Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
3 threats reappear
Message
<blockquote data-quote="hweinze" data-source="post: 126160" data-attributes="member: 9213"><p>Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-06-2013 02</p><p>Ran by Administrator (administrator) on 26-06-2013 16:37:17</p><p>Running from J:\</p><p>Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)</p><p>Internet Explorer Version 8</p><p>Boot Mode: Safe Mode (minimal)</p><p></p><p>==================== Processes (Whitelisted) ===================</p><p></p><p>(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe</p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>HKLM\...\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe [118784 2004-11-17] (Alps Electric Co., Ltd.)</p><p>HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [1821576 2011-08-01] (Microsoft Corporation)</p><p>HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)</p><p>HKLM\...\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" [135536 2010-12-13] (Microsoft Corporation)</p><p>HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2011-12-08] (Apple Inc.)</p><p>HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)</p><p>HKLM\...\Run: [SlipStream] "C:\Program Files\Accelerator\slipcore.exe" [339968 2007-11-14] (SlipStream Data Inc.)</p><p>HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-04] (Adobe Systems Incorporated)</p><p>HKLM\...\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)</p><p>HKLM\...\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)</p><p>HKLM\...\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)</p><p>HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)</p><p>HKLM\...\Run: [TaskTray] [x]</p><p>HKLM\...\Runonce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAC0AQQAzAFoAOAA4AC0ANgBHAEIASgBLAC0ANgBSAFcARwBBAC0AQQBNAEgAOQBQAC0AVgBBAFkAVgBIAA"&"inst=NwA2AC0AMQAyADYANAAxADIANwA4ADcAOQAtAEIAMQA5AC0AUABMACsAOQAtAFUAOQAwACsAMQAtAFgATwAzADYAKwAxAC0ATgAxAEQAKwAxAC0ARABEAFQAKwAwAC0AUwBUADkAMABBAFAAUAArADEALQBDAEkARAArADEALQBJAEEAVgBBACsANgA"&"prod=92"&"ver=9.0.914 [x]</p><p>Winlogon\Notify\VESWinlogon: VESWinlogon.dll (Sony Corporation)</p><p>Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)</p><p>HKCU\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB [x]</p><p>HKCU\...\Run: [AVG-Secure-Search-Update_JUNE2013_HP] "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe" /PROMPT /CMPID=JUNE2013_HP [x]</p><p>HKCU\...\Runonce: [avg_spchecker] "C:\Program Files\AVG\AVG9\Notification\SPChecker1.exe" /start [x]</p><p>HKCU\...\Runonce: [spchecker] "C:\Program Files\AVG\AVG10\Notification\SPCheckerTE.exe" [x]</p><p>HKU\Guest\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [ 2008-04-13] (Microsoft Corporation)</p><p>HKU\Guest\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [ 2012-04-18] (Apple Inc.)</p><p>HKU\Guest\...\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [x]</p><p>HKU\Guest\...\RunOnce: [avg_spchecker] "C:\Program Files\AVG\AVG9\Notification\SPChecker1.exe" /start [x]</p><p>Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\_uninst_.lnk</p><p>ShortcutTarget: _uninst_.lnk -> C:\Documents and Settings\Administrator\Local Settings\Temp\_uninst_.bat ()</p><p>Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk</p><p>ShortcutTarget: Windows Desktop Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)</p><p>SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)</p><p>BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople</p><p>HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank</p><p>URLSearchHook: (No Name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - No File</p><p>URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll (America Online, Inc.)</p><p>SearchScopes: HKCU - DefaultScope value is missing.</p><p>BHO: ElnkBhoGuard Class - {00000000-0000-0000-0000-000000000002} - C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll ()</p><p>BHO: ElnkScamBHO Class - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll ()</p><p>BHO: Accelerator Plugin - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRA~1\PEOPLE~1\PRPL_I~1.DLL No File</p><p>BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()</p><p>BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)</p><p>BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)</p><p>BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Accelerator\components\NOWImaging.dll (SlipStream Data Inc.)</p><p>BHO: Prefetch - {A66AA08A-9BF0-4e87-99E6-6972731D6B99} - C:\Program Files\Accelerator\Prefetch.dll (SlipStream Data Inc.)</p><p>BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)</p><p>BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)</p><p>BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)</p><p>Toolbar: HKLM - Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()</p><p>DPF: {0000000A-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB</p><p>DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB</p><p>DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab</p><p>DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/da2/PCPitStop2.cab</p><p>Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - No File</p><p>Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)</p><p>Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)</p><p>Handler: ipp - No CLSID Value - </p><p>Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)</p><p>Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)</p><p>Handler: msdaipp - No CLSID Value - </p><p>Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)</p><p>Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)</p><p>Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)</p><p>ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [294400 2007-02-05] (Microsoft Corporation)</p><p>Tcpip\Parameters: [DhcpNameServer] 192.168.1.254</p><p></p><p>Chrome: </p><p>=======</p><p>CHR HomePage: hxxp://search.conduit.com/?CUI=UN38232825761350914&ctid=CT3281348&SearchSource=48</p><p>CHR RestoreOnStartup: "https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/?ui%3D2%26shva%3D1&ss=1&scc=1&ltmpl=default&ltmplcache=2#inbox", "https://www.google.com/webhp?hl=en&tab=mw", "hxxp://us.cnn.com/?refresh=1", "hxxp://malwaretips.com/blogs/remove-browser-redirect-virus/"</p><p>CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite117" alt=":eek:" title="Eek! :eek:" loading="lazy" data-shortname=":eek:" />riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}</p><p>CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}</p><p>CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()</p><p>CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer</p><p>CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()</p><p>CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll ()</p><p>CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)</p><p>CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)</p><p>CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)</p><p>CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)</p><p>CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)</p><p>CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)</p><p>CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)</p><p>CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)</p><p>CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)</p><p>CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)</p><p>CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)</p><p>CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)</p><p>CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)</p><p>CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)</p><p>CHR Plugin: (RealNetworks Rhapsody Player Engine) - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)</p><p>CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)</p><p>CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()</p><p>CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)</p><p>CHR Extension: (Easy Auto Refresh) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc\2.8_0</p><p>CHR Extension: (Duolingo) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl\1.0.10_0</p><p>CHR Extension: (Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0</p><p>CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0</p><p>CHR Extension: (WOT) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.12_0</p><p>CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0</p><p>CHR Extension: (Adblock Plus) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0</p><p>CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0</p><p>CHR Extension: (Calc SS3) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iicfbobganffbpdodmdcbcpblomkbeoa\0.9.98_0</p><p>CHR Extension: (WebMD) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lbilgpfclhedobeklbolhgbfpimnoemg\1.0.0.0_0</p><p>CHR Extension: (Skype Click to Call) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.7.0.12055_0</p><p>CHR Extension: (Quick Note) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok\1.4.8_0</p><p>CHR Extension: (Ghostery) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.2_0</p><p>CHR Extension: (FastestChrome - Browse Faster) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\7.2.1_0</p><p>CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0</p><p></p><p>========================== Services (Whitelisted) =================</p><p></p><p>S2 6to4; C:\Windows\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation)</p><p>S2 Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [100032 2006-07-25] (Symantec Corporation)</p><p>S2 avgfws; C:\Program Files\AVG\AVG2013\avgfws.exe [1428472 2013-04-10] (AVG Technologies CZ, s.r.o.)</p><p>S2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)</p><p>S2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)</p><p>S2 gupdate1c987422b32f662; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-04] (Google Inc.)</p><p>S3 ICDSPTSV; C:\WINDOWS\system32\IcdSptSv.exe [94208 2008-11-22] (Sony Corporation)</p><p>S3 Image Converter video recording monitor for VAIO Entertainment; C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [32768 2005-07-14] (Sony Corporation)</p><p>S2 IsaMonitor; C:\Program Files\Asistente Infinitum\IsaMonitor.exe [185856 2008-07-23] (Fine Point Technologies, Inc.)</p><p>S3 LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2119360 2006-07-25] (Symantec Corporation)</p><p>S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)</p><p>S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)</p><p>S2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)</p><p>S2 MSSQL$VAIO_VEDB; C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation)</p><p>S2 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation)</p><p>S2 NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2008-10-20] ()</p><p>S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2008-09-08] (Sonic Solutions)</p><p>S2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [937984 2006-07-02] (Intel Corporation )</p><p>S2 SonicStageMonitoring; C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe [135168 2005-03-11] (Sony Corporation)</p><p>S3 SophosVirusRemovalTool; C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [153080 2013-04-19] (Sophos Limited)</p><p>S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69718 2006-04-27] (Sony Corporation)</p><p>S2 SQLAgent$VAIO_VEDB; C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation)</p><p>S3 SSScsiSV; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [69632 2006-05-08] (Sony Corporation)</p><p>S2 Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [1251720 2008-05-03] ()</p><p>S2 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2005-11-25] (Sony Corporation)</p><p>S3 VAIOMediaPlatform-IntegratedServer-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2084864 2006-06-13] (Sony Corporation)</p><p>S3 VAIOMediaPlatform-IntegratedServer-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [770048 2006-05-18] (Sony Corporation)</p><p>S2 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [274432 2006-04-04] (Sony Corporation)</p><p>S2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [167936 2005-11-28] (Sony Corporation)</p><p>S2 VzFw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [135168 2005-11-28] (Sony Corporation)</p><p>S3 WmcCds; c:\program files\windows media connect\mswmccds.exe [483328 2004-08-11] (Microsoft Corporation)</p><p>S3 WmcCdsLs; C:\Program Files\Windows Media Connect\mswmcls.exe [28160 2004-08-10] (Microsoft Corporation)</p><p>S2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]</p><p>S3 Roxio UPnP Renderer 11; "C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe" [x]</p><p>S3 VAIOMediaPlatform-IntegratedServer-HTTP; "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP" [x]</p><p>S3 VAIOMediaPlatform-Mobile-Gateway; "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server" [x]</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>S2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21419 2006-09-01] (Meetinghouse Data Communications)</p><p>S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [106432 2010-06-09] (SlySoft, Inc.)</p><p>S3 ASPI; C:\WINDOWS\System32\DRIVERS\ASPI32.sys [16512 2002-07-17] (Adaptec)</p><p>S1 ASPI32; C:\Windows\System32\Drivers\ASPI32.sys [16512 2002-07-17] (Adaptec)</p><p>S3 Avgfwdx; C:\Windows\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)</p><p>S3 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)</p><p>S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-03-29] (AVG Technologies CZ, s.r.o.)</p><p>R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-02-08] (AVG Technologies CZ, s.r.o.)</p><p>S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-03-01] (AVG Technologies CZ, s.r.o.)</p><p>S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [170808 2013-02-08] (AVG Technologies CZ, s.r.o.)</p><p>R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [245048 2013-02-08] (AVG Technologies CZ, s.r.o.)</p><p>R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-02-08] (AVG Technologies CZ, s.r.o.)</p><p>R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-02-08] (AVG Technologies CZ, s.r.o.)</p><p>S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.)</p><p>S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)</p><p>S3 cpuz135; C:\Program Files\CPUID\PC Wizard 2012\pcwiz_x32.sys [24328 2012-02-07] (CPUID)</p><p>S1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [26024 2010-01-01] (Elaborate Bytes AG)</p><p>S2 fssfltr; C:\Windows\System32\DRIVERS\fssfltr_tdi.sys [54752 2009-08-05] (Microsoft Corporation)</p><p>S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [57800 2009-10-22] (FTDI Ltd.)</p><p>R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows (R) Server 2003 DDK provider)</p><p>S3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [208256 2006-07-24] (Conexant Systems, Inc.)</p><p>S3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [990592 2006-07-24] (Conexant Systems, Inc.)</p><p>S3 ICDUSB3; C:\Windows\System32\Drivers\ICDUSB3.sys [11264 2008-08-18] (Sony Corporation)</p><p>S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)</p><p>S2 MDC8021X; C:\Windows\System32\DRIVERS\mdc8021x.sys [15781 2005-02-24] (Meetinghouse Data Communications)</p><p>S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)</p><p>S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)</p><p>S3 NETw3x32; C:\Windows\System32\DRIVERS\NETw3x32.sys [1706752 2006-07-02] (Intel® Corporation)</p><p>S3 NETwLx32; C:\Windows\System32\DRIVERS\NETwLx32.sys [6609920 2010-10-07] (Intel Corporation)</p><p>R3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21784 2011-08-01] (Microsoft Corporation)</p><p>S3 pfc; C:\Windows\System32\drivers\pfc.sys [21248 2003-09-19] (Padus, Inc.)</p><p>S1 RapportCerberus_53984; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus32_53984.sys [317424 2013-06-23] ()</p><p>S1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [102680 2013-02-13] (Trusteer Ltd.)</p><p>S1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [173880 2013-02-13] (Trusteer Ltd.)</p><p>S4 RxFilter; C:\Windows\System32\DRIVERS\RxFilter.sys [57328 2008-09-08] (Sonic Solutions)</p><p>S2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [12544 2006-07-03] (Intel Corporation)</p><p>S3 SCT_SKMScan; C:\Windows\System32\drivers\sct_skmscan.sys [33096 2012-10-12] (Sophos Limited)</p><p>S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)</p><p>R3 SNC; C:\Windows\System32\Drivers\SonyNC.sys [48896 2000-11-09] (Sony Corporation)</p><p>S0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-03-09] (Duplex Secure Ltd.)</p><p>S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)</p><p>S2 symlcbrd; C:\WINDOWS\system32\drivers\symlcbrd.sys [10344 2006-09-15] (Symantec Corporation)</p><p>S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25216 2008-01-30] (The OpenVPN Project)</p><p>S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2010-09-22] (AnchorFree Inc)</p><p>S1 Tcpip6; C:\Windows\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)</p><p>S2 thdudf; C:\Windows\System32\DRIVERS\thdudf.sys [66944 2010-06-21] (TOSHIBA Corporation)</p><p>S3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [226304 2006-02-21] (Texas Instruments)</p><p>S3 ubloxusb; C:\Windows\System32\DRIVERS\ubloxusb.sys [71424 2007-11-27] (u-blox AG)</p><p>S3 w300bus; C:\Windows\System32\DRIVERS\w300bus.sys [60800 2006-03-13] (MCCI)</p><p>S3 w300mdfl; C:\Windows\System32\DRIVERS\w300mdfl.sys [9264 2006-03-13] (MCCI)</p><p>S3 w300mdm; C:\Windows\System32\DRIVERS\w300mdm.sys [96352 2006-03-13] (MCCI)</p><p>S3 w300mgmt; C:\Windows\System32\DRIVERS\w300mgmt.sys [87824 2006-03-13] (MCCI)</p><p>S3 w300obex; C:\Windows\System32\DRIVERS\w300obex.sys [85696 2006-03-13] (MCCI)</p><p>S3 wceusbsh; C:\Windows\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation)</p><p>S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)</p><p>S3 yukonwxp; C:\Windows\System32\DRIVERS\yk51x86.sys [299424 2012-03-27] (Marvell)</p><p>S4 Abiosdsk; No ImagePath</p><p>S4 abp480n5; No ImagePath</p><p>S4 adpu160m; No ImagePath</p><p>S4 Aha154x; No ImagePath</p><p>S4 aic78u2; No ImagePath</p><p>S4 aic78xx; No ImagePath</p><p>S4 AliIde; No ImagePath</p><p>S4 amsint; No ImagePath</p><p>S4 asc; No ImagePath</p><p>S4 asc3350p; No ImagePath</p><p>S4 asc3550; No ImagePath</p><p>S4 Atdisk; No ImagePath</p><p>S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [x]</p><p>S3 BlueletSCOAudio; system32\DRIVERS\BlueletSCOAudio.sys [x]</p><p>S3 BT; system32\DRIVERS\btnetdrv.sys [x]</p><p>S3 Btcsrusb; System32\Drivers\btcusb.sys [x]</p><p>S0 BTHidEnum; System32\Drivers\vbtenum.sys [x]</p><p>S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [x]</p><p>S4 cd20xrnt; No ImagePath</p><p>S1 Changer; No ImagePath</p><p>S4 CmdIde; No ImagePath</p><p>S4 Cpqarray; No ImagePath</p><p>U4 dac2w2k; No ImagePath</p><p>S4 dac960nt; No ImagePath</p><p>S4 dpti2o; No ImagePath</p><p>S3 FilterService; system32\DRIVERS\lvuvcflt.sys [x]</p><p>S4 hpn; No ImagePath</p><p>S1 i2omgmt; No ImagePath</p><p>S4 i2omp; No ImagePath</p><p>S4 ini910u; No ImagePath</p><p>S4 IntelIde; No ImagePath</p><p>S1 lbrtfdc; No ImagePath</p><p>S3 LVRS; system32\DRIVERS\lvrs.sys [x]</p><p>S3 LVUSBSta; system32\drivers\LVUSBSta.sys [x]</p><p>S3 LVUVC; system32\DRIVERS\lvuvc.sys [x]</p><p>S4 mraid35x; No ImagePath</p><p>S1 PCIDump; No ImagePath</p><p>S3 PDCOMP; No ImagePath</p><p>S3 PDFRAME; No ImagePath</p><p>S3 PDRELI; No ImagePath</p><p>S3 PDRFRAME; No ImagePath</p><p>S4 perc2; No ImagePath</p><p>S4 perc2hib; No ImagePath</p><p>S4 ql1080; No ImagePath</p><p>S4 Ql10wnt; No ImagePath</p><p>S4 ql12160; No ImagePath</p><p>S4 ql1240; No ImagePath</p><p>S4 ql1280; No ImagePath</p><p>S4 Simbad; No ImagePath</p><p>S4 Sparrow; No ImagePath</p><p>S4 symc810; No ImagePath</p><p>S4 symc8xx; No ImagePath</p><p>S4 sym_hi; No ImagePath</p><p>S4 sym_u3; No ImagePath</p><p>S4 TosIde; No ImagePath</p><p>S4 ultra; No ImagePath</p><p>S3 VComm; system32\DRIVERS\VComm.sys [x]</p><p>S3 VcommMgr; System32\Drivers\VcommMgr.sys [x]</p><p>S4 ViaIde; No ImagePath</p><p>S3 WDICA; No ImagePath</p><p>U1 WS2IFSL; </p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)</p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>2013-06-26 13:36 - 2013-06-26 13:36 - 00000000 ____D C:\FRST</p><p>2013-06-26 13:21 - 2013-06-26 13:21 - 00000000 ____D C:\Program Files\Driver-Soft</p><p>2013-06-25 20:57 - 2013-06-25 21:01 - 00000000 ____D C:\Windows\LastGood</p><p>2013-06-24 18:14 - 2013-06-25 21:00 - 00005079 ____A C:\Windows\setupapi.log</p><p>2013-06-24 13:52 - 2013-06-24 13:53 - 00001795 ____A C:\AdwCleaner[S3].txt</p><p>2013-06-23 09:56 - 2013-06-23 09:56 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe</p><p>2013-06-23 09:56 - 2013-06-23 09:56 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe</p><p>2013-06-23 09:56 - 2013-06-23 09:56 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe</p><p>2013-06-23 09:56 - 2013-06-23 09:56 - 00144896 ____A (Oracle Corporation) C:\Windows\System32\javacpl.cpl</p><p>2013-06-23 09:56 - 2013-06-23 09:56 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll</p><p>2013-06-22 07:04 - 2013-06-22 07:41 - 00001128 ____A C:\Documents and Settings\All Users\Desktop\My LastPass Vault.lnk</p><p>2013-06-22 07:04 - 2013-06-22 07:41 - 00000000 ____D C:\Program Files\LastPass</p><p>2013-06-21 20:41 - 2013-06-21 20:43 - 00006954 ____A C:\AdwCleaner[S2].txt</p><p>2013-06-21 13:30 - 2013-06-21 13:41 - 00000000 ____D C:\pebuilder3110a</p><p>2013-06-20 18:39 - 2013-06-21 21:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)</p><p>2013-06-20 10:41 - 2013-06-20 10:41 - 00000000 ____D C:\RegBackup</p><p>2013-06-20 10:39 - 2013-06-20 10:39 - 00001812 ____A C:\Documents and Settings\Administrator\Desktop\Tweaking.com - Windows Repair (All in One).lnk</p><p>2013-06-20 10:39 - 2013-06-20 10:39 - 00000000 ____D C:\Program Files\Tweaking.com</p><p>2013-06-20 10:29 - 2013-06-20 10:29 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe</p><p>2013-06-20 10:29 - 2013-06-20 10:29 - 00007192 ____A C:\Documents and Settings\Administrator\My Documents\HitmanPro_20130620_1029.log</p><p>2013-06-20 10:13 - 2013-06-20 10:13 - 00006446 ____A C:\Documents and Settings\Administrator\My Documents\HitmanPro_20130620_1012.log</p><p>2013-06-20 09:47 - 2013-06-20 09:47 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes</p><p>2013-06-20 09:35 - 2013-06-20 09:37 - 00003422 ____A C:\Documents and Settings\Administrator\Desktop\Rkill.txt</p><p>2013-06-20 09:16 - 2013-06-20 09:16 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google</p><p>2013-06-20 09:14 - 2013-06-20 09:14 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache</p><p>2013-06-20 09:13 - 2013-06-20 09:13 - 00000884 _RASH C:\Documents and Settings\Administrator\ntuser.pol</p><p>2013-06-20 09:13 - 2013-06-20 09:13 - 00000000 ____D C:\Windows\CSC</p><p>2013-06-19 11:28 - 2013-06-19 11:28 - 00000000 ____D C:\Program Files\ESET</p><p>2013-06-19 11:04 - 2013-06-19 11:04 - 00000000 ____D C:\Windows\ERUNT</p><p>2013-06-19 11:03 - 2013-06-21 20:54 - 00000000 ____D C:\JRT</p><p>2013-06-19 10:36 - 2013-06-19 10:36 - 00000466 ____A C:\AdwCleaner[S1].txt</p><p>2013-06-19 10:31 - 2013-06-19 10:32 - 00012835 ____A C:\AdwCleaner[R1].txt</p><p>2013-06-19 10:02 - 2013-06-24 14:18 - 00001610 ____A C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk</p><p>2013-06-19 10:02 - 2013-06-19 10:02 - 00000000 ____D C:\Program Files\HitmanPro</p><p>2013-06-19 10:01 - 2013-06-20 10:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro</p><p>2013-06-18 22:04 - 2013-06-19 09:17 - 00000000 ____D C:\TDSSKiller_Quarantine</p><p>2013-06-18 21:57 - 2013-06-21 21:45 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk</p><p>2013-06-18 21:57 - 2013-06-21 21:45 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware</p><p>2013-06-18 21:57 - 2013-06-18 21:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes</p><p>2013-06-18 21:57 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys</p><p>2013-06-18 19:03 - 2013-06-18 19:03 - 00000702 ____A C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk</p><p>2013-06-17 18:18 - 2013-06-17 18:18 - 00000719 ____A C:\Documents and Settings\All Users\Desktop\VLC media player.lnk</p><p>2013-06-17 11:48 - 2012-10-12 16:34 - 00033096 ____A (Sophos Limited) C:\Windows\System32\Drivers\sct_skmscan.sys</p><p>2013-06-16 15:57 - 2013-06-16 15:57 - 00000053 ____A C:\Windows\System32\Console.log</p><p>2013-06-16 15:56 - 2013-06-16 15:56 - 00000000 ____D C:\Sophos</p><p>2013-06-16 15:55 - 2013-06-16 15:55 - 00000000 ____D C:\scss_10</p><p>2013-06-15 20:02 - 2006-03-15 07:00 - 00007168 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wamregps.dll</p><p>2013-06-15 20:01 - 2006-03-15 07:00 - 00019968 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\inetsloc.dll</p><p>2013-06-15 20:01 - 2006-03-15 07:00 - 00007680 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\inetmgr.exe</p><p>2013-06-15 20:01 - 2001-08-17 14:56 - 00066048 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\s3legacy.dll</p><p>2013-06-15 20:00 - 2006-03-15 07:00 - 00169984 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iisui.dll</p><p>2013-06-15 20:00 - 2006-03-15 07:00 - 00094720 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\certmap.ocx</p><p>2013-06-15 20:00 - 2006-03-15 07:00 - 00014336 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iisreset.exe</p><p>2013-06-15 20:00 - 2006-03-15 07:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\ftpsapi2.dll</p><p>2013-06-15 20:00 - 2006-03-15 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iisrstap.dll</p><p>2013-06-11 13:13 - 2013-06-11 13:18 - 00000000 ____D C:\Program Files\'Full Speed' Internet Booster</p><p>2013-06-11 13:13 - 2013-06-11 13:13 - 00000000 ____D C:\Windows\'Full Speed' Internet Booster</p><p>2013-06-09 09:00 - 2013-06-09 09:04 - 00000000 ____D C:\Program Files\PCPitstop</p><p>2013-06-09 09:00 - 2013-06-09 09:01 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PCPitstop</p><p>2013-05-31 20:34 - 2013-05-31 20:34 - 00000000 ____D C:\Program Files\Axantum</p><p>2013-05-30 07:32 - 2013-05-30 07:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe</p><p>2013-05-29 12:59 - 2013-05-31 09:12 - 00002253 ____N C:\Documents and Settings\All Users\Desktop\iSpy.lnk</p><p>2013-05-29 12:59 - 2013-05-29 12:59 - 00000000 ____D C:\Program Files\iSpy</p><p></p><p>==================== One Month Modified Files and Folders ========</p><p></p><p>2013-06-26 16:33 - 2006-09-01 17:22 - 00000062 _ASHC C:\Documents and Settings\Administrator\Local Settings\desktop.ini</p><p>2013-06-26 16:33 - 2006-09-01 17:19 - 00000062 _ASHC C:\Documents and Settings\NetworkService\Local Settings\desktop.ini</p><p>2013-06-26 16:24 - 2011-12-12 21:22 - 00000384 ___AC C:\Windows\wiadebug.log</p><p>2013-06-26 16:24 - 2006-09-01 17:19 - 00032634 ____A C:\Windows\SchedLgU.Txt</p><p>2013-06-26 16:24 - 2006-09-01 17:19 - 00000006 __AHC C:\Windows\Tasks\SA.DAT</p><p>2013-06-26 16:23 - 2011-12-12 21:22 - 01611929 ___AC C:\Windows\WindowsUpdate.log</p><p>2013-06-26 15:29 - 2009-06-30 00:44 - 00000886 ___AC C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2013-06-26 15:21 - 2011-12-18 14:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData</p><p>2013-06-26 13:36 - 2013-06-26 13:36 - 00000000 ____D C:\FRST</p><p>2013-06-26 13:21 - 2013-06-26 13:21 - 00000000 ____D C:\Program Files\Driver-Soft</p><p>2013-06-26 13:18 - 2008-12-19 14:25 - 00000868 ___AC C:\Windows\Tasks\Google Software Updater.job</p><p>2013-06-26 13:06 - 2011-11-27 18:06 - 00000580 __AHC C:\Windows\Tasks\DataUpload.job</p><p>2013-06-26 04:33 - 2012-10-17 11:50 - 00000472 ____A C:\Windows\Tasks\AVG PC Tuneup 2011 Integrator Scan and Repair.job</p><p>2013-06-26 04:28 - 2007-07-13 20:03 - 00000000 ____D C:\Windows\Minidump</p><p>2013-06-26 04:00 - 2012-03-07 16:18 - 00000448 ___AC C:\Windows\Tasks\SyncBack Nightly Local Backup.job</p><p>2013-06-26 03:01 - 2013-01-04 08:12 - 00000480 ___AC C:\Windows\Tasks\SyncBackFree Nightly Local Backup.job</p><p>2013-06-25 21:01 - 2013-06-25 20:57 - 00000000 ____D C:\Windows\LastGood</p><p>2013-06-25 21:00 - 2013-06-24 18:14 - 00005079 ____A C:\Windows\setupapi.log</p><p>2013-06-25 20:50 - 2006-09-01 17:11 - 00000000 ____D C:\Windows\Registration</p><p>2013-06-25 20:48 - 2011-12-12 21:22 - 00000049 ___AC C:\Windows\wiaservc.log</p><p>2013-06-25 20:48 - 2011-11-27 18:06 - 00000616 __AHC C:\Windows\Tasks\ConfigExec.job</p><p>2013-06-25 20:48 - 2009-06-30 00:44 - 00000882 ___AC C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2013-06-25 20:47 - 2006-09-01 17:19 - 00000062 _ASHC C:\Documents and Settings\LocalService\Local Settings\desktop.ini</p><p>2013-06-25 20:43 - 2006-09-01 17:22 - 00000178 __SHC C:\Documents and Settings\Administrator\ntuser.ini</p><p>2013-06-25 10:57 - 2010-11-17 19:52 - 00000000 ____D C:\Program Files\Asistente Infinitum</p><p>2013-06-25 10:57 - 2007-12-04 14:12 - 00000000 ____D C:\Program Files\Asistente Prodigy</p><p>2013-06-24 14:18 - 2013-06-19 10:02 - 00001610 ____A C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk</p><p>2013-06-24 13:54 - 2011-11-27 17:06 - 00196608 ____A C:\Windows\System32\config\WindowsPowerShell.evt</p><p>2013-06-24 13:53 - 2013-06-24 13:52 - 00001795 ____A C:\AdwCleaner[S3].txt</p><p>2013-06-23 09:56 - 2013-06-23 09:56 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe</p><p>2013-06-23 09:56 - 2013-06-23 09:56 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe</p><p>2013-06-23 09:56 - 2013-06-23 09:56 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe</p><p>2013-06-23 09:56 - 2013-06-23 09:56 - 00144896 ____A (Oracle Corporation) C:\Windows\System32\javacpl.cpl</p><p>2013-06-23 09:56 - 2013-06-23 09:56 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll</p><p>2013-06-23 09:56 - 2012-07-16 20:57 - 00867240 ___AC (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll</p><p>2013-06-23 09:56 - 2010-06-12 07:30 - 00789416 ___AC (Oracle Corporation) C:\Windows\System32\deployJava1.dll</p><p>2013-06-23 09:56 - 2006-09-01 18:33 - 00000000 ____D C:\Program Files\Java</p><p>2013-06-22 07:41 - 2013-06-22 07:04 - 00001128 ____A C:\Documents and Settings\All Users\Desktop\My LastPass Vault.lnk</p><p>2013-06-22 07:41 - 2013-06-22 07:04 - 00000000 ____D C:\Program Files\LastPass</p><p>2013-06-21 21:45 - 2013-06-18 21:57 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk</p><p>2013-06-21 21:45 - 2013-06-18 21:57 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware</p><p>2013-06-21 21:42 - 2013-06-20 18:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)</p><p>2013-06-21 20:54 - 2013-06-19 11:03 - 00000000 ____D C:\JRT</p><p>2013-06-21 20:43 - 2013-06-21 20:41 - 00006954 ____A C:\AdwCleaner[S2].txt</p><p>2013-06-21 16:11 - 2007-07-19 15:50 - 00035504 ____A C:\StarBurn.log</p><p>2013-06-21 13:41 - 2013-06-21 13:30 - 00000000 ____D C:\pebuilder3110a</p><p>2013-06-20 21:25 - 2006-09-01 10:03 - 00632740 ___AC C:\Windows\System32\PerfStringBackup.INI</p><p>2013-06-20 11:19 - 2006-09-15 13:45 - 00148056 ___AC C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT</p><p>2013-06-20 11:17 - 2006-09-01 10:02 - 03828440 ___AC C:\Windows\System32\FNTCACHE.DAT</p><p>2013-06-20 11:07 - 2006-09-01 17:15 - 00023392 ____A C:\Windows\System32\nscompat.tlb</p><p>2013-06-20 11:07 - 2006-09-01 17:15 - 00016832 ____A C:\Windows\System32\amcompat.tlb</p><p>2013-06-20 10:41 - 2013-06-20 10:41 - 00000000 ____D C:\RegBackup</p><p>2013-06-20 10:39 - 2013-06-20 10:39 - 00001812 ____A C:\Documents and Settings\Administrator\Desktop\Tweaking.com - Windows Repair (All in One).lnk</p><p>2013-06-20 10:39 - 2013-06-20 10:39 - 00000000 ____D C:\Program Files\Tweaking.com</p><p>2013-06-20 10:29 - 2013-06-20 10:29 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe</p><p>2013-06-20 10:29 - 2013-06-20 10:29 - 00007192 ____A C:\Documents and Settings\Administrator\My Documents\HitmanPro_20130620_1029.log</p><p>2013-06-20 10:29 - 2013-06-19 10:01 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro</p><p>2013-06-20 10:13 - 2013-06-20 10:13 - 00006446 ____A C:\Documents and Settings\Administrator\My Documents\HitmanPro_20130620_1012.log</p><p>2013-06-20 09:47 - 2013-06-20 09:47 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes</p><p>2013-06-20 09:37 - 2013-06-20 09:35 - 00003422 ____A C:\Documents and Settings\Administrator\Desktop\Rkill.txt</p><p>2013-06-20 09:21 - 2008-07-18 22:40 - 00001324 ____A C:\Windows\System32\d3d9caps.dat</p><p>2013-06-20 09:16 - 2013-06-20 09:16 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google</p><p>2013-06-20 09:14 - 2013-06-20 09:14 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache</p><p>2013-06-20 09:13 - 2013-06-20 09:13 - 00000884 _RASH C:\Documents and Settings\Administrator\ntuser.pol</p><p>2013-06-20 09:13 - 2013-06-20 09:13 - 00000000 ____D C:\Windows\CSC</p><p>2013-06-19 13:38 - 2009-02-04 22:35 - 00001813 ___AC C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk</p><p>2013-06-19 11:28 - 2013-06-19 11:28 - 00000000 ____D C:\Program Files\ESET</p><p>2013-06-19 11:04 - 2013-06-19 11:04 - 00000000 ____D C:\Windows\ERUNT</p><p>2013-06-19 10:48 - 2009-01-02 17:42 - 00000000 ____D C:\Program Files\dvdSanta</p><p>2013-06-19 10:36 - 2013-06-19 10:36 - 00000466 ____A C:\AdwCleaner[S1].txt</p><p>2013-06-19 10:32 - 2013-06-19 10:31 - 00012835 ____A C:\AdwCleaner[R1].txt</p><p>2013-06-19 10:02 - 2013-06-19 10:02 - 00000000 ____D C:\Program Files\HitmanPro</p><p>2013-06-19 09:17 - 2013-06-18 22:04 - 00000000 ____D C:\TDSSKiller_Quarantine</p><p>2013-06-19 07:01 - 2007-08-07 20:49 - 00000000 ____D C:\Windows\pss</p><p>2013-06-18 21:57 - 2013-06-18 21:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes</p><p>2013-06-18 19:28 - 2012-10-10 08:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2013</p><p>2013-06-18 19:03 - 2013-06-18 19:03 - 00000702 ____A C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk</p><p>2013-06-18 19:00 - 2010-10-23 17:42 - 00000000 ___HD C:\$AVG</p><p>2013-06-18 18:03 - 2008-05-20 15:54 - 00000000 ____D C:\Program Files\AVG</p><p>2013-06-18 09:01 - 2011-12-19 22:04 - 00000284 ___AC C:\Windows\Tasks\AppleSoftwareUpdate.job</p><p>2013-06-17 18:18 - 2013-06-17 18:18 - 00000719 ____A C:\Documents and Settings\All Users\Desktop\VLC media player.lnk</p><p>2013-06-16 15:59 - 2013-03-30 13:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Sophos</p><p>2013-06-16 15:57 - 2013-06-16 15:57 - 00000053 ____A C:\Windows\System32\Console.log</p><p>2013-06-16 15:56 - 2013-06-16 15:56 - 00000000 ____D C:\Sophos</p><p>2013-06-16 15:55 - 2013-06-16 15:55 - 00000000 ____D C:\scss_10</p><p>2013-06-15 20:21 - 2006-09-01 09:57 - 00000000 ____D C:\Windows\repair</p><p>2013-06-14 19:50 - 2012-10-18 08:57 - 00000406 __RSH C:\Documents and Settings\All Users\ntuser.pol</p><p>2013-06-14 11:36 - 2009-11-12 19:43 - 00000000 ____D C:\Program Files\Unlocker</p><p>2013-06-14 11:36 - 2006-09-01 18:54 - 00000000 ____D C:\Program Files\Common Files\Sonic Shared</p><p>2013-06-14 11:34 - 2007-07-16 18:35 - 00000000 ____D C:\Games</p><p>2013-06-14 10:56 - 2006-09-01 16:55 - 00000736 ____A C:\Windows\System32\Drivers\etc\hosts_bak_264</p><p>2013-06-14 08:00 - 2012-10-10 13:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG</p><p>2013-06-12 11:32 - 2007-08-25 20:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help</p><p>2013-06-12 11:16 - 2007-04-28 20:57 - 73381792 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe</p><p>2013-06-12 11:15 - 2009-06-24 09:18 - 00000000 ____D C:\Windows\ie8updates</p><p>2013-06-11 13:18 - 2013-06-11 13:13 - 00000000 ____D C:\Program Files\'Full Speed' Internet Booster</p><p>2013-06-11 13:13 - 2013-06-11 13:13 - 00000000 ____D C:\Windows\'Full Speed' Internet Booster</p><p>2013-06-11 10:24 - 2006-09-01 09:57 - 00000000 ____D C:\Windows\Media</p><p>2013-06-11 10:24 - 2006-09-01 09:57 - 00000000 ____D C:\Windows\Cursors</p><p>2013-06-11 10:23 - 2006-09-01 09:57 - 00000000 ____D C:\Windows\System32\inetsrv</p><p>2013-06-10 23:11 - 2007-12-24 22:25 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard</p><p>2013-06-10 23:08 - 2011-01-27 09:49 - 00000000 ____D C:\Program Files\DVDFab 8</p><p>2013-06-10 23:06 - 2009-04-18 20:43 - 00000000 ____D C:\Program Files\NCH Software</p><p>2013-06-10 22:59 - 2008-11-29 17:07 - 00000000 ____D C:\Program Files\AC3Filter</p><p>2013-06-10 22:55 - 2011-11-25 11:23 - 00000496 ____C C:\Windows\WININIT.INI</p><p>2013-06-10 22:55 - 2006-09-01 17:32 - 00000000 ___HD C:\Program Files\InstallShield Installation Information</p><p>2013-06-10 22:52 - 2008-11-29 17:06 - 00000000 ____D C:\Program Files\DivX</p><p>2013-06-10 22:51 - 2009-04-07 22:00 - 00000000 ____D C:\Program Files\Rising Research</p><p>2013-06-10 22:51 - 2007-08-02 21:31 - 00000000 ____D C:\Program Files\Smissie Game Pack</p><p>2013-06-10 22:49 - 2008-11-29 17:07 - 00000000 ____D C:\Program Files\Morgan</p><p>2013-06-10 22:45 - 2007-04-20 10:51 - 00000000 ____D C:\Program Files\Common Files\Teleca Shared</p><p>2013-06-09 09:04 - 2013-06-09 09:00 - 00000000 ____D C:\Program Files\PCPitstop</p><p>2013-06-09 09:01 - 2013-06-09 09:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PCPitstop</p><p>2013-06-04 20:33 - 2006-09-01 17:10 - 00000000 ____D C:\Windows\Microsoft.NET</p><p>2013-06-02 07:41 - 2011-07-17 20:16 - 00109660 ___HC C:\Windows\System32\mlfcache.dat</p><p>2013-06-01 13:03 - 2007-09-02 17:02 - 00000000 ____D C:\Program Files\WinRAR</p><p>2013-05-31 20:34 - 2013-05-31 20:34 - 00000000 ____D C:\Program Files\Axantum</p><p>2013-05-31 12:29 - 2012-03-07 17:59 - 00001018 ____N C:\Documents and Settings\All Users\Desktop\Advanced File Security 4.lnk</p><p>2013-05-31 12:29 - 2012-03-07 17:59 - 00001013 ____N C:\Documents and Settings\All Users\Desktop\Windows sicher beenden.lnk</p><p>2013-05-31 12:29 - 2012-03-07 17:59 - 00001013 ____N C:\Documents and Settings\All Users\Desktop\Secure Windows Shutdown.lnk</p><p>2013-05-31 09:12 - 2013-05-29 12:59 - 00002253 ____N C:\Documents and Settings\All Users\Desktop\iSpy.lnk</p><p>2013-05-30 08:29 - 2007-12-24 19:08 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe</p><p>2013-05-30 07:38 - 2007-12-24 22:02 - 00000000 ____D C:\Program Files\Adobe</p><p>2013-05-30 07:32 - 2013-05-30 07:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe</p><p>2013-05-30 07:29 - 2007-12-24 21:36 - 00000000 ____D C:\Program Files\Common Files\Adobe</p><p>2013-05-29 22:52 - 2006-09-01 16:55 - 00001158 ____C C:\Windows\System32\wpa.dbl</p><p>2013-05-29 12:59 - 2013-05-29 12:59 - 00000000 ____D C:\Program Files\iSpy</p><p>2013-05-29 12:51 - 2008-06-19 15:50 - 00000000 ____D C:\Program Files\Microsoft.NET</p><p>2013-05-29 12:36 - 2006-09-01 09:57 - 00000000 ____D C:\Windows\System32\mui</p><p>2013-05-27 16:11 - 2009-04-09 18:11 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype</p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>C:\Windows\explorer.exe => MD5 is legit</p><p>C:\Windows\System32\winlogon.exe => MD5 is legit</p><p>C:\Windows\System32\svchost.exe => MD5 is legit</p><p>C:\Windows\System32\services.exe => MD5 is legit</p><p>C:\Windows\System32\User32.dll => MD5 is legit</p><p>C:\Windows\System32\userinit.exe => MD5 is legit</p><p>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="hweinze, post: 126160, member: 9213"] Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-06-2013 02 Ran by Administrator (administrator) on 26-06-2013 16:37:17 Running from J:\ Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Safe Mode (minimal) ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\WINDOWS\system32\cmd.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe [118784 2004-11-17] (Alps Electric Co., Ltd.) HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [1821576 2011-08-01] (Microsoft Corporation) HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" [135536 2010-12-13] (Microsoft Corporation) HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2011-12-08] (Apple Inc.) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [SlipStream] "C:\Program Files\Accelerator\slipcore.exe" [339968 2007-11-14] (SlipStream Data Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM\...\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM\...\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation) HKLM\...\Run: [TaskTray] [x] HKLM\...\Runonce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAC0AQQAzAFoAOAA4AC0ANgBHAEIASgBLAC0ANgBSAFcARwBBAC0AQQBNAEgAOQBQAC0AVgBBAFkAVgBIAA"&"inst=NwA2AC0AMQAyADYANAAxADIANwA4ADcAOQAtAEIAMQA5AC0AUABMACsAOQAtAFUAOQAwACsAMQAtAFgATwAzADYAKwAxAC0ATgAxAEQAKwAxAC0ARABEAFQAKwAwAC0AUwBUADkAMABBAFAAUAArADEALQBDAEkARAArADEALQBJAEEAVgBBACsANgA"&"prod=92"&"ver=9.0.914 [x] Winlogon\Notify\VESWinlogon: VESWinlogon.dll (Sony Corporation) Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation) HKCU\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB [x] HKCU\...\Run: [AVG-Secure-Search-Update_JUNE2013_HP] "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe" /PROMPT /CMPID=JUNE2013_HP [x] HKCU\...\Runonce: [avg_spchecker] "C:\Program Files\AVG\AVG9\Notification\SPChecker1.exe" /start [x] HKCU\...\Runonce: [spchecker] "C:\Program Files\AVG\AVG10\Notification\SPCheckerTE.exe" [x] HKU\Guest\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [ 2008-04-13] (Microsoft Corporation) HKU\Guest\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [ 2012-04-18] (Apple Inc.) HKU\Guest\...\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [x] HKU\Guest\...\RunOnce: [avg_spchecker] "C:\Program Files\AVG\AVG9\Notification\SPChecker1.exe" /start [x] Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\_uninst_.lnk ShortcutTarget: _uninst_.lnk -> C:\Documents and Settings\Administrator\Local Settings\Temp\_uninst_.bat () Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk ShortcutTarget: Windows Desktop Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation) BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank URLSearchHook: (No Name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - No File URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll (America Online, Inc.) SearchScopes: HKCU - DefaultScope value is missing. BHO: ElnkBhoGuard Class - {00000000-0000-0000-0000-000000000002} - C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll () BHO: ElnkScamBHO Class - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll () BHO: Accelerator Plugin - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRA~1\PEOPLE~1\PRPL_I~1.DLL No File BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll () BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Accelerator\components\NOWImaging.dll (SlipStream Data Inc.) BHO: Prefetch - {A66AA08A-9BF0-4e87-99E6-6972731D6B99} - C:\Program Files\Accelerator\Prefetch.dll (SlipStream Data Inc.) BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () DPF: {0000000A-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/da2/PCPitStop2.cab Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - No File Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: ipp - No CLSID Value - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msdaipp - No CLSID Value - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [294400 2007-02-05] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Chrome: ======= CHR HomePage: hxxp://search.conduit.com/?CUI=UN38232825761350914&ctid=CT3281348&SearchSource=48 CHR RestoreOnStartup: "https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/?ui%3D2%26shva%3D1&ss=1&scc=1<mpl=default<mplcache=2#inbox", "https://www.google.com/webhp?hl=en&tab=mw", "hxxp://us.cnn.com/?refresh=1", "hxxp://malwaretips.com/blogs/remove-browser-redirect-virus/" CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) CHR Plugin: (RealNetworks Rhapsody Player Engine) - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.) CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (Easy Auto Refresh) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc\2.8_0 CHR Extension: (Duolingo) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl\1.0.10_0 CHR Extension: (Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0 CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0 CHR Extension: (WOT) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.12_0 CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0 CHR Extension: (Adblock Plus) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0 CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0 CHR Extension: (Calc SS3) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iicfbobganffbpdodmdcbcpblomkbeoa\0.9.98_0 CHR Extension: (WebMD) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lbilgpfclhedobeklbolhgbfpimnoemg\1.0.0.0_0 CHR Extension: (Skype Click to Call) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.7.0.12055_0 CHR Extension: (Quick Note) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok\1.4.8_0 CHR Extension: (Ghostery) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.2_0 CHR Extension: (FastestChrome - Browse Faster) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\7.2.1_0 CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 ========================== Services (Whitelisted) ================= S2 6to4; C:\Windows\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation) S2 Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [100032 2006-07-25] (Symantec Corporation) S2 avgfws; C:\Program Files\AVG\AVG2013\avgfws.exe [1428472 2013-04-10] (AVG Technologies CZ, s.r.o.) S2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.) S2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.) S2 gupdate1c987422b32f662; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-04] (Google Inc.) S3 ICDSPTSV; C:\WINDOWS\system32\IcdSptSv.exe [94208 2008-11-22] (Sony Corporation) S3 Image Converter video recording monitor for VAIO Entertainment; C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [32768 2005-07-14] (Sony Corporation) S2 IsaMonitor; C:\Program Files\Asistente Infinitum\IsaMonitor.exe [185856 2008-07-23] (Fine Point Technologies, Inc.) S3 LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2119360 2006-07-25] (Symantec Corporation) S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation) S2 MSSQL$VAIO_VEDB; C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation) S2 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation) S2 NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2008-10-20] () S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2008-09-08] (Sonic Solutions) S2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [937984 2006-07-02] (Intel Corporation ) S2 SonicStageMonitoring; C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe [135168 2005-03-11] (Sony Corporation) S3 SophosVirusRemovalTool; C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [153080 2013-04-19] (Sophos Limited) S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69718 2006-04-27] (Sony Corporation) S2 SQLAgent$VAIO_VEDB; C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation) S3 SSScsiSV; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [69632 2006-05-08] (Sony Corporation) S2 Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [1251720 2008-05-03] () S2 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2005-11-25] (Sony Corporation) S3 VAIOMediaPlatform-IntegratedServer-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2084864 2006-06-13] (Sony Corporation) S3 VAIOMediaPlatform-IntegratedServer-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [770048 2006-05-18] (Sony Corporation) S2 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [274432 2006-04-04] (Sony Corporation) S2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [167936 2005-11-28] (Sony Corporation) S2 VzFw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [135168 2005-11-28] (Sony Corporation) S3 WmcCds; c:\program files\windows media connect\mswmccds.exe [483328 2004-08-11] (Microsoft Corporation) S3 WmcCdsLs; C:\Program Files\Windows Media Connect\mswmcls.exe [28160 2004-08-10] (Microsoft Corporation) S2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x] S3 Roxio UPnP Renderer 11; "C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe" [x] S3 VAIOMediaPlatform-IntegratedServer-HTTP; "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP" [x] S3 VAIOMediaPlatform-Mobile-Gateway; "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server" [x] ==================== Drivers (Whitelisted) ==================== S2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21419 2006-09-01] (Meetinghouse Data Communications) S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [106432 2010-06-09] (SlySoft, Inc.) S3 ASPI; C:\WINDOWS\System32\DRIVERS\ASPI32.sys [16512 2002-07-17] (Adaptec) S1 ASPI32; C:\Windows\System32\Drivers\ASPI32.sys [16512 2002-07-17] (Adaptec) S3 Avgfwdx; C:\Windows\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.) S3 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.) S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-03-29] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-02-08] (AVG Technologies CZ, s.r.o.) S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-03-01] (AVG Technologies CZ, s.r.o.) S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [170808 2013-02-08] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [245048 2013-02-08] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-02-08] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-02-08] (AVG Technologies CZ, s.r.o.) S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.) S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) S3 cpuz135; C:\Program Files\CPUID\PC Wizard 2012\pcwiz_x32.sys [24328 2012-02-07] (CPUID) S1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [26024 2010-01-01] (Elaborate Bytes AG) S2 fssfltr; C:\Windows\System32\DRIVERS\fssfltr_tdi.sys [54752 2009-08-05] (Microsoft Corporation) S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [57800 2009-10-22] (FTDI Ltd.) R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows (R) Server 2003 DDK provider) S3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [208256 2006-07-24] (Conexant Systems, Inc.) S3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [990592 2006-07-24] (Conexant Systems, Inc.) S3 ICDUSB3; C:\Windows\System32\Drivers\ICDUSB3.sys [11264 2008-08-18] (Sony Corporation) S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) S2 MDC8021X; C:\Windows\System32\DRIVERS\mdc8021x.sys [15781 2005-02-24] (Meetinghouse Data Communications) S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation) S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) S3 NETw3x32; C:\Windows\System32\DRIVERS\NETw3x32.sys [1706752 2006-07-02] (Intel® Corporation) S3 NETwLx32; C:\Windows\System32\DRIVERS\NETwLx32.sys [6609920 2010-10-07] (Intel Corporation) R3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21784 2011-08-01] (Microsoft Corporation) S3 pfc; C:\Windows\System32\drivers\pfc.sys [21248 2003-09-19] (Padus, Inc.) S1 RapportCerberus_53984; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus32_53984.sys [317424 2013-06-23] () S1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [102680 2013-02-13] (Trusteer Ltd.) S1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [173880 2013-02-13] (Trusteer Ltd.) S4 RxFilter; C:\Windows\System32\DRIVERS\RxFilter.sys [57328 2008-09-08] (Sonic Solutions) S2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [12544 2006-07-03] (Intel Corporation) S3 SCT_SKMScan; C:\Windows\System32\drivers\sct_skmscan.sys [33096 2012-10-12] (Sophos Limited) S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation) R3 SNC; C:\Windows\System32\Drivers\SonyNC.sys [48896 2000-11-09] (Sony Corporation) S0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-03-09] (Duplex Secure Ltd.) S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation) S2 symlcbrd; C:\WINDOWS\system32\drivers\symlcbrd.sys [10344 2006-09-15] (Symantec Corporation) S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25216 2008-01-30] (The OpenVPN Project) S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2010-09-22] (AnchorFree Inc) S1 Tcpip6; C:\Windows\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation) S2 thdudf; C:\Windows\System32\DRIVERS\thdudf.sys [66944 2010-06-21] (TOSHIBA Corporation) S3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [226304 2006-02-21] (Texas Instruments) S3 ubloxusb; C:\Windows\System32\DRIVERS\ubloxusb.sys [71424 2007-11-27] (u-blox AG) S3 w300bus; C:\Windows\System32\DRIVERS\w300bus.sys [60800 2006-03-13] (MCCI) S3 w300mdfl; C:\Windows\System32\DRIVERS\w300mdfl.sys [9264 2006-03-13] (MCCI) S3 w300mdm; C:\Windows\System32\DRIVERS\w300mdm.sys [96352 2006-03-13] (MCCI) S3 w300mgmt; C:\Windows\System32\DRIVERS\w300mgmt.sys [87824 2006-03-13] (MCCI) S3 w300obex; C:\Windows\System32\DRIVERS\w300obex.sys [85696 2006-03-13] (MCCI) S3 wceusbsh; C:\Windows\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation) S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation) S3 yukonwxp; C:\Windows\System32\DRIVERS\yk51x86.sys [299424 2012-03-27] (Marvell) S4 Abiosdsk; No ImagePath S4 abp480n5; No ImagePath S4 adpu160m; No ImagePath S4 Aha154x; No ImagePath S4 aic78u2; No ImagePath S4 aic78xx; No ImagePath S4 AliIde; No ImagePath S4 amsint; No ImagePath S4 asc; No ImagePath S4 asc3350p; No ImagePath S4 asc3550; No ImagePath S4 Atdisk; No ImagePath S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [x] S3 BlueletSCOAudio; system32\DRIVERS\BlueletSCOAudio.sys [x] S3 BT; system32\DRIVERS\btnetdrv.sys [x] S3 Btcsrusb; System32\Drivers\btcusb.sys [x] S0 BTHidEnum; System32\Drivers\vbtenum.sys [x] S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [x] S4 cd20xrnt; No ImagePath S1 Changer; No ImagePath S4 CmdIde; No ImagePath S4 Cpqarray; No ImagePath U4 dac2w2k; No ImagePath S4 dac960nt; No ImagePath S4 dpti2o; No ImagePath S3 FilterService; system32\DRIVERS\lvuvcflt.sys [x] S4 hpn; No ImagePath S1 i2omgmt; No ImagePath S4 i2omp; No ImagePath S4 ini910u; No ImagePath S4 IntelIde; No ImagePath S1 lbrtfdc; No ImagePath S3 LVRS; system32\DRIVERS\lvrs.sys [x] S3 LVUSBSta; system32\drivers\LVUSBSta.sys [x] S3 LVUVC; system32\DRIVERS\lvuvc.sys [x] S4 mraid35x; No ImagePath S1 PCIDump; No ImagePath S3 PDCOMP; No ImagePath S3 PDFRAME; No ImagePath S3 PDRELI; No ImagePath S3 PDRFRAME; No ImagePath S4 perc2; No ImagePath S4 perc2hib; No ImagePath S4 ql1080; No ImagePath S4 Ql10wnt; No ImagePath S4 ql12160; No ImagePath S4 ql1240; No ImagePath S4 ql1280; No ImagePath S4 Simbad; No ImagePath S4 Sparrow; No ImagePath S4 symc810; No ImagePath S4 symc8xx; No ImagePath S4 sym_hi; No ImagePath S4 sym_u3; No ImagePath S4 TosIde; No ImagePath S4 ultra; No ImagePath S3 VComm; system32\DRIVERS\VComm.sys [x] S3 VcommMgr; System32\Drivers\VcommMgr.sys [x] S4 ViaIde; No ImagePath S3 WDICA; No ImagePath U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation) ==================== One Month Created Files and Folders ======== 2013-06-26 13:36 - 2013-06-26 13:36 - 00000000 ____D C:\FRST 2013-06-26 13:21 - 2013-06-26 13:21 - 00000000 ____D C:\Program Files\Driver-Soft 2013-06-25 20:57 - 2013-06-25 21:01 - 00000000 ____D C:\Windows\LastGood 2013-06-24 18:14 - 2013-06-25 21:00 - 00005079 ____A C:\Windows\setupapi.log 2013-06-24 13:52 - 2013-06-24 13:53 - 00001795 ____A C:\AdwCleaner[S3].txt 2013-06-23 09:56 - 2013-06-23 09:56 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2013-06-23 09:56 - 2013-06-23 09:56 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2013-06-23 09:56 - 2013-06-23 09:56 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2013-06-23 09:56 - 2013-06-23 09:56 - 00144896 ____A (Oracle Corporation) C:\Windows\System32\javacpl.cpl 2013-06-23 09:56 - 2013-06-23 09:56 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll 2013-06-22 07:04 - 2013-06-22 07:41 - 00001128 ____A C:\Documents and Settings\All Users\Desktop\My LastPass Vault.lnk 2013-06-22 07:04 - 2013-06-22 07:41 - 00000000 ____D C:\Program Files\LastPass 2013-06-21 20:41 - 2013-06-21 20:43 - 00006954 ____A C:\AdwCleaner[S2].txt 2013-06-21 13:30 - 2013-06-21 13:41 - 00000000 ____D C:\pebuilder3110a 2013-06-20 18:39 - 2013-06-21 21:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) 2013-06-20 10:41 - 2013-06-20 10:41 - 00000000 ____D C:\RegBackup 2013-06-20 10:39 - 2013-06-20 10:39 - 00001812 ____A C:\Documents and Settings\Administrator\Desktop\Tweaking.com - Windows Repair (All in One).lnk 2013-06-20 10:39 - 2013-06-20 10:39 - 00000000 ____D C:\Program Files\Tweaking.com 2013-06-20 10:29 - 2013-06-20 10:29 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe 2013-06-20 10:29 - 2013-06-20 10:29 - 00007192 ____A C:\Documents and Settings\Administrator\My Documents\HitmanPro_20130620_1029.log 2013-06-20 10:13 - 2013-06-20 10:13 - 00006446 ____A C:\Documents and Settings\Administrator\My Documents\HitmanPro_20130620_1012.log 2013-06-20 09:47 - 2013-06-20 09:47 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes 2013-06-20 09:35 - 2013-06-20 09:37 - 00003422 ____A C:\Documents and Settings\Administrator\Desktop\Rkill.txt 2013-06-20 09:16 - 2013-06-20 09:16 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google 2013-06-20 09:14 - 2013-06-20 09:14 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache 2013-06-20 09:13 - 2013-06-20 09:13 - 00000884 _RASH C:\Documents and Settings\Administrator\ntuser.pol 2013-06-20 09:13 - 2013-06-20 09:13 - 00000000 ____D C:\Windows\CSC 2013-06-19 11:28 - 2013-06-19 11:28 - 00000000 ____D C:\Program Files\ESET 2013-06-19 11:04 - 2013-06-19 11:04 - 00000000 ____D C:\Windows\ERUNT 2013-06-19 11:03 - 2013-06-21 20:54 - 00000000 ____D C:\JRT 2013-06-19 10:36 - 2013-06-19 10:36 - 00000466 ____A C:\AdwCleaner[S1].txt 2013-06-19 10:31 - 2013-06-19 10:32 - 00012835 ____A C:\AdwCleaner[R1].txt 2013-06-19 10:02 - 2013-06-24 14:18 - 00001610 ____A C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk 2013-06-19 10:02 - 2013-06-19 10:02 - 00000000 ____D C:\Program Files\HitmanPro 2013-06-19 10:01 - 2013-06-20 10:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro 2013-06-18 22:04 - 2013-06-19 09:17 - 00000000 ____D C:\TDSSKiller_Quarantine 2013-06-18 21:57 - 2013-06-21 21:45 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2013-06-18 21:57 - 2013-06-21 21:45 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-06-18 21:57 - 2013-06-18 21:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes 2013-06-18 21:57 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-06-18 19:03 - 2013-06-18 19:03 - 00000702 ____A C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk 2013-06-17 18:18 - 2013-06-17 18:18 - 00000719 ____A C:\Documents and Settings\All Users\Desktop\VLC media player.lnk 2013-06-17 11:48 - 2012-10-12 16:34 - 00033096 ____A (Sophos Limited) C:\Windows\System32\Drivers\sct_skmscan.sys 2013-06-16 15:57 - 2013-06-16 15:57 - 00000053 ____A C:\Windows\System32\Console.log 2013-06-16 15:56 - 2013-06-16 15:56 - 00000000 ____D C:\Sophos 2013-06-16 15:55 - 2013-06-16 15:55 - 00000000 ____D C:\scss_10 2013-06-15 20:02 - 2006-03-15 07:00 - 00007168 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wamregps.dll 2013-06-15 20:01 - 2006-03-15 07:00 - 00019968 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\inetsloc.dll 2013-06-15 20:01 - 2006-03-15 07:00 - 00007680 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\inetmgr.exe 2013-06-15 20:01 - 2001-08-17 14:56 - 00066048 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\s3legacy.dll 2013-06-15 20:00 - 2006-03-15 07:00 - 00169984 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iisui.dll 2013-06-15 20:00 - 2006-03-15 07:00 - 00094720 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\certmap.ocx 2013-06-15 20:00 - 2006-03-15 07:00 - 00014336 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iisreset.exe 2013-06-15 20:00 - 2006-03-15 07:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\ftpsapi2.dll 2013-06-15 20:00 - 2006-03-15 07:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iisrstap.dll 2013-06-11 13:13 - 2013-06-11 13:18 - 00000000 ____D C:\Program Files\'Full Speed' Internet Booster 2013-06-11 13:13 - 2013-06-11 13:13 - 00000000 ____D C:\Windows\'Full Speed' Internet Booster 2013-06-09 09:00 - 2013-06-09 09:04 - 00000000 ____D C:\Program Files\PCPitstop 2013-06-09 09:00 - 2013-06-09 09:01 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PCPitstop 2013-05-31 20:34 - 2013-05-31 20:34 - 00000000 ____D C:\Program Files\Axantum 2013-05-30 07:32 - 2013-05-30 07:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe 2013-05-29 12:59 - 2013-05-31 09:12 - 00002253 ____N C:\Documents and Settings\All Users\Desktop\iSpy.lnk 2013-05-29 12:59 - 2013-05-29 12:59 - 00000000 ____D C:\Program Files\iSpy ==================== One Month Modified Files and Folders ======== 2013-06-26 16:33 - 2006-09-01 17:22 - 00000062 _ASHC C:\Documents and Settings\Administrator\Local Settings\desktop.ini 2013-06-26 16:33 - 2006-09-01 17:19 - 00000062 _ASHC C:\Documents and Settings\NetworkService\Local Settings\desktop.ini 2013-06-26 16:24 - 2011-12-12 21:22 - 00000384 ___AC C:\Windows\wiadebug.log 2013-06-26 16:24 - 2006-09-01 17:19 - 00032634 ____A C:\Windows\SchedLgU.Txt 2013-06-26 16:24 - 2006-09-01 17:19 - 00000006 __AHC C:\Windows\Tasks\SA.DAT 2013-06-26 16:23 - 2011-12-12 21:22 - 01611929 ___AC C:\Windows\WindowsUpdate.log 2013-06-26 15:29 - 2009-06-30 00:44 - 00000886 ___AC C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-06-26 15:21 - 2011-12-18 14:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData 2013-06-26 13:36 - 2013-06-26 13:36 - 00000000 ____D C:\FRST 2013-06-26 13:21 - 2013-06-26 13:21 - 00000000 ____D C:\Program Files\Driver-Soft 2013-06-26 13:18 - 2008-12-19 14:25 - 00000868 ___AC C:\Windows\Tasks\Google Software Updater.job 2013-06-26 13:06 - 2011-11-27 18:06 - 00000580 __AHC C:\Windows\Tasks\DataUpload.job 2013-06-26 04:33 - 2012-10-17 11:50 - 00000472 ____A C:\Windows\Tasks\AVG PC Tuneup 2011 Integrator Scan and Repair.job 2013-06-26 04:28 - 2007-07-13 20:03 - 00000000 ____D C:\Windows\Minidump 2013-06-26 04:00 - 2012-03-07 16:18 - 00000448 ___AC C:\Windows\Tasks\SyncBack Nightly Local Backup.job 2013-06-26 03:01 - 2013-01-04 08:12 - 00000480 ___AC C:\Windows\Tasks\SyncBackFree Nightly Local Backup.job 2013-06-25 21:01 - 2013-06-25 20:57 - 00000000 ____D C:\Windows\LastGood 2013-06-25 21:00 - 2013-06-24 18:14 - 00005079 ____A C:\Windows\setupapi.log 2013-06-25 20:50 - 2006-09-01 17:11 - 00000000 ____D C:\Windows\Registration 2013-06-25 20:48 - 2011-12-12 21:22 - 00000049 ___AC C:\Windows\wiaservc.log 2013-06-25 20:48 - 2011-11-27 18:06 - 00000616 __AHC C:\Windows\Tasks\ConfigExec.job 2013-06-25 20:48 - 2009-06-30 00:44 - 00000882 ___AC C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-06-25 20:47 - 2006-09-01 17:19 - 00000062 _ASHC C:\Documents and Settings\LocalService\Local Settings\desktop.ini 2013-06-25 20:43 - 2006-09-01 17:22 - 00000178 __SHC C:\Documents and Settings\Administrator\ntuser.ini 2013-06-25 10:57 - 2010-11-17 19:52 - 00000000 ____D C:\Program Files\Asistente Infinitum 2013-06-25 10:57 - 2007-12-04 14:12 - 00000000 ____D C:\Program Files\Asistente Prodigy 2013-06-24 14:18 - 2013-06-19 10:02 - 00001610 ____A C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk 2013-06-24 13:54 - 2011-11-27 17:06 - 00196608 ____A C:\Windows\System32\config\WindowsPowerShell.evt 2013-06-24 13:53 - 2013-06-24 13:52 - 00001795 ____A C:\AdwCleaner[S3].txt 2013-06-23 09:56 - 2013-06-23 09:56 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2013-06-23 09:56 - 2013-06-23 09:56 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2013-06-23 09:56 - 2013-06-23 09:56 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2013-06-23 09:56 - 2013-06-23 09:56 - 00144896 ____A (Oracle Corporation) C:\Windows\System32\javacpl.cpl 2013-06-23 09:56 - 2013-06-23 09:56 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll 2013-06-23 09:56 - 2012-07-16 20:57 - 00867240 ___AC (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll 2013-06-23 09:56 - 2010-06-12 07:30 - 00789416 ___AC (Oracle Corporation) C:\Windows\System32\deployJava1.dll 2013-06-23 09:56 - 2006-09-01 18:33 - 00000000 ____D C:\Program Files\Java 2013-06-22 07:41 - 2013-06-22 07:04 - 00001128 ____A C:\Documents and Settings\All Users\Desktop\My LastPass Vault.lnk 2013-06-22 07:41 - 2013-06-22 07:04 - 00000000 ____D C:\Program Files\LastPass 2013-06-21 21:45 - 2013-06-18 21:57 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2013-06-21 21:45 - 2013-06-18 21:57 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-06-21 21:42 - 2013-06-20 18:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) 2013-06-21 20:54 - 2013-06-19 11:03 - 00000000 ____D C:\JRT 2013-06-21 20:43 - 2013-06-21 20:41 - 00006954 ____A C:\AdwCleaner[S2].txt 2013-06-21 16:11 - 2007-07-19 15:50 - 00035504 ____A C:\StarBurn.log 2013-06-21 13:41 - 2013-06-21 13:30 - 00000000 ____D C:\pebuilder3110a 2013-06-20 21:25 - 2006-09-01 10:03 - 00632740 ___AC C:\Windows\System32\PerfStringBackup.INI 2013-06-20 11:19 - 2006-09-15 13:45 - 00148056 ___AC C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2013-06-20 11:17 - 2006-09-01 10:02 - 03828440 ___AC C:\Windows\System32\FNTCACHE.DAT 2013-06-20 11:07 - 2006-09-01 17:15 - 00023392 ____A C:\Windows\System32\nscompat.tlb 2013-06-20 11:07 - 2006-09-01 17:15 - 00016832 ____A C:\Windows\System32\amcompat.tlb 2013-06-20 10:41 - 2013-06-20 10:41 - 00000000 ____D C:\RegBackup 2013-06-20 10:39 - 2013-06-20 10:39 - 00001812 ____A C:\Documents and Settings\Administrator\Desktop\Tweaking.com - Windows Repair (All in One).lnk 2013-06-20 10:39 - 2013-06-20 10:39 - 00000000 ____D C:\Program Files\Tweaking.com 2013-06-20 10:29 - 2013-06-20 10:29 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe 2013-06-20 10:29 - 2013-06-20 10:29 - 00007192 ____A C:\Documents and Settings\Administrator\My Documents\HitmanPro_20130620_1029.log 2013-06-20 10:29 - 2013-06-19 10:01 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro 2013-06-20 10:13 - 2013-06-20 10:13 - 00006446 ____A C:\Documents and Settings\Administrator\My Documents\HitmanPro_20130620_1012.log 2013-06-20 09:47 - 2013-06-20 09:47 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes 2013-06-20 09:37 - 2013-06-20 09:35 - 00003422 ____A C:\Documents and Settings\Administrator\Desktop\Rkill.txt 2013-06-20 09:21 - 2008-07-18 22:40 - 00001324 ____A C:\Windows\System32\d3d9caps.dat 2013-06-20 09:16 - 2013-06-20 09:16 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google 2013-06-20 09:14 - 2013-06-20 09:14 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache 2013-06-20 09:13 - 2013-06-20 09:13 - 00000884 _RASH C:\Documents and Settings\Administrator\ntuser.pol 2013-06-20 09:13 - 2013-06-20 09:13 - 00000000 ____D C:\Windows\CSC 2013-06-19 13:38 - 2009-02-04 22:35 - 00001813 ___AC C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk 2013-06-19 11:28 - 2013-06-19 11:28 - 00000000 ____D C:\Program Files\ESET 2013-06-19 11:04 - 2013-06-19 11:04 - 00000000 ____D C:\Windows\ERUNT 2013-06-19 10:48 - 2009-01-02 17:42 - 00000000 ____D C:\Program Files\dvdSanta 2013-06-19 10:36 - 2013-06-19 10:36 - 00000466 ____A C:\AdwCleaner[S1].txt 2013-06-19 10:32 - 2013-06-19 10:31 - 00012835 ____A C:\AdwCleaner[R1].txt 2013-06-19 10:02 - 2013-06-19 10:02 - 00000000 ____D C:\Program Files\HitmanPro 2013-06-19 09:17 - 2013-06-18 22:04 - 00000000 ____D C:\TDSSKiller_Quarantine 2013-06-19 07:01 - 2007-08-07 20:49 - 00000000 ____D C:\Windows\pss 2013-06-18 21:57 - 2013-06-18 21:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes 2013-06-18 19:28 - 2012-10-10 08:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2013 2013-06-18 19:03 - 2013-06-18 19:03 - 00000702 ____A C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk 2013-06-18 19:00 - 2010-10-23 17:42 - 00000000 ___HD C:\$AVG 2013-06-18 18:03 - 2008-05-20 15:54 - 00000000 ____D C:\Program Files\AVG 2013-06-18 09:01 - 2011-12-19 22:04 - 00000284 ___AC C:\Windows\Tasks\AppleSoftwareUpdate.job 2013-06-17 18:18 - 2013-06-17 18:18 - 00000719 ____A C:\Documents and Settings\All Users\Desktop\VLC media player.lnk 2013-06-16 15:59 - 2013-03-30 13:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Sophos 2013-06-16 15:57 - 2013-06-16 15:57 - 00000053 ____A C:\Windows\System32\Console.log 2013-06-16 15:56 - 2013-06-16 15:56 - 00000000 ____D C:\Sophos 2013-06-16 15:55 - 2013-06-16 15:55 - 00000000 ____D C:\scss_10 2013-06-15 20:21 - 2006-09-01 09:57 - 00000000 ____D C:\Windows\repair 2013-06-14 19:50 - 2012-10-18 08:57 - 00000406 __RSH C:\Documents and Settings\All Users\ntuser.pol 2013-06-14 11:36 - 2009-11-12 19:43 - 00000000 ____D C:\Program Files\Unlocker 2013-06-14 11:36 - 2006-09-01 18:54 - 00000000 ____D C:\Program Files\Common Files\Sonic Shared 2013-06-14 11:34 - 2007-07-16 18:35 - 00000000 ____D C:\Games 2013-06-14 10:56 - 2006-09-01 16:55 - 00000736 ____A C:\Windows\System32\Drivers\etc\hosts_bak_264 2013-06-14 08:00 - 2012-10-10 13:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG 2013-06-12 11:32 - 2007-08-25 20:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help 2013-06-12 11:16 - 2007-04-28 20:57 - 73381792 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-12 11:15 - 2009-06-24 09:18 - 00000000 ____D C:\Windows\ie8updates 2013-06-11 13:18 - 2013-06-11 13:13 - 00000000 ____D C:\Program Files\'Full Speed' Internet Booster 2013-06-11 13:13 - 2013-06-11 13:13 - 00000000 ____D C:\Windows\'Full Speed' Internet Booster 2013-06-11 10:24 - 2006-09-01 09:57 - 00000000 ____D C:\Windows\Media 2013-06-11 10:24 - 2006-09-01 09:57 - 00000000 ____D C:\Windows\Cursors 2013-06-11 10:23 - 2006-09-01 09:57 - 00000000 ____D C:\Windows\System32\inetsrv 2013-06-10 23:11 - 2007-12-24 22:25 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard 2013-06-10 23:08 - 2011-01-27 09:49 - 00000000 ____D C:\Program Files\DVDFab 8 2013-06-10 23:06 - 2009-04-18 20:43 - 00000000 ____D C:\Program Files\NCH Software 2013-06-10 22:59 - 2008-11-29 17:07 - 00000000 ____D C:\Program Files\AC3Filter 2013-06-10 22:55 - 2011-11-25 11:23 - 00000496 ____C C:\Windows\WININIT.INI 2013-06-10 22:55 - 2006-09-01 17:32 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2013-06-10 22:52 - 2008-11-29 17:06 - 00000000 ____D C:\Program Files\DivX 2013-06-10 22:51 - 2009-04-07 22:00 - 00000000 ____D C:\Program Files\Rising Research 2013-06-10 22:51 - 2007-08-02 21:31 - 00000000 ____D C:\Program Files\Smissie Game Pack 2013-06-10 22:49 - 2008-11-29 17:07 - 00000000 ____D C:\Program Files\Morgan 2013-06-10 22:45 - 2007-04-20 10:51 - 00000000 ____D C:\Program Files\Common Files\Teleca Shared 2013-06-09 09:04 - 2013-06-09 09:00 - 00000000 ____D C:\Program Files\PCPitstop 2013-06-09 09:01 - 2013-06-09 09:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PCPitstop 2013-06-04 20:33 - 2006-09-01 17:10 - 00000000 ____D C:\Windows\Microsoft.NET 2013-06-02 07:41 - 2011-07-17 20:16 - 00109660 ___HC C:\Windows\System32\mlfcache.dat 2013-06-01 13:03 - 2007-09-02 17:02 - 00000000 ____D C:\Program Files\WinRAR 2013-05-31 20:34 - 2013-05-31 20:34 - 00000000 ____D C:\Program Files\Axantum 2013-05-31 12:29 - 2012-03-07 17:59 - 00001018 ____N C:\Documents and Settings\All Users\Desktop\Advanced File Security 4.lnk 2013-05-31 12:29 - 2012-03-07 17:59 - 00001013 ____N C:\Documents and Settings\All Users\Desktop\Windows sicher beenden.lnk 2013-05-31 12:29 - 2012-03-07 17:59 - 00001013 ____N C:\Documents and Settings\All Users\Desktop\Secure Windows Shutdown.lnk 2013-05-31 09:12 - 2013-05-29 12:59 - 00002253 ____N C:\Documents and Settings\All Users\Desktop\iSpy.lnk 2013-05-30 08:29 - 2007-12-24 19:08 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe 2013-05-30 07:38 - 2007-12-24 22:02 - 00000000 ____D C:\Program Files\Adobe 2013-05-30 07:32 - 2013-05-30 07:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe 2013-05-30 07:29 - 2007-12-24 21:36 - 00000000 ____D C:\Program Files\Common Files\Adobe 2013-05-29 22:52 - 2006-09-01 16:55 - 00001158 ____C C:\Windows\System32\wpa.dbl 2013-05-29 12:59 - 2013-05-29 12:59 - 00000000 ____D C:\Program Files\iSpy 2013-05-29 12:51 - 2008-06-19 15:50 - 00000000 ____D C:\Program Files\Microsoft.NET 2013-05-29 12:36 - 2006-09-01 09:57 - 00000000 ____D C:\Windows\System32\mui 2013-05-27 16:11 - 2009-04-09 18:11 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top
