Unknown malware/virus on Windows 7 PC

View previous topic View next topic Go down

Unknown malware/virus on Windows 7 PC

Post by jamie.wood.52 on 9th June 2012, 5:02 pm

GeekPolice,

My computer has become extremely slow in the last week. Process take forever and I can hardly run any program. My McAfee has suddenly been described as expired and I have a new version of AdAware that I don't recognize and cannot uninstall. I have run the following scans in Safe Mode with Networking. If this is a problem, please let me know and I will attempt to re-run the scans in normal mode. Thanks for any and all help!


OTL logfile created on: 6/9/2012 11:14:00 AM - Run 1
OTL by OldTimer - Version 3.2.46.1 Folder = C:\Users\jamie desktop\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 3.02 Gb Available Physical Memory | 80.61% Memory free
7.50 Gb Paging File | 6.81 Gb Available in Paging File | 90.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 634.48 Gb Total Space | 420.09 Gb Free Space | 66.21% Space Free | Partition Type: NTFS
Drive D: | 12.30 Gb Total Space | 1.73 Gb Free Space | 14.03% Space Free | Partition Type: NTFS
Drive I: | 31.23 Gb Total Space | 28.42 Gb Free Space | 91.00% Space Free | Partition Type: FAT32
Drive J: | 20.51 Gb Total Space | 4.42 Gb Free Space | 21.55% Space Free | Partition Type: NTFS

Computer Name: JAMIEDESKTOP-PC | User Name: jamie desktop | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/09 11:06:27 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\jamie desktop\Desktop\OTL.com
PRC - [2012/05/03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/22 19:30:56 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2012/03/20 13:11:30 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/03/20 12:56:24 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/03/20 12:55:54 | 000,199,272 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2010/11/20 08:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/02 23:17:12 | 000,202,752 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2008/07/15 08:09:48 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2012/06/08 22:44:56 | 000,935,480 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0)
SRV - [2012/05/05 05:10:40 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/08/04 11:28:58 | 000,232,248 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/10 20:37:08 | 000,022,072 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService)
SRV - [2009/07/13 20:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 15:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/06/05 19:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/06/08 16:33:57 | 000,030,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro36.sys -- (hitmanpro35)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 13:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/02/22 13:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/02/22 13:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/12/19 12:44:24 | 000,256,632 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
DRV:64bit: - [2011/12/19 12:44:24 | 000,084,600 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbwtis.sys -- (sbwtis)
DRV:64bit: - [2011/12/19 12:44:24 | 000,060,536 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011/11/29 06:59:46 | 000,074,872 | ---- | M] (GFI Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2011/10/26 20:25:54 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.([You must be registered and logged in to see this link.] [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2011/10/26 20:25:54 | 000,095,928 | ---- | M] (DEVGURU Co., LTD.([You must be registered and logged in to see this link.] [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011/10/26 14:23:36 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)
DRV:64bit: - [2011/09/29 12:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV:64bit: - [2011/09/29 12:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010/04/13 21:10:24 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\MOBK.sys -- (MOBKFilter)
DRV:64bit: - [2010/02/05 20:04:06 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/02/05 20:04:04 | 000,070,712 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/02/02 23:55:20 | 006,366,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/02/02 23:55:20 | 006,366,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/02/02 22:24:00 | 000,186,880 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009/10/12 13:42:24 | 000,763,904 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/09/17 04:56:34 | 000,014,328 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2009/09/17 04:56:32 | 000,025,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NW1950.sys -- (NW1950)
DRV:64bit: - [2009/08/20 19:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/13 18:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009/06/22 10:01:26 | 000,497,152 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2009/06/17 13:08:24 | 000,017,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OSDACPI.SYS -- (ACPIService)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 05:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/03 08:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {2A6B5D4D-09FE-41DA-9D04-D69C330FE5B3}
IE:64bit: - HKLM\..\SearchScopes\{2A6B5D4D-09FE-41DA-9D04-D69C330FE5B3}: "URL" = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\..\SearchScopes\{676053E9-0EC5-4E54-B0C1-60DCB8E672A2}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\..\URLSearchHook: {656461ef-40f6-4115-9ff1-bced9812ccbb} - C:\Program Files (x86)\BitTorrentBar2\prxtbBitT.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {2A6B5D4D-09FE-41DA-9D04-D69C330FE5B3}
IE - HKLM\..\SearchScopes\{2A6B5D4D-09FE-41DA-9D04-D69C330FE5B3}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{676053E9-0EC5-4E54-B0C1-60DCB8E672A2}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.] 22:44:57&v=11.1.0.7&sap=hp
IE - HKCU\..\URLSearchHook: {656461ef-40f6-4115-9ff1-bced9812ccbb} - C:\Program Files (x86)\BitTorrentBar2\prxtbBitT.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{2187D4CD-F05D-41F7-B173-02D5865415F7}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = [You must be registered and logged in to see this link.] 22:44:57&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "cnn.com"
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: c:\Program Files (x86)\Virtual Earth 3D\ [2010/05/24 18:43:09 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: c:\Program Files (x86)\Virtual Earth 3D\ [2010/05/24 18:43:09 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\jamie desktop\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\jamie desktop\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\jamie desktop\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\jamie desktop\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\jamie desktop\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\jamie desktop\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/06/03 12:06:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/05/21 18:52:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/05/22 16:46:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012/06/08 22:45:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/27 13:32:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/27 13:32:46 | 000,000,000 | ---D | M]

[2010/09/24 00:42:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jamie desktop\AppData\Roaming\Mozilla\Extensions
[2012/06/06 18:14:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jamie desktop\AppData\Roaming\Mozilla\Firefox\Profiles\vj1ii32i.default\extensions
[2012/05/28 09:53:01 | 000,000,000 | ---D | M] (BitTorrentBar2 Community Toolbar) -- C:\Users\jamie desktop\AppData\Roaming\Mozilla\Firefox\Profiles\vj1ii32i.default\extensions\{656461ef-40f6-4115-9ff1-bced9812ccbb}
[2012/05/10 06:18:01 | 000,000,000 | ---D | M] (WindowShopper) -- C:\Users\jamie desktop\AppData\Roaming\Mozilla\Firefox\Profiles\vj1ii32i.default\extensions\superfish@superfish.com
[2011/12/17 21:52:29 | 000,002,166 | ---- | M] () -- C:\Users\jamie desktop\AppData\Roaming\Mozilla\Firefox\Profiles\vj1ii32i.default\searchplugins\ybqs-yandex.xml
[2012/03/02 21:40:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/01/03 15:17:31 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/03/02 21:40:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/05/21 18:52:54 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2011/09/29 21:54:27 | 000,022,819 | ---- | M] () (No name found) -- C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\EXTENSIONS\{21E48E29-F574-4619-B65D-0F00EEA92E5B}.XPI
[2012/06/06 18:13:39 | 000,377,615 | ---- | M] () (No name found) -- C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
[2012/01/08 13:19:41 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2012/03/02 21:39:50 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/08 22:44:54 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/09/28 19:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/03/25 02:46:44 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2011/11/10 07:59:59 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = [You must be registered and logged in to see this link.] 22:44:57&v=11.1.0.7&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = [You must be registered and logged in to see this link.]
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\jamie desktop\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\jamie desktop\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jamie desktop\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\jamie desktop\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\jamie desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.0.0.6907_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\jamie desktop\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\jamie desktop\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\jamie desktop\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Hulu Desktop (Enabled) = C:\Users\jamie desktop\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: YouTube = C:\Users\jamie desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: chromeTouch = C:\Users\jamie desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmgmmpaeaejgonhmhkccdfjfgoncadah\2.9_0\
CHR - Extension: chromeTouch = C:\Users\jamie desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmgmmpaeaejgonhmhkccdfjfgoncadah\2.9_0\-google
CHR - Extension: Google+ Notifications = C:\Users\jamie desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\boemmnepglcoinjcdlfcpcbmhiecichi\1.0.1.424_0\
CHR - Extension: Google Search = C:\Users\jamie desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: SiteAdvisor = C:\Users\jamie desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: Google +1 Button = C:\Users\jamie desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp\1.1.2.424_0\
CHR - Extension: Skype Extension = C:\Users\jamie desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.0.0.6907_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\jamie desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Marc Ecko = C:\Users\jamie desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\opjonmehjfmkejjifhhknofdnacklmjk\2_0\
CHR - Extension: Gmail = C:\Users\jamie desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120521191456.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5

jamie.wood.52
Novice
Novice

Posts Posts : 21
Joined Joined : 2012-06-09
OS OS : Windows 7
Points Points : 16743
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown malware/virus on Windows 7 PC

Post by jamie.wood.52 on 9th June 2012, 5:04 pm

SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin:64bit: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Ad-Aware Service - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SBAMSvc - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: hitmanpro36 - Reg Error: Value error.
SafeBootNet:64bit: hitmanpro36.sys - Reg Error: Value error.
SafeBootNet:64bit: McMPFSvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet:64bit: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet:64bit: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SafeBootNet:64bit: mfefirek - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet:64bit: mfefirek.sys - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet:64bit: mfehidk - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet:64bit: mfehidk.sys - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet:64bit: mfevtp - C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Ad-Aware Service - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: hitmanpro36 - Reg Error: Value error.
SafeBootNet: hitmanpro36.sys - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SBAMSvc - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084

========== Files/Folders - Created Within 30 Days ==========

[2012/06/09 11:11:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/06/09 11:06:34 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\jamie desktop\Desktop\aswMBR.exe
[2012/06/09 11:06:25 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\jamie desktop\Desktop\OTL.com
[2012/06/09 10:05:33 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{7F99CD53-1652-4AAE-8522-FECDD8164FAD}
[2012/06/09 10:04:02 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{D358926A-FD1B-4081-B883-CDD1587D3E1D}
[2012/06/08 23:31:25 | 004,283,656 | ---- | C] (McAfee, Inc.) -- C:\Users\jamie desktop\Desktop\McAfeeSetup (5).exe
[2012/06/08 22:45:07 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\AVG Secure Search
[2012/06/08 22:45:05 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/06/08 22:44:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/06/08 22:44:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/06/08 22:44:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/06/08 21:40:28 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{E9C5FEE9-028B-4747-9262-1660BEAEEDE2}
[2012/06/08 21:39:13 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{E09AE531-CDF1-4F12-A6C3-40F2DA1E5919}
[2012/06/08 19:44:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/06/08 16:30:24 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/06/08 16:29:28 | 008,298,672 | ---- | C] (SurfRight B.V.) -- C:\Users\jamie desktop\Desktop\HitmanPro36_x64.exe
[2012/06/08 07:37:22 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{AF3492A3-AC3D-42D6-8FE7-B0BBB15E8F38}
[2012/06/07 19:24:53 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{1C452AC9-E7BE-4AA6-B2B9-D4A899F03CE6}
[2012/06/07 19:02:34 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\jamie desktop\Desktop\iexplorer.exe.exe
[2012/06/07 18:57:35 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Roaming\Malwarebytes
[2012/06/07 18:57:31 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/07 18:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/07 18:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/07 18:57:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/07 18:18:43 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{DD6BD966-D790-4C76-8DE1-9D29231C9903}
[2012/06/06 22:10:15 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{CF10C07C-3B8C-45AD-890D-4AA4E411FC08}
[2012/06/06 22:03:44 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{B7FBE91E-E70E-41F4-BACC-2558C9F19C4A}
[2012/06/06 19:03:36 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\Desktop\iOS
[2012/06/06 19:03:11 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\Desktop\Security
[2012/06/06 19:02:46 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\Desktop\Music
[2012/06/06 19:02:06 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\Desktop\Android
[2012/06/06 09:26:29 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{8EA42FFE-0BEA-4D51-A436-C2C6F3A68880}
[2012/06/05 21:01:06 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{DA1AEB4F-FC00-4375-A540-61A95D1273B2}
[2012/06/05 21:00:49 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{89E85945-659E-4480-926C-FBFCB1043BF2}
[2012/06/05 20:04:04 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{FA02428A-30D5-460F-9C52-5820574B2BFB}
[2012/06/03 12:08:32 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{E117BD84-D529-4470-B0E1-2765195F960D}
[2012/06/02 19:21:45 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{0AE6C139-C035-4218-8026-BF288FD15143}
[2012/06/02 07:21:22 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{7E53011D-38BF-4C8B-9C99-2B6DAC33CACE}
[2012/06/01 19:20:56 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{F171243D-4356-4267-939E-A83D80A43F9C}
[2012/06/01 07:20:31 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{935B1387-1D3B-4925-A72E-EE3D2745BD2D}
[2012/05/31 19:20:07 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{266C2972-9E7F-45B1-ACE9-D5FE6655F706}
[2012/05/31 07:19:41 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{1869EC5C-887B-42A0-8343-E2B4F774498D}
[2012/05/30 20:03:20 | 000,000,000 | R--D | C] -- C:\Users\jamie desktop\Documents\Scanned Documents
[2012/05/30 20:03:19 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\Documents\Fax
[2012/05/30 19:19:15 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{A88A8FE4-05D0-4908-A0D3-C4CDD5BBE719}
[2012/05/30 07:18:49 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{32FFB252-17BB-41BD-9D26-99DB46C222B3}
[2012/05/29 19:18:26 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{1DA2DD2A-9FB0-4EC1-852E-B885206A3039}
[2012/05/29 07:18:01 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{84C0F34B-A8CB-440B-9B85-E324EADF835B}
[2012/05/28 19:17:34 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{FC083BEE-8404-4B20-80A3-789588D83B5B}
[2012/05/28 11:34:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/05/28 11:14:47 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/05/28 11:14:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/05/28 11:14:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2012/05/28 09:53:02 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\CRE
[2012/05/28 09:52:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/05/28 09:52:52 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\Conduit
[2012/05/28 09:52:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrentBar2
[2012/05/28 07:17:09 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{E9F7BB69-22A2-495A-8673-2ED1449AF87D}
[2012/05/27 19:16:43 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{30459427-8DD8-4ACD-89C8-5151CD4861D9}
[2012/05/27 13:32:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/05/27 13:32:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/05/27 07:16:18 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{76DCA512-7AA9-4998-8EC9-63D90E1A1923}
[2012/05/26 19:15:52 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{BCC7D6D3-6FFA-4355-863E-87F7057DF5B7}
[2012/05/26 11:21:27 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpotifyRemotelessHelper
[2012/05/26 11:21:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpotifyRemotelessHelper
[2012/05/26 07:15:26 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{7066027E-3995-48AF-9CA5-778A12528E64}
[2012/05/25 19:41:00 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Roaming\Hobbyist Software
[2012/05/25 19:40:58 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\Hobbyist_Software
[2012/05/25 19:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VLC Streamer
[2012/05/25 19:40:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hobbyist Software
[2012/05/25 19:16:08 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Roaming\avidemux
[2012/05/25 19:15:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avidemux 2.5
[2012/05/25 19:14:59 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{B74B0610-848C-4B44-AED5-60C14B713FDD}
[2012/05/25 19:08:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012/05/25 19:08:14 | 000,060,536 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbhips.sys
[2012/05/25 19:07:56 | 000,256,632 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SbFw.sys
[2012/05/25 19:07:56 | 000,119,416 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SbFwIm.sys
[2012/05/25 19:07:55 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2012/05/25 19:07:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2012/05/25 19:05:13 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Roaming\Ad-Aware Antivirus
[2012/05/25 17:08:18 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\libimobiledevice
[2012/05/25 07:14:33 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{A76855F0-58BE-46BC-8354-3D6328AFEB5E}
[2012/05/24 19:14:09 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{0C262987-70AE-4BB7-B5F4-D103D4D8737E}
[2012/05/24 07:13:45 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{97C46D32-14DC-42E9-A1F9-8410448A81FD}
[2012/05/23 19:09:08 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{E9C844EB-BFF4-447F-A3E6-F2F4919229FF}
[2012/05/23 19:08:57 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{C784FE21-0746-4DFD-9A43-EDE661EA6F47}
[2012/05/23 07:08:25 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{5F8A9297-6826-4880-AB94-8FE75742FC72}
[2012/05/23 07:08:07 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{75FEECBD-4957-403F-BE26-1C80BB7C7DA1}
[2012/05/23 07:07:53 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{E8400E3A-EE83-414B-A067-2E57CC7D0531}
[2012/05/23 07:07:41 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{F5D1F8D9-E296-47EE-8E49-F6856D0B95D4}
[2012/05/21 19:26:28 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\Tracing
[2012/05/21 19:23:53 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{8F352B08-10FE-4ACE-B600-D5FE08F146F4}
[2012/05/21 19:23:42 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{6B82E373-A889-4F00-AE40-8A0A5A8566FF}
[2012/05/21 19:14:46 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/05/21 19:11:16 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2012/05/21 19:06:33 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{1AA98118-55F9-44F6-9A06-21A2ACE3EED9}
[2012/05/21 19:04:37 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{AB875BC8-E0A3-453C-81D2-52775C8CCA83}
[2012/05/21 18:48:15 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{E8E1D951-36D3-4D54-BA5C-7001F41DD5B4}
[2012/05/21 18:48:00 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{EE94DA1C-8A95-4214-B013-8E0BCA23DAFD}
[2012/05/12 14:45:11 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{A8BF2115-6C8D-499F-8CB4-BE7BFC797492}
[2012/05/12 14:44:49 | 000,000,000 | ---D | C] -- C:\Users\jamie desktop\AppData\Local\{1A5D0721-C4C5-4ECD-8587-A91D2026DF6D}
[2012/05/11 19:18:11 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/05/11 19:18:05 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/05/11 19:18:01 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/11 19:18:00 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/12/08 23:03:33 | 009,734,240 | ---- | C] (McAfee, Inc.) -- C:\ProgramData\TempMOBK-update-6f587c3c1a49f2fdf5254a3e5ed05791.exe

========== Files - Modified Within 30 Days ==========

[2012/06/09 11:07:00 | 000,853,862 | ---- | M] () -- C:\Users\jamie desktop\Desktop\SecurityCheck.exe
[2012/06/09 11:06:58 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\jamie desktop\Desktop\aswMBR.exe
[2012/06/09 11:06:27 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\jamie desktop\Desktop\OTL.com
[2012/06/09 11:04:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/09 11:04:22 | 3019,300,864 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/09 10:54:00 | 000,000,960 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3926266715-3380694729-1637783024-1001UA.job
[2012/06/09 10:51:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3926266715-3380694729-1637783024-1001UA.job
[2012/06/09 10:23:33 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/09 10:03:35 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/09 00:58:56 | 000,003,172 | ---- | M] () -- C:\Windows\MOBK.blk
[2012/06/09 00:58:56 | 000,000,762 | ---- | M] () -- C:\Windows\MOBK.flt
[2012/06/08 23:36:52 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/08 23:31:29 | 004,283,656 | ---- | M] (McAfee, Inc.) -- C:\Users\jamie desktop\Desktop\McAfeeSetup (5).exe
[2012/06/08 23:15:29 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/08 23:15:29 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/08 22:43:59 | 000,897,888 | ---- | M] () -- C:\Users\jamie desktop\Desktop\mini toolbox setup.exe
[2012/06/08 22:02:53 | 000,001,068 | ---- | M] () -- C:\Users\jamie desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/08 21:59:05 | 000,001,052 | ---- | M] () -- C:\Users\jamie desktop\Desktop\Dropbox.lnk
[2012/06/08 16:33:57 | 000,030,496 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012/06/08 16:30:02 | 008,298,672 | ---- | M] (SurfRight B.V.) -- C:\Users\jamie desktop\Desktop\HitmanPro36_x64.exe
[2012/06/08 13:55:15 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3926266715-3380694729-1637783024-1001Core.job
[2012/06/07 19:51:51 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3926266715-3380694729-1637783024-1001Core.job
[2012/06/07 19:02:54 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\jamie desktop\Desktop\iexplorer.exe.exe
[2012/06/07 18:57:31 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/07 18:56:32 | 001,012,656 | ---- | M] () -- C:\Users\jamie desktop\Desktop\rkill.com
[2012/06/05 20:14:05 | 000,624,490 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/05 20:14:05 | 000,107,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/05 20:13:40 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/05 20:02:15 | 436,298,359 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/03 12:06:52 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForjamie desktop.job
[2012/05/31 10:00:00 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2012/05/28 09:52:47 | 000,000,953 | ---- | M] () -- C:\Users\jamie desktop\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2012/05/20 20:48:19 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/05/20 20:48:19 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/05/12 14:40:44 | 000,434,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/06/09 11:06:59 | 000,853,862 | ---- | C] () -- C:\Users\jamie desktop\Desktop\SecurityCheck.exe
[2012/06/08 22:43:56 | 000,897,888 | ---- | C] () -- C:\Users\jamie desktop\Desktop\mini toolbox setup.exe
[2012/06/08 22:02:53 | 000,001,068 | ---- | C] () -- C:\Users\jamie desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/08 16:30:35 | 000,030,496 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012/06/07 18:57:31 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/07 18:56:30 | 001,012,656 | ---- | C] () -- C:\Users\jamie desktop\Desktop\rkill.com
[2012/01/20 22:51:03 | 000,000,319 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/11/23 17:58:13 | 000,015,360 | ---- | C] () -- C:\Users\jamie desktop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/31 12:22:42 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/10/31 12:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/10/31 12:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/10/31 12:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/10/31 12:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/05/08 10:35:25 | 000,001,854 | ---- | C] () -- C:\Users\jamie desktop\AppData\Roaming\GhostObjGAFix.xml
[2011/04/25 16:13:34 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/04/25 16:13:34 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/01/03 15:18:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/07 23:18:08 | 000,000,000 | ---- | C] () -- C:\Users\jamie desktop\AppData\Roaming\wklnhst.dat
[2010/10/02 21:13:01 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/09/24 03:08:12 | 000,001,189 | ---- | C] () -- C:\Users\jamie desktop\AppData\Roaming\vso_ts_preview.xml

========== Custom Scans ==========

< %APPDATA%\Microsoft\*.* >
[2011/11/11 15:05:55 | 000,001,638 | -HS- | M] () -- C:\Users\jamie desktop\AppData\Roaming\Microsoft\LastFlashConfig.wfc

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2012/06/09 11:06:58 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\jamie desktop\Desktop\aswMBR.exe
[2012/06/08 16:30:02 | 008,298,672 | ---- | M] (SurfRight B.V.) -- C:\Users\jamie desktop\Desktop\HitmanPro36_x64.exe
[2012/06/07 19:02:54 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\jamie desktop\Desktop\iexplorer.exe.exe
[2012/06/08 23:31:29 | 004,283,656 | ---- | M] (McAfee, Inc.) -- C:\Users\jamie desktop\Desktop\McAfeeSetup (5).exe
[2012/06/08 22:43:59 | 000,897,888 | ---- | M] () -- C:\Users\jamie desktop\Desktop\mini toolbox setup.exe
[2012/06/09 11:07:00 | 000,853,862 | ---- | M] () -- C:\Users\jamie desktop\Desktop\SecurityCheck.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2011/04/03 19:42:58 | 012,854,832 | ---- | M] (Mozilla) -- C:\Users\jamie desktop\yahoo_firefox_4.0-rc2_setup_usk.exe

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2012/01/08 13:19:41 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
[2012/01/08 13:19:40 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
[2012/01/08 13:19:39 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
[2012/01/08 13:19:38 | 000,269,272 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2012/06/03 12:07:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2011/09/29 22:00:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2011/11/10 19:27:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Amazon
[2010/05/24 18:37:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AMD
[2010/05/24 18:39:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Analog Devices
[2011/08/15 22:27:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2010/10/02 21:16:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ATI Technologies
[2012/06/08 22:45:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVG Secure Search
[2012/05/25 19:15:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Avidemux 2.5
[2012/05/28 09:52:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\BitTorrent
[2012/05/28 09:52:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\BitTorrentBar2
[2011/12/16 00:27:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2012/06/08 22:44:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2012/05/28 09:52:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Conduit
[2010/05/24 18:51:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cyberlink
[2012/05/21 18:53:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DivX
[2011/08/17 00:15:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Draft Analyzer 2011
[2012/06/08 19:44:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ESET
[2011/07/12 23:06:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ESPN
[2012/04/23 21:48:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
[2011/12/26 21:55:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GameFly
[2011/11/13 01:53:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2010/11/24 01:35:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Graboid
[2010/09/24 03:20:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Handbrake
[2011/12/12 18:17:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hewlett-Packard
[2012/05/25 19:40:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hobbyist Software
[2010/05/24 18:55:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\hp
[2010/05/24 19:12:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP Games
[2011/12/12 18:22:59 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/04/12 03:26:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2012/04/08 12:58:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2011/11/10 18:03:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2012/06/07 18:57:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/24 21:26:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MarkAny
[2012/06/03 12:06:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\McAfee
[2011/12/09 08:21:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\McAfee Online Backup
[2010/11/11 16:58:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\McAfee Security Scan
[2012/02/29 19:25:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\McAfee.com
[2012/05/21 19:16:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\McAfeeMOBK
[2010/12/03 15:23:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Analysis Services
[2010/12/03 15:26:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2012/05/12 14:39:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/05/24 19:15:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/05/24 18:43:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Touch Pack for Windows 7
[2010/12/16 04:02:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2010/05/24 18:43:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft XNA
[2010/12/03 15:26:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2010/10/20 01:17:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla ActiveX Control v1.7.12
[2012/05/21 19:14:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2010/05/24 19:13:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSN
[2010/09/24 16:37:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2010/09/23 22:28:35 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Online Services
[2012/05/27 13:32:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2011/11/24 21:28:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Samsung
[2011/01/03 15:17:31 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2011/09/27 15:31:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Spotify
[2012/05/26 11:25:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SpotifyRemotelessHelper
[2010/09/24 16:31:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/06/06 19:21:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SpywareBlaster
[2010/05/24 19:04:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Symantec
[2012/01/20 22:48:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TurboTax
[2009/07/13 23:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2010/09/24 01:43:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN
[2010/05/24 18:43:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Virtual Earth 3D
[2010/09/24 03:06:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VSO
[2009/07/14 00:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2012/05/21 19:11:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2011/05/22 17:02:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2011/05/22 17:02:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2011/05/22 17:02:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2011/05/22 17:02:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2011/05/22 17:02:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2012/05/28 11:14:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WinRAR
[2012/01/27 08:29:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yontoo Layers Runtime

< MD5 for: AGP440.SYS >
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: DISK.SYS >
[2009/07/13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\drivers\disk.sys
[2009/07/13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 08:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 08:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 01:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 01:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 01:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 08:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 08:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/01/08 13:19:39 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/01/08 13:19:39 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/01/08 13:19:39 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/01/08 13:19:40 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/01/08 13:19:40 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/01/08 13:19:40 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\jamie desktop\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/05/22 20:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\jamie desktop\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/05/22 20:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\jamie desktop\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/05/22 20:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\jamie desktop\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/05/22 20:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 07:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 07:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 07:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2010/11/20 07:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2010/11/20 07:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/01/08 13:19:39 | 000,715,216 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/01/08 13:19:39 | 000,715,216 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/01/08 13:19:39 | 000,715,216 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/01/08 13:19:40 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/01/08 13:19:40 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/01/08 13:19:40 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/05/22 20:56:51 | 001,240,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/05/22 20:56:51 | 001,240,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/05/22 20:56:51 | 001,240,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/05/22 20:56:51 | 001,240,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/13 20:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/13 20:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/13 20:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2010/11/20 07:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2010/11/20 07:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >

jamie.wood.52
Novice
Novice

Posts Posts : 21
Joined Joined : 2012-06-09
OS OS : Windows 7
Points Points : 16743
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown malware/virus on Windows 7 PC

Post by jamie.wood.52 on 9th June 2012, 5:06 pm

OTL Extras logfile created on: 6/9/2012 11:14:00 AM - Run 1
OTL by OldTimer - Version 3.2.46.1 Folder = C:\Users\jamie desktop\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 3.02 Gb Available Physical Memory | 80.61% Memory free
7.50 Gb Paging File | 6.81 Gb Available in Paging File | 90.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 634.48 Gb Total Space | 420.09 Gb Free Space | 66.21% Space Free | Partition Type: NTFS
Drive D: | 12.30 Gb Total Space | 1.73 Gb Free Space | 14.03% Space Free | Partition Type: NTFS
Drive I: | 31.23 Gb Total Space | 28.42 Gb Free Space | 91.00% Space Free | Partition Type: FAT32
Drive J: | 20.51 Gb Total Space | 4.42 Gb Free Space | 21.55% Space Free | Partition Type: NTFS

Computer Name: JAMIEDESKTOP-PC | User Name: jamie desktop | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04481665-6B65-4422-AC2A-2445E60CF11B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0C45BB5A-E9E0-4B51-BB24-D69F2DBBECBC}" = lport=139 | protocol=6 | dir=in | app=system |
"{18C8A3D3-2C5C-454A-81A3-15990698E46B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{229319F8-CC04-46A1-9A2B-223581F2B992}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{24481539-E821-4282-B373-AE51E37BE6F2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{266FB736-EA26-4D5E-AB86-ECB8DBA3D482}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{342006A3-8D89-46CC-8C2B-B11C854C3917}" = rport=137 | protocol=17 | dir=out | app=system |
"{390A63AB-F4F8-41BE-9480-CBBDEBBA7218}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3A69A5B2-8704-4740-9C7A-3445D638C3CC}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4037EF92-475A-4965-BBF9-84120A222741}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{42EF4775-50C8-430A-BDF6-4378E2B8C420}" = lport=445 | protocol=6 | dir=in | app=system |
"{4B43B79A-E5F9-4859-AB67-E148FE231EA5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{58F0EF52-3B88-460C-A952-AE8D74D08E36}" = rport=139 | protocol=6 | dir=out | app=system |
"{5C36145E-62AD-4067-BC71-4A0E2A349766}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5F7720E3-25A8-433C-A3AA-47A6929CB868}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{68360E68-6DBF-4D99-B68E-E7A53336401A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{73210BC7-7491-4AC6-8E10-F2F17D2356FB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{86CBEAF3-3998-4D95-AFBA-F6A26DE65DF3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{888291E4-E3EA-49FA-BFCD-DE6EC499DEE8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9C906625-2961-42AE-8AD8-39B4CA4520EA}" = lport=138 | protocol=17 | dir=in | app=system |
"{9F8C78C9-8152-4E01-A55E-BC8E0DA3A0BF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A0BD58C8-748C-4A8C-BECD-111222429CA6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A414FC45-3FD0-4AA0-B20F-489CA08B0F15}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe |
"{AC3025D2-949E-4456-9556-6D3C0BA3F0EC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B30F6645-FC9E-4FA4-BA1E-150842E702A5}" = rport=138 | protocol=17 | dir=out | app=system |
"{B3B36538-4AC4-47BC-92EA-3C832E53158D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{BB3F14CD-8E0A-4E67-BF10-CA139BE63BC3}" = rport=445 | protocol=6 | dir=out | app=system |
"{BBF5AB14-AB39-4BA9-B11C-6CA7FEF7C81C}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe |
"{BC35C047-082B-4006-9572-FF248CA8AF24}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BCA95F12-8F21-44B9-97FD-03CADCF0BAA7}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C2DC8D47-0799-426F-94C9-93696E7C813E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C6AA3A48-7D20-4F0B-967B-1A1A1E65AF6B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D5C4F11D-D604-4277-99A1-C0D135E768B5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DBDC4987-248C-4ACD-8E2C-2832F5AD9AFC}" = rport=2869 | protocol=6 | dir=out | app=system |
"{DDD9815E-6B9D-44A5-B611-9AB156D2BB8D}" = lport=137 | protocol=17 | dir=in | app=system |
"{E6A6EA5D-B17E-49E0-912F-FA116BF9326D}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{EE6896E9-8D97-4E19-ABE2-B9276DF1E46B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F0E0C9AA-2635-450C-B18E-CC03CCBB27CD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0104D363-1E90-4664-8F9B-3727C9585C13}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{05F7494F-906C-4354-8F58-648A7D09B201}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{09A68FF5-22DE-42E3-9E41-688BC769B44E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{0BDB1944-6DEF-4B66-9C28-A8CD25157CE9}" = protocol=17 | dir=in | app=c:\users\jamie desktop\appdata\roaming\dropbox\bin\dropbox.exe |
"{177517DC-F911-4AF8-ABBE-C47771DB9824}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{1ADED57D-1D03-4C9F-BD9A-D63FE87E2147}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{1D1A0B26-85EE-4ECB-B721-2D77A9A8BA82}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{1DCA6E0F-1A14-469F-A528-0C02853150BA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1EFB921E-7232-4449-8C2D-DECC7FAE232A}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{263EB52B-74BF-4237-BF2E-25A9676218EA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2846E67E-8A20-40DF-9BAE-430547455F54}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{315E6D31-6F6C-48A1-B62B-160657044E59}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{31C3722D-7799-4A0B-9F3F-06C85F49CDC9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{342BA4EA-3026-4AC8-95EA-3E62A5198250}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{35613413-A810-4DD0-98BC-30562D28047D}" = dir=in | app=c:\program files\bonjour\mdnsresponder.exe\bonjour\mdnsresponder.exe |
"{47DAC0DC-7329-440C-94AE-37FDE6CDC43A}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{4E2F80A8-9C6A-4976-AFDC-4095683799D9}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{50249BEE-50B4-4175-B754-C6D02F39A4BA}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{54E0096A-6FAB-44D5-9BB4-C798F678FED2}" = protocol=6 | dir=out | app=system |
"{59266506-62B9-477D-A314-DD89E200C274}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{5E238967-A12A-4109-83B5-E914C9C10F62}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5E786282-3802-4913-B171-55383F65F6E3}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{6A6DA137-B7B7-40AF-B232-F56E1EDE6F41}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{6E2C07CA-DBE7-4D31-8BC6-F9A87257239B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{70535F37-EBE4-4160-A355-89BED210DC08}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{71C78F13-3C56-40B6-9D10-CA660DD7897A}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{77380058-54DB-4FCA-8188-C1A781837BED}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{7EFD5392-F8DA-4C0B-A470-E3A0E5889C29}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{80FBA84F-011A-49F3-8580-37F4F2D25D87}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{820F8D76-C1E2-4012-9CD4-48CE83E2CC17}" = dir=in | app=c:\program files (x86)\hobbyist software\vlc streamer\vlc streamer configuration.exe |
"{85C2D2FB-F0D7-4342-8662-F270C677F2F2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{86CFD34C-5766-4AA1-865E-2098A61602CE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8FB97DBD-B4CC-4C87-BFBC-75DA2237D52D}" = protocol=17 | dir=in | app=c:\users\jamie desktop\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{9198E9F6-D956-4354-B180-20875F864DCE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{95B52EFE-F269-48A7-9129-BE709FFC1F72}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{96BB2736-DD5D-42AB-9DA9-443D169AB697}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{98E42E65-AC5B-4DC5-B3CC-40C25DEAA772}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{9DCBA58A-6B1F-4555-9A2E-F7EC4BE43E13}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A1E82E85-69C2-46F2-A42D-CE7CD6444B88}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{A2A835CC-68F2-461E-92CD-083F34DBE2DF}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{A3511CE4-183F-4829-B429-00A4CD803178}" = dir=in | app=c:\program files (x86)\hobbyist software\vlc streamer\mdnsresponder.exe |
"{A429F4F9-966A-4EEF-8AC0-3588EB6DD28F}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{A738511B-AA99-449B-ADEF-5A65C5BE8EB5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A7EDE845-2A25-4DD4-A7F7-8828FD612C9D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B4002602-4D9B-402E-90D1-51BF4641A70D}" = dir=in | app=c:\users\jamie desktop\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{B67C3477-DF3B-4A46-B115-471E04C97EC4}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B78926F0-DBED-42DB-B262-F1C49338C4CA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{B7AB645A-5FF6-47EC-A3C4-36E32BD25878}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BF5427AF-B545-4DA7-ABBA-35B5AC300B79}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C091E2D0-1675-4B9F-81B8-8A43D857E318}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{C268F8B4-8186-4E3F-BF20-33F029842F76}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C425E322-E49B-436C-8D08-B303B2C3B930}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{CBF206A1-4C2A-4519-B1E9-A1133790C92C}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D0AF1964-F3AF-4E97-8E4D-96CA94BD689C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D54B7466-AA2A-40AA-8CCF-EBF9EAD589F8}" = protocol=6 | dir=in | app=c:\users\jamie desktop\appdata\roaming\dropbox\bin\dropbox.exe |
"{E38E0D8C-9B08-4805-9392-C550D8962706}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{E47A4C30-0560-461B-99B3-A63DD3F82B6E}" = protocol=6 | dir=in | app=c:\users\jamie desktop\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{E4818CB4-50C0-4ACB-AFA7-B7647ABB8A63}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{E48E3D68-4084-4763-AAD6-C913BB950496}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E5D28E9B-742E-497C-9BD9-536784E7FD7E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F1416695-134A-4E59-A590-47F064CC5E73}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F7CAF26E-2F0A-4848-9266-989ABADE8E63}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{FC08CC83-C5CB-43D4-A1B7-E9A21ECAFD35}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"TCP Query User{70011D23-C8D8-4DDA-92D2-1057584AD705}C:\users\jamie desktop\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\jamie desktop\appdata\roaming\spotify\spotify.exe |
"TCP Query User{A5F96000-77D3-4EF2-A645-2D64B93BF34D}C:\users\jamie desktop\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\jamie desktop\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{ABAD810C-6051-4489-A8E3-6EC0C9D21165}C:\program files (x86)\spotifyremotelesshelper\spotifyremotelesshelper.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spotifyremotelesshelper\spotifyremotelesshelper.exe |
"UDP Query User{2833E14C-D0C2-4EBB-9963-8727915DB837}C:\users\jamie desktop\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\jamie desktop\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{78A0BFDD-63B2-4D66-BD56-BC930B0ED5F1}C:\users\jamie desktop\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\jamie desktop\appdata\roaming\spotify\spotify.exe |
"UDP Query User{BB7B1B66-6ABC-4895-B744-91E4F65402A4}C:\program files (x86)\spotifyremotelesshelper\spotifyremotelesshelper.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spotifyremotelesshelper\spotifyremotelesshelper.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4B70F667-DC59-D8B4-FE13-5C47096885E5}" = McAfee Online Backup
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{948B1FD6-9F98-47EE-AABF-8697F2FD44B0}" = ccc-utility64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E50A5077-1654-BEAE-986B-7B7133DA7C48}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"PC-Doctor for Windows" = Hardware Diagnostic Tools

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP TouchSmart Webcam
"{053BC793-EB2F-48B6-AB61-6B76CCCCB041}" = HP TouchSmart Clock
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08235411-48C8-A293-8642-D9575891E7D9}" = Catalyst Control Center InstallProxy
"{08548558-3EC9-BD0B-3D09-632500268F59}" = CCC Help Portuguese
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{137B2CE7-30A2-4836-0830-707F1010F517}" = CCC Help English
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AFC20E3-35B0-4916-9809-F6C46A92A695}" = HP TouchSmart Weather
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22139F5D-9405-455A-BDEB-658B1A4E4861}" = Catalyst Control Center - Branding
"{25F2A86D-E2E2-C2AD-8173-86C18632F214}" = CCC Help Chinese Traditional
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{2842077A-7895-5310-4F0C-42C83501E770}" = CCC Help Thai
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2ACAB850-69A5-8090-08B7-D27CC6D8652C}" = CCC Help German
"{2BAD00A4-7FD1-61C5-10C3-8275723943AD}" = CCC Help Danish
"{2BF943D5-1468-589A-50E3-DD0ED6596022}" = Catalyst Control Center Graphics Full New
"{2DBE7159-9081-4DDB-B8DB-31692A41008F}" = HP TouchSmart Notes
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP TouchSmart Video
"{325045C9-F040-3D98-892D-53D5E840266C}" = Google Talk Plugin
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34DB1D69-9FFC-7899-6F4D-22C4C15ADD54}" = CCC Help Polish
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35021DFB-F9CA-402A-89A2-47F91E506465}" = HP MediaSmart/TouchSmart Netflix
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3D1690A3-C69E-706B-8D23-72CF6DE805D6}" = ESPN Offline Draft
"{3D3D1E03-D506-4163-B600-82EE27FC5A89}" = Microsoft Camera Codec Pack
"{3E450CF1-F8C4-C8D6-29D1-87AD090E8F2A}" = Catalyst Control Center InstallProxy
"{3F310D8D-AC3B-5478-5AEA-D2EF5D7437E7}" = CCC Help Swedish
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{46DAC203-9F7B-85FA-B4FE-FFD72E6D0039}" = GameFly
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{595007B2-E139-535C-D723-4B0442FC40F5}" = CCC Help Italian
"{5A21C631-0494-7377-1E3B-99353E04F83B}" = CCC Help Japanese
"{5F10FEF8-0538-4BB7-9020-E553C85427E9}" = HP TouchSmart
"{5F12B024-2681-4080-9B24-918D04A8E609}" = HP TouchSmart Canvas
"{6295D2D0-11CB-48F6-A2CF-0E2917A17369}" = HP TouchSmart Calendar
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{695C04CF-CF98-FAD6-9590-6C555B2E2E79}" = CCC Help Chinese Standard
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F277272-77D6-1E03-B8BB-B408B26C5140}" = CCC Help Czech
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7240A994-0ED4-4841-AD3B-5E5F72850F67}" = Catalyst Control Center Graphics Previews Vista
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7C66E480-E42D-3664-B207-5CE9A706BC1F}" = Catalyst Control Center Graphics Light
"{7CAAA7B2-D9EA-2416-9D63-DDBC8E669059}" = CCC Help French
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7FC8C210-A319-4835-A87D-B935EFB4C148}" = Microsoft Live Search Toolbar
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84B4C4F4-F244-6A7E-EDC6-ECD46ACAAE59}" = CCC Help Greek
"{84E226BE-DA00-4417-98D7-96BA49E7060B}" = HP TouchSmart RecipeBox
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1" = HP TouchSmart Tutorials
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ABB6A99-E2D5-47E4-905A-2FD4657D235E}" = HP TouchSmart RSS
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ABB2A845-DD44-4147-95CD-6C18271E5EC2}" = HP TouchSmart Tutorials
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AE8C4181-26D7-4E92-A6EF-81BB2A8E0230}" = HP TouchSmart Twitter
"{AF4A82A7-F453-CE12-A942-E55FAC234387}" = ccc-core-static
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP TouchSmart Music/Photo/Video
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5B7E8FF-62F6-FA85-4C4A-83AAF816CE6E}" = CCC Help Spanish
"{B8089767-9A45-0E84-FCDE-15698650FF17}" = CCC Help Hungarian
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{BF6B7982-9189-4765-9DD3-039CE6D69C0C}" = Buttons & OSDs control application gen3
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9496C0E-BE4C-7800-900B-5E66B958AEC1}" = CCC Help Russian
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.365
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{DFD6EBE3-F0DA-4E24-9202-37AF8D20888B}" = HP TouchSmart Browser
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EB1A6595-613F-9654-E58E-0876F8B0E8F3}" = Catalyst Control Center Localization All
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EDD1E22B-249A-5ED7-BA0A-C41BAA8256ED}" = CCC Help Korean
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F252C428-A4AE-C73E-031A-C451FDD660A9}" = CCC Help Norwegian
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40DB500-B51A-4751-9EE0-DA0FA7A4AD00}" = Draft Analyzer 2011
"{F67EA3C6-38B0-675A-E2F9-8C343DE1C826}" = Catalyst Control Center Graphics Full Existing
"{F686E613-03C4-085F-188A-9E5DC1455787}" = CCC Help Turkish
"{F7F7626C-4612-BF7B-38D5-07E247973A1A}" = Catalyst Control Center Core Implementation
"{F8CA8746-F561-61D7-A496-8D4C4E1F8A57}" = CCC Help Dutch
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP TouchSmart Video
"{fc8208f2-b1c1-4253-9e89-d518e983b7bb}" = Ad-Aware Antivirus
"{FCDDC9D3-5524-9AD1-651C-467910CC1903}" = CCC Help Finnish
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"AVG Secure Search" = AVG Security Toolbar
"Avidemux 2.5" = Avidemux 2.5 (32-bit)
"BitTorrent" = BitTorrent
"BitTorrentBar2 Toolbar" = BitTorrentBar2 Toolbar
"DivX Setup" = DivX Setup
"ESET Online Scanner" = ESET Online Scanner v3
"ESPNOfflineDraft.87EFDF5C5ABF3073574165E816459613033FD48A.1" = ESPN Offline Draft
"FLV to AVI MPEG WMV 3GP MP4 iPod Converter" = FLV to AVI MPEG WMV 3GP MP4 iPod Converter
"GameFly" = GameFly
"Graboid Video" = Graboid Video 1.73
"Handbrake" = Handbrake 0.9.4
"HP Keyboard_is1" = HP Desktop Keyboard
"HP Remote Solution" = HP Remote Solution
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP TouchSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP TouchSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP TouchSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP TouchSmart Video
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MSC" = McAfee Total Protection
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"soaScreenSaver" = soaScreenSaver
"Spotify" = Spotify
"SpywareBlaster_is1" = SpywareBlaster 4.6
"Tom Clancys Splinter Cell" = Tom Clancys Splinter Cell
"TurboTax 2011" = TurboTax 2011
"VLC media player" = VLC media player 2.0.1
"VLC Streamer_is1" = VLC Streamer 2.26
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"HuluDesktop" = Hulu Desktop
"MusicManager" = Music Manager
"Spotify" = Spotify
"SpotifyRemotelessHelper 1.2.2" = SpotifyRemotelessHelper 1.2.2

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

jamie.wood.52
Novice
Novice

Posts Posts : 21
Joined Joined : 2012-06-09
OS OS : Windows 7
Points Points : 16743
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown malware/virus on Windows 7 PC

Post by jamie.wood.52 on 9th June 2012, 5:07 pm

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-09 11:23:42
-----------------------------
11:23:42.446 OS Version: Windows x64 6.1.7601 Service Pack 1
11:23:42.446 Number of processors: 2 586 0x602
11:23:42.446 ComputerName: JAMIEDESKTOP-PC UserName: jamie desktop
11:23:43.429 Initialize success
11:24:39.605 AVAST engine defs: 12060900
11:24:55.189 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066
11:24:55.189 Disk 0 Vendor: ST375052 HP35 Size: 715404MB BusType: 11
11:24:55.205 Disk 0 MBR read successfully
11:24:55.205 Disk 0 MBR scan
11:24:55.205 Disk 0 Windows 7 default MBR code
11:24:55.220 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
11:24:55.236 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 649702 MB offset 206911
11:24:55.252 Disk 0 Partition - 00 0F Extended LBA 21000 MB offset 1396334592
11:24:55.283 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12599 MB offset 1439342592
11:24:55.298 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 20999 MB offset 1396336640
11:24:55.361 Disk 0 scanning C:\Windows\system32\drivers
11:25:05.111 Service scanning
11:25:22.318 Modules scanning
11:25:22.318 Disk 0 trace - called modules:
11:25:22.333 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
11:25:22.333 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003da3060]
11:25:22.365 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa8003726b80]
11:25:22.365 5 amdxata.sys[fffff88000c647a8] -> nt!IofCallDriver -> \Device\00000066[0xfffffa8003d8c060]
11:25:34.002 AVAST engine scan C:\Windows
11:25:35.812 AVAST engine scan C:\Windows\system32
11:28:23.138 AVAST engine scan C:\Windows\system32\drivers
11:28:34.541 AVAST engine scan C:\Users\jamie desktop
11:35:42.107 AVAST engine scan C:\ProgramData
11:37:26.487 Scan finished successfully
11:41:13.919 Disk 0 MBR has been saved successfully to "C:\Users\jamie desktop\Desktop\MBR.dat"
11:41:13.919 The log file has been saved successfully to "C:\Users\jamie desktop\Desktop\aswMBR.txt"


Results of screen317's Security Check version 0.99.41
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
Lavasoft Ad-Aware
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
SpywareBlaster 4.6
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.61.0.1400
Java(TM) 6 Update 31
Java version out of date!
Adobe Flash Player 10 Flash Player out of date!
Adobe Flash Player 11.2.202.235
Adobe Reader X (10.1.3)
Mozilla Firefox (9.0.1)
Google Chrome 19.0.1084.46
Google Chrome 19.0.1084.52
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Ad-Aware Antivirus AdAwareService.exe
Ad-Aware Antivirus SBAMSvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````


jamie.wood.52
Novice
Novice

Posts Posts : 21
Joined Joined : 2012-06-09
OS OS : Windows 7
Points Points : 16743
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown malware/virus on Windows 7 PC

Post by Superdave on 11th June 2012, 1:41 am

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
While I'm checking over your logs could you possibly run these scans for me?

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!


Download [You must be registered and logged in to see this link.]
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from [You must be registered and logged in to see this link.]
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************************
Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.]
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [You must be registered and logged in to see this link.] for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:



Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown malware/virus on Windows 7 PC

Post by jamie.wood.52 on 11th June 2012, 10:35 pm

SUPERAntiSpyware Scan Log
[You must be registered and logged in to see this link.]

Generated 06/10/2012 at 10:56 PM

Application Version : 5.0.1150

Core Rules Database Version : 8710
Trace Rules Database Version: 6522

Scan type : Complete Scan
Total Scan Time : 01:59:12

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 482
Memory threats detected : 0
Registry items scanned : 66867
Registry threats detected : 0
File items scanned : 326776
File threats detected : 358

Adware.Tracking Cookie
C:\Users\jamie desktop\AppData\Roaming\Microsoft\Windows\Cookies\5CSPACNE.txt [ /insightexpressai.com ]
C:\USERS\JAMIE DESKTOP\Cookies\5CSPACNE.txt [ Cookie:jamie [You must be registered and logged in to see this link.]/ ]
.doubleclick.net [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adxpose.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atlanticmedia.122.2o7.net [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.intermundomedia.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.intermundomedia.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad2.adfarm1.adition.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.technoratimedia.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.technoratimedia.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.timeinc.122.2o7.net [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
wstat.wibiya.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
toolbarstats.s3.amazonaws.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ar.atwola.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
comedians.jokes.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
comedians.jokes.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www.burstnet.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mtvn.112.2o7.net [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
statse.webtrendslive.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
[You must be registered and logged in to see this link.] [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bs.serving-sys.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bs.serving-sys.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eset.122.2o7.net [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
mediaservices-d.openxenterprise.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yieldmanager.net [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\JAMIE DESKTOP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
core.insightexpressai.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Z339P5GJ ]
ds.serving-sys.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Z339P5GJ ]
media.mtvnservices.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Z339P5GJ ]
secure-us.imrworldwide.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Z339P5GJ ]
.insightexpressai.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.adxpose.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.eyeviewads.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.eyeviewads.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.s.clickability.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.traffichaus.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.clickability.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.clickability.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
ads2.zeusclicks.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.dealtime.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.cdn.complexmedianetwork.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.cdn.complexmedianetwork.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
wstat.wibiya.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.intermundomedia.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.intermundomedia.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.megaclick.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.viewablemedia.net [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.nextag.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.nextag.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.cdn.mediatakeout.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.cdn.mediatakeout.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.petfinder.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.petfinder.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.petfinder.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
[You must be registered and logged in to see this link.] [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.petfinder.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
optimize.indieclick.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.3questionsgetthegirl.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.3questionsgetthegirl.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.3questionsgetthegirl.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.3questionsgetthegirl.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.tracking.dsmmadvantage.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
2.s04.flagcounter.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
s04.flagcounter.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.counterkicks.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.counterkicks.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.counterkicks.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.counterkicks.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.8tracks.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.8tracks.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.8tracks.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.8tracks.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.yourdailymedia.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.yourdailymedia.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.yourdailymedia.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.yourdailymedia.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.yourdailymedia.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.yourdailymedia.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.kantarmedia.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
w00tpublishers.wootmedia.net [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
dc.tremormedia.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.s.clickability.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.f.megaclick.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.f.megaclick.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.azjmp.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.azjmp.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.adxpansion.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.tns-counter.ru [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
auth.breakmedia.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
[You must be registered and logged in to see this link.] [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
mediaservices-d.openxenterprise.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
cdn1.unlimedia.net [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.media.adfrontiers.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.media.adfrontiers.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
sales.liveperson.net [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.media2.legacy.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.www.cracked.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.www.cracked.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
optimize.indieclick.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.traveladvertising.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.traveladvertising.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.akamai.interclickproxy.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.indieclick.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
optimize.indieclick.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
optimize.indieclick.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\JAMIE DESKTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VJ1II32I.DEFAULT\COOKIES.SQLITE ]

PUP.SoftDownloader
C:\USERS\JAMIE DESKTOP\DESKTOP\MINI TOOLBOX SETUP.EXE

jamie.wood.52
Novice
Novice

Posts Posts : 21
Joined Joined : 2012-06-09
OS OS : Windows 7
Points Points : 16743
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown malware/virus on Windows 7 PC

Post by jamie.wood.52 on 11th June 2012, 10:35 pm

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
[You must be registered and logged in to see this link.]

Database version: v2012.06.08.02

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7601.17514
jamie desktop :: JAMIEDESKTOP-PC [administrator]

Protection: Disabled

6/10/2012 11:06:01 PM
mbam-log-2012-06-10 (23-06-01).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 512866
Time elapsed: 1 hour(s), 2 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\jamie desktop\AppData\Local\Temp\IWantThis.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.

(end)

jamie.wood.52
Novice
Novice

Posts Posts : 21
Joined Joined : 2012-06-09
OS OS : Windows 7
Points Points : 16743
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown malware/virus on Windows 7 PC

Post by jamie.wood.52 on 11th June 2012, 10:36 pm

ComboFix 12-06-11.04 - jamie desktop 06/11/2012 17:08:56.1.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.3070 [GMT -5:00]
Running from: c:\users\jamie desktop\Desktop\ComboFix.exe
AV: Lavasoft Ad-Aware *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: Lavasoft Ad-Aware *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\jamie desktop\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2B0519AA-5D23-4131-B01C-315F75CB1F80}.xps
c:\users\jamie desktop\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D04E46EA-7E7E-4032-A068-AAA2E00C6651}.xps
c:\users\jamie desktop\AppData\Roaming\vso_ts_preview.xml
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-11 to 2012-06-11 )))))))))))))))))))))))))))))))
.
.
2012-06-11 22:13 . 2012-06-11 22:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-11 01:54 . 2012-06-11 01:54 -------- d-----w- c:\users\jamie desktop\AppData\Roaming\SUPERAntiSpyware.com
2012-06-11 01:54 . 2012-06-11 01:54 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-11 01:54 . 2012-06-11 01:54 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-09 03:45 . 2012-06-09 03:45 -------- d-----w- c:\users\jamie desktop\AppData\Local\AVG Secure Search
2012-06-09 03:45 . 2012-06-09 03:45 -------- d-----w- c:\programdata\AVG Secure Search
2012-06-09 03:44 . 2012-06-09 03:45 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-06-09 03:44 . 2012-06-09 03:44 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-06-09 03:44 . 2012-06-09 03:44 -------- d--h--w- c:\programdata\Common Files
2012-06-09 00:44 . 2012-06-09 00:44 -------- d-----w- c:\program files (x86)\ESET
2012-06-08 21:30 . 2012-06-08 21:33 30496 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-06-08 21:30 . 2012-06-08 21:30 -------- d-----w- c:\programdata\HitmanPro
2012-06-07 23:57 . 2012-06-07 23:57 -------- d-----w- c:\users\jamie desktop\AppData\Roaming\Malwarebytes
2012-06-07 23:57 . 2012-06-07 23:57 -------- d-----w- c:\programdata\Malwarebytes
2012-06-07 23:57 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-07 23:57 . 2012-06-07 23:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-28 14:53 . 2012-05-28 14:53 -------- d-----w- c:\users\jamie desktop\AppData\Local\CRE
2012-05-28 14:52 . 2012-05-28 14:52 -------- d-----w- c:\program files (x86)\Conduit
2012-05-28 14:52 . 2012-05-28 14:52 -------- d-----w- c:\users\jamie desktop\AppData\Local\Conduit
2012-05-28 14:52 . 2012-05-28 14:52 -------- d-----w- c:\program files (x86)\BitTorrentBar2
2012-05-26 16:21 . 2012-05-26 16:25 -------- d-----w- c:\program files (x86)\SpotifyRemotelessHelper
2012-05-26 00:41 . 2012-05-26 00:41 -------- d-----w- c:\users\jamie desktop\AppData\Roaming\Hobbyist Software
2012-05-26 00:40 . 2012-05-26 00:40 -------- d-----w- c:\users\jamie desktop\AppData\Local\Hobbyist_Software
2012-05-26 00:40 . 2012-05-26 00:40 -------- d-----w- c:\program files (x86)\Hobbyist Software
2012-05-26 00:16 . 2012-05-26 00:17 -------- d-----w- c:\users\jamie desktop\AppData\Roaming\avidemux
2012-05-26 00:15 . 2012-05-26 00:15 -------- d-----w- c:\program files (x86)\Avidemux 2.5
2012-05-26 00:08 . 2011-12-19 17:44 60536 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-05-26 00:07 . 2011-12-19 17:44 256632 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-05-26 00:07 . 2011-09-29 17:16 119416 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-05-26 00:07 . 2011-12-19 18:21 45936 ----a-w- c:\windows\system32\sbbd.exe
2012-05-26 00:07 . 2012-06-03 17:07 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2012-05-26 00:05 . 2012-05-26 00:15 -------- d-----w- c:\users\jamie desktop\AppData\Roaming\Ad-Aware Antivirus
2012-05-25 22:08 . 2012-05-25 22:08 -------- d-----w- c:\users\jamie desktop\AppData\Local\libimobiledevice
2012-05-22 00:26 . 2012-05-23 22:42 -------- d-----w- c:\users\jamie desktop\Tracing
2012-05-22 00:14 . 2012-05-22 00:14 -------- d-----w- c:\windows\en
2012-05-22 00:11 . 2012-03-08 23:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-05-22 00:07 . 2012-05-22 00:07 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e54c97c11cd37ae02\MeshBetaRemover.exe
2012-05-22 00:07 . 2012-05-22 00:07 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e48e29ab1cd37ae01\DSETUP.dll
2012-05-22 00:07 . 2012-05-22 00:07 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e48e29ab1cd37ae01\DXSETUP.exe
2012-05-22 00:07 . 2012-05-22 00:07 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e48e29ab1cd37ae01\dsetup32.dll
2012-05-21 02:07 . 2012-05-21 02:07 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 10:10 . 2012-04-12 22:09 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 10:10 . 2011-05-17 23:07 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 10:10 . 2012-04-14 18:41 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-19 01:56 . 2012-04-19 01:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 01:56 . 2012-04-19 01:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-03-31 06:05 . 2012-05-12 00:18 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-12 00:18 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-12 00:18 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10 . 2012-05-12 00:18 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 11:35 . 2012-05-12 00:17 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-20 18:11 . 2012-03-01 00:18 162192 ----a-w- c:\windows\system32\mfevtps.exe
2012-03-17 07:58 . 2012-05-12 00:17 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{656461ef-40f6-4115-9ff1-bced9812ccbb}"= "c:\program files (x86)\BitTorrentBar2\prxtbBitT.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{656461ef-40f6-4115-9ff1-bced9812ccbb}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{656461ef-40f6-4115-9ff1-bced9812ccbb}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\BitTorrentBar2\prxtbBitT.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-09 03:44 2068536 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{656461ef-40f6-4115-9ff1-bced9812ccbb}"= "c:\program files (x86)\BitTorrentBar2\prxtbBitT.dll" [2011-05-09 176936]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-09 2068536]
.
[HKEY_CLASSES_ROOT\clsid\{656461ef-40f6-4115-9ff1-bced9812ccbb}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\jamie desktop\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\jamie desktop\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\jamie desktop\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Facebook Update"="c:\users\jamie desktop\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-08-17 137536]
"Spotify Web Helper"="c:\users\jamie desktop\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-07 932528]
"RemotelessHelper"="c:\program files (x86)\SpotifyRemotelessHelper\SpotifyRemotelessHelper.exe" [2012-04-26 2315264]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2009-10-19 715776]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-22 1314816]
"Buttons & OSDs control application gen3"="c:\program files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe" [2009-11-17 212992]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-03 98304]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-11-02 928656]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-11-02 3508624]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-09 1104440]
.
c:\users\jamie desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\jamie desktop\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
2;2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [x]
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-08 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-08 136176]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [x]
R3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-05-03 1226096]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2009-09-11 22072]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 MOBKbackup;McAfee Online Backup Service;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-08-04 232248]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-09 935480]
S3 ACPIService;Buttons and OSDs ACPI driver gen2;c:\windows\system32\DRIVERS\OSDACPI.SYS [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\DRIVERS\hidkmdf.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 NW1950;NextWindow 1950 Touch Screen;c:\windows\system32\DRIVERS\NW1950.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 10:10]
.
2012-06-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3926266715-3380694729-1637783024-1001Core.job
- c:\users\jamie desktop\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-17 18:49]
.
2012-06-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3926266715-3380694729-1637783024-1001UA.job
- c:\users\jamie desktop\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-17 18:49]
.
2012-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-08 21:20]
.
2012-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-08 21:20]
.
2012-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3926266715-3380694729-1637783024-1001Core.job
- c:\users\jamie desktop\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-09 21:20]
.
2012-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3926266715-3380694729-1637783024-1001UA.job
- c:\users\jamie desktop\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-09 21:20]
.
2012-06-03 c:\windows\Tasks\HPCeeScheduleForjamie desktop.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 04:15]
.
2012-05-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\jamie desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\jamie desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\jamie desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\jamie desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-08-04 16:29 4742968 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-08-04 16:29 4742968 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-08-04 16:29 4742968 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"="c:\program files (x86)\Analog Devices\SoundMAX\soundmax.exe" [2009-06-22 3866624]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
"fssui"="c:\program files (x86)\Windows Live\Family Safety\fsui.exe" [2012-03-08 884584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.] 22:44&v=11.1.0.7&sap=hp
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
FF - ProfilePath - c:\users\jamie desktop\AppData\Roaming\Mozilla\Firefox\Profiles\vj1ii32i.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - cnn.com
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-Ad-Aware Browsing Protection - c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe
AddRemove-soaScreenSaver - c:\windows\system32\soaScreenSaver.scr
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3926266715-3380694729-1637783024-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3926266715-3380694729-1637783024-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Internet Explorer\IELowutil.exe
.
**************************************************************************
.
Completion time: 2012-06-11 17:22:25 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-11 22:22
.
Pre-Run: 448,909,033,472 bytes free
Post-Run: 458,468,343,808 bytes free
.
- - End Of File - - 985C82DB837359E747B4A1CEE460B59D

jamie.wood.52
Novice
Novice

Posts Posts : 21
Joined Joined : 2012-06-09
OS OS : Windows 7
Points Points : 16743
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown malware/virus on Windows 7 PC

Post by jamie.wood.52 on 11th June 2012, 10:39 pm

After one restart, I booted into normal mode instead of safe mode with networking. Everything worked really well for the first few minutes actually. Everything seemed back to normal for about 2 minutes until a notification window popped up and said "Ad Aware will continue to protect your computer from threats." After that, everything came back to a crawling speed and windows were no longer responding. I still cannot uninstall Ad Aware, even in safe mode. Let me know what else you need to know.

Thanks!

jamie.wood.52
Novice
Novice

Posts Posts : 21
Joined Joined : 2012-06-09
OS OS : Windows 7
Points Points : 16743
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown malware/virus on Windows 7 PC

Post by Superdave on 11th June 2012, 11:49 pm

Please go to [You must be registered and logged in to see this link.]
(If more than one file needs scanned they must be done separately and links posted for each one)

* Copy the file path in the below Code box:

Code:
c:\windows\system32\sbbd.exe
 

* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
*****************************************************
Re-running ComboFix to remove infections:


  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:

    KillAll::

    DDS::
    Trusted Zone: intuit.com\ttlc

    Folder::
    c:\program files (x86)\Ad-Aware Antivirus

    SecCenter::
    {445B48C3-0FA4-6B16-8F07-6506F305D800}

    Firefox::
    Trusted Zone: intuit.com\ttlc

  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.

************************************************
Please download [You must be registered and logged in to see this link.] ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown malware/virus on Windows 7 PC

Post by jamie.wood.52 on 12th June 2012, 12:02 am

[You must be registered and logged in to see this link.]

jamie.wood.52
Novice
Novice

Posts Posts : 21
Joined Joined : 2012-06-09
OS OS : Windows 7
Points Points : 16743
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown malware/virus on Windows 7 PC

Post by jamie.wood.52 on 12th June 2012, 1:01 am

ComboFix 12-06-11.04 - jamie desktop 06/11/2012 19:33:14.2.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2472 [GMT -5:00]
Running from: c:\users\jamie desktop\Desktop\ComboFix.exe
Command switches used :: c:\users\jamie desktop\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: Lavasoft Ad-Aware *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Ad-Aware Antivirus
c:\program files (x86)\Ad-Aware Antivirus\AdAware.exe
c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe
c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe
c:\program files (x86)\Ad-Aware Antivirus\AdAwareShellExtension.dll
c:\program files (x86)\Ad-Aware Antivirus\AdAwareShellExtension64.dll
c:\program files (x86)\Ad-Aware Antivirus\BlockedAdPage.htm
c:\program files (x86)\Ad-Aware Antivirus\BlockedWebPage.htm
c:\program files (x86)\Ad-Aware Antivirus\Definitions\acertdefs0.std
c:\program files (x86)\Ad-Aware Antivirus\Definitions\adsrules.dat
c:\program files (x86)\Ad-Aware Antivirus\Definitions\AdviceTx.vdx
c:\program files (x86)\Ad-Aware Antivirus\Definitions\api0.std
c:\program files (x86)\Ad-Aware Antivirus\Definitions\apincl.dat
c:\program files (x86)\Ad-Aware Antivirus\Definitions\apprules.dat
c:\program files (x86)\Ad-Aware Antivirus\Definitions\bhmem.vtd
c:\program files (x86)\Ad-Aware Antivirus\Definitions\bhsl.vtd
c:\program files (x86)\Ad-Aware Antivirus\Definitions\bmem.vtd
c:\program files (x86)\Ad-Aware Antivirus\Definitions\CatDesc.vdx
c:\program files (x86)\Ad-Aware Antivirus\Definitions\CatID.vdx
c:\program files (x86)\Ad-Aware Antivirus\Definitions\cblk.vtd
c:\program files (x86)\Ad-Aware Antivirus\Definitions\cmem.vtd
c:\program files (x86)\Ad-Aware Antivirus\Definitions\cname.wtd
c:\program files (x86)\Ad-Aware Antivirus\Definitions\comp0.std
c:\program files (x86)\Ad-Aware Antivirus\Definitions\Cookies.vdx
c:\program files (x86)\Ad-Aware Antivirus\Definitions\CoreVer.txt
c:\program files (x86)\Ad-Aware Antivirus\Definitions\ctid.vtd
c:\program files (x86)\Ad-Aware Antivirus\Definitions\defs0.std
c:\program files (x86)\Ad-Aware Antivirus\Definitions\DefVer.txt
c:\program files (x86)\Ad-Aware Antivirus\Definitions\dnrl.vdx
c:\program files (x86)\Ad-Aware Antivirus\Definitions\EPSigs.vdx
c:\program files (x86)\Ad-Aware Antivirus\Definitions\FastSigs.vdx
c:\program files (x86)\Ad-Aware Antivirus\Definitions\FileDT.vdx
c:\program files (x86)\Ad-Aware Antivirus\Definitions\FolderDT.vdx
c:\program files (x86)\Ad-Aware Antivirus\Definitions\fsigs.vdx
c:\program files (x86)\Ad-Aware Antivirus\Definitions\hcol.wtd
c:\program files (x86)\Ad-Aware Antivirus\Definitions\heur0.std
c:\program files (x86)\Ad-Aware Antivirus\Definitions\HistoryCleaner.xml
c:\program files (x86)\Ad-Aware Antivirus\Definitions\hstn.vtd
c:\program files (x86)\Ad-Aware Antivirus\Definitions\idsrules.dat
c:\program files (x86)\Ad-Aware Antivirus\Definitions\ih.vdx
c:\program files (x86)\Ad-Aware Antivirus\Definitions\IncompatiblePrograms.dll
c:\program files (x86)\Ad-Aware Antivirus\Definitions\incompats.dat
c:\program files (x86)\Ad-Aware Antivirus\Definitions\ip.vtd
c:\program files (x86)\Ad-Aware Antivirus\Definitions\JSSigs.vdx
c:\program files (x86)\Ad-Aware Antivirus\Definitions\kbu.dat
c:\program files (x86)\Ad-Aware Antivirus\Definitions\kbu.dll
c:\program files (x86)\Ad-Aware Antivirus\Definitions\lgpl.dll
c:\program files (x86)\Ad-Aware Antivirus\Definitions\lib7zip.dll
c:\program files (x86)\Ad-Aware Antivirus\Definitions\libBase64.dll
c:\program files (x86)\Ad-Aware Antivirus\Definitions\libCHM.dll
c:\program files (x86)\Ad-Aware Antivirus\Definitions\libEmail.dll
c:\program files (x86)\Ad-Aware Antivirus\Definitions\libMachoUniv.dll
c:\program files (x86)\Ad-Aware Antivirus\Definitions\libMsCab.dll
c:\program files (x86)\Ad-Aware Antivirus\Definitions\libMsi.dll
c:\program files (x86)\Ad-Aware Antivirus\Definitions\libNSIS.dll
c:\program files (x86)\Ad-Aware Antivirus\Definitions\libOleA.dll
c:\program files (x86)\Ad-Aware Antivirus\Definitions\libRar.dll
c:\program files (x86)\Ad-Aware Antivirus\Definitions\libRTF.dll
c:\program files (x86)\Ad-Aware Antivirus\Definitions\libtd.dll
c:\program files (x86)\Ad-Aware Antivirus\Definitions\libVvs.dll
c:\program files (x86)\Ad-Aware Antivirus\Definitions\libZip.dll
c:\program files (x86)\Ad-Aware Antivirus\Definitions\macroptn.std
c:\program files (x86)\Ad-Aware Antivirus\Definitions\MFastSigs.vdx
c:\program files (x86)\Ad-Aware Antivirus\Definitions\mime0.std
c:\program files (x86)\Ad-Aware Antivirus\Definitions\networkrules.dat
c:\program files (x86)\Ad-Aware Antivirus\Definitions\pack0.std
c:\program files (x86)\Ad-Aware Antivirus\Definitions\patchw32.dll
c:\program files (x86)\Ad-Aware Antivirus\Definitions\qscnf.vdx
c:\program files (x86)\Ad-Aware Antivirus\Definitions\qscnr.vdx
c:\program files (x86)\Ad-Aware Antivirus\Definitions\RegDT.vdx
c:\program files (x86)\Ad-Aware Antivirus\Definitions\rem0.std
c:\program files (x86)\Ad-Aware Antivirus\Definitions\remediation.dll
c:\program files (x86)\Ad-Aware Antivirus\Definitions\RootCA.wtd
c:\program files (x86)\Ad-Aware Antivirus\Definitions\RTmem.vdx
c:\program files (x86)\Ad-Aware Antivirus\Definitions\SBTS.dat
c:\program files (x86)\Ad-Aware Antivirus\Definitions\script0.std
c:\program files (x86)\Ad-Aware Antivirus\Definitions\sdll0.std
c:\program files (x86)\Ad-Aware Antivirus\Definitions\sel.dat
c:\program files (x86)\Ad-Aware Antivirus\Definitions\smim0.std
c:\program files (x86)\Ad-Aware Antivirus\Definitions\ThreatCategoryGlossary.xml
c:\program files (x86)\Ad-Aware Antivirus\Definitions\ThreatCategoryGlossary.xsd
c:\program files (x86)\Ad-Aware Antivirus\Definitions\ThreatDT.vdx
c:\program files (x86)\Ad-Aware Antivirus\Definitions\ThreatID.vdx
c:\program files (x86)\Ad-Aware Antivirus\Definitions\TImem.vdx
c:\program files (x86)\Ad-Aware Antivirus\Definitions\unpck0.std
c:\program files (x86)\Ad-Aware Antivirus\Definitions\updater.dll
c:\program files (x86)\Ad-Aware Antivirus\Definitions\vcore.dll
c:\program files (x86)\Ad-Aware Antivirus\Definitions\VVSSigs.vdx
c:\program files (x86)\Ad-Aware Antivirus\Definitions\WebFilterExceptions.dat
c:\program files (x86)\Ad-Aware Antivirus\Definitions\white.wtd
c:\program files (x86)\Ad-Aware Antivirus\Definitions\white0.std
c:\program files (x86)\Ad-Aware Antivirus\Definitions\whmem.wtd
c:\program files (x86)\Ad-Aware Antivirus\Definitions\whsl.wtd
c:\program files (x86)\Ad-Aware Antivirus\Definitions\wmem.wtd
c:\program files (x86)\Ad-Aware Antivirus\Drivers\amd64\sbapifs.sys
c:\program files (x86)\Ad-Aware Antivirus\Drivers\amd64\SBREDrv.sys
c:\program files (x86)\Ad-Aware Antivirus\Drivers\amd64\wlh\sbfw.sys
c:\program files (x86)\Ad-Aware Antivirus\Drivers\amd64\wlh\sbhips.sys
c:\program files (x86)\Ad-Aware Antivirus\Drivers\amd64\wlh\SBTIS.sys
c:\program files (x86)\Ad-Aware Antivirus\Drivers\amd64\wlh\SBWTIS.sys
c:\program files (x86)\Ad-Aware Antivirus\Drivers\amd64\wnet\sbfw.sys
c:\program files (x86)\Ad-Aware Antivirus\Drivers\amd64\wnet\SbFwIm.sys
c:\program files (x86)\Ad-Aware Antivirus\Drivers\amd64\wnet\SBTIS.sys
c:\program files (x86)\Ad-Aware Antivirus\Drivers\i386\sbaphd.sys
c:\program files (x86)\Ad-Aware Antivirus\Drivers\i386\sbapifs.sys
c:\program files (x86)\Ad-Aware Antivirus\Drivers\i386\sbapifsl.sys
c:\program files (x86)\Ad-Aware Antivirus\Drivers\i386\SBREDrv.sys
c:\program files (x86)\Ad-Aware Antivirus\Drivers\i386\w2k\sbfw.sys
c:\program files (x86)\Ad-Aware Antivirus\Drivers\i386\w2k\SbFwIm.sys
c:\program files (x86)\Ad-Aware Antivirus\Drivers\i386\w2k\SBTIS.sys
c:\program files (x86)\Ad-Aware Antivirus\Drivers\i386\wlh\sbfw.sys
c:\program files (x86)\Ad-Aware Antivirus\Drivers\i386\wlh\sbhips.sys
c:\program files (x86)\Ad-Aware Antivirus\Drivers\i386\wlh\SBTIS.sys
c:\program files (x86)\Ad-Aware Antivirus\Drivers\i386\wlh\SBWTIS.sys
c:\program files (x86)\Ad-Aware Antivirus\Drivers\i386\wxp\SbFwIm.sys
c:\program files (x86)\Ad-Aware Antivirus\Drivers\sbapifs.cat
c:\program files (x86)\Ad-Aware Antivirus\Drivers\sbapifs.inf
c:\program files (x86)\Ad-Aware Antivirus\Drivers\sbapifsl.cat
c:\program files (x86)\Ad-Aware Antivirus\Drivers\sbapx64.cat
c:\program files (x86)\Ad-Aware Antivirus\Drivers\sbfwim.inf
c:\program files (x86)\Ad-Aware Antivirus\Drivers\sbfwim_m.inf
c:\program files (x86)\Ad-Aware Antivirus\Drivers\sbfwim2k.inf
c:\program files (x86)\Ad-Aware Antivirus\Drivers\sbfwim2k_m.inf
c:\program files (x86)\Ad-Aware Antivirus\Drivers\sbfwim64.cat
c:\program files (x86)\Ad-Aware Antivirus\Drivers\sbfwim86.cat
c:\program files (x86)\Ad-Aware Antivirus\Drivers\sbwtis.inf
c:\program files (x86)\Ad-Aware Antivirus\FSSC.dat
c:\program files (x86)\Ad-Aware Antivirus\GFI.Tools.Run64.exe
c:\program files (x86)\Ad-Aware Antivirus\htmlayout.dll
c:\program files (x86)\Ad-Aware Antivirus\IncompatiblePrograms.dll
c:\program files (x86)\Ad-Aware Antivirus\Incompats.dat
c:\program files (x86)\Ad-Aware Antivirus\kbu.dll
c:\program files (x86)\Ad-Aware Antivirus\lavalicense.dll
c:\program files (x86)\Ad-Aware Antivirus\mimepp.dll
c:\program files (x86)\Ad-Aware Antivirus\oeapiinitcom.dll
c:\program files (x86)\Ad-Aware Antivirus\oecom.dll
c:\program files (x86)\Ad-Aware Antivirus\oehook.dll
c:\program files (x86)\Ad-Aware Antivirus\oestore.dll
c:\program files (x86)\Ad-Aware Antivirus\SBAMConfig.bin
c:\program files (x86)\Ad-Aware Antivirus\SBAMOutlook.dll
c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
c:\program files (x86)\Ad-Aware Antivirus\SBAMSvcPS.dll
c:\program files (x86)\Ad-Aware Antivirus\SBAMTray.exe
c:\program files (x86)\Ad-Aware Antivirus\SBAMWsc.exe
c:\program files (x86)\Ad-Aware Antivirus\sbap.dll
c:\program files (x86)\Ad-Aware Antivirus\SBArva.dll
c:\program files (x86)\Ad-Aware Antivirus\SBCA.dll
c:\program files (x86)\Ad-Aware Antivirus\SbFwe.dll
c:\program files (x86)\Ad-Aware Antivirus\SbHips.dll
c:\program files (x86)\Ad-Aware Antivirus\sbipl.dat
c:\program files (x86)\Ad-Aware Antivirus\SBRC.exe
c:\program files (x86)\Ad-Aware Antivirus\SBRE.dll
c:\program files (x86)\Ad-Aware Antivirus\SBSetupDrivers.exe
c:\program files (x86)\Ad-Aware Antivirus\SBTE.dll
c:\program files (x86)\Ad-Aware Antivirus\SBTIS.dll
c:\program files (x86)\Ad-Aware Antivirus\SbWebFilter.dll
c:\program files (x86)\Ad-Aware Antivirus\SpursDownload.dll
c:\program files (x86)\Ad-Aware Antivirus\unrar.dll
c:\program files (x86)\Ad-Aware Antivirus\vipre.dll
c:\program files (x86)\Ad-Aware Antivirus\x32\sbbd.exe
c:\program files (x86)\Ad-Aware Antivirus\x64\SBAMOutlook.dll
c:\program files (x86)\Ad-Aware Antivirus\x64\SBAMSvcPS.dll
c:\program files (x86)\Ad-Aware Antivirus\x64\sbbd.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Ad-Aware Service
-------\Service_SBAMSvc
-------\Service_Ad-Aware Service
-------\Service_SBAMSvc
.
.
((((((((((((((((((((((((( Files Created from 2012-05-12 to 2012-06-12 )))))))))))))))))))))))))))))))
.
.
2012-06-11 01:54 . 2012-06-11 01:54 -------- d-----w- c:\users\jamie desktop\AppData\Roaming\SUPERAntiSpyware.com
2012-06-11 01:54 . 2012-06-11 01:54 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-11 01:54 . 2012-06-11 01:54 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-09 03:45 . 2012-06-09 03:45 -------- d-----w- c:\users\jamie desktop\AppData\Local\AVG Secure Search
2012-06-09 03:45 . 2012-06-09 03:45 -------- d-----w- c:\programdata\AVG Secure Search
2012-06-09 03:44 . 2012-06-09 03:45 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-06-09 03:44 . 2012-06-09 03:44 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-06-09 03:44 . 2012-06-09 03:44 -------- d--h--w- c:\programdata\Common Files
2012-06-09 00:44 . 2012-06-09 00:44 -------- d-----w- c:\program files (x86)\ESET
2012-06-08 21:30 . 2012-06-08 21:33 30496 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-06-08 21:30 . 2012-06-08 21:30 -------- d-----w- c:\programdata\HitmanPro
2012-06-07 23:57 . 2012-06-07 23:57 -------- d-----w- c:\users\jamie desktop\AppData\Roaming\Malwarebytes
2012-06-07 23:57 . 2012-06-07 23:57 -------- d-----w- c:\programdata\Malwarebytes
2012-06-07 23:57 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-07 23:57 . 2012-06-07 23:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-28 14:53 . 2012-05-28 14:53 -------- d-----w- c:\users\jamie desktop\AppData\Local\CRE
2012-05-28 14:52 . 2012-05-28 14:52 -------- d-----w- c:\program files (x86)\Conduit
2012-05-28 14:52 . 2012-05-28 14:52 -------- d-----w- c:\users\jamie desktop\AppData\Local\Conduit
2012-05-28 14:52 . 2012-05-28 14:52 -------- d-----w- c:\program files (x86)\BitTorrentBar2
2012-05-26 16:21 . 2012-05-26 16:25 -------- d-----w- c:\program files (x86)\SpotifyRemotelessHelper
2012-05-26 00:41 . 2012-05-26 00:41 -------- d-----w- c:\users\jamie desktop\AppData\Roaming\Hobbyist Software
2012-05-26 00:40 . 2012-05-26 00:40 -------- d-----w- c:\users\jamie desktop\AppData\Local\Hobbyist_Software
2012-05-26 00:40 . 2012-05-26 00:40 -------- d-----w- c:\program files (x86)\Hobbyist Software
2012-05-26 00:16 . 2012-05-26 00:17 -------- d-----w- c:\users\jamie desktop\AppData\Roaming\avidemux
2012-05-26 00:15 . 2012-05-26 00:15 -------- d-----w- c:\program files (x86)\Avidemux 2.5
2012-05-26 00:08 . 2011-12-19 17:44 60536 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-05-26 00:07 . 2011-12-19 17:44 256632 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-05-26 00:07 . 2011-09-29 17:16 119416 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-05-26 00:07 . 2011-12-19 18:21 45936 ----a-w- c:\windows\system32\sbbd.exe
2012-05-26 00:05 . 2012-05-26 00:15 -------- d-----w- c:\users\jamie desktop\AppData\Roaming\Ad-Aware Antivirus
2012-05-25 22:08 . 2012-05-25 22:08 -------- d-----w- c:\users\jamie desktop\AppData\Local\libimobiledevice
2012-05-22 00:26 . 2012-05-23 22:42 -------- d-----w- c:\users\jamie desktop\Tracing
2012-05-22 00:14 . 2012-05-22 00:14 -------- d-----w- c:\windows\en
2012-05-22 00:11 . 2012-03-08 23:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-05-22 00:07 . 2012-05-22 00:07 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e54c97c11cd37ae02\MeshBetaRemover.exe
2012-05-22 00:07 . 2012-05-22 00:07 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e48e29ab1cd37ae01\DSETUP.dll
2012-05-22 00:07 . 2012-05-22 00:07 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e48e29ab1cd37ae01\DXSETUP.exe
2012-05-22 00:07 . 2012-05-22 00:07 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e48e29ab1cd37ae01\dsetup32.dll
2012-05-21 02:07 . 2012-05-21 02:07 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 10:10 . 2012-04-12 22:09 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 10:10 . 2011-05-17 23:07 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 10:10 . 2012-04-14 18:41 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-19 01:56 . 2012-04-19 01:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 01:56 . 2012-04-19 01:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-03-31 06:05 . 2012-05-12 00:18 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-12 00:18 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-12 00:18 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10 . 2012-05-12 00:18 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 11:35 . 2012-05-12 00:17 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-20 18:11 . 2012-03-01 00:18 162192 ----a-w- c:\windows\system32\mfevtps.exe
2012-03-17 07:58 . 2012-05-12 00:17 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-06-11 22:15 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-12 00:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-12 00:39 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-11 22:15 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-11 22:15 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-12 00:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2012-06-12 00:45 42802 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-24 05:52 . 2012-06-12 00:45 14778 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3926266715-3380694729-1637783024-1001_UserData.bin
+ 2010-09-24 03:28 . 2012-06-12 00:39 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-24 03:28 . 2012-06-11 22:15 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-24 03:28 . 2012-06-11 22:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-24 03:28 . 2012-06-12 00:39 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-11 22:15 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-12 00:39 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-24 05:52 . 2012-06-11 21:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-24 05:52 . 2012-06-12 00:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-24 05:52 . 2012-06-11 21:56 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-24 05:52 . 2012-06-12 00:42 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-24 05:52 . 2012-06-11 21:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-24 05:52 . 2012-06-12 00:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-24 05:52 . 2012-06-11 22:16 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-24 05:52 . 2012-06-12 00:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-25 16:29 . 2012-06-11 22:16 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-25 16:29 . 2012-06-12 00:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-06-12 00:39 . 2012-06-12 00:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-11 22:15 . 2012-06-11 22:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-12 00:39 . 2012-06-12 00:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-11 22:15 . 2012-06-11 22:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{656461ef-40f6-4115-9ff1-bced9812ccbb}"= "c:\program files (x86)\BitTorrentBar2\prxtbBitT.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{656461ef-40f6-4115-9ff1-bced9812ccbb}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{656461ef-40f6-4115-9ff1-bced9812ccbb}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\BitTorrentBar2\prxtbBitT.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-09 03:44 2068536 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{656461ef-40f6-4115-9ff1-bced9812ccbb}"= "c:\program files (x86)\BitTorrentBar2\prxtbBitT.dll" [2011-05-09 176936]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-09 2068536]
.
[HKEY_CLASSES_ROOT\clsid\{656461ef-40f6-4115-9ff1-bced9812ccbb}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\jamie desktop\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\jamie desktop\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\jamie desktop\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Facebook Update"="c:\users\jamie desktop\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-08-17 137536]
"Spotify Web Helper"="c:\users\jamie desktop\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-07 932528]
"RemotelessHelper"="c:\program files (x86)\SpotifyRemotelessHelper\SpotifyRemotelessHelper.exe" [2012-04-26 2315264]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2009-10-19 715776]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-22 1314816]
"Buttons & OSDs control application gen3"="c:\program files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe" [2009-11-17 212992]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-03 98304]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-11-02 928656]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-11-02 3508624]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-09 1104440]
.
c:\users\jamie desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\jamie desktop\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-08 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-08 136176]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [x]
R3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2009-09-11 22072]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 MOBKbackup;McAfee Online Backup Service;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-08-04 232248]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-09 935480]
S3 ACPIService;Buttons and OSDs ACPI driver gen2;c:\windows\system32\DRIVERS\OSDACPI.SYS [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\DRIVERS\hidkmdf.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 NW1950;NextWindow 1950 Touch Screen;c:\windows\system32\DRIVERS\NW1950.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 10:10]
.
2012-06-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3926266715-3380694729-1637783024-1001Core.job
- c:\users\jamie desktop\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-17 18:49]
.
2012-06-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3926266715-3380694729-1637783024-1001UA.job
- c:\users\jamie desktop\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-17 18:49]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-08 21:20]
.
2012-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-08 21:20]
.
2012-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3926266715-3380694729-1637783024-1001Core.job
- c:\users\jamie desktop\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-09 21:20]
.
2012-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3926266715-3380694729-1637783024-1001UA.job
- c:\users\jamie desktop\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-09 21:20]
.
2012-06-03 c:\windows\Tasks\HPCeeScheduleForjamie desktop.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 04:15]
.
2012-05-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\jamie desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\jamie desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\jamie desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\jamie desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-08-04 16:29 4742968 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-08-04 16:29 4742968 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-08-04 16:29 4742968 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
"fssui"="c:\program files (x86)\Windows Live\Family Safety\fsui.exe" [2012-03-08 884584]
"combofix"="c:\combofix\CF14420.3XE" [2010-11-20 345088]
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.] 22:44&v=11.1.0.7&sap=hp
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
FF - ProfilePath - c:\users\jamie desktop\AppData\Roaming\Mozilla\Firefox\Profiles\vj1ii32i.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - cnn.com
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-SBAMSvc
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3926266715-3380694729-1637783024-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3926266715-3380694729-1637783024-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-06-11 19:48:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-12 00:48
ComboFix2.txt 2012-06-11 22:22
.
Pre-Run: 458,312,384,512 bytes free
Post-Run: 458,047,320,064 bytes free
.
- - End Of File - - 8B9FE613974335DB4131411AF0440B01

jamie.wood.52
Novice
Novice

Posts Posts : 21
Joined Joined : 2012-06-09
OS OS : Windows 7
Points Points : 16743
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown malware/virus on Windows 7 PC

Post by jamie.wood.52 on 12th June 2012, 1:28 am

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-11 20:02:01
-----------------------------
20:02:01.826 OS Version: Windows x64 6.1.7601 Service Pack 1
20:02:01.826 Number of processors: 2 586 0x602
20:02:01.842 ComputerName: JAMIEDESKTOP-PC UserName: jamie desktop
20:02:03.793 Initialize success
20:02:47.777 AVAST engine defs: 12061101
20:02:50.197 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000069
20:02:50.199 Disk 0 Vendor: ST375052 HP35 Size: 715404MB BusType: 11
20:02:50.214 Disk 0 MBR read successfully
20:02:50.231 Disk 0 MBR scan
20:02:50.235 Disk 0 Windows 7 default MBR code
20:02:50.242 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:02:50.258 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 649702 MB offset 206911
20:02:50.258 Disk 0 Partition - 00 0F Extended LBA 21000 MB offset 1396334592
20:02:50.273 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12599 MB offset 1439342592
20:02:50.304 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 20999 MB offset 1396336640
20:02:50.341 Disk 0 scanning C:\Windows\system32\drivers
20:03:00.956 Service scanning
20:03:21.840 Modules scanning
20:03:21.867 Disk 0 trace - called modules:
20:03:21.884 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
20:03:21.890 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003da4060]
20:03:21.895 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8003726040]
20:03:21.901 5 amdxata.sys[fffff88000ddf7a8] -> nt!IofCallDriver -> \Device\00000069[0xfffffa8003d91060]
20:03:27.701 AVAST engine scan C:\Windows
20:03:30.064 AVAST engine scan C:\Windows\system32
20:06:23.196 AVAST engine scan C:\Windows\system32\drivers
20:06:34.451 AVAST engine scan C:\Users\jamie desktop
20:12:52.343 AVAST engine scan C:\ProgramData
20:14:28.040 Scan finished successfully
20:27:34.010 Disk 0 MBR has been saved successfully to "C:\Users\jamie desktop\Desktop\MBR.dat"
20:27:34.010 The log file has been saved successfully to "C:\Users\jamie desktop\Desktop\aswMBR.txt"
20:28:15.750 Disk 0 MBR has been saved successfully to "C:\Users\jamie desktop\Desktop\MBR.dat"
20:28:15.755 The log file has been saved successfully to "C:\Users\jamie desktop\Desktop\2aswMBR.txt"


jamie.wood.52
Novice
Novice

Posts Posts : 21
Joined Joined : 2012-06-09
OS OS : Windows 7
Points Points : 16743
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown malware/virus on Windows 7 PC

Post by Superdave on 12th June 2012, 1:37 am

Good job.How's the computer now? Can you boot in Normal Mode? Lavasoft Ad-Aware should be gone now.

Please download [You must be registered and logged in to see this link.] and Save it to your desktop.

  • Double click it to start the tool.Vista and Windows7 run as administrator.
  • Click Scan.
  • Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown malware/virus on Windows 7 PC

Post by jamie.wood.52 on 12th June 2012, 3:42 pm

Everything seems to be working great now. Speed is back to normal. However, I have a few issues still.

1. I couldn't get the Rooter to scan. It sat overnight and still said "Please Wait..." in the morning. When I attempted to run the program again this morning, a window popped up that said "Windows Installer: Attempting to install Ad Aware Antivirus" I canceled the install as I didn't prompt that to happen and didn't know whether to trust it or not.

2. I also have 2 new documents on my desktop. They are transparents compared to the other files on my desktop . I don't recognize what they are either. They are labeled:
"~$ood Resume.txt
~$ood Resume.rtf"

Do you know anything about these?

jamie.wood.52
Novice
Novice

Posts Posts : 21
Joined Joined : 2012-06-09
OS OS : Windows 7
Points Points : 16743
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown malware/virus on Windows 7 PC

Post by Superdave on 12th June 2012, 7:28 pm

I also have 2 new documents on my desktop. They are transparents compared to the other files on my desktop . I don't recognize what they are either. They are labeled:
"~$ood Resume.txt
~$ood Resume.rtf"
If you can't open them to see what's inside, delete them. Just drag them to the Recycling bin.

Please download the [You must be registered and logged in to see this link.] and save it to your desktop.

You will need to enter your name, e-mail address and location in order to access the download page.


  • Once you have downloaded the file, double click the sarsfx icon
  • Review the licence agreement and click on the Accept button
  • The scanner will prompt you to extract the files to C:\SOPHTEMP - DO NOT change this location, simply click the Install button

  • Once the files have been extracted; using Windows Explorer, navigate to C:\SOPHTEMP and double click on the blue shield icon called sargui
  • Ensure that there are checkmarks next to Running processes, Windows registry and Local hard drives, then click Start scan
  • Allow the program to scan your computer - please be patient as it may take some time
  • Once the scan has completed a window will pop-up with the results of the scan - click OK to this
  • In the main window, you will see each of the entries found by the scan (if any)

    • If the scanner generated any warning messages, please click on each warning and copy and paste the text of it into this thread for me to review
    • Once you have posted any warning messages here, you can close the scanner and wait for me to get back to you

  • If you have not had any warnings, any entries which can be cleaned up by the scanner will have a box with a green checkmark in it next to the entry
  • To clean up these entries click on the Clean up checked items button
  • If you accidentally check a file NOT recommended for clean up, you will get a warning message and if necessary can re-select the entries you want to clean up
  • Once you have cleaned the selected files, you will be prompted to re-boot your computer - please do so
  • When you have re-booted,and tell me how your computer is running now

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown malware/virus on Windows 7 PC

Post by jamie.wood.52 on 12th June 2012, 10:25 pm

Do you have another link to download that from? The site keeps giving me a runtime error message.


Server Error in '/' Application.

Runtime Error

Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.

Details: To enable the details of this specific error message to be viewable on remote machines, please create a tag within a "web.config" configuration file located in the root directory of the current web application. This tag should then have its "mode" attribute set to "Off".










Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's configuration tag to point to a custom error page URL.










jamie.wood.52
Novice
Novice

Posts Posts : 21
Joined Joined : 2012-06-09
OS OS : Windows 7
Points Points : 16743
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown malware/virus on Windows 7 PC

Post by Superdave on 12th June 2012, 10:35 pm

Can you download it on another computer and transfer it to your computer using a CD or memory stick?

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown malware/virus on Windows 7 PC

Post by jamie.wood.52 on 12th June 2012, 11:54 pm

I tried to access the page on another computer and got the same error. I've tried with three different browsers as well.

jamie.wood.52
Novice
Novice

Posts Posts : 21
Joined Joined : 2012-06-09
OS OS : Windows 7
Points Points : 16743
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown malware/virus on Windows 7 PC

Post by Superdave on 13th June 2012, 12:17 am

I tried to access the page on another computer and got the same error. I've tried with three different browsers as well.
That is really weird because the link works for me. Are those other computers on the same modem?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
[You must be registered and logged in to see this link.]
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown malware/virus on Windows 7 PC

Post by jamie.wood.52 on 13th June 2012, 2:00 pm

Yeah they're all on the same network. I'll try resetting my router tonight and let you know if that works. I don't really have many other options.

online scan results:

C:\Users\jamie desktop\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\5d149be1-77e6353a a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Users\jamie desktop\Desktop\Setup.exe probably a variant of Win32/Adware.iBryte.B application cleaned by deleting - quarantined

jamie.wood.52
Novice
Novice

Posts Posts : 21
Joined Joined : 2012-06-09
OS OS : Windows 7
Points Points : 16743
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown malware/virus on Windows 7 PC

Post by Superdave on 13th June 2012, 6:46 pm

In the meantime, we can do some cleanup.

To uninstall ComboFix


  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall




(Note: Make sure there's a space between the word ComboFix and the forward-slash.)


  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

***************************************************
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
***************************************************
Clean out your temporary internet files and temp files.

Download [You must be registered and logged in to see this link.] to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown malware/virus on Windows 7 PC

Post by jamie.wood.52 on 13th June 2012, 10:38 pm

I'm running the Sophos Virus Removal Tool now.

Some things seem different from your step by step directions.

Installer prompted me to extract the files to:
c:\program files (x86)\Sophos\Sophos Virus Removal Tool\

instead of c:\SophTemp

There also weren't any windows, but the scan would pause and prompt me to remove threats immediately instead of deleting or quarantining them at the end.

Just thought you should know in case I did something wrong or they've changed this tool recently.

jamie.wood.52
Novice
Novice

Posts Posts : 21
Joined Joined : 2012-06-09
OS OS : Windows 7
Points Points : 16743
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown malware/virus on Windows 7 PC

Post by Superdave on 13th June 2012, 11:36 pm

Some things seem different from your step by step directions
I know. My speech needs to be updated which I will get to sometime.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown malware/virus on Windows 7 PC

Post by jamie.wood.52 on 14th June 2012, 2:00 am

I tried to post the findings from the Sophos scan, but I had to type it out myself because I couldn't figure out a way to copy it over. Then I closed the scan, and hit send and the site made me log in again, which lost everything I had typed out. Unless you know a way to recover the log from the scan I just ran, I don't know what to tell you other than the only thing found was something described as a Trojan and it mentioned java. Sorry

jamie.wood.52
Novice
Novice

Posts Posts : 21
Joined Joined : 2012-06-09
OS OS : Windows 7
Points Points : 16743
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown malware/virus on Windows 7 PC

Post by Superdave on 14th June 2012, 7:29 pm

That's ok. Is your computer working well now?

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown malware/virus on Windows 7 PC

Post by jamie.wood.52 on 14th June 2012, 8:54 pm

Everything is working great now. Is there anything else you think I should do?

jamie.wood.52
Novice
Novice

Posts Posts : 21
Joined Joined : 2012-06-09
OS OS : Windows 7
Points Points : 16743
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown malware/virus on Windows 7 PC

Post by Superdave on 14th June 2012, 10:33 pm

That's it. Just continue with the cleanup I gave you previously and read this:

Go to [You must be registered and logged in to see this link.] and get all critical updates.

----------

I suggest using [You must be registered and logged in to see this link.]. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

[You must be registered and logged in to see this link.]- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* [You must be registered and logged in to see this link.] from Spyware and Malware
* If you don't know what ActiveX controls are, see [You must be registered and logged in to see this link.]

Protect yourself against spyware using the Immunize feature in [You must be registered and logged in to see this link.] Guide: [You must be registered and logged in to see this link.] to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. [You must be registered and logged in to see this link.]

Check out [You must be registered and logged in to see this link.] for tips and free tools to help keep you safe in the future.

Also see [You must be registered and logged in to see this link.] for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown malware/virus on Windows 7 PC

Post by jamie.wood.52 on 15th June 2012, 1:39 am

"In the meantime, we can do some cleanup.

To uninstall ComboFix


Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
In the field, type in ComboFix /uninstall




(Note: Make sure there's a space between the word ComboFix and the forward-slash.)


Then, press Enter, or click OK.
This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

***************************************************
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

Click the CleanUp button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
***************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning."

I did this and restarted, now I cannot connect to the Internet from that computer. actually, I can connect if I login with the windows 8 consumer preview that I installed on to a separate partition of my hard drive, but not from the windows 7 partition that I've been having problems with. All other devices connect to my router just fine. Windows troubleshoot is saying that my ip address is invalid. Is this related to the cleanup process? Possibly TFC?

jamie.wood.52
Novice
Novice

Posts Posts : 21
Joined Joined : 2012-06-09
OS OS : Windows 7
Points Points : 16743
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown malware/virus on Windows 7 PC

Post by Superdave on 15th June 2012, 7:39 pm

I doubt that was from the cleanup. I would suspect that it has something to do with the Windows 8 preview.

Please download [You must be registered and logged in to see this link.] to Desktop and run it.



Checkmark the following boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • List content of Hosts
  • List IP Configuration
  • Lst Last 10 Event Viewer Errors
  • List Users, Partitions and Memory Size


Click Go and copy/paste the log (Result.txt) into your next post.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown malware/virus on Windows 7 PC

Post by jamie.wood.52 on 16th June 2012, 2:50 am

MiniToolBox by Farbar Version: 09-06-2012
Ran by jamie desktop (administrator) on 15-06-2012 at 21:49:32
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Nerwork
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

802.11n Wireless LAN Card = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global
set subinterface interface=?+$ subinterface=wireless_0 mtu=1500
add address name="Local Area Connection" address=192.168.137.1 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : jamiedesktop-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.mn.comcast.net.

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : hsd1.mn.comcast.net.
Description . . . . . . . . . . . : 802.11n Wireless LAN Card
Physical Address. . . . . . . . . : 00-26-82-6B-A6-ED
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::792d:3ed1:9770:c9b7%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.127(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, June 15, 2012 9:36:58 PM
Lease Expires . . . . . . . . . . : Saturday, June 16, 2012 9:36:58 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 201336450
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-8D-A9-EF-00-1F-C6-FD-A2-7C
DNS Servers . . . . . . . . . . . : 75.75.76.76
75.75.75.75
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 70-71-BC-10-ED-71
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{0D324A22-FD2D-4332-9110-6E3B165C3B27}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{B7128D26-538B-4FC8-BC91-D8E936E7F41C}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: cdns02.comcast.net
Address: 75.75.76.76

Name: google.com
Addresses: 2607:f8b0:4009:802::1004
74.125.225.103
74.125.225.96
74.125.225.101
74.125.225.99
74.125.225.104
74.125.225.110
74.125.225.105
74.125.225.98
74.125.225.100
74.125.225.97
74.125.225.102


Pinging google.com [74.125.225.32] with 32 bytes of data:
Reply from 74.125.225.32: bytes=32 time=420ms TTL=55
Reply from 74.125.225.32: bytes=32 time=20ms TTL=55

Ping statistics for 74.125.225.32:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 20ms, Maximum = 420ms, Average = 220ms
Server: cdns02.comcast.net
Address: 75.75.76.76

DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 209.191.122.70
98.139.183.24
72.30.38.140


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=139ms TTL=51
Reply from 98.139.183.24: bytes=32 time=58ms TTL=50

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 58ms, Maximum = 139ms, Average = 98ms
Server: cdns02.comcast.net
Address: 75.75.76.76

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...00 26 82 6b a6 ed ......802.11n Wireless LAN Card
10...70 71 bc 10 ed 71 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.127 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.127 281
192.168.1.127 255.255.255.255 On-link 192.168.1.127 281
192.168.1.255 255.255.255.255 On-link 192.168.1.127 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.127 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.127 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 281 fe80::/64 On-link
11 281 fe80::792d:3ed1:9770:c9b7/128
On-link
1 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/14/2012 07:54:17 PM) (Source: Google Update) (User: jamie desktop)jamie desktop
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (06/14/2012 00:39:16 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/13/2012 11:45:56 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {e8e16189-62b0-4c55-9f5c-ce72bd6c02de}

Error: (06/13/2012 11:45:11 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {e8e16189-62b0-4c55-9f5c-ce72bd6c02de}

Error: (06/13/2012 11:34:22 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (06/13/2012 10:23:53 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (06/13/2012 05:29:41 PM) (Source: MsiInstaller) (User: jamie desktop)jamie desktop
Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.

Error: (06/13/2012 05:29:39 PM) (Source: MsiInstaller) (User: jamie desktop)jamie desktop
Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.

Error: (06/13/2012 05:29:11 PM) (Source: MsiInstaller) (User: jamie desktop)jamie desktop
Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.

Error: (06/13/2012 11:40:55 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5007


System errors:
=============
Error: (06/15/2012 09:49:46 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/15/2012 09:49:46 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/15/2012 09:49:46 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/15/2012 09:49:45 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/15/2012 09:49:45 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/15/2012 09:49:45 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/15/2012 09:49:45 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/15/2012 09:49:45 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/15/2012 09:49:45 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/15/2012 09:49:45 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (06/14/2012 07:54:17 PM) (Source: Google Update)(User: jamie desktop)jamie desktop
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (06/14/2012 00:39:16 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (06/13/2012 11:45:56 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {e8e16189-62b0-4c55-9f5c-ce72bd6c02de}

Error: (06/13/2012 11:45:11 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {e8e16189-62b0-4c55-9f5c-ce72bd6c02de}

Error: (06/13/2012 11:34:22 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (06/13/2012 10:23:53 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (06/13/2012 05:29:41 PM) (Source: MsiInstaller)(User: jamie desktop)jamie desktop
Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/13/2012 05:29:39 PM) (Source: MsiInstaller)(User: jamie desktop)jamie desktop
Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/13/2012 05:29:11 PM) (Source: MsiInstaller)(User: jamie desktop)jamie desktop
Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/13/2012 11:40:55 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5007


========================= Memory info: ===================================

Percentage of memory in use: 20%
Total physical RAM: 3839.24 MB
Available physical RAM: 3039.92 MB
Total Pagefile: 7676.68 MB
Available Pagefile: 6853.14 MB
Total Virtual: 4095.88 MB
Available Virtual: 3967.36 MB

========================= Partitions: =====================================

1 Drive c: (HP) (Fixed) (Total:634.48 GB) (Free:427.72 GB) NTFS
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.3 GB) (Free:1.73 GB) NTFS
5 Drive i: (ESD-USB) (Removable) (Total:31.23 GB) (Free:28.42 GB) FAT32
6 Drive j: (Windows 8) (Fixed) (Total:20.51 GB) (Free:4.37 GB) NTFS

========================= Users: ========================================

User accounts for \\JAMIEDESKTOP-PC

Administrator Guest jamie desktop


**** End of log ****

jamie.wood.52
Novice
Novice

Posts Posts : 21
Joined Joined : 2012-06-09
OS OS : Windows 7
Points Points : 16743
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown malware/virus on Windows 7 PC

Post by Superdave on 16th June 2012, 7:39 pm

Still can't connect?

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown malware/virus on Windows 7 PC

Post by jamie.wood.52 on 16th June 2012, 8:38 pm

It works this morning. Strangely enough, Comcast was blocking my IP address claiming that I wasn't paying for internet service but I set them straight. Everything seems back to normal, thanks again for all your help.

jamie.wood.52
Novice
Novice

Posts Posts : 21
Joined Joined : 2012-06-09
OS OS : Windows 7
Points Points : 16743
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown malware/virus on Windows 7 PC

Post by Superdave on 16th June 2012, 10:10 pm

You're welcome. Have a great summer.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum