Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Kazy3653 (B), Trojan prorat, W7 erratic & software unresponsive
Message
<blockquote data-quote="Chigwells" data-source="post: 119718" data-attributes="member: 1154"><p>Hi All!</p><p></p><p>Well I've had Bitdefender IS2013 a couple of months now, and am not happy with it. Will be going back to Comodo firewall plus most likely Avira or maybe Avast or Comodo AV when I get my machine clean again. </p><p></p><p>Symptoms are: software and system freezing frequently. Frequent message from Emsisoft AM that it has quarantined Kazy3653 (B), screenshot 1, followed by a similar announcement by Bitdefender. Only occassionally Emsi requires a restart to remove infection. However, no indication of any new infections in the quarantine though, only in the logs. CORRECTION, I just went to look again in the quarantine to see if it had changed, and it has! Now its showing 9 2013 infections, up until two days ago it was only showing 2012 infections, plus just one in 2013. See screenshot 2 of quarantine. To make this clear, over the past two weeks when I was getting regular messages from Emsi that it had removed infections, there were no such infections listed in the quarantine. Now all of a sudden there are a number, all pretty much at the same date and time too.</p><p></p><p>Sometimes Bitdefender quarantined infections, sometimes not, screenshots 3 & 4</p><p></p><p>Had a go at fixing the infection myself since first notification of the infection: ran SAS, MBAM, MBAR, Hitman Pro all in normal mode, all clean. Note: SAS did find Trojan prorat back in March, see screenshot 5. Ran it a second time and it came up clean.</p><p>Attempted to run Kaspersky rescue CD following Jack's guide, but after updating the database was showing as CORRUPTED, so I didn't run it.</p><p></p><p>Then yesterday I followed Jack's 'Malware Removal Guide'. In safe mode with networking I checked for 'no proxy', ran the exe-fix.bat file, ran TDSSKiller at default, then again with all the tick boxes ticked in the 'change parameters'section. Both times came up with nothing. Ran RKill, then full scan in MBAM. MBAM also found nothing.</p><p>Reading through Fiery's post Malware Removal Guide for Windows I decided to check my hosts file, it came up a bit strange, showing only the one line (as Fiery indicates for XP), not the two lines he describes, screenshot 6.</p><p></p><p>There has also been ongoing strange behaviour, that I'm not sure whether is down to malware or not: I can't set a System Restore point (screenshot 7), Bitdefender changed its settings (AntiVirus Control turned itself off), can't open VAIO Care (Sony own maintenance software). In Windows Media Player, I stream to my stereo system. Every time I want to do this, I have to open services.msc in Admin, and start up 'Windows Media Player Network Sharing Services', which always re-sets itself to 'Disabled', regardless of whether I set it to 'Started-manual', or 'Started-automatic'. As an example of how my system is running, I just opened Services.msc to remind myself of the name of said Service. Services.msc took about 15 seconds to open, and then it was (not responding) for about 20 seconds.</p><p></p><p>I recently discovered and installed CCleaner Enhancer, but as I wasn't sure if it was deleting my settings, I've uninstalled it.I hope this all makes sense, I have tried to be as concise as possible. </p><p></p><p>Included two scans OTL and aswMBR </p><p></p><p>Many thanks in advance, Chig</p><p></p><p>p.s. OTL only delivered one file, OTL.txt, no sign of Extras.txt</p><p></p><p>OTL logfile created on: 08/05/2013 13:59:21 - Run 3</p><p>OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Me&My\Desktop</p><p>64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation</p><p>Internet Explorer (Version = 9.0.8112.16421)</p><p>Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy</p><p> </p><p>7.67 Gb Total Physical Memory | 4.74 Gb Available Physical Memory | 61.85% Memory free</p><p>7.67 Gb Paging File | 4.92 Gb Available in Paging File | 64.19% Paging File free</p><p>Paging file location(s): [binary data]</p><p> </p><p>%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)</p><p>Drive C: | 452.51 Gb Total Space | 109.88 Gb Free Space | 24.28% Space Free | Partition Type: NTFS</p><p> </p><p>Computer Name: ARCHIE-VAIO | User Name: Ronnie | Logged in as Administrator.</p><p>Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans</p><p>Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days</p><p> </p><p><span style="color: #E56717">========== Processes (SafeList) ==========</span></p><p> </p><p>PRC - C:\Users\Me&My\Desktop\OTL.exe (OldTimer Tools)</p><p>PRC - C:\Program Files (x86)\uTorrent\utorrent.exe (BitTorrent Inc.)</p><p>PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)</p><p>PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH)</p><p>PRC - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Monitor.exe (IObit)</p><p>PRC - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCAvSvc.exe (IOBit)</p><p>PRC - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCSvc.exe (IObit)</p><p>PRC - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe (IObit)</p><p>PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)</p><p>PRC - C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia)</p><p>PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)</p><p>PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)</p><p>PRC - C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation)</p><p>PRC - C:\Program Files\Sony\VAIO Care\listener.exe (Sony of America Corporation)</p><p>PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)</p><p>PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)</p><p>PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)</p><p>PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)</p><p>PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)</p><p>PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)</p><p>PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)</p><p>PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)</p><p> </p><p> </p><p><span style="color: #E56717">========== Modules (No Company Name) ==========</span></p><p> </p><p>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()</p><p>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\f7cb3ae5de64f8cbde3ccc57c780743a\IAStorUtil.ni.dll ()</p><p>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()</p><p>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()</p><p>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()</p><p>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()</p><p>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()</p><p>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()</p><p>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()</p><p>MOD - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\madexcept_.bpl ()</p><p>MOD - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\maddisAsm_.bpl ()</p><p>MOD - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\madbasic_.bpl ()</p><p>MOD - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\webres.dll ()</p><p> </p><p> </p><p><span style="color: #E56717">========== Services (SafeList) ==========</span></p><p> </p><p>SRV:<strong>64bit:</strong> - (VSSERV) -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe (Bitdefender)</p><p>SRV:<strong>64bit:</strong> - (BdDesktopParental) -- C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe (Bitdefender)</p><p>SRV:<strong>64bit:</strong> - (UPDATESRV) -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe (Bitdefender)</p><p>SRV:<strong>64bit:</strong> - (btwdins) -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)</p><p>SRV:<strong>64bit:</strong> - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)</p><p>SRV:<strong>64bit:</strong> - (VUAgent) -- C:\Program Files\Sony\VAIO Update\VUAgent.exe (Sony Corporation)</p><p>SRV:<strong>64bit:</strong> - (CGVPNCliSrvc) -- C:\Program Files\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH)</p><p>SRV:<strong>64bit:</strong> - (VCService) -- C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation)</p><p>SRV:<strong>64bit:</strong> - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation)</p><p>SRV:<strong>64bit:</strong> - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)</p><p>SRV:<strong>64bit:</strong> - (VSNService) -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)</p><p>SRV:<strong>64bit:</strong> - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)</p><p>SRV:<strong>64bit:</strong> - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)</p><p>SRV:<strong>64bit:</strong> - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)</p><p>SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)</p><p>SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)</p><p>SRV - (ASCAntivirusSrv) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCAvSvc.exe (IOBit)</p><p>SRV - (AdvancedSystemCareService6) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCSvc.exe (IObit)</p><p>SRV - (KSS) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)</p><p>SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)</p><p>SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia)</p><p>SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)</p><p>SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)</p><p>SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)</p><p>SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)</p><p>SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)</p><p>SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)</p><p>SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)</p><p>SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)</p><p>SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)</p><p>SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)</p><p>SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)</p><p>SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)</p><p> </p><p> </p><p><span style="color: #E56717">========== Driver Services (SafeList) ==========</span></p><p> </p><p>DRV:<strong>64bit:</strong> - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)</p><p>DRV:<strong>64bit:</strong> - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)</p><p>DRV:<strong>64bit:</strong> - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)</p><p>DRV:<strong>64bit:</strong> - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)</p><p>DRV:<strong>64bit:</strong> - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)</p><p>DRV:<strong>64bit:</strong> - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)</p><p>DRV:<strong>64bit:</strong> - (BdfNdisf) -- c:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys (BitDefender LLC)</p><p>DRV:<strong>64bit:</strong> - (avc3) -- C:\Windows\SysNative\drivers\avc3.sys (BitDefender)</p><p>DRV:<strong>64bit:</strong> - (avckf) -- C:\Windows\SysNative\drivers\avckf.sys (BitDefender)</p><p>DRV:<strong>64bit:</strong> - (gzflt) -- C:\Windows\SysNative\drivers\gzflt.sys (BitDefender LLC)</p><p>DRV:<strong>64bit:</strong> - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)</p><p>DRV:<strong>64bit:</strong> - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)</p><p>DRV:<strong>64bit:</strong> - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)</p><p>DRV:<strong>64bit:</strong> - (BDSandBox) -- C:\Windows\SysNative\drivers\bdsandbox.sys (BitDefender SRL)</p><p>DRV:<strong>64bit:</strong> - (avchv) -- C:\Windows\SysNative\drivers\avchv.sys (BitDefender)</p><p>DRV:<strong>64bit:</strong> - (trufos) -- C:\Windows\SysNative\drivers\trufos.sys (BitDefender S.R.L.)</p><p>DRV:<strong>64bit:</strong> - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)</p><p>DRV:<strong>64bit:</strong> - (bdfwfpf) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys (BitDefender LLC)</p><p>DRV:<strong>64bit:</strong> - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)</p><p>DRV:<strong>64bit:</strong> - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)</p><p>DRV:<strong>64bit:</strong> - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys ()</p><p>DRV:<strong>64bit:</strong> - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)</p><p>DRV:<strong>64bit:</strong> - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)</p><p>DRV:<strong>64bit:</strong> - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)</p><p>DRV:<strong>64bit:</strong> - (risdsnpe) -- C:\Windows\SysNative\drivers\risdsne64.sys (REDC)</p><p>DRV:<strong>64bit:</strong> - (rimspci) -- C:\Windows\SysNative\drivers\rimssne64.sys (REDC)</p><p>DRV:<strong>64bit:</strong> - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)</p><p>DRV:<strong>64bit:</strong> - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)</p><p>DRV:<strong>64bit:</strong> - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)</p><p>DRV:<strong>64bit:</strong> - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)</p><p>DRV:<strong>64bit:</strong> - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)</p><p>DRV:<strong>64bit:</strong> - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)</p><p>DRV:<strong>64bit:</strong> - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)</p><p>DRV:<strong>64bit:</strong> - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)</p><p>DRV:<strong>64bit:</strong> - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)</p><p>DRV:<strong>64bit:</strong> - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)</p><p>DRV:<strong>64bit:</strong> - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)</p><p>DRV:<strong>64bit:</strong> - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)</p><p>DRV:<strong>64bit:</strong> - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)</p><p>DRV:<strong>64bit:</strong> - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)</p><p>DRV:<strong>64bit:</strong> - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)</p><p>DRV:<strong>64bit:</strong> - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)</p><p>DRV:<strong>64bit:</strong> - (Spyder2) -- C:\Windows\SysNative\drivers\Spyder2.sys ()</p><p>DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsisoft GmbH)</p><p>DRV - (a2util) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys (Emsisoft GmbH)</p><p>DRV - (RapportIaso) -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\46125\RapportIaso64.sys (Trusteer Ltd.)</p><p>DRV - (a2acc) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys (Emsisoft GmbH)</p><p>DRV - (a2injectiondriver) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys (Emsisoft GmbH)</p><p>DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)</p><p> </p><p> </p><p><span style="color: #E56717">========== Standard Registry (SafeList) ==========</span></p><p> </p><p> </p><p><span style="color: #E56717">========== Internet Explorer ==========</span></p><p> </p><p>IE:<strong>64bit:</strong> - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank</p><p>IE:<strong>64bit:</strong> - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}</p><p>IE:<strong>64bit:</strong> - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7</p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank</p><p>IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}</p><p>IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7</p><p> </p><p>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE</p><p>IE - HKCU\..\SearchScopes\{12B77033-590F-4F5D-BAC5-A76B77E74392}: "URL" = http://rover.ebay.com/rover/1/710-42480-16445-15/4?satitle={searchTerms}</p><p>IE - HKCU\..\SearchScopes\{B0A2A07B-3FEB-40B6-AE45-CDA8F0EA58F2}: "URL" = http://uk.shopping.com/?linkin_id=8056359</p><p>IE - HKCU\..\SearchScopes\{C7F913F1-9FF8-4CF2-9926-F7310FCC61C3}: "URL" = http://services.zinio.com/search?s={searchTerms}&rf=sonyslices</p><p>IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p>IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local></p><p> </p><p> </p><p><span style="color: #E56717">========== FireFox ==========</span></p><p> </p><p>FF:<strong>64bit:</strong> - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found</p><p>FF:<strong>64bit:</strong> - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)</p><p>FF:<strong>64bit:</strong> - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found</p><p>FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()</p><p>FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@bullguard.com/onlinescanner: C:\Program Files (x86)\BullGuard Ltd\BullGuard Online Scanner\npbgscanner.dll (BullGuard Ltd.)</p><p>FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)</p><p>FF - HKLM\Software\MozillaPlugins\@IObit.com/np_Asc_Plugin: C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\BrowerProtect\np_Asc_plugin.dll (IObit)</p><p>FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found</p><p>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)</p><p> </p><p>64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2013\BDTBEXT [2013/02/21 23:08:53 | 000,000,000 | ---D | M]</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2013/02/21 23:08:53 | 000,000,000 | ---D | M]</p><p> </p><p>[2013/03/10 14:49:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ronnie\AppData\Roaming\Mozilla\Extensions</p><p>[2004/06/09 17:03:02 | 000,832,728 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPSWF32.dll</p><p> </p><p>O1 HOSTS File: ([2013/04/13 02:32:21 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts</p><p>O1 - Hosts: 127.0.0.1 localhost</p><p>O2:<strong>64bit:</strong> - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.</p><p>O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)</p><p>O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\BrowerProtect\ASCPlugin_Protection.dll (IObit)</p><p>O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.</p><p>O3:<strong>64bit:</strong> - HKLM\..\Toolbar: (&NetWorx Desk Band) - {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - C:\Program Files\NetWorx\deskband.dll (SoftPerfect Research)</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [NetWorx] C:\Program Files\NetWorx\networx.exe (SoftPerfect Research)</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)</p><p>O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files (x86)\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH)</p><p>O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)</p><p>O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)</p><p>O4 - HKCU..\Run: [Advanced SystemCare Ultimate] C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe (IObit)</p><p>O4 - HKCU..\Run: [KSS] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)</p><p>O4 - HKLM..\RunOnce: [C9B06280-BE2C-463B-B204-5AC8818AD0F1] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)</p><p>O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)</p><p>O4 - HKLM..\RunOnce: [MRUBlaster] C:\Program Files (x86)\MRU-Blaster\indexcleaner.exe ()</p><p>O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3</p><p>O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present</p><p>O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0</p><p>O8:<strong>64bit:</strong> - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found</p><p>O8:<strong>64bit:</strong> - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found</p><p>O8:<strong>64bit:</strong> - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found</p><p>O8:<strong>64bit:</strong> - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()</p><p>O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found</p><p>O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found</p><p>O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found</p><p>O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()</p><p>O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()</p><p>O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()</p><p>O13 - gopher Prefix: missing</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{423D4F55-13A2-4D2E-BBDA-A1774A136043}: DhcpNameServer = 208.67.222.222 208.67.220.220</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D3A558A-88D0-4D83-9C70-BB9C89B1021E}: NameServer = 208.67.222.222,208.67.220.220</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\grooveLocalGWS - No CLSID value found</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\ms-help - No CLSID value found</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\mso-offdap11 - No CLSID value found</p><p>O20:<strong>64bit:</strong> - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)</p><p>O20:<strong>64bit:</strong> - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)</p><p>O20:<strong>64bit:</strong> - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)</p><p>O21:<strong>64bit:</strong> - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.</p><p>O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.</p><p>O32 - HKLM CDRom: AutoRun - 1</p><p>O34 - HKLM BootExecute: (autocheck autochk *)</p><p>O34 - HKLM BootExecute: (SmartDefragBootTime.exe)</p><p>O35:<strong>64bit:</strong> - HKLM\..comfile [open] -- "%1" %*</p><p>O35:<strong>64bit:</strong> - HKLM\..exefile [open] -- "%1" %*</p><p>O35 - HKLM\..comfile [open] -- "%1" %*</p><p>O35 - HKLM\..exefile [open] -- "%1" %*</p><p>O37:<strong>64bit:</strong> - HKLM\...com [@ = comfile] -- "%1" %*</p><p>O37:<strong>64bit:</strong> - HKLM\...exe [@ = exefile] -- "%1" %*</p><p>O37 - HKLM\...com [@ = comfile] -- "%1" %*</p><p>O37 - HKLM\...exe [@ = exefile] -- "%1" %*</p><p>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)</p><p>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)</p><p>O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)</p><p> </p><p><span style="color: #E56717">========== Files/Folders - Created Within 30 Days ==========</span></p><p> </p><p>[2013/05/07 19:14:06 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Ronnie\Desktop\mbam-setup-1.75.0.1300.exe</p><p>[2013/05/07 19:10:14 | 001,752,992 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Ronnie\Desktop\iExplore(1).exe</p><p>[2013/05/07 18:59:42 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ronnie\Desktop\iexplore.exe</p><p>[2013/05/07 18:57:31 | 000,457,632 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Ronnie\Desktop\FixExec.exe</p><p>[2013/05/06 03:35:28 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan</p><p>[2013/05/06 03:34:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab</p><p>[2013/05/06 03:34:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab</p><p>[2013/05/05 14:00:56 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices</p><p>[2013/05/05 14:00:49 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\Documents\Bluetooth Exchange Folder</p><p>[2013/05/05 14:00:45 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\Broadcom</p><p>[2013/05/05 13:55:08 | 000,210,984 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwavdt.sys</p><p>[2013/05/05 13:55:08 | 000,184,144 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwaudio.sys</p><p>[2013/05/05 13:55:08 | 000,039,976 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwl2cap.sys</p><p>[2013/05/05 13:55:08 | 000,021,544 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwrchid.sys</p><p>[2013/05/05 13:36:26 | 012,593,024 | ---- | C] (Broadcom Corporation.) -- C:\Users\Ronnie\Desktop\SetupBtwDownloadSE.exe</p><p>[2013/05/02 22:06:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcohol Soft</p><p>[2013/05/02 20:46:26 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Roaming\uTorrent</p><p>[2013/05/02 20:40:33 | 000,564,824 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys</p><p>[2013/05/02 20:08:29 | 000,000,000 | ---D | C] -- C:\Temp</p><p>[2013/05/02 19:59:52 | 000,000,000 | ---D | C] -- C:\Program Files\KernSafe</p><p>[2013/05/01 19:50:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN</p><p>[2013/05/01 19:32:35 | 005,064,153 | R--- | C] (Swearware) -- C:\Users\Ronnie\Desktop\uninstall.exe</p><p>[2013/05/01 19:23:10 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW</p><p>[2013/05/01 12:24:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\AnaSome</p><p>[2013/05/01 12:17:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\JJ The Man</p><p>[2013/04/29 14:29:42 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Roaming\PFStaticIP</p><p>[2013/04/27 19:10:09 | 000,000,000 | ---D | C] -- C:\ProgramData\DVD Shrink</p><p>[2013/04/27 19:01:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink</p><p>[2013/04/27 19:01:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Shrink</p><p>[2013/04/27 17:34:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET</p><p>[2013/04/27 12:46:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DVDTOOLs</p><p>[2013/04/27 11:07:33 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\Bluetooth Exchange Folder</p><p>[2013/04/27 06:53:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BullGuard Ltd</p><p>[2013/04/26 21:57:43 | 000,718,840 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avc3.sys</p><p>[2013/04/23 08:08:34 | 000,000,000 | R--D | C] -- C:\Sandbox</p><p>[2013/04/23 07:12:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner</p><p>[2013/04/20 12:01:17 | 000,000,000 | ---D | C] -- C:\Windows\XSxS</p><p>[2013/04/13 16:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie</p><p>[2013/04/13 02:37:45 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\temp</p><p>[2013/04/13 02:20:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe</p><p>[2013/04/13 02:20:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe</p><p>[2013/04/13 02:20:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe</p><p>[2013/04/13 02:15:08 | 000,000,000 | ---D | C] -- C:\Qoobox</p><p>[2013/04/13 02:14:32 | 000,000,000 | ---D | C] -- C:\Windows\erdnt</p><p>[2013/04/11 23:36:32 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\OneNote Notebooks</p><p>[2013/04/11 01:24:18 | 000,000,000 | ---D | C] -- C:\ProgramData\bdch</p><p>[2013/04/11 01:03:31 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE</p><p>[2013/04/11 00:56:16 | 000,000,000 | ---D | C] -- C:\RegBackup</p><p>[2013/04/11 00:53:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com</p><p>[2013/04/11 00:50:08 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Roaming\Returnil</p><p>[2013/04/11 00:17:29 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\Programs</p><p>[2013/04/10 22:53:46 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Roaming\EAST Technologies</p><p>[2013/04/10 22:53:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Logs</p><p>[2013/04/10 22:53:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses</p><p>[2013/04/10 22:53:09 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP</p><p>[2013/04/10 22:53:09 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\Documents\DbgLogs</p><p>[2013/04/10 22:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\East-Tec Eraser 2012</p><p>[2013/04/10 22:51:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\East-Tec Eraser 2012</p><p>[2013/04/10 20:29:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Zoolz</p><p>[2013/04/10 00:45:10 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe</p><p>[2013/04/10 00:45:09 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe</p><p>[2013/04/10 00:45:08 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe</p><p>[2013/04/10 00:45:07 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe</p><p>[2013/04/10 00:45:07 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll</p><p>[2013/04/10 00:45:06 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll</p><p>[2013/04/10 00:41:01 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll</p><p>[2013/04/10 00:41:01 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll</p><p>[2013/04/10 00:41:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll</p><p>[2013/04/10 00:41:00 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll</p><p>[2013/04/10 00:41:00 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll</p><p>[2013/04/10 00:40:58 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe</p><p>[2013/04/10 00:40:57 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll</p><p>[2013/04/10 00:40:57 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll</p><p>[2013/04/10 00:40:57 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll</p><p>[2013/04/10 00:40:57 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll</p><p>[2013/04/10 00:40:57 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe</p><p>[2013/04/10 00:40:55 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl</p><p>[2013/04/10 00:40:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl</p><p>[2013/04/10 00:40:54 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll</p><p>[2013/04/10 00:40:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll</p><p>[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]</p><p>[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]</p><p> </p><p><span style="color: #E56717">========== Files - Modified Within 30 Days ==========</span></p><p> </p><p>[2013/05/08 13:56:25 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job</p><p>[2013/05/08 13:51:04 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job</p><p>[2013/05/08 13:49:43 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI</p><p>[2013/05/08 12:59:05 | 000,008,778 | ---- | M] () -- C:\Windows\Sandboxie.ini</p><p>[2013/05/08 12:55:56 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>[2013/05/08 12:55:56 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>[2013/05/08 12:47:02 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job</p><p>[2013/05/08 12:44:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat</p><p>[2013/05/07 19:14:21 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Ronnie\Desktop\mbam-setup-1.75.0.1300.exe</p><p>[2013/05/07 19:10:20 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Ronnie\Desktop\iExplore(1).exe</p><p>[2013/05/07 18:59:45 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ronnie\Desktop\iexplore.exe</p><p>[2013/05/07 18:57:31 | 000,457,632 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Ronnie\Desktop\FixExec.exe</p><p>[2013/05/07 17:26:31 | 000,441,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT</p><p>[2013/05/07 04:43:27 | 000,007,604 | ---- | M] () -- C:\Users\Ronnie\AppData\Local\Resmon.ResmonCfg</p><p>[2013/05/06 23:29:25 | 000,830,578 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI</p><p>[2013/05/06 23:29:25 | 000,702,408 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat</p><p>[2013/05/06 23:29:25 | 000,138,666 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat</p><p>[2013/05/06 03:35:20 | 000,001,077 | ---- | M] () -- C:\Users\Ronnie\Desktop\Kaspersky Security Scan.lnk</p><p>[2013/05/05 13:56:43 | 000,000,834 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk</p><p>[2013/05/05 13:52:46 | 000,598,808 | ---- | M] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwampfl.sys</p><p>[2013/05/05 13:52:45 | 000,210,984 | ---- | M] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwavdt.sys</p><p>[2013/05/05 13:52:45 | 000,184,144 | ---- | M] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwaudio.sys</p><p>[2013/05/05 13:52:45 | 000,039,976 | ---- | M] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwl2cap.sys</p><p>[2013/05/05 13:52:44 | 000,021,544 | ---- | M] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwrchid.sys</p><p>[2013/05/05 13:37:56 | 012,593,024 | ---- | M] (Broadcom Corporation.) -- C:\Users\Ronnie\Desktop\SetupBtwDownloadSE.exe</p><p>[2013/05/04 01:42:27 | 000,000,124 | ---- | M] () -- C:\Users\Ronnie\Documents\ax_files.xml</p><p>[2013/05/02 20:40:33 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys</p><p>[2013/05/02 11:56:06 | 000,000,990 | ---- | M] () -- C:\Users\Ronnie\Desktop\Shortcutz.lnk</p><p>[2013/05/01 19:47:31 | 005,064,153 | R--- | M] (Swearware) -- C:\Users\Ronnie\Desktop\uninstall.exe</p><p>[2013/05/01 12:02:08 | 000,327,767 | ---- | M] () -- C:\Users\Public\Documents\HMDX-JAM-English-full.pdf</p><p>[2013/05/01 12:01:31 | 000,220,844 | ---- | M] () -- C:\Users\Public\Documents\HMDX-JAM-English.pdf</p><p>[2013/04/29 14:54:33 | 000,001,680 | ---- | M] () -- C:\Users\Ronnie\Desktop\SpaceSniffer.lnk</p><p>[2013/04/29 14:54:10 | 000,001,224 | ---- | M] () -- C:\Users\Ronnie\Desktop\Paint.lnk</p><p>[2013/04/29 14:54:05 | 000,001,754 | ---- | M] () -- C:\Users\Ronnie\Desktop\opera.lnk</p><p>[2013/04/29 14:53:28 | 000,001,711 | ---- | M] () -- C:\Users\Ronnie\Desktop\FirefoxNoBank.lnk</p><p>[2013/04/29 14:53:07 | 000,001,730 | ---- | M] () -- C:\Users\Ronnie\Desktop\Everything.lnk</p><p>[2013/04/29 14:52:46 | 000,001,638 | ---- | M] () -- C:\Users\Ronnie\Desktop\My Hacked network.rtf.lnk</p><p>[2013/04/26 21:57:43 | 000,718,840 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avc3.sys</p><p>[2013/04/26 21:57:27 | 000,593,144 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avckf.sys</p><p>[2013/04/24 19:39:08 | 000,000,432 | ---- | M] () -- C:\Users\Public\Documents\My Hacked network.rtf</p><p>[2013/04/22 21:07:48 | 000,001,360 | ---- | M] () -- C:\Users\Public\Documents\Bitdefender uninstall.rtf</p><p>[2013/04/13 02:32:21 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts</p><p>[2013/04/11 09:09:30 | 000,002,096 | ---- | M] () -- C:\Users\Ronnie\Desktop\Switch User.lnk</p><p>[2013/04/11 01:20:33 | 000,001,177 | ---- | M] () -- C:\temp218.bat</p><p>[2013/04/11 01:20:30 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE</p><p>[2013/04/11 00:57:16 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-ARCHIE-VAIO-Microsoft-Windows-7-Home-Premium-(64-bit).dat</p><p>[2013/04/10 23:14:34 | 000,001,296 | ---- | M] () -- C:\Users\Public\Documents\east-tec Eraser 2012.rtf</p><p>[2013/04/10 21:06:49 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe</p><p>[2013/04/10 21:06:49 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl</p><p>[2013/04/10 00:41:01 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll</p><p>[2013/04/10 00:41:01 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll</p><p>[2013/04/10 00:41:01 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll</p><p>[2013/04/10 00:41:00 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll</p><p>[2013/04/10 00:41:00 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll</p><p>[2013/04/10 00:40:58 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe</p><p>[2013/04/10 00:40:58 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe</p><p>[2013/04/10 00:40:57 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll</p><p>[2013/04/10 00:40:57 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll</p><p>[2013/04/10 00:40:57 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll</p><p>[2013/04/10 00:40:57 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll</p><p>[2013/04/10 00:40:55 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl</p><p>[2013/04/10 00:40:55 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl</p><p>[2013/04/10 00:40:54 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll</p><p>[2013/04/10 00:40:54 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll</p><p>[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]</p><p>[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]</p><p> </p><p><span style="color: #E56717">========== Files Created - No Company Name ==========</span></p><p> </p><p>[2013/05/07 17:25:38 | 000,441,936 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT</p><p>[2013/05/06 03:35:28 | 000,001,077 | ---- | C] () -- C:\Users\Ronnie\Desktop\Kaspersky Security Scan.lnk</p><p>[2013/05/05 13:56:43 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Problem Report.lnk</p><p>[2013/05/05 13:54:54 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk</p><p>[2013/05/03 00:48:55 | 000,000,124 | ---- | C] () -- C:\Users\Ronnie\Documents\ax_files.xml</p><p>[2013/05/02 11:55:45 | 000,000,990 | ---- | C] () -- C:\Users\Ronnie\Desktop\Shortcutz.lnk</p><p>[2013/05/01 12:02:08 | 000,327,767 | ---- | C] () -- C:\Users\Public\Documents\HMDX-JAM-English-full.pdf</p><p>[2013/05/01 12:01:31 | 000,220,844 | ---- | C] () -- C:\Users\Public\Documents\HMDX-JAM-English.pdf</p><p>[2013/04/29 14:54:33 | 000,001,680 | ---- | C] () -- C:\Users\Ronnie\Desktop\SpaceSniffer.lnk</p><p>[2013/04/29 14:54:10 | 000,001,224 | ---- | C] () -- C:\Users\Ronnie\Desktop\Paint.lnk</p><p>[2013/04/29 14:54:05 | 000,001,754 | ---- | C] () -- C:\Users\Ronnie\Desktop\opera.lnk</p><p>[2013/04/29 14:53:28 | 000,001,711 | ---- | C] () -- C:\Users\Ronnie\Desktop\FirefoxNoBank.lnk</p><p>[2013/04/29 14:53:07 | 000,001,730 | ---- | C] () -- C:\Users\Ronnie\Desktop\Everything.lnk</p><p>[2013/04/29 14:52:46 | 000,001,638 | ---- | C] () -- C:\Users\Ronnie\Desktop\My Hacked network.rtf.lnk</p><p>[2013/04/24 19:37:24 | 000,000,432 | ---- | C] () -- C:\Users\Public\Documents\My Hacked network.rtf</p><p>[2013/04/22 21:07:48 | 000,001,360 | ---- | C] () -- C:\Users\Public\Documents\Bitdefender uninstall.rtf</p><p>[2013/04/13 11:10:17 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI</p><p>[2013/04/13 02:20:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe</p><p>[2013/04/13 02:20:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe</p><p>[2013/04/13 02:20:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe</p><p>[2013/04/13 02:20:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe</p><p>[2013/04/13 02:20:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe</p><p>[2013/04/11 09:02:57 | 000,002,096 | ---- | C] () -- C:\Users\Ronnie\Desktop\Switch User.lnk</p><p>[2013/04/11 01:20:33 | 000,001,177 | ---- | C] () -- C:\temp218.bat</p><p>[2013/04/11 00:57:16 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-ARCHIE-VAIO-Microsoft-Windows-7-Home-Premium-(64-bit).dat</p><p>[2013/04/10 22:48:48 | 000,001,296 | ---- | C] () -- C:\Users\Public\Documents\east-tec Eraser 2012.rtf</p><p>[2013/04/02 22:58:16 | 000,007,604 | ---- | C] () -- C:\Users\Ronnie\AppData\Local\Resmon.ResmonCfg</p><p>[2013/01/07 18:04:33 | 000,234,544 | ---- | C] () -- C:\Windows\RegBootClean64.exe</p><p>[2012/12/27 07:17:12 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin</p><p>[2012/12/27 07:17:06 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin</p><p>[2012/12/27 07:17:04 | 013,913,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll</p><p>[2012/12/27 07:17:04 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin</p><p>[2012/05/16 21:48:42 | 000,008,778 | ---- | C] () -- C:\Windows\Sandboxie.ini</p><p>[2012/04/14 10:42:10 | 000,816,490 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI</p><p>[2011/09/05 08:19:56 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config</p><p> </p><p><span style="color: #E56717">========== ZeroAccess Check ==========</span></p><p> </p><p>[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64</p><p>"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Apartment</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</p><p>"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Apartment</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64</p><p>"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 14:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Free</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]</p><p>"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2012/08/21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Free</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64</p><p>"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 14:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Both</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]</p><p> </p><p><span style="color: #E56717">========== LOP Check ==========</span></p><p> </p><p>[2013/03/10 14:07:31 | 000,000,000 | ---D | M] -- C:\Users\Ronnie\AppData\Roaming\addpcs</p><p>[2013/03/10 13:26:15 | 000,000,000 | ---D | M] -- C:\Users\Ronnie\AppData\Roaming\Bitdefender</p><p>[2013/03/29 00:59:08 | 000,000,000 | ---D | M] -- C:\Users\Ronnie\AppData\Roaming\Canneverbe Limited</p><p>[2013/04/10 22:53:46 | 000,000,000 | ---D | M] -- C:\Users\Ronnie\AppData\Roaming\EAST Technologies</p><p>[2012/12/19 17:21:53 | 000,000,000 | ---D | M] -- C:\Users\Ronnie\AppData\Roaming\EurekaLog</p><p>[2013/03/16 14:32:07 | 000,000,000 | ---D | M] -- C:\Users\Ronnie\AppData\Roaming\GlarySoft</p><p>[2013/03/10 13:44:18 | 000,000,000 | ---D | M] -- C:\Users\Ronnie\AppData\Roaming\IObit</p><p>[2013/03/10 14:39:36 | 000,000,000 | ---D | M] -- C:\Users\Ronnie\AppData\Roaming\Opera</p><p>[2013/04/29 14:29:46 | 000,000,000 | ---D | M] -- C:\Users\Ronnie\AppData\Roaming\PFStaticIP</p><p>[2013/03/10 13:44:30 | 000,000,000 | ---D | M] -- C:\Users\Ronnie\AppData\Roaming\Process Hacker 2</p><p>[2013/03/10 14:50:27 | 000,000,000 | ---D | M] -- C:\Users\Ronnie\AppData\Roaming\QuickScan</p><p>[2013/04/11 00:50:10 | 000,000,000 | ---D | M] -- C:\Users\Ronnie\AppData\Roaming\Returnil</p><p>[2013/05/02 20:46:26 | 000,000,000 | ---D | M] -- C:\Users\Ronnie\AppData\Roaming\uTorrent</p><p> </p><p><span style="color: #E56717">========== Purity Check ==========</span></p><p> </p><p> </p><p> </p><p><span style="color: #E56717">========== Alternate Data Streams ==========</span></p><p> </p><p>@Alternate Data Stream - 185 bytes -> C:\ProgramData\TEMP:C97C8631</p><p></p><p>< End of report ></p><p></p><p></p><p>aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software</p><p>Run date: 2013-05-08 14:31:18</p><p>-----------------------------</p><p>14:31:18.451 OS Version: Windows x64 6.1.7601 Service Pack 1</p><p>14:31:18.451 Number of processors: 4 586 0x2505</p><p>14:31:18.451 ComputerName: ARCHIE-VAIO UserName: Ronnie</p><p>14:31:25.861 Initialize success</p><p>14:34:10.749 AVAST engine defs: 13050800</p><p>14:35:34.931 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1</p><p>14:35:34.931 Disk 0 Vendor: Size: 476940MB BusType: 0</p><p>14:35:36.273 Disk 0 MBR read successfully</p><p>14:35:36.273 Disk 0 MBR scan</p><p>14:35:36.445 Disk 0 Windows 7 default MBR code</p><p>14:35:36.507 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13468 MB offset 2048</p><p>14:35:36.663 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 27584512</p><p>14:35:36.819 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 463370 MB offset 27789312</p><p>14:35:38.067 Disk 0 scanning C:\Windows\system32\drivers</p><p>14:36:33.603 Service scanning</p><p>14:36:45.334 Service BdfNdisf c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys **LOCKED** 5</p><p>14:36:45.522 Service bdfwfpf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys **LOCKED** 5</p><p>14:37:41.650 Modules scanning</p><p>14:37:42.165 Disk 0 trace - called modules:</p><p>14:37:42.196 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys sptd.sys hal.dll </p><p>14:37:42.196 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80094ed060]</p><p>14:37:42.212 3 CLASSPNP.SYS[fffff880017ae43f] -> nt!IofCallDriver -> [0xfffffa8007428d10]</p><p>14:37:42.212 5 ACPI.sys[fffff880011947a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800742b050]</p><p>14:37:45.223 AVAST engine scan C:\Windows</p><p>14:38:03.444 AVAST engine scan C:\Windows\system32</p><p>14:45:57.654 AVAST engine scan C:\Windows\system32\drivers</p><p>14:46:36.761 AVAST engine scan C:\Users\Ronnie</p><p>14:49:10.359 AVAST engine scan C:\ProgramData</p><p>14:52:15.906 Scan finished successfully</p><p>14:52:51.989 Disk 0 MBR has been saved successfully to "C:\Users\Me&My\Desktop\MBR.dat"</p><p>14:52:52.145 The log file has been saved successfully to "C:\Users\Me&My\Desktop\aswMBR.txt"</p></blockquote><p></p>
[QUOTE="Chigwells, post: 119718, member: 1154"] Hi All! Well I've had Bitdefender IS2013 a couple of months now, and am not happy with it. Will be going back to Comodo firewall plus most likely Avira or maybe Avast or Comodo AV when I get my machine clean again. Symptoms are: software and system freezing frequently. Frequent message from Emsisoft AM that it has quarantined Kazy3653 (B), screenshot 1, followed by a similar announcement by Bitdefender. Only occassionally Emsi requires a restart to remove infection. However, no indication of any new infections in the quarantine though, only in the logs. CORRECTION, I just went to look again in the quarantine to see if it had changed, and it has! Now its showing 9 2013 infections, up until two days ago it was only showing 2012 infections, plus just one in 2013. See screenshot 2 of quarantine. To make this clear, over the past two weeks when I was getting regular messages from Emsi that it had removed infections, there were no such infections listed in the quarantine. Now all of a sudden there are a number, all pretty much at the same date and time too. Sometimes Bitdefender quarantined infections, sometimes not, screenshots 3 & 4 Had a go at fixing the infection myself since first notification of the infection: ran SAS, MBAM, MBAR, Hitman Pro all in normal mode, all clean. Note: SAS did find Trojan prorat back in March, see screenshot 5. Ran it a second time and it came up clean. Attempted to run Kaspersky rescue CD following Jack's guide, but after updating the database was showing as CORRUPTED, so I didn't run it. Then yesterday I followed Jack's 'Malware Removal Guide'. In safe mode with networking I checked for 'no proxy', ran the exe-fix.bat file, ran TDSSKiller at default, then again with all the tick boxes ticked in the 'change parameters'section. Both times came up with nothing. Ran RKill, then full scan in MBAM. MBAM also found nothing. Reading through Fiery's post Malware Removal Guide for Windows I decided to check my hosts file, it came up a bit strange, showing only the one line (as Fiery indicates for XP), not the two lines he describes, screenshot 6. There has also been ongoing strange behaviour, that I'm not sure whether is down to malware or not: I can't set a System Restore point (screenshot 7), Bitdefender changed its settings (AntiVirus Control turned itself off), can't open VAIO Care (Sony own maintenance software). In Windows Media Player, I stream to my stereo system. Every time I want to do this, I have to open services.msc in Admin, and start up 'Windows Media Player Network Sharing Services', which always re-sets itself to 'Disabled', regardless of whether I set it to 'Started-manual', or 'Started-automatic'. As an example of how my system is running, I just opened Services.msc to remind myself of the name of said Service. Services.msc took about 15 seconds to open, and then it was (not responding) for about 20 seconds. I recently discovered and installed CCleaner Enhancer, but as I wasn't sure if it was deleting my settings, I've uninstalled it.I hope this all makes sense, I have tried to be as concise as possible. Included two scans OTL and aswMBR Many thanks in advance, Chig p.s. OTL only delivered one file, OTL.txt, no sign of Extras.txt OTL logfile created on: 08/05/2013 13:59:21 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Me&My\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 7.67 Gb Total Physical Memory | 4.74 Gb Available Physical Memory | 61.85% Memory free 7.67 Gb Paging File | 4.92 Gb Available in Paging File | 64.19% Paging File free Paging file location(s): [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452.51 Gb Total Space | 109.88 Gb Free Space | 24.28% Space Free | Partition Type: NTFS Computer Name: ARCHIE-VAIO | User Name: Ronnie | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Users\Me&My\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\uTorrent\utorrent.exe (BitTorrent Inc.) PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH) PRC - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Monitor.exe (IObit) PRC - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCAvSvc.exe (IOBit) PRC - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCSvc.exe (IObit) PRC - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe (IObit) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO) PRC - C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia) PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia) PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) PRC - C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Care\listener.exe (Sony of America Corporation) PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\f7cb3ae5de64f8cbde3ccc57c780743a\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\madexcept_.bpl () MOD - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\maddisAsm_.bpl () MOD - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\madbasic_.bpl () MOD - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\webres.dll () [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - (VSSERV) -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe (Bitdefender) SRV:[b]64bit:[/b] - (BdDesktopParental) -- C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe (Bitdefender) SRV:[b]64bit:[/b] - (UPDATESRV) -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe (Bitdefender) SRV:[b]64bit:[/b] - (btwdins) -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV:[b]64bit:[/b] - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D) SRV:[b]64bit:[/b] - (VUAgent) -- C:\Program Files\Sony\VAIO Update\VUAgent.exe (Sony Corporation) SRV:[b]64bit:[/b] - (CGVPNCliSrvc) -- C:\Program Files\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH) SRV:[b]64bit:[/b] - (VCService) -- C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation) SRV:[b]64bit:[/b] - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation) SRV:[b]64bit:[/b] - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation) SRV:[b]64bit:[/b] - (VSNService) -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation) SRV:[b]64bit:[/b] - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV:[b]64bit:[/b] - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV:[b]64bit:[/b] - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) SRV - (ASCAntivirusSrv) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCAvSvc.exe (IOBit) SRV - (AdvancedSystemCareService6) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCSvc.exe (IObit) SRV - (KSS) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia) SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation) SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.) DRV:[b]64bit:[/b] - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:[b]64bit:[/b] - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:[b]64bit:[/b] - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:[b]64bit:[/b] - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:[b]64bit:[/b] - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:[b]64bit:[/b] - (BdfNdisf) -- c:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys (BitDefender LLC) DRV:[b]64bit:[/b] - (avc3) -- C:\Windows\SysNative\drivers\avc3.sys (BitDefender) DRV:[b]64bit:[/b] - (avckf) -- C:\Windows\SysNative\drivers\avckf.sys (BitDefender) DRV:[b]64bit:[/b] - (gzflt) -- C:\Windows\SysNative\drivers\gzflt.sys (BitDefender LLC) DRV:[b]64bit:[/b] - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:[b]64bit:[/b] - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:[b]64bit:[/b] - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D) DRV:[b]64bit:[/b] - (BDSandBox) -- C:\Windows\SysNative\drivers\bdsandbox.sys (BitDefender SRL) DRV:[b]64bit:[/b] - (avchv) -- C:\Windows\SysNative\drivers\avchv.sys (BitDefender) DRV:[b]64bit:[/b] - (trufos) -- C:\Windows\SysNative\drivers\trufos.sys (BitDefender S.R.L.) DRV:[b]64bit:[/b] - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project) DRV:[b]64bit:[/b] - (bdfwfpf) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys (BitDefender LLC) DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:[b]64bit:[/b] - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys () DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:[b]64bit:[/b] - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia) DRV:[b]64bit:[/b] - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:[b]64bit:[/b] - (risdsnpe) -- C:\Windows\SysNative\drivers\risdsne64.sys (REDC) DRV:[b]64bit:[/b] - (rimspci) -- C:\Windows\SysNative\drivers\rimssne64.sys (REDC) DRV:[b]64bit:[/b] - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:[b]64bit:[/b] - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:[b]64bit:[/b] - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:[b]64bit:[/b] - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:[b]64bit:[/b] - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:[b]64bit:[/b] - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:[b]64bit:[/b] - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation) DRV:[b]64bit:[/b] - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:[b]64bit:[/b] - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.) DRV:[b]64bit:[/b] - (Spyder2) -- C:\Windows\SysNative\drivers\Spyder2.sys () DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsisoft GmbH) DRV - (a2util) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys (Emsisoft GmbH) DRV - (RapportIaso) -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\46125\RapportIaso64.sys (Trusteer Ltd.) DRV - (a2acc) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys (Emsisoft GmbH) DRV - (a2injectiondriver) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys (Emsisoft GmbH) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE IE - HKCU\..\SearchScopes\{12B77033-590F-4F5D-BAC5-A76B77E74392}: "URL" = http://rover.ebay.com/rover/1/710-42480-16445-15/4?satitle={searchTerms} IE - HKCU\..\SearchScopes\{B0A2A07B-3FEB-40B6-AE45-CDA8F0EA58F2}: "URL" = http://uk.shopping.com/?linkin_id=8056359 IE - HKCU\..\SearchScopes\{C7F913F1-9FF8-4CF2-9926-F7310FCC61C3}: "URL" = http://services.zinio.com/search?s={searchTerms}&rf=sonyslices IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> [color=#E56717]========== FireFox ==========[/color] FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@bullguard.com/onlinescanner: C:\Program Files (x86)\BullGuard Ltd\BullGuard Online Scanner\npbgscanner.dll (BullGuard Ltd.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@IObit.com/np_Asc_Plugin: C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\BrowerProtect\np_Asc_plugin.dll (IObit) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2013\BDTBEXT [2013/02/21 23:08:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2013/02/21 23:08:53 | 000,000,000 | ---D | M] [2013/03/10 14:49:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ronnie\AppData\Roaming\Mozilla\Extensions [2004/06/09 17:03:02 | 000,832,728 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPSWF32.dll O1 HOSTS File: ([2013/04/13 02:32:21 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:[b]64bit:[/b] - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\BrowerProtect\ASCPlugin_Protection.dll (IObit) O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O3:[b]64bit:[/b] - HKLM\..\Toolbar: (&NetWorx Desk Band) - {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - C:\Program Files\NetWorx\deskband.dll (SoftPerfect Research) O4:[b]64bit:[/b] - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4:[b]64bit:[/b] - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender) O4:[b]64bit:[/b] - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project) O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [NetWorx] C:\Program Files\NetWorx\networx.exe (SoftPerfect Research) O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files (x86)\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKCU..\Run: [Advanced SystemCare Ultimate] C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe (IObit) O4 - HKCU..\Run: [KSS] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO) O4 - HKLM..\RunOnce: [C9B06280-BE2C-463B-B204-5AC8818AD0F1] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [MRUBlaster] C:\Program Files (x86)\MRU-Blaster\indexcleaner.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:[b]64bit:[/b] - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found O8:[b]64bit:[/b] - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found O8:[b]64bit:[/b] - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found O8:[b]64bit:[/b] - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html () O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html () O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html () O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html () O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{423D4F55-13A2-4D2E-BBDA-A1774A136043}: DhcpNameServer = 208.67.222.222 208.67.220.220 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D3A558A-88D0-4D83-9C70-BB9C89B1021E}: NameServer = 208.67.222.222,208.67.220.220 O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap11 - No CLSID value found O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (SmartDefragBootTime.exe) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/05/07 19:14:06 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Ronnie\Desktop\mbam-setup-1.75.0.1300.exe [2013/05/07 19:10:14 | 001,752,992 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Ronnie\Desktop\iExplore(1).exe [2013/05/07 18:59:42 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ronnie\Desktop\iexplore.exe [2013/05/07 18:57:31 | 000,457,632 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Ronnie\Desktop\FixExec.exe [2013/05/06 03:35:28 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan [2013/05/06 03:34:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2013/05/06 03:34:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2013/05/05 14:00:56 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices [2013/05/05 14:00:49 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\Documents\Bluetooth Exchange Folder [2013/05/05 14:00:45 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\Broadcom [2013/05/05 13:55:08 | 000,210,984 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwavdt.sys [2013/05/05 13:55:08 | 000,184,144 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwaudio.sys [2013/05/05 13:55:08 | 000,039,976 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwl2cap.sys [2013/05/05 13:55:08 | 000,021,544 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwrchid.sys [2013/05/05 13:36:26 | 012,593,024 | ---- | C] (Broadcom Corporation.) -- C:\Users\Ronnie\Desktop\SetupBtwDownloadSE.exe [2013/05/02 22:06:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcohol Soft [2013/05/02 20:46:26 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Roaming\uTorrent [2013/05/02 20:40:33 | 000,564,824 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys [2013/05/02 20:08:29 | 000,000,000 | ---D | C] -- C:\Temp [2013/05/02 19:59:52 | 000,000,000 | ---D | C] -- C:\Program Files\KernSafe [2013/05/01 19:50:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/05/01 19:32:35 | 005,064,153 | R--- | C] (Swearware) -- C:\Users\Ronnie\Desktop\uninstall.exe [2013/05/01 19:23:10 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW [2013/05/01 12:24:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\AnaSome [2013/05/01 12:17:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\JJ The Man [2013/04/29 14:29:42 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Roaming\PFStaticIP [2013/04/27 19:10:09 | 000,000,000 | ---D | C] -- C:\ProgramData\DVD Shrink [2013/04/27 19:01:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink [2013/04/27 19:01:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Shrink [2013/04/27 17:34:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013/04/27 12:46:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DVDTOOLs [2013/04/27 11:07:33 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\Bluetooth Exchange Folder [2013/04/27 06:53:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BullGuard Ltd [2013/04/26 21:57:43 | 000,718,840 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avc3.sys [2013/04/23 08:08:34 | 000,000,000 | R--D | C] -- C:\Sandbox [2013/04/23 07:12:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013/04/20 12:01:17 | 000,000,000 | ---D | C] -- C:\Windows\XSxS [2013/04/13 16:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie [2013/04/13 02:37:45 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\temp [2013/04/13 02:20:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/04/13 02:20:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/04/13 02:20:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/04/13 02:15:08 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/04/13 02:14:32 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/04/11 23:36:32 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\OneNote Notebooks [2013/04/11 01:24:18 | 000,000,000 | ---D | C] -- C:\ProgramData\bdch [2013/04/11 01:03:31 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE [2013/04/11 00:56:16 | 000,000,000 | ---D | C] -- C:\RegBackup [2013/04/11 00:53:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com [2013/04/11 00:50:08 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Roaming\Returnil [2013/04/11 00:17:29 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\Programs [2013/04/10 22:53:46 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Roaming\EAST Technologies [2013/04/10 22:53:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Logs [2013/04/10 22:53:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses [2013/04/10 22:53:09 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2013/04/10 22:53:09 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\Documents\DbgLogs [2013/04/10 22:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\East-Tec Eraser 2012 [2013/04/10 22:51:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\East-Tec Eraser 2012 [2013/04/10 20:29:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Zoolz [2013/04/10 00:45:10 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013/04/10 00:45:09 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013/04/10 00:45:08 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013/04/10 00:45:07 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013/04/10 00:45:07 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013/04/10 00:45:06 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013/04/10 00:41:01 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/04/10 00:41:01 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/04/10 00:41:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/04/10 00:41:00 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/04/10 00:41:00 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/04/10 00:40:58 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/04/10 00:40:57 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/04/10 00:40:57 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/04/10 00:40:57 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/04/10 00:40:57 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/04/10 00:40:57 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/04/10 00:40:55 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/04/10 00:40:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/04/10 00:40:54 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/04/10 00:40:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/05/08 13:56:25 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/05/08 13:51:04 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/05/08 13:49:43 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI [2013/05/08 12:59:05 | 000,008,778 | ---- | M] () -- C:\Windows\Sandboxie.ini [2013/05/08 12:55:56 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/05/08 12:55:56 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/05/08 12:47:02 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/05/08 12:44:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/05/07 19:14:21 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Ronnie\Desktop\mbam-setup-1.75.0.1300.exe [2013/05/07 19:10:20 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Ronnie\Desktop\iExplore(1).exe [2013/05/07 18:59:45 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ronnie\Desktop\iexplore.exe [2013/05/07 18:57:31 | 000,457,632 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Ronnie\Desktop\FixExec.exe [2013/05/07 17:26:31 | 000,441,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/05/07 04:43:27 | 000,007,604 | ---- | M] () -- C:\Users\Ronnie\AppData\Local\Resmon.ResmonCfg [2013/05/06 23:29:25 | 000,830,578 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/05/06 23:29:25 | 000,702,408 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/05/06 23:29:25 | 000,138,666 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/05/06 03:35:20 | 000,001,077 | ---- | M] () -- C:\Users\Ronnie\Desktop\Kaspersky Security Scan.lnk [2013/05/05 13:56:43 | 000,000,834 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013/05/05 13:52:46 | 000,598,808 | ---- | M] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwampfl.sys [2013/05/05 13:52:45 | 000,210,984 | ---- | M] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwavdt.sys [2013/05/05 13:52:45 | 000,184,144 | ---- | M] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwaudio.sys [2013/05/05 13:52:45 | 000,039,976 | ---- | M] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwl2cap.sys [2013/05/05 13:52:44 | 000,021,544 | ---- | M] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwrchid.sys [2013/05/05 13:37:56 | 012,593,024 | ---- | M] (Broadcom Corporation.) -- C:\Users\Ronnie\Desktop\SetupBtwDownloadSE.exe [2013/05/04 01:42:27 | 000,000,124 | ---- | M] () -- C:\Users\Ronnie\Documents\ax_files.xml [2013/05/02 20:40:33 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys [2013/05/02 11:56:06 | 000,000,990 | ---- | M] () -- C:\Users\Ronnie\Desktop\Shortcutz.lnk [2013/05/01 19:47:31 | 005,064,153 | R--- | M] (Swearware) -- C:\Users\Ronnie\Desktop\uninstall.exe [2013/05/01 12:02:08 | 000,327,767 | ---- | M] () -- C:\Users\Public\Documents\HMDX-JAM-English-full.pdf [2013/05/01 12:01:31 | 000,220,844 | ---- | M] () -- C:\Users\Public\Documents\HMDX-JAM-English.pdf [2013/04/29 14:54:33 | 000,001,680 | ---- | M] () -- C:\Users\Ronnie\Desktop\SpaceSniffer.lnk [2013/04/29 14:54:10 | 000,001,224 | ---- | M] () -- C:\Users\Ronnie\Desktop\Paint.lnk [2013/04/29 14:54:05 | 000,001,754 | ---- | M] () -- C:\Users\Ronnie\Desktop\opera.lnk [2013/04/29 14:53:28 | 000,001,711 | ---- | M] () -- C:\Users\Ronnie\Desktop\FirefoxNoBank.lnk [2013/04/29 14:53:07 | 000,001,730 | ---- | M] () -- C:\Users\Ronnie\Desktop\Everything.lnk [2013/04/29 14:52:46 | 000,001,638 | ---- | M] () -- C:\Users\Ronnie\Desktop\My Hacked network.rtf.lnk [2013/04/26 21:57:43 | 000,718,840 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avc3.sys [2013/04/26 21:57:27 | 000,593,144 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avckf.sys [2013/04/24 19:39:08 | 000,000,432 | ---- | M] () -- C:\Users\Public\Documents\My Hacked network.rtf [2013/04/22 21:07:48 | 000,001,360 | ---- | M] () -- C:\Users\Public\Documents\Bitdefender uninstall.rtf [2013/04/13 02:32:21 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/04/11 09:09:30 | 000,002,096 | ---- | M] () -- C:\Users\Ronnie\Desktop\Switch User.lnk [2013/04/11 01:20:33 | 000,001,177 | ---- | M] () -- C:\temp218.bat [2013/04/11 01:20:30 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE [2013/04/11 00:57:16 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-ARCHIE-VAIO-Microsoft-Windows-7-Home-Premium-(64-bit).dat [2013/04/10 23:14:34 | 000,001,296 | ---- | M] () -- C:\Users\Public\Documents\east-tec Eraser 2012.rtf [2013/04/10 21:06:49 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/04/10 21:06:49 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/04/10 00:41:01 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/04/10 00:41:01 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/04/10 00:41:01 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/04/10 00:41:00 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/04/10 00:41:00 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/04/10 00:40:58 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/04/10 00:40:58 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/04/10 00:40:57 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/04/10 00:40:57 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/04/10 00:40:57 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/04/10 00:40:57 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/04/10 00:40:55 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/04/10 00:40:55 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/04/10 00:40:54 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/04/10 00:40:54 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/05/07 17:25:38 | 000,441,936 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/05/06 03:35:28 | 000,001,077 | ---- | C] () -- C:\Users\Ronnie\Desktop\Kaspersky Security Scan.lnk [2013/05/05 13:56:43 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Problem Report.lnk [2013/05/05 13:54:54 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013/05/03 00:48:55 | 000,000,124 | ---- | C] () -- C:\Users\Ronnie\Documents\ax_files.xml [2013/05/02 11:55:45 | 000,000,990 | ---- | C] () -- C:\Users\Ronnie\Desktop\Shortcutz.lnk [2013/05/01 12:02:08 | 000,327,767 | ---- | C] () -- C:\Users\Public\Documents\HMDX-JAM-English-full.pdf [2013/05/01 12:01:31 | 000,220,844 | ---- | C] () -- C:\Users\Public\Documents\HMDX-JAM-English.pdf [2013/04/29 14:54:33 | 000,001,680 | ---- | C] () -- C:\Users\Ronnie\Desktop\SpaceSniffer.lnk [2013/04/29 14:54:10 | 000,001,224 | ---- | C] () -- C:\Users\Ronnie\Desktop\Paint.lnk [2013/04/29 14:54:05 | 000,001,754 | ---- | C] () -- C:\Users\Ronnie\Desktop\opera.lnk [2013/04/29 14:53:28 | 000,001,711 | ---- | C] () -- C:\Users\Ronnie\Desktop\FirefoxNoBank.lnk [2013/04/29 14:53:07 | 000,001,730 | ---- | C] () -- C:\Users\Ronnie\Desktop\Everything.lnk [2013/04/29 14:52:46 | 000,001,638 | ---- | C] () -- C:\Users\Ronnie\Desktop\My Hacked network.rtf.lnk [2013/04/24 19:37:24 | 000,000,432 | ---- | C] () -- C:\Users\Public\Documents\My Hacked network.rtf [2013/04/22 21:07:48 | 000,001,360 | ---- | C] () -- C:\Users\Public\Documents\Bitdefender uninstall.rtf [2013/04/13 11:10:17 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2013/04/13 02:20:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/04/13 02:20:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/04/13 02:20:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/04/13 02:20:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/04/13 02:20:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/04/11 09:02:57 | 000,002,096 | ---- | C] () -- C:\Users\Ronnie\Desktop\Switch User.lnk [2013/04/11 01:20:33 | 000,001,177 | ---- | C] () -- C:\temp218.bat [2013/04/11 00:57:16 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-ARCHIE-VAIO-Microsoft-Windows-7-Home-Premium-(64-bit).dat [2013/04/10 22:48:48 | 000,001,296 | ---- | C] () -- C:\Users\Public\Documents\east-tec Eraser 2012.rtf [2013/04/02 22:58:16 | 000,007,604 | ---- | C] () -- C:\Users\Ronnie\AppData\Local\Resmon.ResmonCfg [2013/01/07 18:04:33 | 000,234,544 | ---- | C] () -- C:\Windows\RegBootClean64.exe [2012/12/27 07:17:12 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2012/12/27 07:17:06 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2012/12/27 07:17:04 | 013,913,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012/12/27 07:17:04 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2012/05/16 21:48:42 | 000,008,778 | ---- | C] () -- C:\Windows\Sandboxie.ini [2012/04/14 10:42:10 | 000,816,490 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/09/05 08:19:56 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 14:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2012/08/21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 14:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2013/03/10 14:07:31 | 000,000,000 | ---D | M] -- C:\Users\Ronnie\AppData\Roaming\addpcs [2013/03/10 13:26:15 | 000,000,000 | ---D | M] -- C:\Users\Ronnie\AppData\Roaming\Bitdefender [2013/03/29 00:59:08 | 000,000,000 | ---D | M] -- C:\Users\Ronnie\AppData\Roaming\Canneverbe Limited [2013/04/10 22:53:46 | 000,000,000 | ---D | M] -- C:\Users\Ronnie\AppData\Roaming\EAST Technologies [2012/12/19 17:21:53 | 000,000,000 | ---D | M] -- C:\Users\Ronnie\AppData\Roaming\EurekaLog [2013/03/16 14:32:07 | 000,000,000 | ---D | M] -- C:\Users\Ronnie\AppData\Roaming\GlarySoft [2013/03/10 13:44:18 | 000,000,000 | ---D | M] -- C:\Users\Ronnie\AppData\Roaming\IObit [2013/03/10 14:39:36 | 000,000,000 | ---D | M] -- C:\Users\Ronnie\AppData\Roaming\Opera [2013/04/29 14:29:46 | 000,000,000 | ---D | M] -- C:\Users\Ronnie\AppData\Roaming\PFStaticIP [2013/03/10 13:44:30 | 000,000,000 | ---D | M] -- C:\Users\Ronnie\AppData\Roaming\Process Hacker 2 [2013/03/10 14:50:27 | 000,000,000 | ---D | M] -- C:\Users\Ronnie\AppData\Roaming\QuickScan [2013/04/11 00:50:10 | 000,000,000 | ---D | M] -- C:\Users\Ronnie\AppData\Roaming\Returnil [2013/05/02 20:46:26 | 000,000,000 | ---D | M] -- C:\Users\Ronnie\AppData\Roaming\uTorrent [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 185 bytes -> C:\ProgramData\TEMP:C97C8631 < End of report > aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software Run date: 2013-05-08 14:31:18 ----------------------------- 14:31:18.451 OS Version: Windows x64 6.1.7601 Service Pack 1 14:31:18.451 Number of processors: 4 586 0x2505 14:31:18.451 ComputerName: ARCHIE-VAIO UserName: Ronnie 14:31:25.861 Initialize success 14:34:10.749 AVAST engine defs: 13050800 14:35:34.931 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 14:35:34.931 Disk 0 Vendor: Size: 476940MB BusType: 0 14:35:36.273 Disk 0 MBR read successfully 14:35:36.273 Disk 0 MBR scan 14:35:36.445 Disk 0 Windows 7 default MBR code 14:35:36.507 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13468 MB offset 2048 14:35:36.663 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 27584512 14:35:36.819 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 463370 MB offset 27789312 14:35:38.067 Disk 0 scanning C:\Windows\system32\drivers 14:36:33.603 Service scanning 14:36:45.334 Service BdfNdisf c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys **LOCKED** 5 14:36:45.522 Service bdfwfpf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys **LOCKED** 5 14:37:41.650 Modules scanning 14:37:42.165 Disk 0 trace - called modules: 14:37:42.196 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys sptd.sys hal.dll 14:37:42.196 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80094ed060] 14:37:42.212 3 CLASSPNP.SYS[fffff880017ae43f] -> nt!IofCallDriver -> [0xfffffa8007428d10] 14:37:42.212 5 ACPI.sys[fffff880011947a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800742b050] 14:37:45.223 AVAST engine scan C:\Windows 14:38:03.444 AVAST engine scan C:\Windows\system32 14:45:57.654 AVAST engine scan C:\Windows\system32\drivers 14:46:36.761 AVAST engine scan C:\Users\Ronnie 14:49:10.359 AVAST engine scan C:\ProgramData 14:52:15.906 Scan finished successfully 14:52:51.989 Disk 0 MBR has been saved successfully to "C:\Users\Me&My\Desktop\MBR.dat" 14:52:52.145 The log file has been saved successfully to "C:\Users\Me&My\Desktop\aswMBR.txt" [/QUOTE]
Insert quotes…
Verification
Post reply
Top
