Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Win 7 Security 2012 Rogue Anti-Virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Win 7 Security 2012 Rogue Anti-Virus

Unread postby Thrashtolive » December 8th, 2011, 6:28 pm

Hello I was recently infected with the fake anti virus Win 7 Security 2012. I have run a couple anti-spyware programs and it seems to be gone, but I am very uneasy that it was fully removed, and I'm afraid some of the spyware programs I used could also be malicious(Spyware Doctor, and Super Anti Spyware). After I ran these programs I performed a system restore, but I am still concerned. Any help or advice is greatly appreciated, and I think you guys perform a great service here, Thanks!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Theo at 14:12:24 on 2011-12-08
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.7935.6181 [GMT -8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\AsHookDevice.exe
C:\Windows\system32\lxebcoms.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://asus.msn.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOLREC~1.LNK - C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: DhcpNameServer = 192.168.7.254
TCP: Interfaces\{F4ED5F8D-D5B7-445A-A459-B40FB9FD247A} : DhcpNameServer = 192.168.7.254
BHO-X64: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Theo\AppData\Roaming\Mozilla\Firefox\Profiles\139jzlyc.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 Device Handle Service;Device Handle Service;C:\Windows\SysWOW64\AsHookDevice.exe [2010-10-1 203392]
R2 lxeb_device;lxeb_device;C:\Windows\system32\lxebcoms.exe -service --> C:\Windows\system32\lxebcoms.exe -service [?]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 lxebCATSCustConnectService;lxebCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxebserv.exe [2011-11-29 45736]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-8-5 704864]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-12-08 22:11:22 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1FC8A6C6-4CCA-4D71-8446-C25EABDEE2AC}\offreg.dll
2011-12-08 22:11:19 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1FC8A6C6-4CCA-4D71-8446-C25EABDEE2AC}\mpengine.dll
2011-12-08 21:38:47 -------- d-----w- C:\ProgramData\PC Tools
2011-12-08 21:38:47 -------- d-----w- C:\Program Files (x86)\PC Tools Security
2011-12-08 21:38:47 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2011-12-08 21:37:51 -------- d-----w- C:\Windows\SysWow64\sdtmp
2011-12-08 20:50:44 -------- d-----w- C:\Users\Theo\AppData\Roaming\SUPERAntiSpyware.com
2011-12-08 20:50:33 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-12-08 20:50:33 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-12-08 09:34:47 -------- d-----we C:\Windows\system64
2011-11-30 03:46:15 109056 ----a-w- C:\Windows\System32\lxebvs.dll
2011-11-30 03:46:13 836608 ----a-w- C:\Windows\System32\lxebcoin.dll
2011-11-30 03:46:13 1462272 ----a-w- C:\Windows\System32\lxk_g.dll
2011-11-30 03:46:06 983121 ----a-w- C:\Windows\System32\lxk_gf.dll
2011-11-30 03:46:06 65536 ----a-w- C:\Windows\System32\lxebgcfg.dll
2011-11-30 03:46:05 399360 ----a-w- C:\Windows\System32\lxebcui.dll
2011-11-30 03:46:05 148480 ----a-w- C:\Windows\System32\lxebcuir.dll
2011-11-30 03:45:45 -------- d-----w- C:\Program Files\Lexmark Toolbar
2011-11-30 03:45:42 510464 ----a-w- C:\Windows\System32\LXEBwupd.dll
2011-11-30 03:45:42 295592 ----a-w- C:\Windows\System32\LXEBwupd.exe
2011-11-30 03:43:59 86183 ----a-w- C:\Windows\SysWow64\LXEBcfg.dll
2011-11-30 03:26:31 -------- d-----w- C:\ProgramData\Ezprint
2011-11-30 03:23:34 -------- d-----w- C:\ProgramData\Lx_cats
2011-11-30 03:22:32 189440 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\lxebdrpp.dll
2011-11-30 03:21:10 -------- d-----w- C:\Program Files (x86)\Abbyy FineReader 6.0 Sprint
2011-11-30 03:18:02 299008 ----a-w- C:\Windows\SysWow64\LXEBsm.dll
2011-11-30 03:18:02 23552 ----a-w- C:\Windows\SysWow64\LXEBsmr.dll
2011-11-30 03:18:02 23552 ----a-w- C:\Windows\System32\lxebsmr.dll
2011-11-30 03:18:01 381440 ----a-w- C:\Windows\System32\lxebsm.dll
2011-11-28 19:51:52 92672 ----a-w- C:\Windows\System32\CNC860I.DLL
2011-11-28 19:51:52 299520 ----a-w- C:\Windows\System32\CNC860L.DLL
2011-11-28 19:51:52 235008 ----a-w- C:\Windows\System32\CNC860O.DLL
2011-11-28 19:51:52 17920 ----a-w- C:\Windows\System32\CNHMCA6.DLL
2011-11-28 19:51:52 1342976 ----a-w- C:\Windows\System32\CNC860C.DLL
.
==================== Find3M ====================
.
2011-12-08 22:11:18 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-29 16:24:44 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-09-29 04:09:30 3141120 ----a-w- C:\Windows\System32\win32k.sys
2011-09-21 07:07:12 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 14:12:56.49 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 9/20/2011 9:46:39 PM
System Uptime: 12/8/2011 2:04:52 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | CG1330
Processor: AMD Phenom(tm) II X6 1035T Processor | AM3 | 2600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 917 GiB total, 689.918 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Canon MX860 ser Network
Device ID: ROOT\CANON_IJ_NETWORK\0000
Manufacturer: Canon
Name: Canon MX860 ser Network
PNP Device ID: ROOT\CANON_IJ_NETWORK\0000
Service: StillCam
.
==== System Restore Points ===================
.
RP115: 11/22/2011 5:32:38 PM - Windows Update
RP116: 11/25/2011 1:25:18 PM - Windows Update
RP117: 11/29/2011 10:59:04 AM - Windows Update
RP118: 12/2/2011 10:59:40 AM - Windows Update
RP119: 12/6/2011 11:00:00 AM - Windows Update
RP120: 12/8/2011 2:00:37 PM - Restore Operation
RP121: 12/8/2011 2:11:00 PM - Windows Update
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
AI Manager
AMD USB Filter Driver
Apple Application Support
Apple Software Update
ASUS Backup Wizard
ASUSUpdate
AsusVibe2.0
AsusVibeCheckUpdate
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Counter-Strike
ebi.BookReader3J
EPU-4 Engine
Junk Mail filter update
League of Legends
Lexmark Printable Web
Lexmark Toolbar
LOLReplay
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
mIRC
Mozilla Firefox 8.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser (KB973685)
Octoshape add-in for Adobe Flash Player
Pando Media Booster
Platform
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
SoulSeek 157 NS 13e
Steam
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Ventrilo Client
VIA Platform Device Manager
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
XML Notepad 2007
.
==== Event Viewer Messages From Past Week ========
.
12/8/2011 2:07:23 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
12/8/2011 2:07:23 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/8/2011 2:05:14 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxebCATSCustConnectService service to connect.
12/8/2011 2:05:14 PM, Error: Service Control Manager [7000] - The lxebCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/8/2011 2:00:14 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
12/8/2011 2:00:14 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.
12/8/2011 12:09:06 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
12/8/2011 12:09:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/8/2011 12:09:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/8/2011 12:09:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/8/2011 12:08:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/8/2011 12:08:50 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO AsUpIO discache spldr Wanarpv6
12/8/2011 12:08:48 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
12/8/2011 12:08:48 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
12/8/2011 1:58:14 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
12/8/2011 1:58:14 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/8/2011 1:58:14 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/8/2011 1:58:14 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/8/2011 1:58:14 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/8/2011 1:58:14 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/8/2011 1:58:14 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/8/2011 1:58:14 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/8/2011 1:58:14 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/8/2011 1:58:14 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/8/2011 1:58:14 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/8/2011 1:58:14 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/8/2011 1:58:14 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/8/2011 1:52:21 AM, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread
12/8/2011 1:25:31 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
12/8/2011 1:25:11 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
12/8/2011 1:25:09 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
12/8/2011 1:25:09 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
12/8/2011 1:25:08 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
.
==== End Of File ===========================
Thrashtolive
Active Member
 
Posts: 7
Joined: December 8th, 2011, 6:15 pm
Advertisement
Register to Remove

Re: Win 7 Security 2012 Rogue Anti-Virus

Unread postby askey127 » December 11th, 2011, 8:46 am

Hi Thrashtolive,
You have no antivirus.
That constitutes an emergency.
Don't do any unnnecessary surfing until MicrosoftSecurity Essentials is installed below.
-----------------------------------------------------------
Download the Microsoft Security Essentials Installer
The download is here: http://www.microsoft.com/security_essentials/
Save it to your desktop.
Install Microsoft Security Essentials
Double Click the icon for the Microsoft Security Essentials installer.
Let it install, update itself, run a scan and delete anything it finds.
------------------------------------------------
Remove A Program Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click this Entry, if it exists, choose Uninstall/Change, and give permission to Continue:

Pando Media Booster

Take extra care in answering questions posed by any Uninstaller.
-------------------------------------------------
Please download RogueKiller.exe and save it to your desktop.

Run RogueKiller
  • Now quit all running programs.
  • Double click RogueKiller.exe to run it.
  • When prompted, type 1 and hit Enter.
  • A RKreport.txt should appear on your desktop.
  • Note: If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe .
  • Please post the contents of the RKreport.txt in your next Reply.

Let me know how it goes.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13904
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Win 7 Security 2012 Rogue Anti-Virus

Unread postby Thrashtolive » December 11th, 2011, 4:51 pm

Hey askey, I followed all your steps without problems and now here is the RK report.

RogueKiller V6.1.12 [12/02/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Theo [Admin rights]
Mode: Scan -- Date : 12/11/2011 12:47:44

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


Finished : << RKreport[1].txt >>
RKreport[1].txt
Thrashtolive
Active Member
 
Posts: 7
Joined: December 8th, 2011, 6:15 pm

Re: Win 7 Security 2012 Rogue Anti-Virus

Unread postby askey127 » December 11th, 2011, 7:19 pm

Thrashtolive,
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Programs and Features
Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

Adobe Reader 9.1

Take extra care in answering questions posed by any Uninstaller.
--------------------------------------------------------
Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 10.1 are vulnerable.
Go HERE to download AdbeRdr1011_en_US.exe
Save the file to your desktop and run it to install the latest version of Adobe Reader.
After the new Reader is installed, Open Adobe Reader X, as it is called, and OK the license.
Click on Edit and select Preferences.
On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
Click the OK button
When it finishes, you can remove the Installer from your desktop.
-------------------------------------------------
Run RogueKiller
  • Now quit all running programs.
  • Double click RogueKiller.exe to run it.
  • When prompted, type 2 and hit Enter.
  • A RKreport.txt should appear on your desktop.
  • Note: If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe .
  • Please post the contents of the RKreport.txt in your next Reply.
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • Right click the OTL icon and choose "Run as administrator".
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
The Extras.txt file will only appear the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13904
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Win 7 Security 2012 Rogue Anti-Virus

Unread postby Thrashtolive » December 11th, 2011, 11:52 pm

RogueKiller V6.1.12 [12/02/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Theo [Admin rights]
Mode: Remove -- Date : 12/11/2011 19:46:54

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
Thrashtolive
Active Member
 
Posts: 7
Joined: December 8th, 2011, 6:15 pm

Re: Win 7 Security 2012 Rogue Anti-Virus

Unread postby Thrashtolive » December 11th, 2011, 11:53 pm

OTL logfile created on: 12/11/2011 7:50:06 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Theo\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 5.92 Gb Available Physical Memory | 76.36% Memory free
15.50 Gb Paging File | 13.49 Gb Available in Paging File | 87.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.33 Gb Total Space | 687.84 Gb Free Space | 74.98% Space Free | Partition Type: NTFS

Computer Name: THEO-PC | User Name: Theo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/11 19:48:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Theo\Downloads\OTL.exe
PRC - [2011/11/08 19:01:31 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/01/23 17:00:23 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
PRC - [2011/01/23 17:00:20 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
PRC - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/12/23 12:59:42 | 000,232,064 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
PRC - [2009/12/23 12:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\SysWOW64\AsHookDevice.exe
PRC - [2009/06/04 14:10:56 | 005,777,408 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/08 19:01:31 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/05/26 12:42:00 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/01/23 17:00:23 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
MOD - [2011/01/23 17:00:20 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
MOD - [2010/04/05 02:56:20 | 000,094,359 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\epoemdll.dll
MOD - [2010/04/05 02:56:19 | 000,045,221 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\epstring.dll
MOD - [2010/04/05 02:56:17 | 002,203,803 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\epwizres.dll
MOD - [2010/04/05 02:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\epwizard.dll
MOD - [2010/04/05 02:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\customui.dll
MOD - [2010/04/05 02:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\epfunct.dll
MOD - [2010/04/05 02:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\eputil.dll
MOD - [2010/04/05 02:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\imagutil.dll
MOD - [2010/04/01 09:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebdrs.dll
MOD - [2010/04/01 09:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebscw.dll
MOD - [2009/09/30 10:33:08 | 000,024,576 | ---- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2009/06/04 14:10:56 | 005,777,408 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
MOD - [2009/05/27 04:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebdatr.dll
MOD - [2009/04/07 11:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\iptk.dll
MOD - [2009/03/25 15:53:14 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
MOD - [2009/03/09 21:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebcaps.dll
MOD - [2009/03/02 06:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebptp.dll
MOD - [2009/02/20 00:48:43 | 000,023,552 | ---- | M] () -- C:\Windows\SysWOW64\LXEBsmr.dll
MOD - [2009/02/20 00:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\LXEBsm.dll
MOD - [2009/01/15 13:55:10 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/08/03 21:51:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/04/14 11:56:23 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxebcoms.exe -- (lxeb_device)
SRV:64bit: - [2010/04/14 11:56:13 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxebserv.exe -- (lxebCATSCustConnectService)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/12/08 14:05:56 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/04/14 11:56:01 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxebcoms.exe -- (lxeb_device)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/23 12:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysWOW64\AsHookDevice.exe -- (Device Handle Service)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/10 22:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/09/14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/08/03 22:22:36 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/08/03 22:22:36 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/08/03 21:15:44 | 000,268,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/07/15 08:47:42 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/01/27 17:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/12/22 01:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/08/05 22:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/07/15 19:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/10 11:07:02 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/06/10 12:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 12:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/23 06:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/04 17:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/01/04 12:34:48 | 000,011,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys -- (ASInsHelp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-814452065-2995649858-2807105773-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com/
IE - HKU\S-1-5-21-814452065-2995649858-2807105773-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-814452065-2995649858-2807105773-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-814452065-2995649858-2807105773-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/08 19:01:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/09/22 23:23:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Theo\AppData\Roaming\Mozilla\Extensions
[2011/12/10 21:19:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/10 21:19:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/11/08 19:01:31 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/01 12:08:49 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/08 19:01:31 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [lxebmon.exe] C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe ()
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-814452065-2995649858-2807105773-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-814452065-2995649858-2807105773-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.7.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4ED5F8D-D5B7-445A-A459-B40FB9FD247A}: DhcpNameServer = 192.168.7.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/11 19:43:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/12/11 19:38:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/12/11 12:47:26 | 000,000,000 | ---D | C] -- C:\Users\Theo\Desktop\RK_Quarantine
[2011/12/11 12:24:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/12/11 12:24:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/12/11 12:24:28 | 000,374,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2011/12/11 12:23:03 | 010,165,440 | ---- | C] (Microsoft Corporation) -- C:\Users\Theo\Desktop\mseinstall.exe
[2011/12/10 21:30:29 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Roaming\X-Chat 2
[2011/12/10 21:30:29 | 000,000,000 | ---D | C] -- C:\Users\Theo\Documents\Downloads
[2011/12/10 21:30:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\X-Chat 2
[2011/12/10 21:30:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\X-Chat 2
[2011/12/10 21:18:41 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Roaming\Skype
[2011/12/10 21:18:38 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011/12/10 21:18:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/12/10 21:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/12/10 17:42:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
[2011/12/08 13:38:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2011/12/08 13:38:47 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/12/08 13:38:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2011/12/08 13:38:47 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/12/08 13:38:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011/12/08 13:37:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\sdtmp
[2011/12/08 12:50:44 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Roaming\SUPERAntiSpyware.com
[2011/12/08 12:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/12/08 12:50:33 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/12/08 01:34:47 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/11/29 19:46:13 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lxk_g.dll
[2011/11/29 19:46:13 | 000,836,608 | ---- | C] ( ) -- C:\Windows\SysNative\lxebcoin.dll
[2011/11/29 19:46:06 | 000,983,121 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lxk_gf.dll
[2011/11/29 19:45:45 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Toolbar
[2011/11/29 19:45:42 | 000,510,464 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysNative\LXEBwupd.dll
[2011/11/29 19:45:42 | 000,295,592 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysNative\LXEBwupd.exe
[2011/11/29 19:44:33 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark
[2011/11/29 19:44:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexmark Toolbar
[2011/11/29 19:44:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark
[2011/11/29 19:44:12 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Printable Web
[2011/11/29 19:44:02 | 000,126,976 | ---- | C] (Lexmark International Inc.) -- C:\Windows\SysWow64\lxeblnks.dll
[2011/11/29 19:44:01 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebpmui.dll
[2011/11/29 19:44:01 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebinpa.dll
[2011/11/29 19:44:01 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebiesc.dll
[2011/11/29 19:44:00 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebserv.dll
[2011/11/29 19:44:00 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebusb1.dll
[2011/11/29 19:44:00 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeblmpm.dll
[2011/11/29 19:44:00 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebih.exe
[2011/11/29 19:43:59 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcomc.dll
[2011/11/29 19:43:59 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebhbn3.dll
[2011/11/29 19:43:59 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcoms.exe
[2011/11/29 19:43:59 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcfg.exe
[2011/11/29 19:43:59 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcomm.dll
[2011/11/29 19:43:59 | 000,086,183 | ---- | C] (Lexmark International) -- C:\Windows\SysWow64\LXEBcfg.dll
[2011/11/29 19:43:45 | 001,631,744 | ---- | C] ( ) -- C:\Windows\SysNative\lxebserv.dll
[2011/11/29 19:43:45 | 001,331,712 | ---- | C] ( ) -- C:\Windows\SysNative\lxebusb1.dll
[2011/11/29 19:43:45 | 000,557,568 | ---- | C] ( ) -- C:\Windows\SysNative\lxebinpa.dll
[2011/11/29 19:43:45 | 000,547,840 | ---- | C] ( ) -- C:\Windows\SysNative\LXEBhcp.dll
[2011/11/29 19:43:45 | 000,515,584 | ---- | C] ( ) -- C:\Windows\SysNative\lxebiesc.dll
[2011/11/29 19:43:44 | 000,979,968 | ---- | C] ( ) -- C:\Windows\SysNative\lxebpmui.dll
[2011/11/29 19:43:44 | 000,892,416 | ---- | C] ( ) -- C:\Windows\SysNative\lxeblmpm.dll
[2011/11/29 19:43:43 | 001,104,384 | ---- | C] ( ) -- C:\Windows\SysNative\lxebhbn3.dll
[2011/11/29 19:43:43 | 000,520,872 | ---- | C] ( ) -- C:\Windows\SysNative\lxebih.exe
[2011/11/29 19:43:42 | 001,371,648 | ---- | C] ( ) -- C:\Windows\SysNative\lxebcomc.dll
[2011/11/29 19:43:42 | 001,052,328 | ---- | C] ( ) -- C:\Windows\SysNative\lxebcoms.exe
[2011/11/29 19:43:42 | 000,579,584 | ---- | C] ( ) -- C:\Windows\SysNative\lxebcomm.dll
[2011/11/29 19:43:41 | 000,612,008 | ---- | C] ( ) -- C:\Windows\SysNative\lxebcfg.exe
[2011/11/29 19:43:41 | 000,075,264 | ---- | C] (Lexmark International) -- C:\Windows\SysNative\LXEBcfg.dll
[2011/11/29 19:43:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexmark Pro200-S500 Series
[2011/11/29 19:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Pro200-S500 Series
[2011/11/29 19:26:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Ezprint
[2011/11/29 19:23:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Lx_cats
[2011/11/29 19:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 6.0 Sprint
[2011/11/29 19:21:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Abbyy FineReader 6.0 Sprint
[2011/11/28 11:52:33 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2011/11/28 11:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX860 series
[2011/11/28 11:52:29 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLjTH.DLL
[2011/11/28 11:52:29 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLjSE.DLL
[2011/11/28 11:52:29 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLjRU.DLL
[2011/11/28 11:52:29 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLjPT.DLL
[2011/11/28 11:52:29 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLjPL.DLL
[2011/11/28 11:52:29 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLjNL.DLL
[2011/11/28 11:52:29 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLjIT.DLL
[2011/11/28 11:52:29 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLjID.DLL
[2011/11/28 11:52:29 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLjGR.DLL
[2011/11/28 11:52:29 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLjFR.DLL
[2011/11/28 11:52:29 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLjFI.DLL
[2011/11/28 11:52:29 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLjES.DLL
[2011/11/28 11:52:29 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLjDE.DLL
[2011/11/28 11:52:29 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLjTR.DLL
[2011/11/28 11:52:29 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLjNO.DLL
[2011/11/28 11:52:29 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLjKR.DLL
[2011/11/28 11:52:29 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLjHU.DLL
[2011/11/28 11:52:29 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLjDK.DLL
[2011/11/28 11:52:29 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLjCZ.DLL
[2011/11/28 11:52:29 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLjAR.DLL
[2011/11/28 11:52:29 | 000,002,048 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLjTW.DLL
[2011/11/28 11:52:29 | 000,002,048 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLjCN.DLL
[2011/11/28 11:52:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2011/11/28 11:52:28 | 000,262,656 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCF2Lj.DLL
[2011/11/28 11:52:28 | 000,232,448 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFMSj.EXE
[2011/11/28 11:52:28 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLjUS.DLL
[2011/11/28 11:52:28 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLjJP.DLL
[2011/11/28 11:52:16 | 000,290,816 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMLM9N.DLL
[2011/11/28 11:51:52 | 001,342,976 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC860C.DLL
[2011/11/28 11:51:52 | 000,299,520 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC860L.DLL
[2011/11/28 11:51:52 | 000,235,008 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNC860O.DLL
[2011/11/28 11:51:52 | 000,092,672 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC860I.DLL
[2011/11/28 11:51:52 | 000,017,920 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNHMCA6.DLL

========== Files - Modified Within 30 Days ==========

[2011/12/11 19:43:24 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/12/11 12:35:03 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/11 12:35:03 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/11 12:27:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/11 12:27:38 | 1945,505,791 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/11 12:26:44 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/12/11 12:25:03 | 000,743,932 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/11 12:25:03 | 000,626,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/11 12:25:03 | 000,107,502 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/11 12:23:39 | 010,165,440 | ---- | M] (Microsoft Corporation) -- C:\Users\Theo\Desktop\mseinstall.exe
[2011/12/11 12:15:41 | 000,277,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/10 21:30:20 | 000,001,014 | ---- | M] () -- C:\Users\Theo\Desktop\X-Chat 2.lnk
[2011/12/10 21:18:38 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/12/10 17:42:30 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\mIRC.lnk
[2011/12/08 18:45:18 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/08 18:31:41 | 000,000,077 | ---- | M] () -- C:\Users\Theo\Desktop\Driver Courier for Dental Lab.URL
[2011/12/08 14:29:19 | 000,000,088 | ---- | M] () -- C:\Users\Theo\Desktop\MalWare Removal • View topic - Win 7 Security 2012 Rogue Anti-Virus.URL
[2011/12/08 12:51:37 | 000,010,922 | -HS- | M] () -- C:\Users\Theo\AppData\Local\527073h8b231n437w374b1qwo5d6
[2011/12/08 12:51:37 | 000,010,922 | -HS- | M] () -- C:\ProgramData\527073h8b231n437w374b1qwo5d6
[2011/12/04 11:55:01 | 000,001,997 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
[2011/12/04 11:55:01 | 000,001,905 | ---- | M] () -- C:\Users\Theo\Desktop\LOL Recorder.lnk
[2011/11/29 19:53:55 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/29 19:46:47 | 000,218,593 | ---- | M] () -- C:\Windows\SysNative\LexFiles.ulf
[2011/11/29 19:44:36 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\Launch Lexmark Printer Home.LNK
[2011/11/16 02:37:25 | 000,000,077 | ---- | M] () -- C:\Users\Theo\Desktop\Telemarketing Appointment Setter Inside Sales.URL
[2011/11/13 04:11:01 | 000,000,077 | ---- | M] () -- C:\Users\Theo\Desktop\Seasonal Food Runner, Bartender & Cook.URL
[2011/11/13 04:10:58 | 000,000,077 | ---- | M] () -- C:\Users\Theo\Desktop\AMICI'S --- Pizza Drivers - San Mateo.URL

========== Files Created - No Company Name ==========

[2011/12/11 19:43:24 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/12/11 19:43:24 | 000,002,023 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/12/11 12:26:44 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/12/11 12:24:51 | 000,001,901 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/12/10 21:30:20 | 000,001,014 | ---- | C] () -- C:\Users\Theo\Desktop\X-Chat 2.lnk
[2011/12/10 21:18:38 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/12/08 18:31:41 | 000,000,077 | ---- | C] () -- C:\Users\Theo\Desktop\Driver Courier for Dental Lab.URL
[2011/12/08 14:29:19 | 000,000,088 | ---- | C] () -- C:\Users\Theo\Desktop\MalWare Removal • View topic - Win 7 Security 2012 Rogue Anti-Virus.URL
[2011/12/08 01:34:33 | 000,010,922 | -HS- | C] () -- C:\Users\Theo\AppData\Local\527073h8b231n437w374b1qwo5d6
[2011/12/08 01:34:33 | 000,010,922 | -HS- | C] () -- C:\ProgramData\527073h8b231n437w374b1qwo5d6
[2011/11/29 19:46:15 | 000,109,056 | ---- | C] () -- C:\Windows\SysNative\lxebvs.dll
[2011/11/29 19:46:07 | 000,065,106 | ---- | C] () -- C:\Windows\SysNative\lxebprpr.chm
[2011/11/29 19:46:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysNative\lxebgcfg.dll
[2011/11/29 19:46:05 | 000,399,360 | ---- | C] () -- C:\Windows\SysNative\lxebcui.dll
[2011/11/29 19:46:05 | 000,148,480 | ---- | C] () -- C:\Windows\SysNative\lxebcuir.dll
[2011/11/29 19:46:05 | 000,008,694 | ---- | C] () -- C:\Windows\SysNative\lxebcommuilogo_rtl.bmp
[2011/11/29 19:46:05 | 000,008,694 | ---- | C] () -- C:\Windows\SysNative\lxebcommuilogo.bmp
[2011/11/29 19:44:36 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\Launch Lexmark Printer Home.LNK
[2011/11/29 19:44:04 | 000,000,044 | -H-- | C] () -- C:\Windows\SysNative\lxebrwrd.ini
[2011/11/29 19:44:02 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxebcomx.dll
[2011/11/29 19:44:02 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXEBinst.dll
[2011/11/29 19:44:01 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxebins.dll
[2011/11/29 19:44:01 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxebinsb.dll
[2011/11/29 19:44:01 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxebinsr.dll
[2011/11/29 19:44:01 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxebjswr.dll
[2011/11/29 19:44:01 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxebcur.dll
[2011/11/29 19:44:00 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxebcu.dll
[2011/11/29 19:44:00 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxebcub.dll
[2011/11/29 19:43:59 | 000,002,110 | ---- | C] () -- C:\Windows\SysWow64\lxeb.loc
[2011/11/29 19:43:46 | 000,218,593 | ---- | C] () -- C:\Windows\SysNative\LexFiles.ulf
[2011/11/29 19:43:45 | 000,495,616 | ---- | C] () -- C:\Windows\SysNative\LXEBinst.dll
[2011/11/29 19:43:44 | 000,040,448 | ---- | C] () -- C:\Windows\SysNative\lxebjswr.dll
[2011/11/29 19:43:43 | 000,450,048 | ---- | C] () -- C:\Windows\SysNative\lxebins.dll
[2011/11/29 19:43:43 | 000,298,496 | ---- | C] () -- C:\Windows\SysNative\lxebgrd.dll
[2011/11/29 19:43:43 | 000,245,248 | ---- | C] () -- C:\Windows\SysNative\lxebinsb.dll
[2011/11/29 19:43:43 | 000,090,624 | ---- | C] () -- C:\Windows\SysNative\lxebinsr.dll
[2011/11/29 19:43:42 | 000,378,368 | ---- | C] () -- C:\Windows\SysNative\lxebcu.dll
[2011/11/29 19:43:42 | 000,073,216 | ---- | C] () -- C:\Windows\SysNative\lxebcub.dll
[2011/11/29 19:43:42 | 000,022,016 | ---- | C] () -- C:\Windows\SysNative\lxebcur.dll
[2011/11/29 19:43:41 | 000,002,110 | ---- | C] () -- C:\Windows\SysNative\lxeb.loc
[2011/11/29 19:18:02 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEBsm.dll
[2011/11/29 19:18:02 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXEBsmr.dll
[2011/11/29 19:18:02 | 000,023,552 | ---- | C] () -- C:\Windows\SysNative\lxebsmr.dll
[2011/11/29 19:18:01 | 000,381,440 | ---- | C] () -- C:\Windows\SysNative\lxebsm.dll
[2011/11/28 11:51:51 | 000,014,592 | ---- | C] () -- C:\Windows\SysNative\CNC1735D.TBL
[2011/11/16 02:37:25 | 000,000,077 | ---- | C] () -- C:\Users\Theo\Desktop\Telemarketing Appointment Setter Inside Sales.URL
[2011/11/13 04:11:01 | 000,000,077 | ---- | C] () -- C:\Users\Theo\Desktop\Seasonal Food Runner, Bartender & Cook.URL
[2011/11/13 04:10:58 | 000,000,077 | ---- | C] () -- C:\Users\Theo\Desktop\AMICI'S --- Pizza Drivers - San Mateo.URL
[2011/11/01 23:17:47 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/10/09 19:09:29 | 000,743,932 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/20 20:48:52 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/10/01 13:21:52 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2010/10/01 13:21:20 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\ServiceHelp.dll
[2010/10/01 13:21:05 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/10/01 13:21:05 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/10/01 13:21:04 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/10/01 13:21:04 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/10/01 13:19:32 | 000,017,545 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/10/01 13:19:30 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/10/01 13:19:29 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2010/10/01 13:19:29 | 000,010,143 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/10/01 13:17:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 13:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 13:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 13:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/09/21 01:00:13 | 000,000,000 | ---D | M] -- C:\Users\Theo\AppData\Roaming\Asus
[2011/09/21 10:56:39 | 000,000,000 | ---D | M] -- C:\Users\Theo\AppData\Roaming\LolClient
[2011/12/11 03:51:57 | 000,000,000 | ---D | M] -- C:\Users\Theo\AppData\Roaming\SoftGrid Client
[2011/10/09 19:10:00 | 000,000,000 | ---D | M] -- C:\Users\Theo\AppData\Roaming\TP
[2011/12/11 03:51:48 | 000,000,000 | ---D | M] -- C:\Users\Theo\AppData\Roaming\X-Chat 2
[2011/12/04 11:53:18 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
Thrashtolive
Active Member
 
Posts: 7
Joined: December 8th, 2011, 6:15 pm

Re: Win 7 Security 2012 Rogue Anti-Virus

Unread postby Thrashtolive » December 11th, 2011, 11:53 pm

OTL Extras logfile created on: 12/11/2011 7:50:06 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Theo\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 5.92 Gb Available Physical Memory | 76.36% Memory free
15.50 Gb Paging File | 13.49 Gb Available in Paging File | 87.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.33 Gb Total Space | 687.84 Gb Free Space | 74.98% Space Free | Partition Type: NTFS

Computer Name: THEO-PC | User Name: Theo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-814452065-2995649858-2807105773-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX860_series" = Canon MX860 series MP Drivers
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{50C70C4F-25CD-4D46-E4AF-DBC8D94F1835}" = ATI Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{9301985B-D116-4A93-A93D-94580084FF86}" = 64 Bit HP CIO Components Installer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{DF0A41F0-B2FC-0FDA-14C1-D3F2B85C3FC4}" = ATI AVIVO64 Codecs
"{EE277033-38AF-98C7-6698-A0547B92338E}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F7513E19-6224-485E-988D-9BF45BE64B53}" = Windows Live Family Safety
"Lexmark Pro200-S500 Series" = Lexmark Pro200-S500 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{099667C4-11E8-7BB7-989B-684549C90F45}" = CCC Help Polish
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{124C9BD0-8C52-40AB-8238-0605703B1C28}" = ASUS Backup Wizard
"{12E9EB11-ACAA-1724-ECE6-F1E83B87114A}" = CCC Help Hungarian
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1A2E7F01-E3D1-EC5E-D67A-812CFCC3D3E3}" = CCC Help Thai
"{1AF39B5A-9BFE-61DB-9340-104B2DAF4DB4}" = CCC Help Spanish
"{1B927C28-4B49-4BFD-FC0C-73276D6ACF46}" = CCC Help Korean
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24990A39-5F20-4FCA-BAFE-EEF1E4800709}" = Catalyst Control Center - Branding
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2E134EF4-E89C-8E46-17EB-542EC99D0106}" = ccc-core-static
"{33C0BED1-611A-E381-F071-C876EC3B7B81}" = CCC Help Russian
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3F12FA27-BE37-DEC0-7CAA-79543AF0BCCC}" = CCC Help Japanese
"{3F4B407D-CB99-476E-7070-7E8630CD66DB}" = CCC Help German
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4AF95DE2-B54D-4C3F-9494-FD3B558E2C2D}" = AI Manager
"{502667D8-E107-9A5E-35B8-D6A88DD88757}" = CCC Help Portuguese
"{53FFC3BB-A4C4-7908-5D2F-A41B325C4D62}" = CCC Help Swedish
"{56ED9E26-7D26-02A5-AF1C-2AC9C4FD5F42}" = CCC Help Italian
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{821A1791-E031-E771-43B3-43900585BAD6}" = CCC Help Greek
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8BFA1B2F-5B51-0C65-D2CF-E240DEBDA8CA}" = Catalyst Control Center InstallProxy
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC3B000E-7C26-AEC0-4548-4E424817116C}" = CCC Help Dutch
"{AC730B5C-B884-E68A-CD29-4EE0C63884B8}" = CCC Help Czech
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B209B93F-D26E-5C17-D2BF-7BF9C4B3BC54}" = CCC Help Finnish
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CCCEA3CD-2934-8449-C15C-4D3538AFC3FC}" = CCC Help English
"{D0C1755B-AF73-8740-7B60-F349E8387696}" = Catalyst Control Center Graphics Previews Vista
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{D417774C-57E7-1295-9830-B3C830F31DEC}" = CCC Help Norwegian
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E293CF98-1EFA-C0DA-D34C-D632961D059C}" = CCC Help Danish
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E9DBC5C6-715F-4FDF-8DFF-85E2D96B3AAD}" = Catalyst Control Center Localization All
"{E9E94E27-4D44-62EF-61DA-0BB96B62C5DF}" = CCC Help Chinese Standard
"{EBB71031-F16E-41A8-61C2-AB912CB53D46}" = CCC Help Chinese Traditional
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0D64466-F2BC-5E66-9696-8C92028369B6}" = CCC Help French
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}" = ebi.BookReader3J
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}" = XML Notepad 2007
"{FCC1C65A-D6AC-6896-4944-C42EE17C68D0}" = CCC Help Turkish
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Asus Vibe2.0" = AsusVibe2.0
"AsusVibeCheckUpdate_is1" = AsusVibeCheckUpdate
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"LOLReplay" = LOLReplay
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"mIRC" = mIRC
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Soulseek2" = SoulSeek 157 NS 13e
"Steam App 10" = Counter-Strike
"WinLiveSuite_Wave3" = Windows Live Essentials
"X-Chat 2_is1" = X-Chat 2.8.6-2

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-814452065-2995649858-2807105773-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
Thrashtolive
Active Member
 
Posts: 7
Joined: December 8th, 2011, 6:15 pm

Re: Win 7 Security 2012 Rogue Anti-Virus

Unread postby askey127 » December 12th, 2011, 8:34 am

Thrashtolive,
-----------------------------------------------
Enable the Viewing of Hidden Files
  • Close all programs so that you are at your desktop.
  • Click on the Start button. This is the small round button with the Windows flag in the lower left corner.
  • Click on the Control Panel menu option.
  • When the control panel opens click on the Appearance and Personalization link.
  • Under the Folder Options category, click on Show Hidden Files or Folders.
  • Under the Hidden files and folders section select the radio button labeled Show hidden files, folders, or drives.
  • Remove the checkmark from the checkbox labeled Hide extensions for known file types.
  • Remove the checkmark from the checkbox labeled Hide protected operating system files (Recommended).
  • Press the Apply button and then the OK button..
-----------------------------------------------------------
These scanner services will analyze a submitted file, using dozens of different antivirus engines, and provide the results.
Submit a file to Jotti
Please go here : http://virusscan.jotti.org/
On top of the page there is a field to add the filepath. It's labeled "File to scan"
Copy and paste this filepath:
C:\ProgramData\527073h8b231n437w374b1qwo5d6
Then hit Submit or Upload, depending on the scanner.
The scan will take a while before the result comes up so please be patient.
Then copy and/or save the result when you receive it, and post it back here in this thread.

If Jotti's service load is too high, or not responsive, you can upload that filepath to one of the following scanners instead:
http://www.virustotal.com/xhtml/index_en.html
or virus.org here: http://scanner.virus.org/
------------------------------------------------------------
Run MalwareBytes' Anti-Malware

As you already have Malwarebytes' Anti-Malware installed on your computer, could you please do a scan using this procedure:
  • Open Malwarebytes' Anti-Malware (Right click and "Run as administrator")
  • Select the Update tab. Choose Check for Updates.
  • Restart Malwarebytes Anti-Malware after the Update if you have to.
  • After the update has been completed, select the Settings tab, then the Scanner Settings tab
  • For Action for Potentially Unwanted Programs (PUP), choose Show in results list and check for removal
  • Select the Scanner tab.
  • Select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Make sure all items are checked. Then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.
    The same new log can also be found via the Logs tab when the application is re-started.
Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
This allows MBAM to remove additional items that could not be removed while Windows is running.

So we will be looking for the results from the file submission, and the log from Malwarebytes' Anti-Malware.
(By the way, Spyware Doctor and SuperAntiSpyware are NOT malicious, but you don't need them now. You do have to be careful about the exact names of anti-spyware programs. There are hundreds of fakes.)

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13904
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Win 7 Security 2012 Rogue Anti-Virus

Unread postby Thrashtolive » December 12th, 2011, 6:01 pm

[ArcaVir]
2011-12-12 Found nothing
[Frisk F-Prot Antivirus]
2011-12-12 Found nothing
[Avast! antivirus]
2011-12-12 Found nothing
[F-Secure Anti-Virus]
2011-12-12 Found nothing
[Grisoft AVG Anti-Virus]
2011-12-12 Found nothing
[G DATA]
2011-12-12 Found nothing
[Avira AntiVir]
2011-12-12 Found nothing
[Ikarus]
2011-12-12 Found nothing
[Softwin BitDefender]
2011-12-12 Found nothing
[Kaspersky Anti-Virus]
2011-12-12 Found nothing
[ClamAV]
2011-12-12 Found nothing
[Panda Antivirus]
2011-12-09 Found nothing
[CPsecure]
2011-12-12 Found nothing
[Quick Heal]
2011-12-12 Found nothing
[Dr.Web]
2011-12-12 Found nothing
[Sophos]
2011-12-12 Mal/FakeAvCn-C
[Emsisoft Anti-Malware]
2011-12-12 Found nothing
[VirusBlokAda VBA32]
2011-12-12 Found nothing
[ESET]
2011-12-12 Found nothing
[VirusBuster]
2011-12-12 Found nothing


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8358

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/12/2011 12:39:24 PM
mbam-log-2011-12-12 (12-39-24).txt

Scan type: Quick scan
Objects scanned: 168035
Time elapsed: 1 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Thrashtolive
Active Member
 
Posts: 7
Joined: December 8th, 2011, 6:15 pm

Re: Win 7 Security 2012 Rogue Anti-Virus

Unread postby askey127 » December 12th, 2011, 7:29 pm

Thrashtolive,
-------------------------------------------
Reset System Restore Points
  • Go to Start, Control Panel, and click the System icon in the Control Panel.
  • In the left pane click on System Protection.
  • When the Dialog comes up, click on the System protection tab.
  • Check that the drive letter where Windows is located (usually C:) indicates System protection ON.
    (This indicates System restore is turned ON for the Windows drive).
  • Click the Create Button to create a new restore point. In the Name dialog, type a descriptive name and click Create.
  • You will get a message that the Restore Point was created successfully. Click Close.
  • Click OK and close the System window in the Control Panel.
--------------------------------------
  • Go to Start, All programs, Accessories, System Tools, Disk Cleanup.
  • Choose the drive letter where Windows is located (usually C:), and click OK.
  • After it scans, click on Clean up System files
  • Again, choose the drive letter where Windows is located (usually C:), and click OK.
  • After it scans, choose the More Options tab
  • Under "System Restore and Shadow Copies", click Clean up
  • It will ask if you are sure you want to delete all but the most recent restore point. Click Delete.
  • Click OK and verify that you want to delete the files.
The Utility will clean up the Restore points.

Reboot your machine to record the changes you have made.
This System Restore sequence is not to be done regularly, but only as a Special Case after the removal of malware or changes in the Restore settings.


If you are not seeing any incorrect behavior, I would say your system is clean.
Remember, only ONE antivirus and ONE anti-spyware program should be running at a time.
Having more can corrupt your system and cause instability.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13904
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Win 7 Security 2012 Rogue Anti-Virus

Unread postby Thrashtolive » December 13th, 2011, 2:15 am

Thank you so much I appreciate everything.
Thrashtolive
Active Member
 
Posts: 7
Joined: December 8th, 2011, 6:15 pm

Re: Win 7 Security 2012 Rogue Anti-Virus

Unread postby askey127 » December 13th, 2011, 7:45 am

I forgot to mention.
If you start OTL and hit the "Clean Up" button, it will remove itself and most of the tools we used.

Good Luck!
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13904
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Win 7 Security 2012 Rogue Anti-Virus

Unread postby askey127 » December 17th, 2011, 5:31 pm

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13904
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 16 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware