] () -- C:\Users\Tara\Documents\tdx.reg
[2012/02/08 20:40:26 | 000,000,684 | ---- | C] () -- C:\Users\Tara\Documents\nsiproxy.reg
[2012/02/08 20:40:26 | 000,000,048 | ---- | C] () -- C:\Users\Tara\Documents\start_services.bat
[2012/02/08 20:40:07 | 000,009,993 | ---- | C] () -- C:\Users\Tara\Documents\Seven.zip
[2012/02/07 15:49:36 | 000,001,810 | ---- | C] () -- C:\Users\Tara\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/02/07 15:01:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/07 15:01:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/07 15:01:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/07 15:01:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/07 15:01:52 | 000,068,096 | ---- | C] () -- C:\Windo

tara956 · « **Reply #12 on:** February 11, 2012, 04:42:39 PM »

hopComboFix 12-02-02.02 - Tara 02/11/2012 18:34:39.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.1642 [GMT -5:00]
Running from: K:\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AV: Kaspersky Internet Security *Enabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
FW: Kaspersky Internet Security *Enabled* {9626F52E-C560-D06F-0A42-2E08BA60B3D5}
SP: Kaspersky Internet Security *Disabled/Outdated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Kaspersky Internet Security *Enabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\LP
c:\program files (x86)\LP\F208\2DF8.tmp
c:\program files (x86)\LP\F208\509F.tmp
c:\program files (x86)\LP\F208\61EE.tmp
c:\program files (x86)\LP\F208\6E5E.tmp
c:\program files (x86)\LP\F208\A844.tmp
c:\program files (x86)\LP\F208\AE0F.tmp
c:\program files (x86)\LP\F208\C410.tmp
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-11 to 2012-02-11 )))))))))))))))))))))))))))))))
.
.
2012-02-11 23:37 . 2012-02-11 23:37   --------   d-----w-   c:\users\Troy\AppData\Local\temp
2012-02-11 23:37 . 2012-02-11 23:37   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-02-07 20:51 . 2012-02-07 20:51   --------   d-----w-   c:\users\Tara\AppData\Roaming\SUPERAntiSpyware.com
2012-02-07 20:49 . 2012-02-07 20:51   --------   d-----w-   c:\program files\SUPERAntiSpyware
2012-02-07 20:49 . 2012-02-07 20:49   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2012-02-07 19:42 . 2012-02-07 22:01   --------   d-----w-   c:\users\Tara\AppData\Local\ElevatedDiagnostics
2012-02-07 13:10 . 2012-02-08 11:11   --------   d-----w-   c:\users\Tara\AppData\Roaming\8C048
2012-02-07 12:15 . 2012-02-07 12:52   --------   d-----w-   c:\program files (x86)\48EDE
2012-02-01 00:09 . 2012-02-07 19:26   --------   d-----w-   c:\users\Tara\AppData\Roaming\Skype
2012-02-01 00:09 . 2012-02-07 12:52   --------   d-----r-   c:\program files (x86)\Skype
2012-02-01 00:08 . 2012-02-07 12:52   --------   d-----w-   c:\programdata\Skype
2012-01-19 01:54 . 2012-02-07 12:52   --------   d-----w-   c:\programdata\FLEXnet
2012-01-19 01:42 . 2012-01-19 01:42   --------   d-----w-   c:\windows\SysWow64\spool
2012-01-19 01:40 . 2012-01-19 01:47   --------   d-----w-   c:\program files\Common Files\Adobe
2012-01-19 01:40 . 2012-01-19 01:40   --------   d-----w-   c:\program files\Common Files\Macrovision Shared
2012-01-19 01:39 . 2012-01-19 01:39   --------   d-----w-   c:\program files (x86)\Common Files\Macrovision Shared
2012-01-18 02:57 . 2012-02-09 01:32   --------   d-----w-   c:\users\Tara\AppData\Local\Akamai
2012-01-18 02:55 . 2012-01-18 02:55   --------   d-----w-   c:\users\Tara\AppData\Roaming\com.adobe.dmp.contentviewer
2012-01-18 02:55 . 2012-01-18 02:55   --------   d-----w-   c:\users\Tara\CS5.5 Master Collection
2012-01-18 02:54 . 2012-01-18 02:54   --------   d-----w-   c:\users\Tara\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
2012-01-18 01:41 . 2012-01-18 01:42   --------   d-----w-   c:\users\Tara\New folder (2)
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-02 22:50 . 2011-07-20 22:00   5265   ----a-w-   c:\windows\SysWow64\nppt9x.vxd
2012-02-02 22:50 . 2011-07-20 22:00   4774   ----a-w-   c:\windows\SysWow64\npptNT2.sys
2011-12-30 21:14 . 2011-12-30 21:14   86528   ----a-w-   c:\windows\SysWow64\iesysprep.dll
2011-12-30 21:14 . 2011-12-30 21:14   76800   ----a-w-   c:\windows\SysWow64\SetIEInstalledDate.exe
2011-12-30 21:14 . 2011-12-30 21:14   74752   ----a-w-   c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-12-30 21:14 . 2011-12-30 21:14   74752   ----a-w-   c:\windows\SysWow64\iesetup.dll
2011-12-30 21:14 . 2011-12-30 21:14   63488   ----a-w-   c:\windows\SysWow64\tdc.ocx
2011-12-30 21:14 . 2011-12-30 21:14   48640   ----a-w-   c:\windows\SysWow64\mshtmler.dll
2011-12-30 21:14 . 2011-12-30 21:14   420864   ----a-w-   c:\windows\SysWow64\vbscript.dll
2011-12-30 21:14 . 2011-12-30 21:14   367104   ----a-w-   c:\windows\SysWow64\html.iec
2011-12-30 21:14 . 2011-12-30 21:14   23552   ----a-w-   c:\windows\SysWow64\licmgr10.dll
2011-12-30 21:14 . 2011-12-30 21:14   1798144   ----a-w-   c:\windows\SysWow64\jscript9.dll
2011-12-30 21:14 . 2011-12-30 21:14   161792   ----a-w-   c:\windows\SysWow64\msls31.dll
2011-12-30 21:14 . 2011-12-30 21:14   152064   ----a-w-   c:\windows\SysWow64\wextract.exe
2011-12-30 21:14 . 2011-12-30 21:14   150528   ----a-w-   c:\windows\SysWow64\iexpress.exe
2011-12-30 21:14 . 2011-12-30 21:14   1427456   ----a-w-   c:\windows\SysWow64\inetcpl.cpl
2011-12-30 21:14 . 2011-12-30 21:14   1127424   ----a-w-   c:\windows\SysWow64\wininet.dll
2011-12-30 21:14 . 2011-12-30 21:14   110592   ----a-w-   c:\windows\SysWow64\IEAdvpack.dll
2011-12-30 21:14 . 2011-12-30 21:14   91648   ----a-w-   c:\windows\system32\SetIEInstalledDate.exe
2011-12-30 21:14 . 2011-12-30 21:14   89088   ----a-w-   c:\windows\system32\RegisterIEPKEYs.exe
2011-12-30 21:14 . 2011-12-30 21:14   85504   ----a-w-   c:\windows\system32\iesetup.dll
2011-12-30 21:14 . 2011-12-30 21:14   76800   ----a-w-   c:\windows\system32\tdc.ocx
2011-12-30 21:14 . 2011-12-30 21:14   603648   ----a-w-   c:\windows\system32\vbscript.dll
2011-12-30 21:14 . 2011-12-30 21:14   49664   ----a-w-   c:\windows\system32\imgutil.dll
2011-12-30 21:14 . 2011-12-30 21:14   48640   ----a-w-   c:\windows\system32\mshtmler.dll
2011-12-30 21:14 . 2011-12-30 21:14   448512   ----a-w-   c:\windows\system32\html.iec
2011-12-30 21:14 . 2011-12-30 21:14   35840   ----a-w-   c:\windows\SysWow64\imgutil.dll
2011-12-30 21:14 . 2011-12-30 21:14   30720   ----a-w-   c:\windows\system32\licmgr10.dll
2011-12-30 21:14 . 2011-12-30 21:14   2382848   ----a-w-   c:\windows\SysWow64\mshtml.tlb
2011-12-30 21:14 . 2011-12-30 21:14   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2011-12-30 21:14 . 2011-12-30 21:14   2309120   ----a-w-   c:\windows\system32\jscript9.dll
2011-12-30 21:14 . 2011-12-30 21:14   222208   ----a-w-   c:\windows\system32\msls31.dll
2011-12-30 21:14 . 2011-12-30 21:14   173056   ----a-w-   c:\windows\system32\ieUnatt.exe
2011-12-30 21:14 . 2011-12-30 21:14   165888   ----a-w-   c:\windows\system32\iexpress.exe
2011-12-30 21:14 . 2011-12-30 21:14   160256   ----a-w-   c:\windows\system32\wextract.exe
2011-12-30 21:14 . 2011-12-30 21:14   1493504   ----a-w-   c:\windows\system32\inetcpl.cpl
2011-12-30 21:14 . 2011-12-30 21:14   142848   ----a-w-   c:\windows\SysWow64\ieUnatt.exe
2011-12-30 21:14 . 2011-12-30 21:14   1390080   ----a-w-   c:\windows\system32\wininet.dll
2011-12-30 21:14 . 2011-12-30 21:14   135168   ----a-w-   c:\windows\system32\IEAdvpack.dll
2011-12-30 21:14 . 2011-12-30 21:14   12288   ----a-w-   c:\windows\system32\mshta.exe
2011-12-30 21:14 . 2011-12-30 21:14   11776   ----a-w-   c:\windows\SysWow64\mshta.exe
2011-12-30 21:14 . 2011-12-30 21:14   114176   ----a-w-   c:\windows\system32\admparse.dll
2011-12-30 21:14 . 2011-12-30 21:14   111616   ----a-w-   c:\windows\system32\iesysprep.dll
2011-12-30 21:14 . 2011-12-30 21:14   101888   ----a-w-   c:\windows\SysWow64\admparse.dll
2011-12-28 11:23 . 2011-12-28 11:23   18328   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-12-10 20:24 . 2011-02-20 15:19   23152   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-11-28 18:01 . 2011-12-30 20:04   41184   ----a-w-   c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-12-30 20:04   199816   ----a-w-   c:\windows\SysWow64\aswBoot.exe
2011-11-28 18:01 . 2011-12-30 20:05   256960   ----a-w-   c:\windows\system32\aswBoot.exe
2011-11-28 17:54 . 2011-12-30 20:05   591192   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-12-30 20:05   304472   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-12-30 20:05   42328   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-12-30 20:05   58712   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-12-30 20:05   66904   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2011-12-30 20:05   24408   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2011-11-27 01:39 . 2011-11-27 01:39   17   ----a-w-   c:\windows\SysWow64\shoBA3.tmp
2011-11-24 05:00 . 2011-12-14 01:59   3141632   ----a-w-   c:\windows\system32\win32k.sys
2011-11-21 11:40 . 2011-12-27 09:46   8822856   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{85F73145-BEED-4378-84B4-60D1D9DAA4C1}\mpengine.dll
2011-11-20 17:08 . 2011-06-10 13:18   414368   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-19 15:07 . 2012-01-11 18:03   77312   ----a-w-   c:\windows\system32\packager.dll
2011-11-19 14:06 . 2012-01-11 18:03   67072   ----a-w-   c:\windows\SysWow64\packager.dll
2011-11-17 07:14 . 2012-01-11 18:03   1739160   ----a-w-   c:\windows\system32\ntdll.dll
2011-11-17 05:41 . 2012-01-11 18:03   1292592   ----a-w-   c:\windows\SysWow64\ntdll.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-07_20.08.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-02-07 20:06 . 2012-02-07 20:06   13306 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2012-02-09 01:50 . 2012-02-09 01:50   13306 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2012-01-29 15:04 . 2012-02-11 23:32   16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-01-29 15:04 . 2012-02-07 20:08   16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-01-08 21:14 . 2012-02-07 21:32   53038 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-11 13:56   10580 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-01-08 22:08 . 2012-01-30 16:25   16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-08 22:08 . 2012-02-08 14:03   16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-08 22:08 . 2012-02-08 14:03   32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-01-08 22:08 . 2012-01-30 16:25   32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-08 14:03   16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-30 16:25   16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-08 21:14 . 2012-02-07 21:32   53038 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-11 13:56   10580 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-01-08 22:08 . 2012-01-30 16:25   16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-08 22:08 . 2012-02-08 14:03   16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-08 22:08 . 2012-02-08 14:03   32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-01-08 22:08 . 2012-01-30 16:25   32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-30 16:25   16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-08 14:03   16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-02-07 22:01   80672 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2011-01-08 21:53 . 2012-01-18 10:24   16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-08 21:53 . 2012-02-11 13:57   16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-02-07 20:07 . 2012-02-07 20:07   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-10 01:24 . 2012-02-11 13:54   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-07 20:07 . 2012-02-07 20:07   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-10 01:24 . 2012-02-11 13:54   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-11 13:54 . 2009-10-07 06:46   131608 c:\windows\Temp\logishrd\LVPrcInj02.dll
- 2012-02-07 20:07 . 2009-10-07 06:46   131608 c:\windows\Temp\logishrd\LVPrcInj02.dll
- 2012-02-07 20:07 . 2009-10-07 06:47   109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
+ 2012-02-11 13:54 . 2009-10-07 06:47   109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
- 2009-07-14 04:54 . 2012-02-07 20:08   360448 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-02-11 23:32   360448 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 05:01 . 2012-02-07 20:06   339660 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-10 01:23   339660 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-02-07 20:08   5259264 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-11 23:32   5259264 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-01-08 21:50 . 2012-02-08 11:12   1492824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-09-03 16:39 . 2012-02-10 01:23   3033436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1206376803-686451631-1135414628-1001-12288.dat
- 2009-07-14 04:54 . 2012-02-07 20:08   16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-11 23:32   16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 02:34 . 2012-02-07 19:26   10485760 c:\windows\system64\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-02-11 14:52   10485760 c:\windows\system64\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-02-07 19:26   10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-02-11 14:52   10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-08 1242448]
"Facebook Update"="c:\users\Tara\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-11-12 137536]
"ZumoCast"="c:\program files (x86)\Zecter\ZumoCast\ZumoLauncher.lnk" [2011-11-23 1934]
"Akamai NetSession Interface"="c:\users\Tara\AppData\Local\Akamai\netsession_win.exe" [2012-02-02 3329824]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 5487488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ     kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\steam\steamapps\common\ava\Binaries\GameGuard\dump_wmimmc.sys

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-01-19 1038088]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys

R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 aswSnx;aswSnx;

S1 aswSP;aswSP;

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe

S2 aswFsBlk;aswFsBlk;

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys

S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-06-13 400368]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]
S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\IOGEAR\11n USB Wireless LAN Utility\RtlService.exe [2010-04-16 36864]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys

S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys

S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys

S3 LVUVC64;Logitech Webcam 500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys

.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper   REG_MULTI_SZ     nosGetPlusHelper
Akamai   REG_MULTI_SZ     Akamai
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57d606fe-e50b-11e0-b556-643150273f20}]
\shell\AutoRun\command - E:\setup.exe -a
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac98e0d2-1b73-11e0-beff-806e6f6e6963}]
\shell\AutoRun\command - "E:\WD SmartWare.exe" autoplay=true
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1206376803-686451631-1135414628-1001Core.job
- c:\users\Tara\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-12 15:07]
.
2012-02-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1206376803-686451631-1135414628-1001UA.job
- c:\users\Tara\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-12 15:07]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01   134384   ----a-w-   c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Tara\AppData\Roaming\Mozilla\Firefox\Profiles\k5dajkdz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.facebook.com
FF - prefs.js: keyword.URL - hxxp://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z082&partner_id=249&product_
id=628&affiliate_id=&channel=3_18&toolbar_id=200&toolbar_version=2.0&install_country=
US&install_date=20110718&user_guid=99A1C3327060408EBF4A42BC2183EADF&machine_id=f4fe9f64372f0e17747d32c0e7c7da9d&browser=
FF&os=win&os_version=6.1-x64-SP0&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{9565115D-C7D6-46D3-BD63-B67B481A4368} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-11 18:42:04
ComboFix-quarantined-files.txt 2012-02-11 23:42
ComboFix2.txt 2012-02-07 20:13
.
Pre-Run: 460,237,979,648 bytes free
Post-Run: 459,993,956,352 bytes free
.
- - End Of File - - 068FF37A0F170E588AA762F8845CFDD0

SuperDave · « **Reply #13 on:** February 11, 2012, 05:18:21 PM »

I did not want a scan with OTL. Please do the things I suggested in Reply # 8. You will receive a much shorter log.

AVENGER

Download The Avenger by Swandog46 from here.
Unzip/extract it to a folder on your desktop.
Double click on avenger.exe to run The Avenger.
Click OK.
Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
Click the Execute button.
You will be asked No script has been entered. Do you want to execute a rootkit scan only?.
Click Yes.
You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
Click Yes.
Your PC will now be rebooted.
After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
Please post this log in your next reply.

************************************************
Please download Rooter and Save it to your desktop.

Double click it to start the tool.Vista and Windows7 run as administrator.
Click Scan.
Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

Computer Hope Forum

News:

Author Topic: Infection Help (Read 11402 times)

tara956

Infection Help

tara956

Re: Infection Help

SuperDave

Re: Infection Help

tara956

Re: Infection Help

SuperDave

Re: Infection Help

tara956

Re: Infection Help

SuperDave

Re: Infection Help

tara956

Re: Infection Help

SuperDave

Re: Infection Help

tara956

Re: Infection Help

SuperDave

Re: Infection Help

tara956

Re: Infection Help

tara956

Re: Infection Help

SuperDave

Re: Infection Help