Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

how to remove persistent malware Yieldmaster Revsci etc

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

how to remove persistent malware Yieldmaster Revsci etc

Unread postby mutepail » June 18th, 2012, 4:19 pm

When I open websites I keep getting a message that a tracking cookie has been found. I tried 'cleaning' the computer using malware bytes and hijack this.
This is the log I got after an analysis by the hijack this :

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:08:30, on 18/06/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=fp-yie9
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?fr=fp-yie9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [Nero MediaHome 4] "C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [VideoAcceleratorCommTest] "C:\Program Files\SpeedBit Video Accelerator\CommTest.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-21-2636723537-2607932590-1398714872-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NeroMediaHomeUser.4')
O4 - HKUS\S-1-5-21-2636723537-2607932590-1398714872-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NeroMediaHomeUser.4')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (file missing)
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} (iCloud Web App Plugin) - https://www.icloud.com/system/iCloud.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero MediaHome 4 Service (NeroMediaHomeService.4) - Nero AG - C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: vToolbarUpdater11.1.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe

--
End of file - 7775 bytes
mutepail
Regular Member
 
Posts: 16
Joined: June 18th, 2012, 4:12 pm
Advertisement
Register to Remove

Re: how to remove persistent malware Yieldmaster Revsci etc

Unread postby maxi » June 20th, 2012, 2:07 pm

Hello mutepail,

Welcome to the forum!

My name is maxi and I'll be helping you with any malware problems.

Currently I am working under the guidance of the MRU teachers and everything I post to you, must first be approved by them.
This additional review process can add some extra time to my responses, but I will post back with instructions for you as soon as possible.


Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!"
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your log and will return, as soon as possible, with additional instructions. In the meantime...
Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: how to remove persistent malware Yieldmaster Revsci etc

Unread postby mutepail » June 20th, 2012, 2:10 pm

will do thanks
mutepail
Regular Member
 
Posts: 16
Joined: June 18th, 2012, 4:12 pm

Re: how to remove persistent malware Yieldmaster Revsci etc

Unread postby maxi » June 22nd, 2012, 7:41 am

Hi mutepail,

Win 7 Advice:
  • All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.
  • Your Operating System in use comes with a inbuilt utility called User Access Control(UAC).
  • When prompted by this with anything I ask you to do carry out please select the option Allow.


Step 1
Create a System Restore Point
  • Right-click on the Computer icon and select Properties.
  • In the left pane under Tasks ... click on System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  • Select the System Protection tab ...then choose Create.
  • In the System Restore dialog box, type a description for the restore point ... click Create, again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  • Click OK ...then close the System Restore dialog.
Please leave the System Restore function "turned on" until we are finished and I give you the 'all clean' sign.
If you have successfully created a System Restore Point...we can proceed.

Step 2
OTL Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.

In your next reply please include:
Both logs from OTL.
Any problems you had with my instructions.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: how to remove persistent malware Yieldmaster Revsci etc

Unread postby mutepail » June 22nd, 2012, 8:35 pm

Hi Maxi
Thanks a million for the assistence. I think I managed to follow step 1.
I was not sure how to contact theOTL Scan Is that the same as the DDS scan? If so these are the logs

DS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Liberty at 1:22:48 on 2012-06-23
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.3070.2142 [GMT 1:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://uk.yahoo.com/?fr=fp-yie9
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://uk.yahoo.com/?fr=fp-yie9
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [ares] "c:\program files\ares\Ares.exe" -h
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [Nero MediaHome 4] "c:\program files\nero\nero mediahome 4\NeroMediaHome.exe" /AUTORUN
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7729FED8-B377-4380-A8A5-99727EF95BB2} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.1.0\ViProtocol.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2011-5-23 47968]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2012-3-23 2321520]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-17 654408]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-3-23 31920]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-8-11 2337144]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.1.0\ToolbarUpdater.exe [2012-6-12 935480]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-17 22344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-11 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 257696]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 GKUPRO2D;GKUPRO2D;c:\windows\system32\drivers\GKUPRO2D.sys [2005-2-18 71168]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-11 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-8-12 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-8-11 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-14 17920]
S4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-8-10 1025352]
.
=============== Created Last 30 ================
.
2012-06-22 15:50:25 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 15:49:47 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-22 15:49:47 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 22:27:07 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-06-19 22:27:07 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-06-19 22:23:41 -------- d-----w- c:\program files\RealNetworks
2012-06-19 22:23:15 -------- d-----w- c:\programdata\RealNetworks
2012-06-18 19:34:20 388096 ----a-r- c:\users\liberty\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-06-18 19:34:19 -------- d-----w- c:\program files\Trend Micro
2012-06-17 17:40:14 -------- d-----w- c:\users\liberty\appdata\roaming\Malwarebytes
2012-06-17 17:40:05 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-17 17:40:05 -------- d-----w- c:\programdata\Malwarebytes
2012-06-17 17:40:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-13 21:20:16 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 21:20:13 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 21:20:13 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 21:20:13 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 21:20:00 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 21:19:56 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-13 21:19:53 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 21:19:48 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 21:19:47 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 21:19:47 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-06 21:16:21 -------- d-----w- c:\users\liberty\appdata\local\{7990F045-A35D-45D8-9927-0B6FC0C95D84}
2012-06-06 21:16:09 -------- d-----w- c:\users\liberty\appdata\local\{09C81BFA-513E-4B19-9F60-32F8CB96AC07}
2012-06-06 21:09:56 -------- d-----w- c:\users\liberty\appdata\local\{88955051-45D4-47CD-A3DA-8CE8E8C47157}
2012-06-06 21:09:43 -------- d-----w- c:\users\liberty\appdata\local\{B1D4F66E-9C82-4EF8-AFEF-CEF820CBC328}
2012-06-06 21:07:04 -------- d-----w- c:\users\liberty\appdata\local\{E45F1796-672B-4135-9A06-5058AA723C1F}
2012-06-06 21:06:52 -------- d-----w- c:\users\liberty\appdata\local\{BEA6BBB5-E6F1-4739-BA5A-AA097C0941B8}
2012-06-04 22:42:42 -------- d-----w- c:\users\liberty\appdata\local\{1C5520FE-D1B1-4325-91F8-E3BFAC6385F3}
2012-06-04 20:26:25 -------- d-----w- c:\users\liberty\appdata\local\{0025E162-5757-4275-B397-EBFEFC9049C1}
2012-06-04 20:20:45 -------- d-----w- c:\program files\Amazon
.
==================== Find3M ====================
.
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-04 20:31:06 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-04 20:31:06 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-19 03:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-18 19:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 19:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-03-31 04:39:37 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 10:23:11 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
============= FINISH: 1:23:44.76 ===============

and the attachment

DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/08/2011 19:07:08
System Uptime: 22/06/2012 19:51:01 (6 hours ago)
.
Motherboard: Dell Inc. | | 0WG864
Processor: Intel(R) Pentium(R) D CPU 3.40GHz | Microprocessor | 3391/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 346.411 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 107 GiB total, 79.756 GiB free.
F: is FIXED (NTFS) - 37 GiB total, 37.139 GiB free.
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP109: 12/06/2012 20:47:30 - Scheduled Checkpoint
RP110: 14/06/2012 00:49:04 - Windows Update
RP111: 18/06/2012 20:34:02 - Installed HiJackThis
RP113: 18/06/2012 21:57:44 - Windows Live Essentials
RP114: 18/06/2012 21:58:08 - WLSetup
RP115: 22/06/2012 16:49:27 - Windows Update
RP116: 23/06/2012 00:49:48 - malwareremoval june 2012
RP117: 23/06/2012 00:58:20 - malwareremoval june 2012 2
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.2)
Advanced Uninstaller Free - Version 10
Advertising Center
Amazon MP3 Downloader 1.0.9
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2012
AVG PC Tuneup
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Google Chrome
HiJackThis
iCloud
Internet TV for Windows Media Center
iTunes
Java Auto Updater
Java(TM) 6 Update 30
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero ControlCenter
Nero Installer
Nero MediaHome 4
Nero MediaHome 4 Essentials
Nero MediaHome 4 Help
Nero Online Upgrade
PowerDVD
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Skype™ 5.5
TeamViewer 6
TomTom HOME 2.8.2.2264
TomTom HOME Visual Studio Merge Modules
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
VC80CRTRedist - 8.0.50727.6195
.
==== Event Viewer Messages From Past Week ========
.
23/06/2012 00:26:17, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
23/06/2012 00:07:48, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
22/06/2012 22:45:18, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
16/06/2012 23:58:52, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{7729FED8-B377-4380-A8A5-99727EF95BB2} because another computer on the network has the same name. The server could not start.
.
==== End Of File ===========================
Many Thanks

Mutepail
mutepail
Regular Member
 
Posts: 16
Joined: June 18th, 2012, 4:12 pm

Re: how to remove persistent malware Yieldmaster Revsci etc

Unread postby mutepail » June 22nd, 2012, 8:35 pm

Hi Maxi
Thanks a million for the assistence. I think I managed to follow step 1.
I was not sure how to contact theOTL Scan Is that the same as the DDS scan? If so these are the logs

DS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Liberty at 1:22:48 on 2012-06-23
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.3070.2142 [GMT 1:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://uk.yahoo.com/?fr=fp-yie9
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://uk.yahoo.com/?fr=fp-yie9
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [ares] "c:\program files\ares\Ares.exe" -h
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [Nero MediaHome 4] "c:\program files\nero\nero mediahome 4\NeroMediaHome.exe" /AUTORUN
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7729FED8-B377-4380-A8A5-99727EF95BB2} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.1.0\ViProtocol.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2011-5-23 47968]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2012-3-23 2321520]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-17 654408]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-3-23 31920]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-8-11 2337144]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.1.0\ToolbarUpdater.exe [2012-6-12 935480]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-17 22344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-11 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 257696]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 GKUPRO2D;GKUPRO2D;c:\windows\system32\drivers\GKUPRO2D.sys [2005-2-18 71168]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-11 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-8-12 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-8-11 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-14 17920]
S4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-8-10 1025352]
.
=============== Created Last 30 ================
.
2012-06-22 15:50:25 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 15:49:47 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-22 15:49:47 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 22:27:07 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-06-19 22:27:07 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-06-19 22:23:41 -------- d-----w- c:\program files\RealNetworks
2012-06-19 22:23:15 -------- d-----w- c:\programdata\RealNetworks
2012-06-18 19:34:20 388096 ----a-r- c:\users\liberty\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-06-18 19:34:19 -------- d-----w- c:\program files\Trend Micro
2012-06-17 17:40:14 -------- d-----w- c:\users\liberty\appdata\roaming\Malwarebytes
2012-06-17 17:40:05 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-17 17:40:05 -------- d-----w- c:\programdata\Malwarebytes
2012-06-17 17:40:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-13 21:20:16 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 21:20:13 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 21:20:13 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 21:20:13 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 21:20:00 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 21:19:56 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-13 21:19:53 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 21:19:48 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 21:19:47 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 21:19:47 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-06 21:16:21 -------- d-----w- c:\users\liberty\appdata\local\{7990F045-A35D-45D8-9927-0B6FC0C95D84}
2012-06-06 21:16:09 -------- d-----w- c:\users\liberty\appdata\local\{09C81BFA-513E-4B19-9F60-32F8CB96AC07}
2012-06-06 21:09:56 -------- d-----w- c:\users\liberty\appdata\local\{88955051-45D4-47CD-A3DA-8CE8E8C47157}
2012-06-06 21:09:43 -------- d-----w- c:\users\liberty\appdata\local\{B1D4F66E-9C82-4EF8-AFEF-CEF820CBC328}
2012-06-06 21:07:04 -------- d-----w- c:\users\liberty\appdata\local\{E45F1796-672B-4135-9A06-5058AA723C1F}
2012-06-06 21:06:52 -------- d-----w- c:\users\liberty\appdata\local\{BEA6BBB5-E6F1-4739-BA5A-AA097C0941B8}
2012-06-04 22:42:42 -------- d-----w- c:\users\liberty\appdata\local\{1C5520FE-D1B1-4325-91F8-E3BFAC6385F3}
2012-06-04 20:26:25 -------- d-----w- c:\users\liberty\appdata\local\{0025E162-5757-4275-B397-EBFEFC9049C1}
2012-06-04 20:20:45 -------- d-----w- c:\program files\Amazon
.
==================== Find3M ====================
.
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-04 20:31:06 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-04 20:31:06 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-19 03:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-18 19:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 19:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-03-31 04:39:37 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 10:23:11 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
============= FINISH: 1:23:44.76 ===============

and the attachment

DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/08/2011 19:07:08
System Uptime: 22/06/2012 19:51:01 (6 hours ago)
.
Motherboard: Dell Inc. | | 0WG864
Processor: Intel(R) Pentium(R) D CPU 3.40GHz | Microprocessor | 3391/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 346.411 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 107 GiB total, 79.756 GiB free.
F: is FIXED (NTFS) - 37 GiB total, 37.139 GiB free.
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP109: 12/06/2012 20:47:30 - Scheduled Checkpoint
RP110: 14/06/2012 00:49:04 - Windows Update
RP111: 18/06/2012 20:34:02 - Installed HiJackThis
RP113: 18/06/2012 21:57:44 - Windows Live Essentials
RP114: 18/06/2012 21:58:08 - WLSetup
RP115: 22/06/2012 16:49:27 - Windows Update
RP116: 23/06/2012 00:49:48 - malwareremoval june 2012
RP117: 23/06/2012 00:58:20 - malwareremoval june 2012 2
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.2)
Advanced Uninstaller Free - Version 10
Advertising Center
Amazon MP3 Downloader 1.0.9
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2012
AVG PC Tuneup
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Google Chrome
HiJackThis
iCloud
Internet TV for Windows Media Center
iTunes
Java Auto Updater
Java(TM) 6 Update 30
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero ControlCenter
Nero Installer
Nero MediaHome 4
Nero MediaHome 4 Essentials
Nero MediaHome 4 Help
Nero Online Upgrade
PowerDVD
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Skype™ 5.5
TeamViewer 6
TomTom HOME 2.8.2.2264
TomTom HOME Visual Studio Merge Modules
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
VC80CRTRedist - 8.0.50727.6195
.
==== Event Viewer Messages From Past Week ========
.
23/06/2012 00:26:17, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
23/06/2012 00:07:48, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
22/06/2012 22:45:18, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
16/06/2012 23:58:52, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{7729FED8-B377-4380-A8A5-99727EF95BB2} because another computer on the network has the same name. The server could not start.
.
==== End Of File ===========================
Many Thanks

Mutepail
mutepail
Regular Member
 
Posts: 16
Joined: June 18th, 2012, 4:12 pm

Re: how to remove persistent malware Yieldmaster Revsci etc

Unread postby maxi » June 23rd, 2012, 1:13 pm

Hi mutepail , Apolagies for not giving you instructions for downloading otl :)

RE: AVG PC Tuneup 2012. This program contains a registry 'cleaner'. I do not recommend the user of registry cleaners as they can cause more problems than they resolve. I would recommend uninstalling the program. I have added it to the list of programs to be uninstalled below.

Create a System Restore Point like you did before

Step 1
Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following if present.
HiJackThis
Java Auto Updater
Java(TM) 6 Update 30
AVG PC Tuneup
Advertising Center


Step 2
TDSSKiller - Rootkit Removal Tool - Scan only
Please download the TDSSKiller.exe by Kaspersky and save it to your Desktop. <-Important!!!
  1. Right-click on TDSSKiller.exe and select "Run As Administrator..." to run the tool for known TDSS/TDL variants.
    If TDSSKiller does not run, please rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. zarodinu.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Please select Skip instead of Cure (default).
  5. Then click Continue, then Close and then Close again.
  6. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory (usually Local Disk C:).
  7. Copy and paste the contents of that file in your next reply.


Step 3
Please download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe And select Run as administrator to run it.
  • Under Output, ensure that Standard Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
      Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.


In your next reply please include:
The log from TDSSKiller.
Both logs from OTL.
Any problems you had with my instructions.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: how to remove persistent malware Yieldmaster Revsci etc

Unread postby mutepail » June 23rd, 2012, 3:44 pm

Hi
step one done

step 2 nothing found step three

OTL logfile created on: 23/06/2012 19:32:10 - Run 1
OTL by OldTimer - Version 3.2.52.0 Folder = C:\Users\Liberty\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 60.18% Memory free
5.99 Gb Paging File | 4.63 Gb Available in Paging File | 77.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 345.68 Gb Free Space | 74.23% Space Free | Partition Type: NTFS
Drive E: | 107.07 Gb Total Space | 79.76 Gb Free Space | 74.49% Space Free | Partition Type: NTFS
Drive F: | 37.24 Gb Total Space | 37.14 Gb Free Space | 99.74% Space Free | Partition Type: NTFS

Computer Name: LIBERTY-PC | User Name: Liberty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days

========== Processes (SafeList) ==========

PRC - [2012/06/23 19:30:41 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Liberty\Downloads\OTL (1).com
PRC - [2012/06/19 23:27:09 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/06/12 19:46:54 | 000,935,480 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
PRC - [2012/06/12 19:46:52 | 001,104,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/19 04:51:54 | 001,254,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/03/23 12:33:12 | 000,224,888 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2012/03/23 12:31:04 | 000,031,920 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/03/23 05:57:00 | 002,321,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgfws.exe
PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/23 13:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/06/24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/04/22 13:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/06/23 15:59:32 | 000,259,368 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/12 19:47:02 | 000,132,664 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll
MOD - [2012/06/12 19:46:52 | 001,104,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


========== Win32 Services (SafeList) ==========

SRV - [2012/06/12 19:46:54 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0)
SRV - [2012/05/04 21:31:07 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/03/23 12:31:04 | 000,031,920 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/03/23 05:57:00 | 002,321,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/01 09:17:00 | 001,025,352 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/08/11 00:23:07 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/06/01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/07/14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/23 15:59:32 | 000,259,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe -- (NeroMediaHomeService.4)


========== Driver Services (SafeList) ==========

DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/05/23 01:03:28 | 000,047,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2010/11/20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 23:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/06/05 19:12:34 | 000,219,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express) Intel(R)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/02/06 13:27:04 | 000,185,728 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2005/02/18 11:57:10 | 000,071,168 | ---- | M] (Gemplus) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GKUPRO2D.sys -- (GKUPRO2D)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWise.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2636723537-2607932590-1398714872-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-2636723537-2607932590-1398714872-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-2636723537-2607932590-1398714872-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2636723537-2607932590-1398714872-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
IE - HKU\S-1-5-21-2636723537-2607932590-1398714872-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2636723537-2607932590-1398714872-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-2636723537-2607932590-1398714872-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 16 CA 73 00 B2 57 CC 01 [binary data]
IE - HKU\S-1-5-21-2636723537-2607932590-1398714872-1000\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWise.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2636723537-2607932590-1398714872-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-2636723537-2607932590-1398714872-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2636723537-2607932590-1398714872-1000\..\SearchScopes\{8378A430-C5BE-46A0-87AC-B1D603B5B58E}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-2636723537-2607932590-1398714872-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={9A29710C-CE5B-4E16-97F4-6E931D9737F4}&mid=0f7b3d31f58547d190f2d15f3028a4f2-beff40037ec6bcb1f54da5d1edc34f8853ac98e7&lang=en&ds=AVG&pr=pr&d=2012-04-07 17:42:34&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2636723537-2607932590-1398714872-1000\..\SearchScopes\{B3619845-7413-41E3-AB8C-E03039F0916C}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
IE - HKU\S-1-5-21-2636723537-2607932590-1398714872-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2636723537-2607932590-1398714872-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-2636723537-2607932590-1398714872-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7.1
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.1.0: C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.1.0: C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/06/12 19:52:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012/06/12 19:47:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012/06/19 23:23:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/04/27 19:51:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1BC4187C-4BB6-4C5A-A11A-3FB535AE04AB}: C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012/06/19 23:23:42 | 000,000,000 | ---D | M]

[2011/08/11 11:41:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Liberty\AppData\Roaming\Mozilla\Extensions
[2011/02/27 00:11:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Liberty\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2011/11/10 16:42:16 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={9A29710C-CE5B-4E16-97F4-6E931D9737F4}&mid=0f7b3d31f58547d190f2d15f3028a4f2-beff40037ec6bcb1f54da5d1edc34f8853ac98e7&lang=en&ds=AVG&pr=pr&d=2012-04-07 17:42:34&v=10.2.0.3&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Liberty\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\plugins/avgnpss.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Liberty\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: AVG Safe Search = C:\Users\Liberty\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: AVG Safe Search = C:\Users\Liberty\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2111_0\
CHR - Extension: vshare plugin = C:\Users\Liberty\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
CHR - Extension: AVG Do-Not-Track = C:\Users\Liberty\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2126_0\

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (WiseConvert Toolbar) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWise.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (WiseConvert Toolbar) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWise.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2636723537-2607932590-1398714872-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKU\S-1-5-21-2636723537-2607932590-1398714872-1000\..\Toolbar\WebBrowser: (WiseConvert Toolbar) - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - C:\Program Files\WiseConvert\prxtbWise.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Nero MediaHome 4] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero AG)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-2636723537-2607932590-1398714872-1000..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2636723537-2607932590-1398714872-1000..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h File not found
O4 - HKU\S-1-5-21-2636723537-2607932590-1398714872-1000..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2636723537-2607932590-1398714872-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2636723537-2607932590-1398714872-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-21-2636723537-2607932590-1398714872-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2636723537-2607932590-1398714872-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll File not found
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab (iCloud Web App Plugin)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7729FED8-B377-4380-A8A5-99727EF95BB2}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6f93db0b-c3fa-11e0-b0af-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6f93db0b-c3fa-11e0-b0af-806e6f6e6963}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 360 Days ==========

[2012/06/23 19:22:45 | 000,000,000 | ---D | C] -- C:\Program Files\WiseConvert
[2012/06/23 19:07:42 | 000,000,000 | ---D | C] -- C:\Users\Liberty\Desktop\tdsskiller
[2012/06/23 18:48:00 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Roaming\Systweak
[2012/06/23 18:47:59 | 000,017,320 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe
[2012/06/22 16:50:26 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/22 16:50:25 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/22 16:50:02 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/22 16:50:02 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/22 16:50:02 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/22 16:49:47 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/22 16:49:47 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/19 23:27:13 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2012/06/19 23:23:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2012/06/19 23:23:41 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2012/06/19 23:23:15 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2012/06/18 20:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/06/17 18:40:14 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Roaming\Malwarebytes
[2012/06/17 18:40:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/14 00:50:11 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/06/14 00:50:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/14 00:50:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/06/14 00:50:10 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/06/14 00:50:09 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/06/14 00:50:09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/06/14 00:50:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/13 22:20:13 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/06/13 22:20:13 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/06/13 22:20:13 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/06/13 22:20:00 | 002,343,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/06/12 19:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/06/06 22:16:21 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\{7990F045-A35D-45D8-9927-0B6FC0C95D84}
[2012/06/06 22:16:09 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\{09C81BFA-513E-4B19-9F60-32F8CB96AC07}
[2012/06/06 22:09:56 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\{88955051-45D4-47CD-A3DA-8CE8E8C47157}
[2012/06/06 22:09:43 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\{B1D4F66E-9C82-4EF8-AFEF-CEF820CBC328}
[2012/06/06 22:07:04 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\{E45F1796-672B-4135-9A06-5058AA723C1F}
[2012/06/06 22:06:52 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\{BEA6BBB5-E6F1-4739-BA5A-AA097C0941B8}
[2012/06/04 23:42:42 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\{1C5520FE-D1B1-4325-91F8-E3BFAC6385F3}
[2012/06/04 21:26:25 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\{0025E162-5757-4275-B397-EBFEFC9049C1}
[2012/06/04 21:20:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[2012/06/04 21:20:45 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2012/06/04 20:26:19 | 000,000,000 | ---D | C] -- C:\Users\Liberty\Desktop\DCIM
[2012/05/26 13:24:30 | 000,000,000 | ---D | C] -- C:\Users\Liberty\Desktop\965YOKDJ
[2012/05/19 18:01:17 | 000,000,000 | ---D | C] -- C:\Program Files\same4app
[2012/05/19 17:57:52 | 000,000,000 | ---D | C] -- C:\Users\Liberty\Desktop\Movies
[2012/05/19 14:08:43 | 000,000,000 | ---D | C] -- C:\Users\Liberty\Desktop\My Shared Folder
[2012/05/18 23:58:04 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\{BCC9AB16-2DD1-40A6-8FBD-8E3378262A6E}
[2012/05/18 23:58:04 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\{A9190198-9B1D-43F9-9DF1-75AC0C05D52C}
[2012/05/18 20:27:30 | 000,000,000 | ---D | C] -- C:\Users\Liberty\Desktop\Trance-Formation of America - Mark Philips and Cathy O'Brien (9th printing, Photos).pdf
[2012/05/17 23:28:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/05/17 23:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/05/16 01:11:47 | 000,000,000 | ---D | C] -- C:\Users\Liberty\Documents\Outlook Files
[2012/05/11 00:17:06 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/05/11 00:17:05 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/05/11 00:16:58 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/05/07 22:20:15 | 000,000,000 | ---D | C] -- C:\Users\Liberty\Desktop\fotos 7.5.12
[2012/04/30 14:42:49 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\AVG Secure Search
[2012/04/22 14:16:34 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Roaming\RealNetworks
[2012/04/19 04:50:26 | 000,024,896 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidshx.sys
[2012/04/18 20:56:30 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2012/04/18 20:56:30 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2012/04/08 19:29:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2012/04/07 17:42:30 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/04/06 22:34:48 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Roaming\AVG
[2012/04/06 22:33:47 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/04/06 12:30:11 | 000,000,000 | ---D | C] -- C:\Users\Liberty\Desktop\lumbar radiology
[2012/04/05 22:28:09 | 000,000,000 | ---D | C] -- C:\Users\Liberty\Desktop\823WGTMA
[2012/04/05 22:26:22 | 000,000,000 | ---D | C] -- C:\Users\Liberty\Desktop\860OKMZO
[2012/03/29 21:00:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/29 21:00:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/29 21:00:07 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/29 15:26:12 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/03/19 05:17:28 | 000,301,248 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2012/03/13 19:15:25 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2012/03/08 00:37:22 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\Innovative Solutions
[2012/03/08 00:37:05 | 000,000,000 | ---D | C] -- C:\Windows\Fonts\AdvUninstal
[2012/03/08 00:37:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller Free
[2012/03/08 00:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions
[2012/03/08 00:37:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Innovative Solutions
[2012/03/08 00:36:58 | 000,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions
[2012/02/23 00:42:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2012/02/23 00:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2012/02/23 00:40:38 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2012/02/23 00:36:46 | 000,000,000 | ---D | C] -- C:\Users\Liberty\Desktop\Tanaka
[2012/02/22 05:25:32 | 000,235,216 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2012/02/21 22:29:27 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\{F1659C09-9CF3-42C2-B913-7453CE05DFE5}
[2012/02/21 22:29:15 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\{8499A5BF-9781-4746-933A-B60CDF1D5CE8}
[2012/02/21 22:15:05 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2012/02/21 22:15:05 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2012/02/21 22:15:04 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2012/02/21 22:14:40 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2012/02/21 22:10:14 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\Windows Live
[2012/02/21 22:10:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2012/02/15 14:00:38 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012/02/15 12:01:50 | 004,547,944 | ---- | C] (Apple, Inc.) -- C:\Windows\System32\usbaaplrc.dll
[2012/02/09 00:43:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012/02/08 19:58:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2012/02/08 19:58:39 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2012/02/06 23:59:48 | 000,000,000 | ---D | C] -- C:\Users\Liberty\Desktop\860OKMZOLM (2)
[2012/02/06 23:50:39 | 000,000,000 | ---D | C] -- C:\Users\Liberty\Desktop\860OKMZOLM
[2012/01/31 04:46:50 | 000,031,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2012/01/25 18:52:55 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2012/01/25 18:52:55 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2012/01/18 22:41:02 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012/01/18 22:32:27 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid
[2012/01/11 16:00:38 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/01/11 16:00:37 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/01/11 16:00:37 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2011/12/28 02:43:18 | 000,000,000 | ---D | C] -- C:\Program Files\Ares Vista
[2011/12/23 13:32:14 | 000,041,040 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2011/12/23 13:32:08 | 000,017,232 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidsshimx.sys
[2011/12/23 13:32:06 | 000,024,144 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidsfilterx.sys
[2011/12/23 13:32:00 | 000,139,856 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidsdriverx.sys
[2011/12/22 22:31:38 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/12/18 15:23:58 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/12/18 15:23:49 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\Conduit
[2011/12/18 15:14:10 | 000,000,000 | ---D | C] -- C:\ProgramData\RegWork
[2011/12/18 15:14:03 | 000,000,000 | ---D | C] -- C:\Program Files\RegWork
[2011/12/17 19:46:28 | 000,000,000 | ---D | C] -- C:\Program Files\StartSearch plugin
[2011/12/15 16:36:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/15 16:36:48 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/15 16:34:32 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/08 21:18:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2011/12/03 16:40:13 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/12/03 16:26:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2011/11/30 15:46:19 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2011/11/30 15:45:40 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2011/11/30 15:45:40 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2011/11/10 16:42:58 | 000,000,000 | ---D | C] -- C:\Users\Liberty\Documents\TomTom
[2011/11/10 16:42:56 | 000,000,000 | ---D | C] -- C:\ProgramData\TomTom
[2011/11/10 16:42:35 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Roaming\TomTom
[2011/11/10 16:42:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
[2011/11/10 16:42:22 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V
[2011/11/10 16:42:12 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom HOME 2
[2011/10/25 21:04:50 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\Ilivid Player
[2011/10/25 21:03:43 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\PackageAware
[2011/10/22 14:48:09 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2011/10/21 22:50:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011/10/21 22:49:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/10/13 21:25:13 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/12 19:04:50 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Roaming\AVG2012
[2011/10/12 11:27:49 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/10/12 11:27:49 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2011/10/12 11:27:49 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/10/12 11:27:49 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011/10/12 11:27:49 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011/10/01 20:08:11 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/09/10 21:14:19 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/09/10 21:14:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/09/10 21:13:42 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/09/10 21:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/08/30 23:05:04 | 000,178,536 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dnssdX.dll
[2011/08/30 23:05:04 | 000,083,816 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe
[2011/08/30 23:05:04 | 000,073,064 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dnssd.dll
[2011/08/30 23:05:04 | 000,050,536 | ---- | C] (Apple Inc.) -- C:\Windows\System32\jdns_sd.dll
[2011/08/28 20:42:44 | 000,000,000 | ---D | C] -- C:\Users\Liberty\Desktop\MP3
[2011/08/28 16:29:57 | 000,000,000 | ---D | C] -- C:\Program Files\vShare.tv plugin
[2011/08/22 22:31:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2011/08/14 19:18:03 | 000,000,000 | ---D | C] -- C:\Users\Liberty\Documents\Nero Home
[2011/08/12 11:25:09 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2011/08/12 11:25:09 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2011/08/12 11:25:06 | 001,171,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/08/12 11:25:06 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2011/08/12 11:25:06 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2011/08/12 11:25:05 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2011/08/12 11:25:04 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2011/08/12 11:25:04 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011/08/12 11:25:03 | 000,322,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011/08/12 11:25:02 | 003,207,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/08/12 11:25:02 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2011/08/12 11:25:01 | 001,334,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2011/08/12 11:25:01 | 000,520,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2011/08/12 11:25:00 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011/08/12 11:25:00 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2011/08/12 11:24:59 | 001,115,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2011/08/12 11:24:58 | 005,066,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuthFWSnapin.dll
[2011/08/12 11:24:57 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011/08/12 11:24:56 | 001,828,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2011/08/12 11:24:56 | 000,505,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2011/08/12 11:24:55 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2011/08/12 11:24:55 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2011/08/12 11:24:55 | 000,280,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2011/08/12 11:24:55 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PushPrinterConnections.exe
[2011/08/12 11:24:54 | 003,367,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2011/08/12 11:24:54 | 001,371,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmcore.dll
[2011/08/12 11:24:54 | 000,863,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2011/08/12 11:24:54 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavengeui.dll
[2011/08/12 11:24:53 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWorkspace.dll
[2011/08/12 11:24:53 | 000,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsmf.dll
[2011/08/12 11:24:52 | 002,522,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2011/08/12 11:24:52 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2011/08/12 11:24:52 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2011/08/12 11:24:51 | 002,151,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2011/08/12 11:24:51 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpprefcl.dll
[2011/08/12 11:24:51 | 000,252,928 | ---- | C] (Microsoft) -- C:\Windows\System32\DShowRdpFilter.dll
[2011/08/12 11:24:51 | 000,049,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2011/08/12 11:24:50 | 001,792,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2011/08/12 11:24:50 | 000,974,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppobjs.dll
[2011/08/12 11:24:50 | 000,732,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2011/08/12 11:24:50 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2011/08/12 11:24:50 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2011/08/12 11:24:50 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2011/08/12 11:24:49 | 001,712,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/08/12 11:24:49 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2011/08/12 11:24:49 | 000,508,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2011/08/12 11:24:49 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppwinob.dll
[2011/08/12 11:24:49 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2011/08/12 11:24:48 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
[2011/08/12 11:24:48 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfds.dll
[2011/08/12 11:24:48 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedynos.dll
[2011/08/12 11:24:48 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp.dll
[2011/08/12 11:24:47 | 001,063,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\werconcpl.dll
[2011/08/12 11:24:47 | 000,762,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2011/08/12 11:24:47 | 000,442,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2011/08/12 11:24:47 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2011/08/12 11:24:47 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appmgr.dll
[2011/08/12 11:24:47 | 000,240,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011/08/12 11:24:47 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpclip.exe
[2011/08/12 11:24:47 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2011/08/12 11:24:46 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2011/08/12 11:24:46 | 000,508,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/08/12 11:24:46 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2011/08/12 11:24:46 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2011/08/12 11:24:46 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/08/12 11:24:46 | 000,144,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2011/08/12 11:24:45 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2011/08/12 11:24:45 | 000,778,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2011/08/12 11:24:45 | 000,776,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\calc.exe
[2011/08/12 11:24:45 | 000,335,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSATAPI.dll
[2011/08/12 11:24:45 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpnike.dll
[2011/08/12 11:24:44 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe
[2011/08/12 11:24:44 | 000,271,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fveapi.dll
[2011/08/12 11:24:44 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hgprint.dll
[2011/08/12 11:24:43 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2011/08/12 11:24:43 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prncache.dll
[2011/08/12 11:24:42 | 002,504,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2011/08/12 11:24:42 | 000,690,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2011/08/12 11:24:42 | 000,458,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2011/08/12 11:24:42 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2011/08/12 11:24:42 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2011/08/12 11:24:42 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2011/08/12 11:24:42 | 000,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2011/08/12 11:24:42 | 000,175,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vmbus.sys
[2011/08/12 11:24:42 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\net1.exe
[2011/08/12 11:24:42 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2011/08/12 11:24:42 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2011/08/12 11:24:42 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aitagent.exe
[2011/08/12 11:24:41 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2011/08/12 11:24:41 | 001,750,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2011/08/12 11:24:41 | 000,782,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll
[2011/08/12 11:24:41 | 000,464,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrptadm.dll
[2011/08/12 11:24:41 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netdiagfx.dll
[2011/08/12 11:24:41 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSHVHOST.DLL
[2011/08/12 11:24:41 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscfgwmi.dll
[2011/08/12 11:24:41 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fde.dll
[2011/08/12 11:24:41 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2011/08/12 11:24:41 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011/08/12 11:24:41 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2011/08/12 11:24:40 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdengin2.dll
[2011/08/12 11:24:40 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2ENC.DLL
[2011/08/12 11:24:40 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2011/08/12 11:24:40 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmicsvc.exe
[2011/08/12 11:24:40 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscobj.dll
[2011/08/12 11:24:40 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011/08/12 11:24:39 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2011/08/12 11:24:39 | 000,630,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DXPTaskRingtone.dll
[2011/08/12 11:24:39 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2011/08/12 11:24:39 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2011/08/12 11:24:39 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcl.exe
[2011/08/12 11:24:38 | 002,217,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bootres.dll
[2011/08/12 11:24:38 | 001,624,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPEncEn.dll
[2011/08/12 11:24:38 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Narrator.exe
[2011/08/12 11:24:38 | 000,658,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2011/08/12 11:24:38 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vaultsvc.dll
[2011/08/12 11:24:38 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\halmacpi.dll
[2011/08/12 11:24:38 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hal.dll
[2011/08/12 11:24:38 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2011/08/12 11:24:38 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2011/08/12 11:24:38 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmredir.dll
[2011/08/12 11:24:38 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2011/08/12 11:24:38 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\proquota.exe
[2011/08/12 11:24:37 | 000,679,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2011/08/12 11:24:37 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2011/08/12 11:24:37 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2011/08/12 11:24:37 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2011/08/12 11:24:37 | 000,303,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2011/08/12 11:24:37 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2011/08/12 11:24:37 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2011/08/12 11:24:37 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedyn.dll
[2011/08/12 11:24:37 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2011/08/12 11:24:37 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2011/08/12 11:24:37 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2011/08/12 11:24:37 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2011/08/12 11:24:37 | 000,035,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\winusb.sys
[2011/08/12 11:24:36 | 001,227,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2011/08/12 11:24:36 | 000,665,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2011/08/12 11:24:36 | 000,399,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DXP.dll
[2011/08/12 11:24:36 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2011/08/12 11:24:36 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QAGENT.DLL
[2011/08/12 11:24:36 | 000,155,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2011/08/12 11:24:36 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netid.dll
[2011/08/12 11:24:35 | 001,326,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2011/08/12 11:24:35 | 001,131,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011/08/12 11:24:35 | 001,003,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2011/08/12 11:24:35 | 000,933,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Vault.dll
[2011/08/12 11:24:35 | 000,132,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2011/08/12 11:24:35 | 000,098,816 | ---- | C] (Microsoft) -- C:\Windows\System32\Robocopy.exe
[2011/08/12 11:24:35 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nci.dll
[2011/08/12 11:24:34 | 001,400,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DxpTaskSync.dll
[2011/08/12 11:24:34 | 001,188,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DiagCpl.dll
[2011/08/12 11:24:34 | 001,040,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Display.dll
[2011/08/12 11:24:34 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2011/08/12 11:24:34 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\termmgr.dll
[2011/08/12 11:24:34 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiobj.dll
[2011/08/12 11:24:34 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sharemediacpl.dll
[2011/08/12 11:24:34 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2011/08/12 11:24:34 | 000,140,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\scsiport.sys
[2011/08/12 11:24:34 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/08/12 11:24:34 | 000,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\winhv.sys
[2011/08/12 11:24:34 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\userinit.exe
[2011/08/12 11:24:33 | 002,202,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SensorsCpl.dll
[2011/08/12 11:24:33 | 002,157,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2011/08/12 11:24:33 | 001,066,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2011/08/12 11:24:33 | 000,856,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallControlPanel.dll
[2011/08/12 11:24:33 | 000,766,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2011/08/12 11:24:33 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\biocpl.dll
[2011/08/12 11:24:33 | 000,416,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiadefui.dll
[2011/08/12 11:24:33 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msconfig.exe
[2011/08/12 11:24:33 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2011/08/12 11:24:33 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppcomapi.dll
[2011/08/12 11:24:33 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logoncli.dll
[2011/08/12 11:24:33 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2011/08/12 11:24:33 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscmmc.dll
[2011/08/12 11:24:33 | 000,040,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vmstorfl.sys
[2011/08/12 11:24:33 | 000,028,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storvsc.sys
[2011/08/12 11:24:32 | 003,727,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2011/08/12 11:24:32 | 001,644,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2011/08/12 11:24:32 | 000,941,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2011/08/12 11:24:32 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VAN.dll
[2011/08/12 11:24:32 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2011/08/12 11:24:32 | 000,600,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2011/08/12 11:24:32 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2011/08/12 11:24:32 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2011/08/12 11:24:32 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localsec.dll
[2011/08/12 11:24:32 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2011/08/12 11:24:32 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2011/08/12 11:24:32 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2011/08/12 11:24:32 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizeng.dll
[2011/08/12 11:24:32 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2011/08/12 11:24:32 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroleui.dll
[2011/08/12 11:24:32 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hgcpl.dll
[2011/08/12 11:24:32 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprddm.dll
[2011/08/12 11:24:32 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2011/08/12 11:24:32 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVolSSO.dll
[2011/08/12 11:24:32 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdsrv.dll
[2011/08/12 11:24:32 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prntvpt.dll
[2011/08/12 11:24:32 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2011/08/12 11:24:32 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2011/08/12 11:24:32 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w32tm.exe
[2011/08/12 11:24:31 | 002,130,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2011/08/12 11:24:31 | 000,516,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\main.cpl
[2011/08/12 11:24:31 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbda.dll
[2011/08/12 11:24:31 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2011/08/12 11:24:31 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2011/08/12 11:24:31 | 000,312,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MCEWMDRMNDBootstrap.dll
[2011/08/12 11:24:31 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSAC3ENC.DLL
[2011/08/12 11:24:31 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2011/08/12 11:24:31 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldp.dll
[2011/08/12 11:24:31 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netjoin.dll
[2011/08/12 11:24:31 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2011/08/12 11:24:30 | 000,755,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2011/08/12 11:24:30 | 000,750,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdcpl.dll
[2011/08/12 11:24:30 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionCenter.dll
[2011/08/12 11:24:30 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2011/08/12 11:24:30 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TabletPC.cpl
[2011/08/12 11:24:30 | 000,577,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2011/08/12 11:24:30 | 000,537,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionCenterCPL.dll
[2011/08/12 11:24:30 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2011/08/12 11:24:30 | 000,395,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnfldr.dll
[2011/08/12 11:24:30 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2011/08/12 11:24:30 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\intl.cpl
[2011/08/12 11:24:30 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slui.exe
[2011/08/12 11:24:30 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iprtrmgr.dll
[2011/08/12 11:24:30 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2011/08/12 11:24:30 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskbarcpl.dll
[2011/08/12 11:24:30 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\defaultlocationcpl.dll
[2011/08/12 11:24:30 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OnLineIDCpl.dll
[2011/08/12 11:24:30 | 000,205,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\efscore.dll
[2011/08/12 11:24:30 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2011/08/12 11:24:30 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifsutil.dll
[2011/08/12 11:24:30 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2011/08/12 11:24:30 | 000,137,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\halacpi.dll
[2011/08/12 11:24:30 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recovery.dll
[2011/08/12 11:24:30 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2011/08/12 11:24:30 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2011/08/12 11:24:30 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2011/08/12 11:24:30 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2011/08/12 11:24:30 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sisbkup.dll
[2011/08/12 11:24:29 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OobeFldr.dll
[2011/08/12 11:24:29 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2011/08/12 11:24:29 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2011/08/12 11:24:29 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2011/08/12 11:24:29 | 000,656,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshwfp.dll
[2011/08/12 11:24:29 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceCenter.dll
[2011/08/12 11:24:29 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2011/08/12 11:24:29 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshipsec.dll
[2011/08/12 11:24:29 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2011/08/12 11:24:29 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdedit.exe
[2011/08/12 11:24:29 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2011/08/12 11:24:29 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2011/08/12 11:24:29 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2011/08/12 11:24:29 | 000,254,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe
[2011/08/12 11:24:29 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recdisc.exe
[2011/08/12 11:24:29 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksproxy.ax
[2011/08/12 11:24:29 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpsrcwp.dll
[2011/08/12 11:24:29 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2011/08/12 11:24:29 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2011/08/12 11:24:29 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdboot.exe
[2011/08/12 11:24:29 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppnp.dll
[2011/08/12 11:24:29 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2011/08/12 11:24:29 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPHLPR.DLL
[2011/08/12 11:24:29 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\migisol.dll
[2011/08/12 11:24:29 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
[2011/08/12 11:24:29 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\isoburn.exe
[2011/08/12 11:24:29 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSTPager.ax
[2011/08/12 11:24:29 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2011/08/12 11:24:28 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2011/08/12 11:24:28 | 000,592,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2011/08/12 11:24:28 | 000,586,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfrgui.exe
[2011/08/12 11:24:28 | 000,444,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wvc.dll
[2011/08/12 11:24:28 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AdmTmpl.dll
[2011/08/12 11:24:28 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2011/08/12 11:24:28 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wimgapi.dll
[2011/08/12 11:24:28 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3ui.dll
[2011/08/12 11:24:28 | 000,293,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssText3d.scr
[2011/08/12 11:24:28 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srrstr.dll
[2011/08/12 11:24:28 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ReAgent.dll
[2011/08/12 11:24:28 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wavemsp.dll
[2011/08/12 11:24:28 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2011/08/12 11:24:28 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qasf.dll
[2011/08/12 11:24:28 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2011/08/12 11:24:28 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2011/08/12 11:24:28 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanconn.dll
[2011/08/12 11:24:28 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qcap.dll
[2011/08/12 11:24:28 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe
[2011/08/12 11:24:28 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uxlib.dll
[2011/08/12 11:24:28 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupugc.exe
[2011/08/12 11:24:28 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2011/08/12 11:24:28 | 000,051,200 | ---- | C] (Twain Working Group) -- C:\Windows\twain_32.dll
[2011/08/12 11:24:28 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzutil.exe
[2011/08/12 11:24:28 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011/08/12 11:24:27 | 001,111,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onexui.dll
[2011/08/12 11:24:27 | 000,616,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2011/08/12 11:24:27 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2011/08/12 11:24:27 | 000,402,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2011/08/12 11:24:27 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wimserv.exe
[2011/08/12 11:24:27 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nltest.exe
[2011/08/12 11:24:27 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32
mutepail
Regular Member
 
Posts: 16
Joined: June 18th, 2012, 4:12 pm

Re: how to remove persistent malware Yieldmaster Revsci etc

Unread postby mutepail » June 23rd, 2012, 3:45 pm

log continued

\WindowsAnytimeUpgradeResults.exe
[2011/08/12 11:24:27 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2011/08/12 11:24:27 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iTVData.dll
[2011/08/12 11:24:27 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingFolder.dll
[2011/08/12 11:24:27 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2011/08/12 11:24:27 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2011/08/12 11:24:27 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdwcn.dll
[2011/08/12 11:24:27 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2011/08/12 11:24:27 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetapi.dll
[2011/08/12 11:24:27 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsbas.dll
[2011/08/12 11:24:27 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfmon.exe
[2011/08/12 11:24:27 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2011/08/12 11:24:27 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2011/08/12 11:24:27 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UserAccountControlSettings.dll
[2011/08/12 11:24:27 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\bfsvc.exe
[2011/08/12 11:24:27 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\runonce.exe
[2011/08/12 11:24:27 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPCRYPT.DLL
[2011/08/12 11:24:27 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\acppage.dll
[2011/08/12 11:24:27 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpnikeapi.dll
[2011/08/12 11:24:26 | 001,160,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/08/12 11:24:26 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMADMOD.DLL
[2011/08/12 11:24:26 | 000,878,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Bubbles.scr
[2011/08/12 11:24:26 | 000,507,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmdev.dll
[2011/08/12 11:24:26 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/08/12 11:24:26 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceStatus.dll
[2011/08/12 11:24:26 | 000,350,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2011/08/12 11:24:26 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2011/08/12 11:24:26 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlcese30.dll
[2011/08/12 11:24:26 | 000,257,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgrade.exe
[2011/08/12 11:24:26 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2011/08/12 11:24:26 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mystify.scr
[2011/08/12 11:24:26 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Ribbons.scr
[2011/08/12 11:24:26 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsadmin.exe
[2011/08/12 11:24:26 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceSyncProvider.dll
[2011/08/12 11:24:26 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionQueue.dll
[2011/08/12 11:24:26 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFPlay.dll
[2011/08/12 11:24:26 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2011/08/12 11:24:26 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercfg.cpl
[2011/08/12 11:24:26 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MdSched.exe
[2011/08/12 11:24:26 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2011/08/12 11:24:26 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2011/08/12 11:24:26 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiavideo.dll
[2011/08/12 11:24:26 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CscMig.dll
[2011/08/12 11:24:26 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shacct.dll
[2011/08/12 11:24:26 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2011/08/12 11:24:26 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSVRMGMT.DLL
[2011/08/12 11:24:26 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fphc.dll
[2011/08/12 11:24:26 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kstvtune.ax
[2011/08/12 11:24:26 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2011/08/12 11:24:26 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olethk32.dll
[2011/08/12 11:24:26 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mapistub.dll
[2011/08/12 11:24:26 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mapi32.dll
[2011/08/12 11:24:26 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tabcal.exe
[2011/08/12 11:24:26 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpremove.exe
[2011/08/12 11:24:26 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2011/08/12 11:24:26 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2011/08/12 11:24:26 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\djoin.exe
[2011/08/12 11:24:26 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdmat.dll
[2011/08/12 11:24:26 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpd3d.dll
[2011/08/12 11:24:26 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\takeown.exe
[2011/08/12 11:24:26 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2011/08/12 11:24:26 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2011/08/12 11:24:26 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\utildll.dll
[2011/08/12 11:24:26 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsium.dll
[2011/08/12 11:24:26 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsmproxy.dll
[2011/08/12 11:24:26 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2011/08/12 11:24:25 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2011/08/12 11:24:25 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VBICodec.ax
[2011/08/12 11:24:23 | 000,739,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2011/08/12 11:24:23 | 000,567,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2011/08/12 11:24:23 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmnet.dll
[2011/08/12 11:24:23 | 000,283,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdv.dll
[2011/08/12 11:24:23 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2011/08/12 11:24:23 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unattend.dll
[2011/08/12 11:24:23 | 000,182,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelPost.exe
[2011/08/12 11:24:23 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msorcl32.dll
[2011/08/12 11:24:23 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2011/08/12 11:24:23 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\desk.cpl
[2011/08/12 11:24:23 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2011/08/12 11:24:23 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcln.dll
[2011/08/12 11:24:23 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppinst.dll
[2011/08/12 11:24:23 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmstp.exe
[2011/08/12 11:24:23 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QCLIPROV.DLL
[2011/08/12 11:24:23 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MuiUnattend.exe
[2011/08/12 11:24:23 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cca.dll
[2011/08/12 11:24:23 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vfwwdm32.dll
[2011/08/12 11:24:23 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2011/08/12 11:24:23 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umb.dll
[2011/08/12 11:24:23 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdhui.dll
[2011/08/12 11:24:23 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basesrv.dll
[2011/08/12 11:24:23 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationProxy.dll
[2011/08/12 11:24:23 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AzSqlExt.dll
[2011/08/12 11:24:23 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qwinsta.exe
[2011/08/12 11:24:23 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qprocess.exe
[2011/08/12 11:24:23 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msg.exe
[2011/08/12 11:24:23 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chglogon.exe
[2011/08/12 11:24:22 | 001,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2011/08/12 11:24:22 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSTIFF.dll
[2011/08/12 11:24:22 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011/08/12 11:24:22 | 000,278,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011/08/12 11:24:22 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\itircl.dll
[2011/08/12 11:24:22 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsicli.exe
[2011/08/12 11:24:22 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpps.dll
[2011/08/12 11:24:22 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2011/08/12 11:24:22 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppc.dll
[2011/08/12 11:24:22 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2011/08/12 11:24:22 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2011/08/12 11:24:22 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2011/08/12 11:24:22 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2011/08/12 11:24:22 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amstream.dll
[2011/08/12 11:24:22 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tlscsp.dll
[2011/08/12 11:24:22 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertPolEng.dll
[2011/08/12 11:24:22 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2011/08/12 11:24:22 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spbcd.dll
[2011/08/12 11:24:22 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MultiDigiMon.exe
[2011/08/12 11:24:22 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2011/08/12 11:24:22 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksxbar.ax
[2011/08/12 11:24:22 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkscli.dll
[2011/08/12 11:24:22 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WavDest.dll
[2011/08/12 11:24:22 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\relog.exe
[2011/08/12 11:24:22 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciqtz32.dll
[2011/08/12 11:24:22 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiarpc.dll
[2011/08/12 11:24:22 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2011/08/12 11:24:22 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2011/08/12 11:24:22 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netbtugc.exe
[2011/08/12 11:24:22 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quser.exe
[2011/08/12 11:24:22 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tskill.exe
[2011/08/12 11:24:22 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgport.exe
[2011/08/12 11:24:22 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsdiscon.exe
[2011/08/12 11:24:22 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ReAgentc.exe
[2011/08/12 11:24:22 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscon.exe
[2011/08/12 11:24:22 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdi.sys
[2011/08/12 11:24:22 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qappsrv.exe
[2011/08/12 11:24:22 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logoff.exe
[2011/08/12 11:24:22 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shadow.exe
[2011/08/12 11:24:22 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rwinsta.exe
[2011/08/12 11:24:22 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgusr.exe
[2011/08/12 11:24:22 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spopk.dll
[2011/08/12 11:24:22 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\syssetup.dll
[2011/08/12 11:24:22 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\muifontsetup.dll
[2011/08/12 11:24:22 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nrpsrv.dll
[2011/08/12 11:24:21 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2011/08/12 11:24:21 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RDPENCDD.dll
[2011/08/12 11:24:21 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\napdsnap.dll
[2011/08/12 11:24:21 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\manage-bde.exe
[2011/08/12 11:24:21 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\repair-bde.exe
[2011/08/12 11:24:21 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmicres.dll
[2011/08/12 11:24:21 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetmib1.dll
[2011/08/12 11:24:21 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\g711codc.ax
[2011/08/12 11:24:21 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmbusres.dll
[2011/08/12 11:24:21 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\luainstall.dll
[2011/08/12 11:24:21 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2011/08/12 11:24:21 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2011/08/12 11:24:21 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2011/08/12 11:24:21 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSMON.dll
[2011/08/12 11:24:21 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmstorfltres.dll
[2011/08/12 11:24:21 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2011/08/12 11:24:21 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbisurf.ax
[2011/08/12 11:24:21 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdiasqmmodule.dll
[2011/08/12 11:24:21 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdmo.dll
[2011/08/12 11:24:21 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsauth.dll
[2011/08/12 11:24:21 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\profprov.dll
[2011/08/12 11:24:21 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbrpm.sys
[2011/08/12 11:24:21 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2011/08/12 11:24:21 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HotStartUserAgent.dll
[2011/08/12 11:24:21 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elsTrans.dll
[2011/08/12 11:24:21 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TRAPI.dll
[2011/08/12 11:24:21 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdprefdrvapi.dll
[2011/08/12 11:24:21 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsperf.dll
[2011/08/12 11:24:21 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schedcli.dll
[2011/08/12 11:24:21 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfts.dll
[2011/08/12 11:24:21 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reset.exe
[2011/08/12 11:24:21 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\change.exe
[2011/08/12 11:24:21 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\query.exe
[2011/08/12 11:24:20 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2011/08/12 11:24:20 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2011/08/12 11:24:20 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\VMBusHID.sys
[2011/08/12 11:24:20 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sscore.dll
[2011/08/12 11:24:20 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched32.dll
[2011/08/12 11:24:20 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcfgex.dll
[2011/08/12 11:24:19 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2011/08/12 11:24:19 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshirda.dll
[2011/08/12 11:24:18 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2011/08/12 11:24:18 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VmbusCoinstaller.dll
[2011/08/12 11:24:18 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VmdCoinstall.dll
[2011/08/12 11:24:18 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IcCoinstall.dll
[2011/08/12 11:24:18 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmictimeprovider.dll
[2011/08/12 11:24:18 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RDPREFDD.dll
[2011/08/12 11:24:18 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2011/08/12 11:24:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmbuspipe.dll
[2011/08/12 11:24:18 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\C_ISCII.DLL
[2011/08/12 11:24:18 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shunimpl.dll
[2011/08/12 11:24:18 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2011/08/12 11:24:18 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2011/08/12 11:24:18 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2011/08/12 11:24:17 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlsbres.dll
[2011/08/12 11:24:17 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BlbEvents.dll
[2011/08/12 11:24:17 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pifmgr.dll
[2011/08/12 11:24:17 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizres.dll
[2011/08/12 11:24:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDSG.DLL
[2011/08/12 11:24:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbdlk41a.dll
[2011/08/12 11:24:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDCZ1.DLL
[2011/08/12 11:24:17 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTUQ.DLL
[2011/08/12 11:24:17 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTUF.DLL
[2011/08/12 11:24:17 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDSF.DLL
[2011/08/12 11:24:17 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDPO.DLL
[2011/08/12 11:24:17 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDNEPR.DLL
[2011/08/12 11:24:17 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINBEN.DLL
[2011/08/12 11:24:17 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGR1.DLL
[2011/08/12 11:24:17 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGKL.DLL
[2011/08/12 11:24:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDUS.DLL
[2011/08/12 11:24:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDUGHR1.DLL
[2011/08/12 11:24:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTURME.DLL
[2011/08/12 11:24:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTAJIK.DLL
[2011/08/12 11:24:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDMON.DLL
[2011/08/12 11:24:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDMAORI.DLL
[2011/08/12 11:24:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDLT1.DLL
[2011/08/12 11:24:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINTEL.DLL
[2011/08/12 11:24:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINTAM.DLL
[2011/08/12 11:24:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINORI.DLL
[2011/08/12 11:24:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINMAR.DLL
[2011/08/12 11:24:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINKAN.DLL
[2011/08/12 11:24:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINHIN.DLL
[2011/08/12 11:24:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBULG.DLL
[2011/08/12 11:24:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBLR.DLL
[2011/08/12 11:24:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBASH.DLL
[2011/08/12 11:24:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vms3cap.sys
[2011/08/12 11:24:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGEO.DLL
[2011/08/12 11:24:17 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnaddr.dll
[2011/08/12 11:24:15 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2011/08/12 11:23:55 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wbemcomn.dll
[2011/08/12 11:23:52 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqmapi.dll
[2011/08/12 00:25:52 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/08/11 21:17:41 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Speedbit
[2011/08/11 16:06:41 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2011/08/11 16:06:41 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2011/08/11 16:06:37 | 000,148,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2011/08/11 16:06:37 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2011/08/11 11:45:24 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserPlus
[2011/08/11 11:44:25 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\Yahoo!
[2011/08/11 11:44:25 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\Yahoo
[2011/08/11 11:44:25 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\TomTom
[2011/08/11 11:43:58 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\Samsung
[2011/08/11 11:43:58 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\Programs
[2011/08/11 11:43:58 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\Nero
[2011/08/11 11:42:29 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\HP
[2011/08/11 11:42:28 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\ElevatedDiagnostics
[2011/08/11 11:42:27 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\Downloaded Installations
[2011/08/11 11:42:27 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\Diagnostics
[2011/08/11 11:42:27 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\Ares
[2011/08/11 11:42:26 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\Amazon
[2011/08/11 11:41:42 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Roaming\QuosaDDM
[2011/08/11 11:41:42 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Roaming\Nero
[2011/08/11 11:41:42 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Roaming\Mozilla
[2011/08/11 11:41:31 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Roaming\HP
[2011/08/11 11:41:31 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Roaming\Google
[2011/08/11 11:41:30 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Roaming\DivX
[2011/08/11 11:41:30 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Roaming\AVS4YOU
[2011/08/11 11:41:30 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Roaming\Amazon
[2011/08/11 11:40:42 | 000,000,000 | ---D | C] -- C:\Users\Liberty\Documents\samsung
[2011/08/11 11:38:33 | 000,000,000 | ---D | C] -- C:\Users\Liberty\Desktop\Desktop
[2011/08/11 11:36:22 | 000,000,000 | ---D | C] -- C:\Users\Liberty\MusicUntitled - 22-05-11
[2011/08/11 10:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2011/08/11 10:34:15 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2011/08/11 10:34:14 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/08/11 10:34:14 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2011/08/11 10:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/08/11 10:31:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2011/08/11 10:31:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/08/11 10:30:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/08/11 10:30:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2011/08/11 10:29:50 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/08/11 10:29:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/08/11 10:29:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2011/08/11 10:29:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/08/11 10:28:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2011/08/11 10:28:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011/08/11 10:28:00 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\Microsoft Help
[2011/08/11 10:27:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/08/11 10:27:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/08/11 10:27:46 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/08/11 10:26:38 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\Ahead
[2011/08/11 10:24:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2011/08/11 10:24:19 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2011/08/11 10:24:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2011/08/11 10:18:03 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2011/08/11 10:18:03 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2011/08/11 03:45:00 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011/08/11 00:23:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2011/08/11 00:22:47 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/08/11 00:21:42 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Roaming\Skype
[2011/08/11 00:21:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/08/11 00:21:37 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/08/11 00:21:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/08/11 00:19:55 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011/08/11 00:17:26 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2011/08/11 00:17:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2011/08/11 00:17:20 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Roaming\Real
[2011/08/11 00:14:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/08/11 00:14:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/08/11 00:13:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011/08/11 00:13:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/08/11 00:13:15 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/08/11 00:13:13 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\Adobe
[2011/08/11 00:11:34 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Roaming\Macromedia
[2011/08/11 00:11:33 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Roaming\Adobe
[2011/08/11 00:11:12 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\Google
[2011/08/11 00:11:07 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/08/11 00:11:04 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/08/11 00:11:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2011/08/11 00:10:01 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Roaming\Apple Computer
[2011/08/11 00:10:01 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\Apple Computer
[2011/08/11 00:09:43 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2011/08/11 00:09:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/08/11 00:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/08/11 00:08:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/08/11 00:08:37 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\Apple
[2011/08/11 00:08:35 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/08/11 00:08:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/08/11 00:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/08/11 00:02:50 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/08/11 00:02:50 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/08/11 00:02:50 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/08/11 00:02:50 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/08/11 00:02:50 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/08/11 00:02:50 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/08/11 00:02:50 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/08/11 00:02:50 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/08/11 00:02:50 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/08/11 00:02:50 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/08/11 00:02:49 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/08/11 00:02:49 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/08/11 00:02:49 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/08/11 00:02:49 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/08/11 00:02:49 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/08/11 00:02:49 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/08/11 00:02:49 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/08/11 00:02:49 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/08/11 00:02:49 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/08/11 00:02:49 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/08/11 00:02:49 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/08/11 00:02:49 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/08/11 00:02:49 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/08/11 00:02:49 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/08/11 00:02:49 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/08/11 00:02:49 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/08/11 00:02:49 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/08/11 00:02:49 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/08/11 00:02:49 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/08/11 00:02:48 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/08/10 19:50:35 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2011/08/10 19:44:26 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2011/08/10 19:43:39 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2011/08/10 19:43:39 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2011/08/10 19:43:38 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2011/08/10 19:43:38 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2011/08/10 19:43:38 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2011/08/10 19:43:38 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2011/08/10 19:43:35 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/08/10 19:43:32 | 000,187,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2011/08/10 19:43:31 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2011/08/10 19:43:30 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/08/10 19:43:30 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/08/10 19:43:19 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011/08/10 19:43:18 | 000,802,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WFS.exe
[2011/08/10 19:43:18 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2011/08/10 19:43:17 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/08/10 19:43:05 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/08/10 19:42:59 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2011/08/10 19:42:57 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/08/10 19:42:57 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/08/10 19:42:55 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2011/08/10 19:42:55 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2011/08/10 19:42:55 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2011/08/10 19:42:55 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2011/08/10 19:42:55 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2011/08/10 19:42:54 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/08/10 19:42:54 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2011/08/10 19:42:54 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/08/10 19:42:43 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/08/10 19:42:43 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/08/10 19:42:12 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2011/08/10 19:42:12 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/10 19:42:12 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011/08/10 19:42:12 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011/08/10 19:42:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/10 19:42:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/10 19:42:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/10 19:42:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011/08/10 19:42:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011/08/10 19:42:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/10 19:42:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011/08/10 19:42:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/10 19:42:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/10 19:42:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/10 19:42:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011/08/10 19:42:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/10 19:42:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/10 19:42:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011/08/10 19:42:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011/08/10 19:42:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011/08/10 19:42:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/10 19:42:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011/08/10 19:42:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011/08/10 19:42:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011/08/10 19:42:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/10 19:42:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/10 19:42:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/10 19:42:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011/08/10 19:42:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/10 19:42:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011/08/10 19:42:05 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/08/10 19:37:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2011/08/10 19:36:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/08/10 19:35:59 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/08/10 19:32:57 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011/08/10 19:32:57 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/08/10 19:30:45 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011/08/10 19:30:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/08/10 19:30:34 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/08/10 19:07:34 | 000,000,000 | R--D | C] -- C:\Users\Liberty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/08/10 19:07:34 | 000,000,000 | R--D | C] -- C:\Users\Liberty\Searches
[2011/08/10 19:07:34 | 000,000,000 | R--D | C] -- C:\Users\Liberty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/08/10 19:07:34 | 000,000,000 | -H-D | C] -- C:\Users\Liberty\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/08/10 19:07:26 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Roaming\Identities
[2011/08/10 19:07:24 | 000,000,000 | R--D | C] -- C:\Users\Liberty\Contacts
[2011/08/10 19:07:20 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\VirtualStore
[2011/08/10 19:07:19 | 000,000,000 | --SD | C] -- C:\Users\Liberty\AppData\Roaming\Microsoft
[2011/08/10 19:07:19 | 000,000,000 | R--D | C] -- C:\Users\Liberty\Videos
[2011/08/10 19:07:19 | 000,000,000 | R--D | C] -- C:\Users\Liberty\Saved Games
[2011/08/10 19:07:19 | 000,000,000 | R--D | C] -- C:\Users\Liberty\Pictures
[2011/08/10 19:07:19 | 000,000,000 | R--D | C] -- C:\Users\Liberty\Music
[2011/08/10 19:07:19 | 000,000,000 | R--D | C] -- C:\Users\Liberty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/08/10 19:07:19 | 000,000,000 | R--D | C] -- C:\Users\Liberty\Links
[2011/08/10 19:07:19 | 000,000,000 | R--D | C] -- C:\Users\Liberty\Favorites
[2011/08/10 19:07:19 | 000,000,000 | R--D | C] -- C:\Users\Liberty\Downloads
[2011/08/10 19:07:19 | 000,000,000 | R--D | C] -- C:\Users\Liberty\Documents
[2011/08/10 19:07:19 | 000,000,000 | R--D | C] -- C:\Users\Liberty\Desktop
[2011/08/10 19:07:19 | 000,000,000 | R--D | C] -- C:\Users\Liberty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/08/10 19:07:19 | 000,000,000 | -HSD | C] -- C:\Users\Liberty\AppData\Local\Temporary Internet Files
[2011/08/10 19:07:19 | 000,000,000 | -HSD | C] -- C:\Users\Liberty\Templates
[2011/08/10 19:07:19 | 000,000,000 | -HSD | C] -- C:\Users\Liberty\Start Menu
[2011/08/10 19:07:19 | 000,000,000 | -HSD | C] -- C:\Users\Liberty\SendTo
[2011/08/10 19:07:19 | 000,000,000 | -HSD | C] -- C:\Users\Liberty\Recent
[2011/08/10 19:07:19 | 000,000,000 | -HSD | C] -- C:\Users\Liberty\PrintHood
[2011/08/10 19:07:19 | 000,000,000 | -HSD | C] -- C:\Users\Liberty\NetHood
[2011/08/10 19:07:19 | 000,000,000 | -HSD | C] -- C:\Users\Liberty\Documents\My Videos
[2011/08/10 19:07:19 | 000,000,000 | -HSD | C] -- C:\Users\Liberty\Documents\My Pictures
[2011/08/10 19:07:19 | 000,000,000 | -HSD | C] -- C:\Users\Liberty\Documents\My Music
[2011/08/10 19:07:19 | 000,000,000 | -HSD | C] -- C:\Users\Liberty\My Documents
[2011/08/10 19:07:19 | 000,000,000 | -HSD | C] -- C:\Users\Liberty\Local Settings
[2011/08/10 19:07:19 | 000,000,000 | -HSD | C] -- C:\Users\Liberty\AppData\Local\History
[2011/08/10 19:07:19 | 000,000,000 | -HSD | C] -- C:\Users\Liberty\Cookies
[2011/08/10 19:07:19 | 000,000,000 | -HSD | C] -- C:\Users\Liberty\Application Data
[2011/08/10 19:07:19 | 000,000,000 | -HSD | C] -- C:\Users\Liberty\AppData\Local\Application Data
[2011/08/10 19:07:19 | 000,000,000 | -H-D | C] -- C:\Users\Liberty\AppData
[2011/08/10 19:07:19 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\Temp
[2011/08/10 19:07:19 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\Microsoft
[2011/08/10 19:07:19 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Roaming\Media Center Programs
[2011/08/10 19:07:07 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011/08/10 18:53:56 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/08/10 18:46:06 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011/08/10 18:45:33 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[20 C:\Users\Liberty\Desktop\*.tmp files -> C:\Users\Liberty\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 360 Days ==========

[2012/06/23 19:31:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/23 19:23:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/23 19:06:54 | 002,109,806 | ---- | M] () -- C:\Users\Liberty\Desktop\tdsskiller.zip
[2012/06/23 19:06:10 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/23 19:06:10 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/23 18:59:09 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/23 18:58:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/23 18:58:49 | 2414,379,008 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/23 18:43:06 | 000,185,742 | ---- | M] () -- C:\Users\Liberty\Desktop\LBP clin decision rule spinal pain classification.pdf
[2012/06/23 14:08:47 | 100,659,868 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/06/20 18:30:20 | 000,323,062 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/06/19 23:27:54 | 000,001,910 | ---- | M] () -- C:\Users\Public\Desktop\Free Offers.lnk
[2012/06/19 23:27:54 | 000,001,238 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/06/19 23:27:34 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2012/06/19 23:27:15 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2012/06/19 23:27:15 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2012/06/19 23:27:13 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2012/06/18 21:59:10 | 000,000,020 | ---- | M] () -- C:\Windows\ϛ~
[2012/06/16 22:21:01 | 297,902,634 | ---- | M] () -- C:\Users\Liberty\Documents\Manipulation & Mobilization of Extremity & Spinal Techniques - Edmond (1).PDF
[2012/06/16 17:22:10 | 000,108,902 | ---- | M] () -- C:\Users\Liberty\Documents\Upper arm pain.htm
[2012/06/16 17:21:15 | 000,313,816 | ---- | M] () -- C:\Users\Liberty\Documents\1 Neck and Shooting Arm Pain.pdf
[2012/06/16 17:19:44 | 000,631,172 | ---- | M] () -- C:\Users\Liberty\Documents\Discogenic-radicular pain.pdf
[2012/06/16 17:19:26 | 000,779,490 | ---- | M] () -- C:\Users\Liberty\Documents\Neck Retractions, Cervical Root Decompression, and Radicular.pdf
[2012/06/16 15:56:15 | 000,115,525 | ---- | M] () -- C:\Users\Liberty\Documents\motorcertificate.pdf
[2012/06/14 22:06:51 | 000,098,933 | ---- | M] () -- C:\Users\Liberty\Desktop\Fructose Is It Bad For Our Health.pdf
[2012/06/14 15:03:08 | 000,406,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/14 12:07:32 | 000,017,320 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe
[2012/06/14 00:55:40 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/14 00:55:40 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/12 19:52:35 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/06/08 21:31:43 | 000,034,764 | ---- | M] () -- C:\Users\Liberty\AppData\Local\dt.dat
[2012/06/07 23:38:00 | 000,528,252 | ---- | M] () -- C:\Users\Liberty\Desktop\toxic effects of sugar.pdf
[2012/06/05 17:03:21 | 004,047,989 | ---- | M] () -- C:\Users\Liberty\Desktop\Tom Petty - Free Falling - Official Music Video - YouTube.mp3
[2012/06/04 23:39:58 | 000,003,874 | ---- | M] () -- C:\Users\Liberty\Desktop\04.06.2012.wlmp
[2012/06/04 23:28:01 | 000,020,195 | ---- | M] () -- C:\Users\Liberty\Desktop\Carnival 2012 prospect park.wlmp
[2012/06/04 21:22:36 | 005,245,359 | ---- | M] () -- C:\Users\Liberty\Desktop\05 - Mash In Guyana.mp3
[2012/06/02 23:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/02 23:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/02 23:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/02 23:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/02 23:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/05/31 18:05:26 | 003,902,539 | ---- | M] () -- C:\Users\Liberty\Desktop\Lucky Dube - Rasta Man's Prayer - YouTube.mp3
[2012/05/31 17:40:02 | 003,570,261 | ---- | M] () -- C:\Users\Liberty\Desktop\Heart - Alone - YouTube2.mp3
[2012/05/31 17:39:38 | 004,130,327 | ---- | M] () -- C:\Users\Liberty\Desktop\Eve Feat. Wyclef Jean - Your Love (L.O.V.E. Reggae Mix ) (50 FIRST DATES SOUNDTRACK) - YouTube2.mp3
[2012/05/31 17:38:13 | 004,225,621 | ---- | M] () -- C:\Users\Liberty\Desktop\Coldplay - Paradise - YouTube.mp3
[2012/05/31 17:33:16 | 003,968,158 | ---- | M] () -- C:\Users\Liberty\Desktop\Gotye - Somebody That I Used To Know (feat. Kimbra) - official video - YouTube.mp3
[2012/05/30 23:15:50 | 000,593,989 | ---- | M] () -- C:\Users\Liberty\Desktop\Altered Patterns of Superficial Trunk Muscle Activation in LBP.pdf
[2012/05/29 17:12:53 | 000,625,911 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2012/05/26 21:22:51 | 001,800,198 | ---- | M] () -- C:\Users\Liberty\Desktop\Diagnostic imaging for spinal disorders in the elderly_ a narrative review.pdf
[2012/05/23 20:56:25 | 005,265,937 | ---- | M] () -- C:\Users\Liberty\Desktop\what-to-say-when-you-dont-know-what-to-say.pdf
[2012/05/23 20:55:13 | 007,689,690 | ---- | M] () -- C:\Users\Liberty\Desktop\word-2010-advanced-part-i.pdf
[2012/05/23 20:52:07 | 002,577,842 | ---- | M] () -- C:\Users\Liberty\Desktop\presenting-an-effective-message.pdf
[2012/05/23 20:51:20 | 006,481,248 | ---- | M] () -- C:\Users\Liberty\Desktop\microsoft-office-excel.pdf
[2012/05/23 20:49:15 | 002,699,565 | ---- | M] () -- C:\Users\Liberty\Desktop\effective-communication-skills.pdf
[2012/05/23 20:48:07 | 002,542,282 | ---- | M] () -- C:\Users\Liberty\Desktop\perfect-presentations.pdf
[2012/05/23 20:46:22 | 002,668,255 | ---- | M] () -- C:\Users\Liberty\Desktop\successful-public-speaking.pdf
[2012/05/23 00:06:41 | 002,502,794 | ---- | M] () -- C:\Users\Liberty\Desktop\Los Lobos - Oh Donna (by Ritchie Valens) with lyrics subtitulo español - YouTube.mp3
[2012/05/22 23:34:20 | 001,326,238 | ---- | M] () -- C:\Users\Liberty\Desktop\Oh Donna - Ritchie Valens - YouTube.mp3
[2012/05/20 21:30:57 | 000,803,473 | ---- | M] () -- C:\Users\Liberty\Desktop\__INCOMPLETE__Turner, Karla - Into the Fringe.pdf
[2012/05/20 21:29:00 | 002,742,653 | ---- | M] () -- C:\Users\Liberty\Desktop\__INCOMPLETE__Turner, Karla - Taken.pdf
[2012/05/20 19:42:19 | 000,803,473 | ---- | M] () -- C:\Users\Liberty\Documents\Turner, Karla - Into the Fringe.pdf
[2012/05/20 19:42:19 | 000,803,473 | ---- | M] () -- C:\Users\Liberty\Desktop\Turner, Karla - Into the Fringe.pdf
[2012/05/20 19:38:24 | 000,833,088 | ---- | M] () -- C:\Users\Liberty\Documents\Turner, Karla - Masquerade of Angels.pdf
[2012/05/20 19:38:24 | 000,833,088 | ---- | M] () -- C:\Users\Liberty\Desktop\Turner, Karla - Masquerade of Angels.pdf
[2012/05/20 19:37:23 | 002,742,653 | ---- | M] () -- C:\Users\Liberty\Documents\Turner, Karla - Taken.pdf
[2012/05/20 19:37:23 | 002,742,653 | ---- | M] () -- C:\Users\Liberty\Desktop\Turner, Karla - Taken.pdf
[2012/05/20 17:52:49 | 012,589,451 | ---- | M] () -- C:\Users\Liberty\Desktop\Free Willy music video - YouTube.m4v
[2012/05/20 17:43:16 | 004,130,745 | ---- | M] () -- C:\Users\Liberty\Desktop\Eve Feat. Wyclef Jean - Your Love (L.O.V.E. Reggae Mix ) (50 FIRST DATES SOUNDTRACK) - YouTube.mp3
[2012/05/20 17:40:47 | 003,825,216 | ---- | M] () -- C:\Users\Liberty\Desktop\UB40 - every breath you take - YouTube.mp3
[2012/05/17 23:45:37 | 001,800,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/05/17 23:35:39 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/05/17 23:33:48 | 000,002,503 | ---- | M] () -- C:\Users\Liberty\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/05/17 23:33:48 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/05/17 23:33:08 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/05/17 23:31:16 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/05/17 23:29:45 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/05/17 23:28:51 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/05/17 23:24:45 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/05/17 23:20:42 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/05/15 02:05:38 | 002,343,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/05/12 03:30:41 | 004,182,154 | ---- | M] () -- C:\Users\Liberty\Desktop\Adele - Someone Like you (Reggae Cover) Reggae Version by Hygraid (Barbados) - YouTube2.mp3
[2012/05/12 03:25:40 | 004,228,965 | ---- | M] () -- C:\Users\Liberty\Desktop\No Doubt - Don't Speak - Reggae Version - YouTube.mp3
[2012/05/12 03:21:43 | 003,633,791 | ---- | M] () -- C:\Users\Liberty\Desktop\Winsome - Nothing Compares To You - YouTube.mp3
[2012/05/12 03:20:13 | 003,823,962 | ---- | M] () -- C:\Users\Liberty\Desktop\Sweet Tea Baja Jedd - Breathe Again - YouTube.mp3
[2012/05/12 03:16:57 | 061,743,492 | ---- | M] () -- C:\Users\Liberty\Desktop\OldSchool DanceHall BigTunes Mix.wmv - YouTube.mp3
[2012/05/07 23:02:16 | 003,879,551 | ---- | M] () -- C:\Users\Liberty\Desktop\Sly Robbie - Jah Jah Children Dub - YouTube.mp3
[2012/05/04 21:31:06 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/05/04 21:31:06 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/04/26 05:45:55 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/04/26 05:45:54 | 000,129,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/04/26 05:41:16 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidshx.sys
[2012/04/18 20:56:30 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2012/04/18 20:56:30 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2012/04/08 19:29:43 | 000,002,379 | ---- | M] () -- C:\Users\Public\Desktop\Nero MediaHome 4.lnk
[2012/03/31 05:39:37 | 003,968,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/03/31 05:39:37 | 003,913,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/03/29 21:00:33 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2012/03/08 00:37:03 | 000,002,394 | ---- | M] () -- C:\Users\Liberty\Desktop\Advanced Uninstaller Free.lnk
[2012/03/08 00:37:03 | 000,002,162 | ---- | M] () -- C:\Users\Liberty\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Uninstaller Free.lnk
[2012/03/03 06:31:19 | 001,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/03/01 01:14:54 | 005,085,977 | ---- | M] () -- C:\Users\Liberty\Documents\computer programming.pdf
[2012/02/29 23:34:32 | 001,646,292 | ---- | M] () -- C:\Users\Liberty\Documents\successful-time-management.pdf
[2012/02/23 00:46:09 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012/02/23 00:43:55 | 000,001,593 | ---- | M] () -- C:\Users\Liberty\Desktop\DivX Movies.lnk
[2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2012/02/22 02:47:36 | 000,032,711 | ---- | M] () -- C:\Users\Liberty\Documents\the first three months.wlmp
[2012/02/17 06:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2012/02/15 12:01:50 | 004,547,944 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\usbaaplrc.dll
[2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2012/01/26 23:32:03 | 000,187,579 | ---- | M] () -- C:\Users\Liberty\Documents\LordsPovertyServantsPoor.pdf
[2012/01/19 20:05:53 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjw.avm
[2012/01/15 22:10:17 | 002,189,599 | ---- | M] () -- C:\Users\Liberty\Documents\Creating a Memory of the German rocket program for the Cold War.pdf
[2012/01/15 21:49:02 | 000,235,281 | ---- | M] () -- C:\Users\Liberty\Documents\The-New-Nazi-Bell.pdf
[2012/01/15 21:46:44 | 000,566,745 | ---- | M] () -- C:\Users\Liberty\Documents\Secrets of the Nazi Bell_Joseph-Farrell-Interview.pdf
[2012/01/15 21:45:05 | 000,303,271 | ---- | M] () -- C:\Users\Liberty\Documents\The Secret Road to Mount Olympus.pdf
[2012/01/10 02:38:14 | 007,207,998 | ---- | M] () -- C:\Users\Liberty\Documents\amer_sec_est_split_1.pdf
[2012/01/10 02:35:27 | 000,059,628 | ---- | M] () -- C:\Users\Liberty\Documents\Michael-Moore-Secrets-of-a-Secret-Society.pdf
[2012/01/09 05:24:04 | 000,823,410 | ---- | M] () -- C:\Users\Liberty\Documents\The Holy Blood and The Holy Grail.pdf
[2012/01/07 03:38:15 | 000,587,868 | ---- | M] () -- C:\Users\Liberty\Documents\earthpix.pdf
[2012/01/07 03:30:58 | 000,971,993 | ---- | M] () -- C:\Users\Liberty\Documents\00112512.pdf
[2012/01/07 03:28:32 | 004,152,190 | ---- | M] () -- C:\Users\Liberty\Documents\planetx-kolbrin.pdf
[2012/01/03 21:52:44 | 000,116,904 | ---- | M] () -- C:\Users\Liberty\Documents\Greek and Roman Mythology.pdf
[2012/01/03 21:47:19 | 006,806,969 | ---- | M] () -- C:\Users\Liberty\Documents\Graham_Hancock_FINGERPRINTS_OF_THE_GODS.pdf
[2011/12/31 00:39:28 | 000,001,411 | ---- | M] () -- C:\Users\Liberty\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/30 06:27:56 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidsshimx.sys
[2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidsfilterx.sys
[2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidsdriverx.sys
[2011/11/19 15:01:00 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2011/11/17 06:35:02 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2011/11/17 06:34:55 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2011/11/10 06:54:13 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/11/05 05:26:03 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/10/26 05:28:12 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/10/22 14:49:35 | 000,186,460 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2011/10/22 14:03:21 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/10/21 22:55:48 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll
[2011/10/21 22:15:50 | 017,222,142 | ---- | M] () -- C:\Users\Liberty\Documents\iphone_user_guide.pdf
[2011/10/20 21:37:19 | 020,184,895 | ---- | M] () -- C:\Users\Liberty\Documents\iPhone_iOS4_User_Guide.pdf
[2011/08/30 23:05:04 | 000,178,536 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssdX.dll
[2011/08/30 23:05:04 | 000,083,816 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe
[2011/08/30 23:05:04 | 000,073,064 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssd.dll
[2011/08/30 23:05:04 | 000,050,536 | ---- | M] (Apple Inc.) -- C:\Windows\System32\jdns_sd.dll
[2011/08/20 19:20:44 | 000,001,183 | ---- | M] () -- C:\Windows\System32\Neck Disability Index short form36 physical component summary and pain scales for neck and arm pain the minimum clinically important difference and substantial clinical benefit after cervical spine.lnk
[2011/08/17 05:24:12 | 000,465,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/08/17 05:19:27 | 000,075,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/08/13 10:47:32 | 000,000,162 | -H-- | M] () -- C:\Users\Liberty\Desktop\~$search 9.8.rtf
[2011/08/11 10:34:17 | 000,001,993 | ---- | M] () -- C:\Users\Public\Desktop\PowerDVD.lnk
[2011/08/11 10:33:46 | 000,001,816 | ---- | M] () -- C:\Users\Liberty\Desktop\Microsoft Office - Shortcut.lnk
[2011/08/11 00:21:38 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/08/11 00:19:58 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011/08/11 00:14:39 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/08/11 00:14:00 | 000,002,205 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/08/11 00:14:00 | 000,002,189 | ---- | M] () -- C:\Users\Liberty\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/11 00:05:24 | 000,001,417 | ---- | M] () -- C:\Users\Liberty\Desktop\Internet Explorer.lnk
[2011/08/11 00:02:50 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/08/11 00:02:50 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/08/11 00:02:50 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/08/11 00:02:50 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/08/11 00:02:50 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/08/11 00:02:50 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/08/11 00:02:50 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/08/11 00:02:50 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/08/11 00:02:50 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/08/11 00:02:50 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/08/11 00:02:49 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/08/11 00:02:49 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/08/11 00:02:49 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/08/11 00:02:49 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/08/11 00:02:49 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/08/11 00:02:49 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/08/11 00:02:49 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/08/11 00:02:49 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/08/11 00:02:49 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/08/11 00:02:49 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/08/11 00:02:49 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/08/11 00:02:49 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/08/11 00:02:49 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/08/11 00:02:49 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/08/11 00:02:49 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/08/11 00:02:49 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/08/11 00:02:49 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/08/11 00:02:49 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/08/11 00:02:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/08/11 00:02:49 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/08/11 00:02:48 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/08/10 18:48:48 | 000,042,049 | ---- | M] () -- C:\Windows\System32\license.rtf
[2011/08/10 18:47:56 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
[2011/08/10 18:47:40 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011/08/10 18:47:40 | 000,000,000 | ---- | M] () -- C:\Windows\System32\atiicdxx.dat
[2011/08/10 18:46:43 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/08/07 16:13:20 | 000,652,670 | ---- | M] () -- C:\Users\Liberty\Documents\2004031168.pdf
[2011/08/01 15:59:38 | 000,109,239 | ---- | M] () -- C:\Users\Liberty\Documents\NHS Evidence Health Information Resources Search Results (3).rtf
[2011/08/01 15:57:05 | 000,012,693 | ---- | M] () -- C:\Users\Liberty\Documents\NHS Evidence Health Information Resources Search Results (2).rtf
[2011/08/01 15:52:01 | 000,071,771 | ---- | M] () -- C:\Users\Liberty\Documents\NHS Evidence Health Information Resources Search Results (1).rtf
[2011/08/01 15:41:00 | 000,072,695 | ---- | M] () -- C:\Users\Liberty\Documents\NHS Evidence Health Information Resources Search Results.rtf
[2011/07/24 00:14:38 | 002,926,328 | ---- | M] () -- C:\Users\Liberty\Documents\Atlantis, Alien Visitation, and Genetic Manipulation by Michael Tsarion.pdf
[2011/07/23 23:25:44 | 297,902,634 | ---- | M] () -- C:\Users\Liberty\Documents\Manipulation & Mobilization of Extremity & Spinal Techniques - Edmond.PDF
[2011/07/23 22:57:56 | 000,306,175 | ---- | M] () -- C:\Users\Liberty\Documents\Neurophysiological effects of spinal manipulation (1).pdf
[2011/07/23 22:55:46 | 000,344,248 | ---- | M] () -- C:\Users\Liberty\Documents\MANIPULATION AND MOBILISATION FOR MECHANICAL NECK DISORDERS.pdf
[2011/07/23 22:52:16 | 000,202,154 | ---- | M] () -- C:\Users\Liberty\Documents\The effects of cervical high-velocity low-amplitude thrust manipulation on resting electromyographic activity of the biceps brachii muscle.pdf
[2011/07/23 22:49:54 | 000,269,055 | ---- | M] () -- C:\Users\Liberty\Documents\The short-term effects of thoracic spine thrust manipulation on patients with shoulder impingement syndrome.pdf
[2011/07/23 22:44:30 | 000,143,287 | ---- | M] () -- C:\Users\Liberty\Documents\The Effect of Sacroiliac Joint Manipulation on Feed-Forward .pdf
[2011/07/23 22:43:28 | 000,300,116 | ---- | M] () -- C:\Users\Liberty\Documents\Defining the effect of cervical manipulation on vertebral ar.pdf
[2011/07/23 22:28:39 | 004,894,682 | ---- | M] () -- C:\Users\Liberty\Documents\Handbook_of_Basic_Clinical_Manipulation.pdf
[2011/07/23 22:25:10 | 010,907,428 | ---- | M] () -- C:\Users\Liberty\Documents\Chaitow - Soft Tissue Manipulation - A Practitioners Guide to the Diagnosis and Treatment of Soft.pdf
[2011/07/23 22:18:09 | 002,964,833 | ---- | M] () -- C:\Users\Liberty\Documents\Atlantis, Alien Visitation - Genetic Manipulation.pdf
[2011/07/23 22:14:55 | 003,191,254 | ---- | M] () -- C:\Users\Liberty\Documents\Thoracic Spine Manipulation(www.egy-pt.com).flv
[2011/07/23 22:11:56 | 002,268,898 | ---- | M] () -- C:\Users\Liberty\Documents\Sacroiliac Joint Manipulation(www.egy-pt.com).flv
[2011/07/23 22:09:48 | 000,306,175 | ---- | M] () -- C:\Users\Liberty\Documents\Neurophysiological effects of spinal manipulation.pdf
[2011/07/16 05:15:46 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/16 05:15:46 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011/07/16 05:15:46 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011/07/16 05:15:45 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011/07/16 05:15:45 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/16 05:15:45 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011/07/16 05:15:45 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/16 05:15:45 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011/07/16 05:15:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/16 05:15:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/16 05:15:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011/07/16 05:15:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 05:15:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/16 05:15:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011/07/16 05:15:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/16 05:15:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011/07/16 05:15:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011/07/16 05:15:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011/07/16 05:15:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/16 05:15:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/16 05:15:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/16 05:15:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011/07/16 05:15:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/16 05:15:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011/07/16 03:17:19 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011/07/16 03:17:19 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/16 03:17:19 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/16 03:17:19 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[20 C:\Users\Liberty\Desktop\*.tmp files -> C:\Users\Liberty\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/23 19:06:52 | 002,109,806 | ---- | C] () -- C:\Users\Liberty\Desktop\tdsskiller.zip
[2012/06/23 18:43:06 | 000,185,742 | ---- | C] () -- C:\Users\Liberty\Desktop\LBP clin decision rule spinal pain classification.pdf
[2012/06/23 14:08:47 | 100,659,868 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/06/20 18:30:19 | 000,323,062 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/06/19 23:27:54 | 000,001,910 | ---- | C] () -- C:\Users\Public\Desktop\Free Offers.lnk
[2012/06/19 23:27:54 | 000,001,238 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/06/18 21:59:09 | 000,000,020 | ---- | C] () -- C:\Windows\ϛ~
[2012/06/16 15:56:15 | 000,115,525 | ---- | C] () -- C:\Users\Liberty\Documents\motorcertificate.pdf
[2012/06/14 22:06:51 | 000,098,933 | ---- | C] () -- C:\Users\Liberty\Desktop\Fructose Is It Bad For Our Health.pdf
[2012/06/08 21:31:43 | 000,034,764 | ---- | C] () -- C:\Users\Liberty\AppData\Local\dt.dat
[2012/06/07 23:38:00 | 000,528,252 | ---- | C] () -- C:\Users\Liberty\Desktop\toxic effects of sugar.pdf
[2012/06/06 00:14:19 | 004,047,989 | ---- | C] () -- C:\Users\Liberty\Desktop\Tom Petty - Free Falling - Official Music Video - YouTube.mp3
[2012/06/04 23:39:57 | 000,003,874 | ---- | C] () -- C:\Users\Liberty\Desktop\04.06.2012.wlmp
[2012/06/04 23:28:01 | 000,020,195 | ---- | C] () -- C:\Users\Liberty\Desktop\Carnival 2012 prospect park.wlmp
[2012/06/04 21:22:10 | 005,245,359 | ---- | C] () -- C:\Users\Liberty\Desktop\05 - Mash In Guyana.mp3
[2012/05/31 20:25:44 | 000,215,878 | ---- | C] () -- C:\Users\Liberty\Desktop\LBP Identifying serious cause Ca fracture Infection.pdf
[2012/05/31 20:19:07 | 003,902,539 | ---- | C] () -- C:\Users\Liberty\Desktop\Lucky Dube - Rasta Man's Prayer - YouTube.mp3
[2012/05/31 17:53:49 | 003,570,261 | ---- | C] () -- C:\Users\Liberty\Desktop\Heart - Alone - YouTube2.mp3
[2012/05/31 17:53:37 | 004,130,327 | ---- | C] () -- C:\Users\Liberty\Desktop\Eve Feat. Wyclef Jean - Your Love (L.O.V.E. Reggae Mix ) (50 FIRST DATES SOUNDTRACK) - YouTube2.mp3
[2012/05/31 17:53:17 | 004,225,621 | ---- | C] () -- C:\Users\Liberty\Desktop\Coldplay - Paradise - YouTube.mp3
[2012/05/31 17:53:11 | 003,968,158 | ---- | C] () -- C:\Users\Liberty\Desktop\Gotye - Somebody That I Used To Know (feat. Kimbra) - official video - YouTube.mp3
[2012/05/30 23:15:50 | 000,593,989 | ---- | C] () -- C:\Users\Liberty\Desktop\Altered Patterns of Superficial Trunk Muscle Activation in LBP.pdf
[2012/05/29 17:12:53 | 000,625,911 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2012/05/26 21:22:51 | 001,800,198 | ---- | C] () -- C:\Users\Liberty\Desktop\Diagnostic imaging for spinal disorders in the elderly_ a narrative review.pdf
[2012/05/23 20:56:23 | 005,265,937 | ---- | C] () -- C:\Users\Liberty\Desktop\what-to-say-when-you-dont-know-what-to-say.pdf
[2012/05/23 20:55:10 | 007,689,690 | ---- | C] () -- C:\Users\Liberty\Desktop\word-2010-advanced-part-i.pdf
[2012/05/23 20:52:06 | 002,577,842 | ---- | C] () -- C:\Users\Liberty\Desktop\presenting-an-effective-message.pdf
[2012/05/23 20:51:17 | 006,481,248 | ---- | C] () -- C:\Users\Liberty\Desktop\microsoft-office-excel.pdf
[2012/05/23 20:49:14 | 002,699,565 | ---- | C] () -- C:\Users\Liberty\Desktop\effective-communication-skills.pdf
[2012/05/23 20:48:06 | 002,542,282 | ---- | C] () -- C:\Users\Liberty\Desktop\perfect-presentations.pdf
[2012/05/23 20:46:21 | 002,668,255 | ---- | C] () -- C:\Users\Liberty\Desktop\successful-public-speaking.pdf
[2012/05/23 00:20:03 | 002,502,794 | ---- | C] () -- C:\Users\Liberty\Desktop\Los Lobos - Oh Donna (by Ritchie Valens) with lyrics subtitulo español - YouTube.mp3
[2012/05/23 00:00:41 | 001,326,238 | ---- | C] () -- C:\Users\Liberty\Desktop\Oh Donna - Ritchie Valens - YouTube.mp3
[2012/05/20 21:34:42 | 000,803,473 | ---- | C] () -- C:\Users\Liberty\Documents\Turner, Karla - Into the Fringe.pdf
[2012/05/20 21:34:30 | 002,742,653 | ---- | C] () -- C:\Users\Liberty\Documents\Turner, Karla - Taken.pdf
[2012/05/20 21:34:23 | 000,833,088 | ---- | C] () -- C:\Users\Liberty\Documents\Turner, Karla - Masquerade of Angels.pdf
[2012/05/20 21:28:54 | 000,803,473 | ---- | C] () -- C:\Users\Liberty\Desktop\__INCOMPLETE__Turner, Karla - Into the Fringe.pdf
[2012/05/20 21:26:29 | 002,742,653 | ---- | C] () -- C:\Users\Liberty\Desktop\__INCOMPLETE__Turner, Karla - Taken.pdf
[2012/05/20 19:38:41 | 000,803,473 | ---- | C] () -- C:\Users\Liberty\Desktop\Turner, Karla - Into the Fringe.pdf
[2012/05/20 19:37:13 | 000,833,088 | ---- | C] () -- C:\Users\Liberty\Desktop\Turner, Karla - Masquerade of Angels.pdf
[2012/05/20 19:35:41 | 002,742,653 | ---- | C] () -- C:\Users\Liberty\Desktop\Turner, Karla - Taken.pdf
[2012/05/20 18:31:51 | 012,589,451 | ---- | C] () -- C:\Users\Liberty\Desktop\Free Willy music video - YouTube.m4v
[2012/05/20 18:31:23 | 004,130,745 | ---- | C] () -- C:\Users\Liberty\Desktop\Eve Feat. Wyclef Jean - Your Love (L.O.V.E. Reggae Mix ) (50 FIRST DATES SOUNDTRACK) - YouTube.mp3
[2012/05/20 18:31:19 | 003,825,216 | ---- | C] () -- C:\Users\Liberty\Desktop\UB40 - every breath you take - YouTube.mp3
[2012/05/18 23:53:30 | 000,089,088 | ---- | C] () -- C:\Users\Liberty\Desktop\[conspiracy] David Icke - Are There Aliens UFO Among Us (R).pdf
[2012/05/17 23:28:51 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/05/12 13:31:38 | 004,182,154 | ---- | C] () -- C:\Users\Liberty\Desktop\Adele - Someone Like you (Reggae Cover) Reggae Version by Hygraid (Barbados) - YouTube2.mp3
[2012/05/12 13:29:43 | 004,228,965 | ---- | C] () -- C:\Users\Liberty\Desktop\No Doubt - Don't Speak - Reggae Version - YouTube.mp3
[2012/05/12 13:29:32 | 003,633,791 | ---- | C] () -- C:\Users\Liberty\Desktop\Winsome - Nothing Compares To You - YouTube.mp3
[2012/05/12 13:29:23 | 003,823,962 | ---- | C] () -- C:\Users\Liberty\Desktop\Sweet Tea Baja Jedd - Breathe Again - YouTube.mp3
[2012/05/12 13:28:50 | 061,743,492 | ---- | C] () -- C:\Users\Liberty\Desktop\OldSchool DanceHall BigTunes Mix.wmv - YouTube.mp3
[2012/05/07 23:04:41 | 003,879,551 | ---- | C] () -- C:\Users\Liberty\Desktop\Sly Robbie - Jah Jah Children Dub - YouTube.mp3
[2012/04/08 19:29:43 | 000,002,379 | ---- | C] () -- C:\Users\Public\Desktop\Nero MediaHome 4.lnk
[2012/04/06 12:47:05 | 000,059,628 | ---- | C] () -- C:\Users\Liberty\Documents\Michael-Moore-Secrets-of-a-Secret-Society.pdf
[2012/04/06 12:38:14 | 020,184,895 | ---- | C] () -- C:\Users\Liberty\Documents\iPhone_iOS4_User_Guide.pdf
[2012/04/06 12:38:01 | 017,222,142 | ---- | C] () -- C:\Users\Liberty\Documents\iphone_user_guide.pdf
[2012/04/06 12:37:48 | 000,587,868 | ---- | C] () -- C:\Users\Liberty\Documents\earthpix.pdf
[2012/04/06 12:36:30 | 000,116,904 | ---- | C] () -- C:\Users\Liberty\Documents\Greek and Roman Mythology.pdf
[2012/04/06 12:36:15 | 000,971,993 | ---- | C] () -- C:\Users\Liberty\Documents\00112512.pdf
[2012/04/06 12:36:06 | 006,806,969 | ---- | C] () -- C:\Users\Liberty\Documents\Graham_Hancock_FINGERPRINTS_OF_THE_GODS.pdf
[2012/04/06 12:35:56 | 004,152,190 | ---- | C] () -- C:\Users\Liberty\Documents\planetx-kolbrin.pdf
[2012/04/06 12:35:46 | 000,187,579 | ---- | C] () -- C:\Users\Liberty\Documents\LordsPovertyServantsPoor.pdf
[2012/04/06 12:35:29 | 000,823,410 | ---- | C] () -- C:\Users\Liberty\Documents\The Holy Blood and The Holy Grail.pdf
[2012/03/29 21:00:33 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/29 15:26:14 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/08 00:37:03 | 000,002,394 | ---- | C] () -- C:\Users\Liberty\Desktop\Advanced Uninstaller Free.lnk
[2012/03/08 00:37:03 | 000,002,162 | ---- | C] () -- C:\Users\Liberty\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Uninstaller Free.lnk
[2012/03/01 01:14:47 | 005,085,977 | ---- | C] () -- C:\Users\Liberty\Documents\computer programming.pdf
[2012/02/29 23:34:31 | 001,646,292 | ---- | C] () -- C:\Users\Liberty\Documents\successful-time-management.pdf
[2012/02/22 02:47:36 | 000,032,711 | ---- | C] () -- C:\Users\Liberty\Documents\the first three months.wlmp
[2012/01/19 20:05:53 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjw.avm
[2012/01/15 22:10:17 | 002,189,599 | ---- | C] () -- C:\Users\Liberty\Documents\Creating a Memory of the German rocket program for the Cold War.pdf
[2012/01/15 21:49:02 | 000,235,281 | ---- | C] () -- C:\Users\Liberty\Documents\The-New-Nazi-Bell.pdf
[2012/01/15 21:46:44 | 000,566,745 | ---- | C] () -- C:\Users\Liberty\Documents\Secrets of the Nazi Bell_Joseph-Farrell-Interview.pdf
[2012/01/15 21:45:05 | 000,303,271 | ---- | C] () -- C:\Users\Liberty\Documents\The Secret Road to Mount Olympus.pdf
[2012/01/10 02:38:14 | 007,207,998 | ---- | C] () -- C:\Users\Liberty\Documents\amer_sec_est_split_1.pdf
[2011/12/03 16:41:24 | 000,000,935 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/10/22 14:49:35 | 000,186,460 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/10/22 14:48:17 | 000,002,503 | ---- | C] () -- C:\Users\Liberty\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/10/22 14:48:17 | 000,002,491 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2011/10/22 14:48:17 | 000,002,479 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/10/22 14:03:21 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/08/20 19:20:44 | 000,001,183 | ---- | C] () -- C:\Windows\System32\Neck Disability Index short form36 physical component summary and pain scales for neck and arm pain the minimum clinically important difference and substantial clinical benefit after cervical spine.lnk
[2011/08/14 19:04:21 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/08/13 10:47:32 | 000,000,162 | -H-- | C] () -- C:\Users\Liberty\Desktop\~$search 9.8.rtf
[2011/08/12 11:24:58 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011/08/12 11:24:22 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/08/12 11:24:21 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml
[2011/08/12 11:24:16 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml
[2011/08/11 11:44:54 | 000,002,361 | ---- | C] () -- C:\Users\Liberty\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero MediaHome 4.lnk
[2011/08/11 11:42:26 | 000,000,017 | ---- | C] () -- C:\Users\Liberty\AppData\Local\resmon.resmoncfg
[2011/08/11 11:40:41 | 000,108,902 | ---- | C] () -- C:\Users\Liberty\Documents\Upper arm pain.htm
[2011/08/11 11:40:40 | 003,191,254 | ---- | C] () -- C:\Users\Liberty\Documents\Thoracic Spine Manipulation(www.egy-pt.com).flv
[2011/08/11 11:40:40 | 001,342,198 | ---- | C] () -- C:\Users\Liberty\Documents\Systematic reviews and meta-analysis.pdf
[2011/08/11 11:40:40 | 000,269,055 | ---- | C] () -- C:\Users\Liberty\Documents\The short-term effects of thoracic spine thrust manipulation on patients with shoulder impingement syndrome.pdf
[2011/08/11 11:40:40 | 000,202,154 | ---- | C] () -- C:\Users\Liberty\Documents\The effects of cervical high-velocity low-amplitude thrust manipulation on resting electromyographic activity of the biceps brachii muscle.pdf
[2011/08/11 11:40:40 | 000,192,546 | ---- | C] () -- C:\Users\Liberty\Documents\Turton, A.R. Water demand management - a case study from South Africa.pdf
[2011/08/11 11:40:40 | 000,143,287 | ---- | C] () -- C:\Users\Liberty\Documents\The Effect of Sacroiliac Joint Manipulation on Feed-Forward .pdf
[2011/08/11 11:40:37 | 002,268,898 | ---- | C] () -- C:\Users\Liberty\Documents\Sacroiliac Joint Manipulation(www.egy-pt.com).flv
[2011/08/11 11:40:36 | 023,830,600 | ---- | C] () -- C:\Users\Liberty\Documents\RCT - meta-analysis.zip
[2011/08/11 11:40:35 | 001,212,155 | ---- | C] () -- C:\Users\Liberty\Documents\photo.JPG
[2011/08/11 11:40:35 | 001,194,155 | ---- | C] () -- C:\Users\Liberty\Documents\photo (3).JPG
[2011/08/11 11:40:34 | 001,192,800 | ---- | C] () -- C:\Users\Liberty\Documents\photo (2).JPG
[2011/08/11 11:40:33 | 001,109,167 | ---- | C] () -- C:\Users\Liberty\Documents\photo (1).JPG
[2011/08/11 11:40:33 | 000,109,239 | ---- | C] () -- C:\Users\Liberty\Documents\NHS Evidence Health Information Resources Search Results (3).rtf
[2011/08/11 11:40:33 | 000,072,695 | ---- | C] () -- C:\Users\Liberty\Documents\NHS Evidence Health Information Resources Search Results.rtf
[2011/08/11 11:40:33 | 000,071,771 | ---- | C] () -- C:\Users\Liberty\Documents\NHS Evidence Health Information Resources Search Results (1).rtf
[2011/08/11 11:40:33 | 000,012,693 | ---- | C] () -- C:\Users\Liberty\Documents\NHS Evidence Health Information Resources Search Results (2).rtf
[2011/08/11 11:40:32 | 000,306,175 | ---- | C] () -- C:\Users\Liberty\Documents\Neurophysiological effects of spinal manipulation.pdf
[2011/08/11 11:40:31 | 000,306,175 | ---- | C] () -- C:\Users\Liberty\Documents\Neurophysiological effects of spinal manipulation (1).pdf
[2011/08/11 11:40:29 | 000,779,490 | ---- | C] () -- C:\Users\Liberty\Documents\Neck Retractions, Cervical Root Decompression, and Radicular.pdf
[2011/08/11 11:40:22 | 001,876,951 | ---- | C] () -- C:\Users\Liberty\Documents\Meta-Analysis of Controlled Clinical Trials.pdf
[2011/08/11 11:40:21 | 000,344,248 | ---- | C] () -- C:\Users\Liberty\Documents\MANIPULATION AND MOBILISATION FOR MECHANICAL NECK DISORDERS.pdf
[2011/08/11 11:40:02 | 297,902,634 | ---- | C] () -- C:\Users\Liberty\Documents\Manipulation & Mobilization of Extremity & Spinal Techniques - Edmond.PDF
[2011/08/11 11:39:46 | 297,902,634 | ---- | C] () -- C:\Users\Liberty\Documents\Manipulation & Mobilization of Extremity & Spinal Techniques - Edmond (1).PDF
[2011/08/11 11:39:39 | 004,894,682 | ---- | C] () -- C:\Users\Liberty\Documents\Handbook_of_Basic_Clinical_Manipulation.pdf
[2011/08/11 11:39:39 | 000,225,541 | ---- | C] () -- C:\Users\Liberty\Documents\Harare_Skyline.jpg
[2011/08/11 11:39:30 | 000,631,172 | ---- | C] () -- C:\Users\Liberty\Documents\Discogenic-radicular pain.pdf
[2011/08/11 11:39:30 | 000,300,116 | ---- | C] () -- C:\Users\Liberty\Documents\Defining the effect of cervical manipulation on vertebral ar.pdf
[2011/08/11 11:39:28 | 005,507,936 | ---- | C] () -- C:\Users\Liberty\Documents\Clinical Reasoning Form030.pdf
[2011/08/11 11:39:24 | 010,907,428 | ---- | C] () -- C:\Users\Liberty\Documents\Chaitow - Soft Tissue Manipulation - A Practitioners Guide to the Diagnosis and Treatment of Soft.pdf
[2011/08/11 11:39:23 | 000,139,978 | ---- | C] () -- C:\Users\Liberty\Documents\Can acute low back pain result from segmental spinal buckling during sub-maximal activities A review of the current literature.pdf
[2011/08/11 11:39:22 | 002,964,833 | ---- | C] () -- C:\Users\Liberty\Documents\Atlantis, Alien Visitation - Genetic Manipulation.pdf
[2011/08/11 11:39:22 | 002,926,328 | ---- | C] () -- C:\Users\Liberty\Documents\Atlantis, Alien Visitation, and Genetic Manipulation by Michael Tsarion.pdf
[2011/08/11 11:39:20 | 000,652,670 | ---- | C] () -- C:\Users\Liberty\Documents\2004031168.pdf
[2011/08/11 11:39:19 | 000,110,700 | ---- | C] () -- C:\Users\Liberty\Documents\1155_twelve+questions+for+econ+eval+three+arrows+logo_C+Commons+14.10.10.pdf
[2011/08/11 11:39:19 | 000,098,048 | ---- | C] () -- C:\Users\Liberty\Documents\1156_11+Questions+for+an+RCT+three+arrows+LOGO_C+Commons+14.10.10.pdf
[2011/08/11 11:39:18 | 000,118,822 | ---- | C] () -- C:\Users\Liberty\Documents\1153_twelve+questions+for+cohort+study+three+arrows+logo_C+Commons+14.10.10.pdf
[2011/08/11 11:39:18 | 000,118,822 | ---- | C] () -- C:\Users\Liberty\Documents\1153_twelve+questions+for+cohort+study+three+arrows+logo_C+Commons+14.10.10 (1).pdf
[2011/08/11 11:39:17 | 000,238,752 | ---- | C] () -- C:\Users\Liberty\Documents\1152_ten+questions+Systematic+review+three+arrows+LOGO_C+Commons+14.10.10.pdf
[2011/08/11 11:39:17 | 000,118,928 | ---- | C] () -- C:\Users\Liberty\Documents\1149_11+questions+for+case+control+study+template+three+arrows+LOGO_C+Commons+14.10.10.pdf
[2011/08/11 11:39:16 | 000,313,816 | ---- | C] () -- C:\Users\Liberty\Documents\1 Neck and Shooting Arm Pain.pdf
[2011/08/11 11:38:29 | 000,001,593 | ---- | C] () -- C:\Users\Liberty\Desktop\DivX Movies.lnk
[2011/08/11 10:34:17 | 000,001,993 | ---- | C] () -- C:\Users\Public\Desktop\PowerDVD.lnk
[2011/08/11 10:33:46 | 000,001,816 | ---- | C] () -- C:\Users\Liberty\Desktop\Microsoft Office - Shortcut.lnk
[2011/08/11 00:21:38 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/08/11 00:19:58 | 000,001,136 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2011/08/11 00:19:58 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011/08/11 00:14:39 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/08/11 00:14:39 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/08/11 00:14:00 | 000,002,205 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/08/11 00:14:00 | 000,002,189 | ---- | C] () -- C:\Users\Liberty\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/11 00:11:20 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/11 00:11:19 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/11 00:08:35 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/08/11 00:05:24 | 000,001,417 | ---- | C] () -- C:\Users\Liberty\Desktop\Internet Explorer.lnk
[2011/08/11 00:02:49 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/08/10 19:29:19 | 000,001,411 | ---- | C] () -- C:\Users\Liberty\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/10 19:07:35 | 000,001,417 | ---- | C] () -- C:\Users\Liberty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/08/10 19:07:19 | 000,000,290 | ---- | C] () -- C:\Users\Liberty\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/08/10 19:07:19 | 000,000,272 | ---- | C] () -- C:\Users\Liberty\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/08/10 18:48:38 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/08/10 18:48:32 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/08/10 18:47:56 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
[2011/08/10 18:47:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/08/10 18:47:40 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/08/10 18:46:43 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/08/10 18:45:33 | 2414,379,008 | -HS- | C] () -- C:\hiberfil.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >
mutepail
Regular Member
 
Posts: 16
Joined: June 18th, 2012, 4:12 pm

Re: how to remove persistent malware Yieldmaster Revsci etc

Unread postby mutepail » June 23rd, 2012, 3:47 pm

extras.txt

OTL Extras logfile created on: 23/06/2012 19:32:10 - Run 1
OTL by OldTimer - Version 3.2.52.0 Folder = C:\Users\Liberty\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 60.18% Memory free
5.99 Gb Paging File | 4.63 Gb Available in Paging File | 77.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 345.68 Gb Free Space | 74.23% Space Free | Partition Type: NTFS
Drive E: | 107.07 Gb Total Space | 79.76 Gb Free Space | 74.49% Space Free | Partition Type: NTFS
Drive F: | 37.24 Gb Total Space | 37.14 Gb Free Space | 99.74% Space Free | Partition Type: NTFS

Computer Name: LIBERTY-PC | User Name: Liberty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08CA20A8-07BC-48CD-B199-B60BE9DB77C4}" = lport=139 | protocol=6 | dir=in | app=system |
"{10EFD346-3F29-47D7-A0A0-2C171D4894B9}" = rport=137 | protocol=17 | dir=out | app=system |
"{2981BFFA-E2A1-4670-BB00-C26059EE5A4A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2A4ACD72-821F-49B9-B1FB-F49A747C6B40}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3373A666-363F-4889-B874-F618FF0D3831}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{378F874B-CB17-40FC-8244-E1DE8D79F7E3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{37FE9A5D-A672-4495-B4D5-5EE064EE8C32}" = lport=10243 | protocol=6 | dir=in | app=system |
"{40174C69-54B5-4436-9FFB-B51072B33326}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{51ED8346-DE22-4FA7-AC2A-27A1AC0F149E}" = lport=137 | protocol=17 | dir=in | app=system |
"{5C3652C9-0E99-4574-88DF-83E511D7269A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{69268FF8-5B9D-47A4-BB45-094F073757A6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{70C4D8F1-5C45-48E4-896D-C45B2D838825}" = rport=445 | protocol=6 | dir=out | app=system |
"{834F010D-30E4-4888-B4BC-7C486C0482E5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{96BD144A-7440-4836-9375-E9CE0EFE8247}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF0243F9-6AE5-43FF-930D-E72E9AFBD2D4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B0E6EB33-F13E-488A-AE3D-D5281292CC75}" = lport=138 | protocol=17 | dir=in | app=system |
"{BA71E6BF-9F8E-4A02-BADF-1F7CDC928512}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C687CAEF-0323-4564-82DE-1560170EA96D}" = lport=445 | protocol=6 | dir=in | app=system |
"{C82DEC34-CE5F-4FB7-8287-A5C9CB1FEF1C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CB9D0918-4F20-4D7A-8768-88C721267C84}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CC0C824A-45A2-480A-9049-489031DC52BD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DA70DAA5-BBB7-493C-AB82-DA734EA5DBFF}" = rport=138 | protocol=17 | dir=out | app=system |
"{DE4B9B52-4DB0-4093-B341-6CA8E4398E39}" = rport=139 | protocol=6 | dir=out | app=system |
"{FF99DC0C-9AA1-4B19-A949-27B0C928F279}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0288B804-EE61-44C1-840E-710C66A57013}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{04EB4C80-63AD-4125-87AA-9733998D22C2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0CAC36EC-7060-43AC-AC67-801ACEFF5177}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{10F4A415-8FEC-42B9-9AFF-1954CEF3E823}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{1638B1D2-F2E9-48A9-A096-A6CF11A8D52D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1C49DFB9-F6E6-49D7-898C-FA781FF1543D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1D163E86-772E-4DE3-8729-5B4A1E2B8BAB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{29F8F5B3-7DFC-4C79-8E2F-FC0C5A650B47}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{2FB98295-6E18-4C3A-B371-2A7554A539FC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2FF09E1F-8DC5-49A5-B870-383D53E86C04}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{318862A6-0A36-4AC3-AAA1-80973ED596A6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{31E9C948-E7FB-40BE-B289-2AF29703C1AC}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{374BA881-12A2-4562-8B7A-362C8B39DACF}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{3B1EBC7D-865D-49D2-82FC-781248056FE7}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{4FDBC0A1-A684-46BA-9206-D838306FE10B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{546D062C-B680-4D59-AF5B-0DCE89205DD0}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{571046CE-9A87-4403-9BE2-B87DA03FE942}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5FAF9D16-9800-42BB-AFA2-4CFFEA8544C7}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{63762FAD-9D4C-4B4A-B2BE-89080F52B60F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{70C16FFF-90DE-4C0F-A9A5-7C014B68A7AA}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{7116D030-2382-46EE-B60A-7C6D5B3468EB}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{714D1274-0FAC-4E9F-A759-7C3DB694F94D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{7CB593A6-74FE-413F-A802-C96B2B6292FA}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{843F3F87-DAA8-4519-B75C-880FE65867DD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8892CA19-8A6D-466C-B8A0-84B1AD9DF25E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A0B78E94-63FC-444A-B60E-35E5A24ABD34}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A4F09020-71FB-4921-9E64-E7CC929C7A45}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B4382B5A-2472-41FD-A1D1-A5071D39BFC0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B9B7F7DE-B499-426F-A6C8-F9117DD099D4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BCEFBAB9-98F1-4D0F-91F2-BBCE177A3813}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{BEECAFCD-8D58-4F7B-8A6C-9A9F45224DC9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C017A69B-63FB-4D71-93FC-93B535300AA6}" = protocol=6 | dir=in | app=c:\program files\nero\nero mediahome 4\nmmediaserverservice.exe |
"{C6CC65D7-6F82-49D3-8B17-84C036B111D1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CA13A6F9-EFA9-40EA-B53A-0D51639C0925}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{CE0242C3-BE63-4853-B6DD-495C97C2275F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DEB79CFB-267D-4064-91D0-40B5112D1F4F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E559291F-74EB-4B77-84F9-9FD9635A377A}" = protocol=6 | dir=out | app=system |
"{F0378C53-3196-45B4-818D-F6A0ECE37640}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{F7D4B036-0F4C-4E73-89F7-C89964887116}" = protocol=17 | dir=in | app=c:\program files\nero\nero mediahome 4\nmmediaserverservice.exe |
"TCP Query User{17461827-38A4-48E3-BE0F-60C676EC7969}C:\program files\ares vista\aresvista.exe" = protocol=6 | dir=in | app=c:\program files\ares vista\aresvista.exe |
"TCP Query User{38444D61-AB0A-4480-855A-B2076A2CF2A9}C:\program files\ares vista\aresvista.exe" = protocol=6 | dir=in | app=c:\program files\ares vista\aresvista.exe |
"TCP Query User{4936E7C8-54A5-4621-893C-216AA4E02252}E:\program files\ares\ares.exe" = protocol=6 | dir=in | app=e:\program files\ares\ares.exe |
"TCP Query User{F39DEF89-C164-4F10-B53E-14D2DF8E7AB2}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{FD513EDF-E897-4ACD-AC14-6B9896267598}E:\program files\ares\ares.exe" = protocol=6 | dir=in | app=e:\program files\ares\ares.exe |
"UDP Query User{0CF4517E-2B89-4647-932D-8BE841BE3EA1}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{211ECB0C-46C3-473B-97AB-EE225CD4998E}E:\program files\ares\ares.exe" = protocol=17 | dir=in | app=e:\program files\ares\ares.exe |
"UDP Query User{7D6CA888-E591-4AFA-9B8C-15323F5AF9D2}E:\program files\ares\ares.exe" = protocol=17 | dir=in | app=e:\program files\ares\ares.exe |
"UDP Query User{EF99FD00-5024-4E35-8660-8CA55B8F6154}C:\program files\ares vista\aresvista.exe" = protocol=17 | dir=in | app=c:\program files\ares vista\aresvista.exe |
"UDP Query User{F213710E-B845-4A57-88BA-86C9BE18EBB6}C:\program files\ares vista\aresvista.exe" = protocol=17 | dir=in | app=c:\program files\ares vista\aresvista.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B2D57D5-8BFD-4554-A9B6-CC8CC0580F1D}" = RealDownloader
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69fc3b9a-4149-43db-a557-6ed0c8d8ba44}" = Nero MediaHome 4 Help
"{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7fdeab8f-4c62-45a4-8a45-da9900cd6b3a}" = Nero MediaHome 4 Essentials
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99ef387e-633e-4cfb-bfa3-ab961b685ddf}" = Nero MediaHome 4
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C6A09671-93A6-4548-9FAE-3BF21EB9C921}" = AVG 2012
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"AU10F_is1" = Advanced Uninstaller Free - Version 10
"AVG" = AVG 2012
"Google Chrome" = Google Chrome
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"RealPlayer 15.0" = RealPlayer
"TeamViewer 6" = TeamViewer 6
"TomTom HOME" = TomTom HOME 2.8.2.2264
"WiseConvert Toolbar" = WiseConvert Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2636723537-2607932590-1398714872-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 18/01/2012 14:17:31 | Computer Name = Liberty-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 18/01/2012 14:17:31 | Computer Name = Liberty-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1092

Error - 18/01/2012 14:17:31 | Computer Name = Liberty-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1092

Error - 18/01/2012 14:17:32 | Computer Name = Liberty-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 18/01/2012 14:17:32 | Computer Name = Liberty-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2090

Error - 18/01/2012 14:17:32 | Computer Name = Liberty-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2090

Error - 18/01/2012 14:19:46 | Computer Name = Liberty-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 18/01/2012 14:19:46 | Computer Name = Liberty-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1061

Error - 18/01/2012 14:19:46 | Computer Name = Liberty-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1061

Error - 18/01/2012 14:19:47 | Computer Name = Liberty-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

[ Media Center Events ]
Error - 16/05/2012 17:17:06 | Computer Name = Liberty-PC | Source = MCUpdate | ID = 0
Description = 22:17:06 - Failed to retrieve Directory (Error: The operation has
timed out)

Error - 16/05/2012 17:22:09 | Computer Name = Liberty-PC | Source = MCUpdate | ID = 0
Description = 22:20:29 - Failed to retrieve MCEClientUX (Error: The operation has
timed out)

Error - 16/05/2012 17:23:51 | Computer Name = Liberty-PC | Source = MCUpdate | ID = 0
Description = 22:23:49 - Failed to retrieve Broadband (Error: The operation has
timed out)

[ System Events ]
Error - 21/06/2012 19:10:32 | Computer Name = Liberty-PC | Source = DCOM | ID = 10010
Description =

Error - 22/06/2012 15:42:53 | Computer Name = Liberty-PC | Source = DCOM | ID = 10010
Description =

Error - 22/06/2012 15:43:36 | Computer Name = Liberty-PC | Source = DCOM | ID = 10010
Description =

Error - 22/06/2012 17:45:18 | Computer Name = Liberty-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 22/06/2012 17:45:18 | Computer Name = Liberty-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the lmhosts service.

Error - 22/06/2012 17:57:05 | Computer Name = Liberty-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 22/06/2012 18:02:59 | Computer Name = Liberty-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 22/06/2012 19:07:48 | Computer Name = Liberty-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 22/06/2012 19:26:17 | Computer Name = Liberty-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 23/06/2012 13:21:58 | Computer Name = Liberty-PC | Source = DCOM | ID = 10010
Description =


< End of report >

Many Thanks
mutepail
Regular Member
 
Posts: 16
Joined: June 18th, 2012, 4:12 pm

Re: how to remove persistent malware Yieldmaster Revsci etc

Unread postby maxi » June 24th, 2012, 12:09 pm

Hi mutepail :)

Is this computer ever used for work purposes ? I need to know to give the appropriate advice.

Run CKScanner

  • Please download CKScanner from Here
  • Important: - Save it to your desktop.
  • Right-click CKScanner.exe > select " Run as administrator " then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved. Please Run the program only once.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: how to remove persistent malware Yieldmaster Revsci etc

Unread postby mutepail » June 24th, 2012, 1:03 pm

No its not for work.

here is the ckfiles.txt log

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.UBNAXC
----- EOF -----
Thanks
mutepail
Regular Member
 
Posts: 16
Joined: June 18th, 2012, 4:12 pm

Re: how to remove persistent malware Yieldmaster Revsci etc

Unread postby maxi » June 25th, 2012, 11:18 am

Hi mutepail :)

There are alot of files and folders on your desktop that I dont recognise, Could you have a look below and tell me if you recognise them please.
Code: Select all
[2011/08/13 10:47:32 | 000,000,162 | -H-- | M] () -- C:\Users\Liberty\Desktop\~$search 9.8.rtf
[2012/02/06 23:59:48 | 000,000,000 | ---D | C] -- C:\Users\Liberty\Desktop\860OKMZOLM (2)
[2012/02/06 23:50:39 | 000,000,000 | ---D | C] -- C:\Users\Liberty\Desktop\860OKMZOLM
[2012/02/23 00:36:46 | 000,000,000 | ---D | C] -- C:\Users\Liberty\Desktop\Tanaka
[2012/04/05 22:28:09 | 000,000,000 | ---D | C] -- C:\Users\Liberty\Desktop\823WGTMA
[2012/04/05 22:26:22 | 000,000,000 | ---D | C] -- C:\Users\Liberty\Desktop\860OKMZO
[2012/05/26 13:24:30 | 000,000,000 | ---D | C] -- C:\Users\Liberty\Desktop\965YOKDJ
[2012/06/04 20:26:19 | 000,000,000 | ---D | C] -- C:\Users\Liberty\Desktop\DCIM
[2012/05/07 22:20:15 | 000,000,000 | ---D | C] -- C:\Users\Liberty\Desktop\fotos 7.5.12
[2011/08/11 11:38:33 | 000,000,000 | ---D | C] -- C:\Users\Liberty\Desktop\Desktop
[2012/06/04 23:39:58 | 000,003,874 | ---- | M] () -- C:\Users\Liberty\Desktop\04.06.2012.wlmp
[2012/05/23 20:55:13 | 007,689,690 | ---- | M] () -- C:\Users\Liberty\Desktop\word-2010-advanced-part-i.pdf
[2012/05/23 20:51:20 | 006,481,248 | ---- | M] () -- C:\Users\Liberty\Desktop\microsoft-office-excel.pdf
[2012/05/30 23:15:50 | 000,593,989 | ---- | C] () -- C:\Users\Liberty\Desktop\Altered Patterns of Superficial Trunk Muscle Activation in LBP.pdf


Step 1
Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following if present.
Advertising Center
WiseConvert Toolbar
Advanced Uninstaller Free - Version 10


Step 2
Run OTL Script

We need to run an OTL Fix

  • Right click on OTL.exe and select "Run As Administrator" to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :otl
    IE - HKLM\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWise.dll (Conduit Ltd.)
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-21-2636723537-2607932590-1398714872-1000\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWise.dll (Conduit Ltd.)
    CHR - Extension: vshare plugin = C:\Users\Liberty\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
    O2 - BHO: (WiseConvert Toolbar) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWise.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (WiseConvert Toolbar) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWise.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-2636723537-2607932590-1398714872-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O3 - HKU\S-1-5-21-2636723537-2607932590-1398714872-1000\..\Toolbar\WebBrowser: (WiseConvert Toolbar) - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - C:\Program Files\WiseConvert\prxtbWise.dll (Conduit Ltd.)
    O4 - HKU\S-1-5-21-2636723537-2607932590-1398714872-1000..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h File not found
    [2012/06/23 19:22:45 | 000,000,000 | ---D | C] -- C:\Program Files\WiseConvert
    [2012/05/19 18:01:17 | 000,000,000 | ---D | C] -- C:\Program Files\same4app
    [2012/01/18 22:32:27 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid
    [2011/12/28 02:43:18 | 000,000,000 | ---D | C] -- C:\Program Files\Ares Vista
    [2011/12/18 15:23:58 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
    [2011/12/18 15:23:49 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\Conduit
    [2011/12/18 15:14:10 | 000,000,000 | ---D | C] -- C:\ProgramData\RegWork
    [2011/12/18 15:14:03 | 000,000,000 | ---D | C] -- C:\Program Files\RegWork
    [2011/12/17 19:46:28 | 000,000,000 | ---D | C] -- C:\Program Files\StartSearch plugin
    [2011/10/25 21:04:50 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\Ilivid Player
    [2011/08/28 16:29:57 | 000,000,000 | ---D | C] -- C:\Program Files\vShare.tv plugin
    [2012/02/21 22:29:27 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\{F1659C09-9CF3-42C2-B913-7453CE05DFE5}
    [2012/02/21 22:29:15 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\{8499A5BF-9781-4746-933A-B60CDF1D5CE8}
    [2012/05/18 23:58:04 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\{BCC9AB16-2DD1-40A6-8FBD-8E3378262A6E}
    [2012/05/18 23:58:04 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\{A9190198-9B1D-43F9-9DF1-75AC0C05D52C}
    [2012/06/06 22:16:21 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\{7990F045-A35D-45D8-9927-0B6FC0C95D84}
    [2012/06/06 22:16:09 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\{09C81BFA-513E-4B19-9F60-32F8CB96AC07}
    [2012/06/06 22:09:56 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\{88955051-45D4-47CD-A3DA-8CE8E8C47157}
    [2012/06/06 22:09:43 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\{B1D4F66E-9C82-4EF8-AFEF-CEF820CBC328}
    [2012/06/06 22:07:04 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\{E45F1796-672B-4135-9A06-5058AA723C1F}
    [2012/06/06 22:06:52 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\{BEA6BBB5-E6F1-4739-BA5A-AA097C0941B8}
    [2012/06/04 23:42:42 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\{1C5520FE-D1B1-4325-91F8-E3BFAC6385F3}
    [2012/06/04 21:26:25 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Local\{0025E162-5757-4275-B397-EBFEFC9049C1}
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4
    
    
    
    :files
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    [createrestorepoint]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Step 3
OTL Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  4. Click on Run Scan at the top left hand corner.
    Please post the log in your next reply.

In you next reply please include:
The OTL fix log.
The Otl scan log.
The answer to my questions.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: how to remove persistent malware Yieldmaster Revsci etc

Unread postby mutepail » June 25th, 2012, 3:51 pm

Hi Maxi

Of the following files,
[2011/08/13 10:47:32 | 000,000,162 | -H-- | M] () -- C:\Users\Liberty\Desktop\~$search 9.8.rtf
This one I do not know what it is.

[2012/02/06 23:59:48 | 000,000,000 | ---D | C] -- C:\Users\Liberty\Desktop\860OKMZOLM (2)
[2012/02/06 23:50:39 | 000,000,000 | ---D | C] -- C:\Users\Liberty\Desktop\860OKMZOLM
[2012/02/23 00:36:46 | 000,000,000 | ---D | C] -- C:\Users\Liberty\Desktop\Tanaka
[2012/04/05 22:28:09 | 000,000,000 | ---D | C] -- C:\Users\Liberty\Desktop\823WGTMA
[2012/04/05 22:26:22 | 000,000,000 | ---D | C] -- C:\Users\Liberty\Desktop\860OKMZO
[2012/05/26 13:24:30 | 000,000,000 | ---D | C] -- C:\Users\Liberty\Desktop\965YOKDJ
[2012/06/04 20:26:19 | 000,000,000 | ---D | C] -- C:\Users\Liberty\Desktop\DCIM
[2012/05/07 22:20:15 | 000,000,000 | ---D | C] -- C:\Users\Liberty\Desktop\fotos 7.5.12
The 5 files above contain photos ( or so I assume)

[2011/08/11 11:38:33 | 000,000,000 | ---D | C] -- C:\Users\Liberty\Desktop\Desktop
[2012/06/04 23:39:58 | 000,003,874 | ---- | M] () -- C:\Users\Liberty\Desktop\04.06.2012.wlmp
[2012/05/23 20:55:13 | 007,689,690 | ---- | M] () -- C:\Users\Liberty\Desktop\word-2010-advanced-part-i.pdf
[2012/05/23 20:51:20 | 006,481,248 | ---- | M] () -- C:\Users\Liberty\Desktop\microsoft-office-excel.pdf

I don't know what these 4 are.
[2012/05/30 23:15:50 | 000,593,989 | ---- | C] () -- C:\Users\Liberty\Desktop\Altered Patterns of Superficial Trunk Muscle Activation in LBP.pdf
I assume this is an article that I downloaded and saved on the desktop.

Step 1
I have removed

WiseConvert Toolbar & Advanced Uninstaller Free - Version 10
but I could not see the Advertising Center
Step 2
The OTL fix log.

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}\ not found.
File C:\Program Files\WiseConvert\prxtbWise.dll not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-21-2636723537-2607932590-1398714872-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}\ not found.
File C:\Program Files\WiseConvert\prxtbWise.dll not found.
C:\Users\Liberty\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0 folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}\ not found.
File C:\Program Files\WiseConvert\prxtbWise.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}\ not found.
File C:\Program Files\WiseConvert\prxtbWise.dll not found.
Registry value HKEY_USERS\S-1-5-21-2636723537-2607932590-1398714872-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2636723537-2607932590-1398714872-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}\ not found.
File C:\Program Files\WiseConvert\prxtbWise.dll not found.
Registry value HKEY_USERS\S-1-5-21-2636723537-2607932590-1398714872-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ares deleted successfully.
Folder C:\Program Files\WiseConvert\ not found.
C:\Program Files\same4app folder moved successfully.
C:\Program Files\iLivid\imageformats folder moved successfully.
C:\Program Files\iLivid folder moved successfully.
C:\Program Files\Ares Vista folder moved successfully.
C:\Program Files\Conduit\Community Alerts folder moved successfully.
C:\Program Files\Conduit folder moved successfully.
C:\Users\Liberty\AppData\Local\Conduit folder moved successfully.
C:\ProgramData\RegWork\Backups folder moved successfully.
C:\ProgramData\RegWork folder moved successfully.
C:\Program Files\RegWork\Tmp folder moved successfully.
C:\Program Files\RegWork\Logs folder moved successfully.
C:\Program Files\RegWork folder moved successfully.
C:\Program Files\StartSearch plugin folder moved successfully.
C:\Users\Liberty\AppData\Local\Ilivid Player folder moved successfully.
C:\Program Files\vShare.tv plugin folder moved successfully.
C:\Users\Liberty\AppData\Local\{F1659C09-9CF3-42C2-B913-7453CE05DFE5} folder moved successfully.
C:\Users\Liberty\AppData\Local\{8499A5BF-9781-4746-933A-B60CDF1D5CE8} folder moved successfully.
C:\Users\Liberty\AppData\Local\{BCC9AB16-2DD1-40A6-8FBD-8E3378262A6E} folder moved successfully.
C:\Users\Liberty\AppData\Local\{A9190198-9B1D-43F9-9DF1-75AC0C05D52C} folder moved successfully.
C:\Users\Liberty\AppData\Local\{7990F045-A35D-45D8-9927-0B6FC0C95D84} folder moved successfully.
C:\Users\Liberty\AppData\Local\{09C81BFA-513E-4B19-9F60-32F8CB96AC07} folder moved successfully.
C:\Users\Liberty\AppData\Local\{88955051-45D4-47CD-A3DA-8CE8E8C47157} folder moved successfully.
C:\Users\Liberty\AppData\Local\{B1D4F66E-9C82-4EF8-AFEF-CEF820CBC328} folder moved successfully.
C:\Users\Liberty\AppData\Local\{E45F1796-672B-4135-9A06-5058AA723C1F} folder moved successfully.
C:\Users\Liberty\AppData\Local\{BEA6BBB5-E6F1-4739-BA5A-AA097C0941B8} folder moved successfully.
C:\Users\Liberty\AppData\Local\{1C5520FE-D1B1-4325-91F8-E3BFAC6385F3} folder moved successfully.
C:\Users\Liberty\AppData\Local\{0025E162-5757-4275-B397-EBFEFC9049C1} folder moved successfully.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Liberty\Downloads\cmd.bat deleted successfully.
C:\Users\Liberty\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Liberty
->Temp folder emptied: 15029538 bytes
->Temporary Internet Files folder emptied: 36923079 bytes
->Java cache emptied: 613925 bytes
->Google Chrome cache emptied: 9712574 bytes
->Apple Safari cache emptied: 83301376 bytes
->Flash cache emptied: 18469 bytes

User: NeroMediaHomeUser.4.Liberty-PC
->Temp folder emptied: 793624 bytes
->Temporary Internet Files folder emptied: 33974 bytes
->Flash cache emptied: 56468 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 107225453 bytes
RecycleBin emptied: 104552528 bytes

Total Files Cleaned = 342.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.52.0 log created on 06252012_203613

Files\Folders moved on Reboot...
C:\Users\Liberty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Liberty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G1NXJKNU\uk_yahoo_com[1].htm moved successfully.
C:\Users\NeroMediaHomeUser.4.Liberty-PC\AppData\Local\Temp\etilqs_jrzNUcBqxcBnU7uN2G8U moved successfully.
C:\Users\NeroMediaHomeUser.4.Liberty-PC\AppData\Local\Temp\etilqs_jrzNUcBqxcBnU7uN2G8U-journal moved successfully.

Registry entries deleted on Reboot...

I will carry out step three and paste the log as well.
Thanks
mutepail
Regular Member
 
Posts: 16
Joined: June 18th, 2012, 4:12 pm

Re: how to remove persistent malware Yieldmaster Revsci etc

Unread postby mutepail » June 25th, 2012, 4:15 pm

here is the log from step 3

OTL logfile created on: 25/06/2012 21:02:27 - Run 2
OTL by OldTimer - Version 3.2.52.0 Folder = C:\Users\Liberty\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 65.43% Memory free
5.99 Gb Paging File | 4.81 Gb Available in Paging File | 80.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 349.57 Gb Free Space | 75.07% Space Free | Partition Type: NTFS
Drive E: | 107.07 Gb Total Space | 79.76 Gb Free Space | 74.49% Space Free | Partition Type: NTFS
Drive F: | 37.24 Gb Total Space | 37.14 Gb Free Space | 99.74% Space Free | Partition Type: NTFS

Computer Name: LIBERTY-PC | User Name: Liberty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/25 21:01:59 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Liberty\Downloads\OTL (1).com
PRC - [2012/06/19 23:27:09 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/06/12 19:46:54 | 000,935,480 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
PRC - [2012/06/12 19:46:52 | 001,104,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/19 04:51:54 | 001,254,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/03/23 12:33:12 | 000,224,888 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2012/03/23 12:31:04 | 000,031,920 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/03/23 05:57:00 | 002,321,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgfws.exe
PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/23 13:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/06/24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/04/22 13:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/06/23 15:59:34 | 004,891,944 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe
PRC - [2009/06/23 15:59:32 | 000,259,368 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/12 19:47:02 | 000,132,664 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll
MOD - [2012/06/12 19:46:52 | 001,104,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


========== Win32 Services (SafeList) ==========

SRV - [2012/06/12 19:46:54 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0)
SRV - [2012/05/04 21:31:07 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/03/23 12:31:04 | 000,031,920 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/03/23 05:57:00 | 002,321,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/01 09:17:00 | 001,025,352 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/08/11 00:23:07 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/06/01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/07/14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/23 15:59:32 | 000,259,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe -- (NeroMediaHomeService.4)


========== Driver Services (SafeList) ==========

DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/05/23 01:03:28 | 000,047,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2010/11/20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 23:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/06/05 19:12:34 | 000,219,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express) Intel(R)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/02/06 13:27:04 | 000,185,728 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2005/02/18 11:57:10 | 000,071,168 | ---- | M] (Gemplus) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GKUPRO2D.sys -- (GKUPRO2D)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2636723537-2607932590-1398714872-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-2636723537-2607932590-1398714872-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-2636723537-2607932590-1398714872-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2636723537-2607932590-1398714872-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
IE - HKU\S-1-5-21-2636723537-2607932590-1398714872-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2636723537-2607932590-1398714872-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-2636723537-2607932590-1398714872-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 16 CA 73 00 B2 57 CC 01 [binary data]
IE - HKU\S-1-5-21-2636723537-2607932590-1398714872-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-2636723537-2607932590-1398714872-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2636723537-2607932590-1398714872-1000\..\SearchScopes\{8378A430-C5BE-46A0-87AC-B1D603B5B58E}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-2636723537-2607932590-1398714872-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={9A29710C-CE5B-4E16-97F4-6E931D9737F4}&mid=0f7b3d31f58547d190f2d15f3028a4f2-beff40037ec6bcb1f54da5d1edc34f8853ac98e7&lang=en&ds=AVG&pr=pr&d=2012-04-07 17:42:34&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2636723537-2607932590-1398714872-1000\..\SearchScopes\{B3619845-7413-41E3-AB8C-E03039F0916C}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
IE - HKU\S-1-5-21-2636723537-2607932590-1398714872-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2636723537-2607932590-1398714872-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-2636723537-2607932590-1398714872-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7.1
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.1.0: C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.1.0: C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/06/12 19:52:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012/06/12 19:47:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012/06/19 23:23:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/04/27 19:51:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1BC4187C-4BB6-4C5A-A11A-3FB535AE04AB}: C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012/06/19 23:23:42 | 000,000,000 | ---D | M]

[2011/08/11 11:41:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Liberty\AppData\Roaming\Mozilla\Extensions
[2011/02/27 00:11:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Liberty\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2011/11/10 16:42:16 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={9A29710C-CE5B-4E16-97F4-6E931D9737F4}&mid=0f7b3d31f58547d190f2d15f3028a4f2-beff40037ec6bcb1f54da5d1edc34f8853ac98e7&lang=en&ds=AVG&pr=pr&d=2012-04-07 17:42:34&v=10.2.0.3&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Liberty\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\plugins/avgnpss.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Liberty\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: AVG Safe Search = C:\Users\Liberty\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: AVG Safe Search = C:\Users\Liberty\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2111_0\
CHR - Extension: AVG Do-Not-Track = C:\Users\Liberty\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2126_0\

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Nero MediaHome 4] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero AG)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-2636723537-2607932590-1398714872-1000..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2636723537-2607932590-1398714872-1000..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2636723537-2607932590-1398714872-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2636723537-2607932590-1398714872-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-21-2636723537-2607932590-1398714872-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2636723537-2607932590-1398714872-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll File not found
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab (iCloud Web App Plugin)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7729FED8-B377-4380-A8A5-99727EF95BB2}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6f93db0b-c3fa-11e0-b0af-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6f93db0b-c3fa-11e0-b0af-806e6f6e6963}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/25 20:36:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/23 19:07:42 | 000,000,000 | ---D | C] -- C:\Users\Liberty\Desktop\tdsskiller
[2012/06/23 18:48:00 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Roaming\Systweak
[2012/06/23 18:47:59 | 000,017,320 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe
[2012/06/22 16:50:26 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/22 16:50:25 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/22 16:50:02 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/22 16:50:02 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/22 16:50:02 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/22 16:49:47 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/22 16:49:47 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/19 23:27:13 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2012/06/19 23:23:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2012/06/19 23:23:41 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2012/06/19 23:23:15 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2012/06/18 20:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/06/17 18:40:14 | 000,000,000 | ---D | C] -- C:\Users\Liberty\AppData\Roaming\Malwarebytes
[2012/06/17 18:40:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/14 00:50:11 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/06/14 00:50:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/14 00:50:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/06/14 00:50:10 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/06/14 00:50:09 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/06/14 00:50:09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/06/14 00:50:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/13 22:20:13 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/06/13 22:20:13 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/06/13 22:20:13 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/06/13 22:20:00 | 002,343,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/06/12 19:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/06/04 21:20:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[2012/06/04 21:20:45 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2012/06/04 20:26:19 | 000,000,000 | ---D | C] -- C:\Users\Liberty\Desktop\DCIM
[20 C:\Users\Liberty\Desktop\*.tmp files -> C:\Users\Liberty\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/25 20:46:39 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/25 20:46:39 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/25 20:39:34 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/25 20:39:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/25 20:39:19 | 2414,379,008 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/25 20:31:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/25 20:23:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/25 14:38:36 | 100,686,497 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/06/23 19:06:54 | 002,109,806 | ---- | M] () -- C:\Users\Liberty\Desktop\tdsskiller.zip
[2012/06/23 18:43:06 | 000,185,742 | ---- | M] () -- C:\Users\Liberty\Desktop\LBP clin decision rule spinal pain classification.pdf
[2012/06/20 18:30:20 | 000,323,062 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/06/19 23:27:54 | 000,001,238 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/06/19 23:27:34 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2012/06/19 23:27:15 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2012/06/19 23:27:15 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2012/06/19 23:27:13 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2012/06/18 21:59:10 | 000,000,020 | ---- | M] () -- C:\Windows\ϛ~
[2012/06/16 22:21:01 | 297,902,634 | ---- | M] () -- C:\Users\Liberty\Documents\Manipulation & Mobilization of Extremity & Spinal Techniques - Edmond (1).PDF
[2012/06/16 17:22:10 | 000,108,902 | ---- | M] () -- C:\Users\Liberty\Documents\Upper arm pain.htm
[2012/06/16 17:21:15 | 000,313,816 | ---- | M] () -- C:\Users\Liberty\Documents\1 Neck and Shooting Arm Pain.pdf
[2012/06/16 17:19:44 | 000,631,172 | ---- | M] () -- C:\Users\Liberty\Documents\Discogenic-radicular pain.pdf
[2012/06/16 17:19:26 | 000,779,490 | ---- | M] () -- C:\Users\Liberty\Documents\Neck Retractions, Cervical Root Decompression, and Radicular.pdf
[2012/06/16 15:56:15 | 000,115,525 | ---- | M] () -- C:\Users\Liberty\Documents\motorcertificate.pdf
[2012/06/14 22:06:51 | 000,098,933 | ---- | M] () -- C:\Users\Liberty\Desktop\Fructose Is It Bad For Our Health.pdf
[2012/06/14 15:03:08 | 000,406,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/14 12:07:32 | 000,017,320 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe
[2012/06/14 00:55:40 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/14 00:55:40 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/12 19:52:35 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/06/08 21:31:43 | 000,034,764 | ---- | M] () -- C:\Users\Liberty\AppData\Local\dt.dat
[2012/06/07 23:38:00 | 000,528,252 | ---- | M] () -- C:\Users\Liberty\Desktop\toxic effects of sugar.pdf
[2012/06/05 17:03:21 | 004,047,989 | ---- | M] () -- C:\Users\Liberty\Desktop\Tom Petty - Free Falling - Official Music Video - YouTube.mp3
[2012/06/04 21:22:36 | 005,245,359 | ---- | M] () -- C:\Users\Liberty\Desktop\05 - Mash In Guyana.mp3
[2012/06/02 23:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/02 23:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/02 23:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/02 23:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/02 23:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/05/31 18:05:26 | 003,902,539 | ---- | M] () -- C:\Users\Liberty\Desktop\Lucky Dube - Rasta Man's Prayer - YouTube.mp3
[2012/05/31 17:40:02 | 003,570,261 | ---- | M] () -- C:\Users\Liberty\Desktop\Heart - Alone - YouTube2.mp3
[2012/05/31 17:39:38 | 004,130,327 | ---- | M] () -- C:\Users\Liberty\Desktop\Eve Feat. Wyclef Jean - Your Love (L.O.V.E. Reggae Mix ) (50 FIRST DATES SOUNDTRACK) - YouTube2.mp3
[2012/05/31 17:38:13 | 004,225,621 | ---- | M] () -- C:\Users\Liberty\Desktop\Coldplay - Paradise - YouTube.mp3
[2012/05/31 17:33:16 | 003,968,158 | ---- | M] () -- C:\Users\Liberty\Desktop\Gotye - Somebody That I Used To Know (feat. Kimbra) - official video - YouTube.mp3
[2012/05/29 17:12:53 | 000,625,911 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2012/05/26 21:22:51 | 001,800,198 | ---- | M] () -- C:\Users\Liberty\Desktop\Diagnostic imaging for spinal disorders in the elderly_ a narrative review.pdf
[20 C:\Users\Liberty\Desktop\*.tmp files -> C:\Users\Liberty\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/23 19:06:52 | 002,109,806 | ---- | C] () -- C:\Users\Liberty\Desktop\tdsskiller.zip
[2012/06/23 18:43:06 | 000,185,742 | ---- | C] () -- C:\Users\Liberty\Desktop\LBP clin decision rule spinal pain classification.pdf
[2012/06/19 23:27:54 | 000,001,238 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/06/18 21:59:09 | 000,000,020 | ---- | C] () -- C:\Windows\ϛ~
[2012/06/16 15:56:15 | 000,115,525 | ---- | C] () -- C:\Users\Liberty\Documents\motorcertificate.pdf
[2012/06/14 22:06:51 | 000,098,933 | ---- | C] () -- C:\Users\Liberty\Desktop\Fructose Is It Bad For Our Health.pdf
[2012/06/08 21:31:43 | 000,034,764 | ---- | C] () -- C:\Users\Liberty\AppData\Local\dt.dat
[2012/06/07 23:38:00 | 000,528,252 | ---- | C] () -- C:\Users\Liberty\Desktop\toxic effects of sugar.pdf
[2012/06/06 00:14:19 | 004,047,989 | ---- | C] () -- C:\Users\Liberty\Desktop\Tom Petty - Free Falling - Official Music Video - YouTube.mp3
[2012/06/04 21:22:10 | 005,245,359 | ---- | C] () -- C:\Users\Liberty\Desktop\05 - Mash In Guyana.mp3
[2012/05/31 20:25:44 | 000,215,878 | ---- | C] () -- C:\Users\Liberty\Desktop\LBP Identifying serious cause Ca fracture Infection.pdf
[2012/05/31 20:19:07 | 003,902,539 | ---- | C] () -- C:\Users\Liberty\Desktop\Lucky Dube - Rasta Man's Prayer - YouTube.mp3
[2012/05/31 17:53:49 | 003,570,261 | ---- | C] () -- C:\Users\Liberty\Desktop\Heart - Alone - YouTube2.mp3
[2012/05/31 17:53:37 | 004,130,327 | ---- | C] () -- C:\Users\Liberty\Desktop\Eve Feat. Wyclef Jean - Your Love (L.O.V.E. Reggae Mix ) (50 FIRST DATES SOUNDTRACK) - YouTube2.mp3
[2012/05/31 17:53:17 | 004,225,621 | ---- | C] () -- C:\Users\Liberty\Desktop\Coldplay - Paradise - YouTube.mp3
[2012/05/31 17:53:11 | 003,968,158 | ---- | C] () -- C:\Users\Liberty\Desktop\Gotye - Somebody That I Used To Know (feat. Kimbra) - official video - YouTube.mp3
[2012/05/26 21:22:51 | 001,800,198 | ---- | C] () -- C:\Users\Liberty\Desktop\Diagnostic imaging for spinal disorders in the elderly_ a narrative review.pdf
[2011/10/22 14:49:35 | 000,186,460 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/08/14 19:04:21 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/08/12 11:24:22 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/08/11 11:42:26 | 000,000,017 | ---- | C] () -- C:\Users\Liberty\AppData\Local\resmon.resmoncfg
[2011/08/10 18:47:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/08/10 18:47:40 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

< End of report >
mutepail
Regular Member
 
Posts: 16
Joined: June 18th, 2012, 4:12 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 306 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware