Solved FRST log for sirefef.w removal

Truecoat

Truecoat

Posts: 29   +0
Scan result of Farbar Recovery Scan Tool Version: 05-07-2012
Ran by SYSTEM at 06-07-2012 10:39:53
Running from G:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [162328 2011-02-11] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2011-02-11] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [417304 2011-02-11] (Intel Corporation)
HKLM\...\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [x]
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [622592 2006-12-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [65536 2006-07-19] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-04-03] (Adobe Systems Incorporated)
HKU\Wanda\...\Run: [Installation Diagnostics] "C:\Program Files (x86)\Brother\Brmfl05c\Brinstck.exe" /I MFC-8860DN LAN#2 [126976 2006-11-04] (Brother Industries, Ltd.)
HKU\Wanda\...\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US [4331392 2012-05-30] (AOL Inc.)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 68.87.77.134 68.87.72.134
==================== Services (Whitelisted) ======
2 atashost; "C:\Windows\SysWOW64\atashost.exe" [133944 2011-03-16] (Cisco WebEx LLC)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
2 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [225672 2007-05-31] (Microsoft Corporation)
2 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [443784 2007-05-31] (Microsoft Corporation)
========================== Drivers (Whitelisted) =============

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============
2012-07-05 13:08 - 2012-07-05 13:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0F4B13D4CD158A5C
2012-07-05 13:01 - 2012-07-05 13:01 - 00000462 ____A C:\Windows\Tasks\SpeedyPC Update Version3.job
2012-07-05 13:01 - 2012-07-05 13:01 - 00000418 ____A C:\Windows\Tasks\SpeedyPC Pro.job
2012-07-05 13:01 - 2012-07-05 13:01 - 00000000 ____D C:\Users\All Users\SpeedyPC Software
2012-07-05 13:01 - 2012-07-05 13:01 - 00000000 ____D C:\Program Files (x86)\SpeedyPC Software
2012-07-05 13:00 - 2012-07-05 13:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D919F98941C164BD
2012-07-05 12:54 - 2012-07-05 12:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3D6ECA92EF71CB65
2012-07-05 12:51 - 2012-07-05 12:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E27BB3C5ECD275CD
2012-07-05 12:49 - 2012-07-05 12:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.138850909EAE450B
2012-07-05 12:46 - 2012-07-05 12:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8F7EE9767B7B87DF
2012-07-05 12:43 - 2012-07-05 12:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6372B1BD2CBEAC10
2012-07-05 12:43 - 2012-07-01 02:34 - 00002480 ____A C:\Users\Tony\Desktop\BITS.reg
2012-07-05 12:43 - 2012-07-01 02:34 - 00002208 ____A C:\Users\Tony\Desktop\wuauserv.reg
2012-07-05 12:43 - 2012-06-07 13:31 - 00002075 ____A C:\Users\Tony\Desktop\wscsvc.reg
2012-07-05 12:43 - 2012-06-07 13:05 - 00120395 ____A C:\Users\Tony\Desktop\bfe.reg
2012-07-05 12:43 - 2012-06-07 12:59 - 00197027 ____A C:\Users\Tony\Desktop\sharedaccess.reg
2012-07-05 12:43 - 2012-06-07 12:56 - 00002380 ____A C:\Users\Tony\Desktop\mpssvc.reg
2012-07-05 12:43 - 2009-07-13 17:39 - 00328704 ____A (Microsoft Corporation) C:\Users\Tony\Desktop\services.exe
2012-07-05 12:41 - 2012-07-05 12:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F2BC1D3B4D32A2FE
2012-07-05 12:36 - 2012-07-05 12:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FBC2FB45D0334C88
2012-07-05 12:33 - 2012-07-05 12:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2CCABA87DE832326
2012-07-05 12:31 - 2012-07-05 12:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AE297D55A257B084
2012-07-05 12:28 - 2012-07-05 12:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D396217839CB5D2E
2012-07-05 12:28 - 2012-07-05 12:28 - 00000000 ____A C:\Users\Tony\Downloads\FRST64.exe
2012-07-05 12:23 - 2012-07-05 12:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F2C43487BA98347D
2012-07-05 12:15 - 2012-07-05 12:15 - 12621696 ____A (Microsoft Corporation) C:\Users\Tony\Downloads\mseinstall.exe
2012-07-05 12:15 - 2012-07-05 12:15 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-05 12:15 - 2012-07-05 12:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-05 12:12 - 2012-07-05 12:12 - 00001578 ____A C:\Windows\PFRO.log
2012-07-05 11:29 - 2012-07-05 11:29 - 02617648 ____A (VS Revo Group Ltd.) C:\Users\Tony\Downloads\revosetup.exe
2012-07-05 11:28 - 2012-07-05 11:28 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-05 11:28 - 2012-07-05 11:28 - 00000000 ____D C:\Users\Tony\AppData\Roaming\Malwarebytes
2012-07-05 11:27 - 2012-07-05 11:27 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Tony\Downloads\mbam-setup-1.61.0.1400.exe
2012-07-05 11:21 - 2012-07-05 12:22 - 00126034 ____A C:\Users\Tony\AppData\Local\census.cache
2012-07-05 11:21 - 2012-07-05 11:21 - 00102400 ____A C:\Windows\RegBootClean.exe
2012-07-05 11:20 - 2012-07-05 12:22 - 00080912 ____A C:\Users\Tony\AppData\Local\ars.cache
2012-07-05 11:16 - 2012-07-05 11:16 - 02002944 ____A (Trend Micro Inc.) C:\Users\Tony\Downloads\HousecallLauncher.exe
2012-07-05 11:16 - 2012-07-05 11:16 - 00000036 ____A C:\Users\Tony\AppData\Local\housecall.guid.cache
2012-07-05 11:16 - 2012-06-04 23:37 - 00256904 ____A (Trend Micro Inc.) C:\Windows\SysWOW64\Drivers\tmcomm.sys
2012-07-05 11:12 - 2012-07-05 11:12 - 00000000 ____D C:\Program Files\HijackThis
2012-07-05 11:09 - 2012-07-05 11:09 - 00000000 ____D C:\Program Files (x86)\Hijack this
2012-07-05 11:08 - 2012-07-05 11:09 - 00251392 ____A C:\Users\Tony\Downloads\hijackthis_sfx.exe
2012-07-05 10:43 - 2012-07-05 10:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3F0A5E498702DF09
2012-07-05 10:35 - 2012-07-05 10:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.26A35AFBD39348A4
2012-07-05 10:33 - 2012-07-05 10:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1EC01D38735E0301
2012-07-05 10:27 - 2012-07-05 10:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AE77620C56AD2624
2012-07-05 10:12 - 2012-07-05 10:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A4C4CB375DCAA796
2012-07-05 10:09 - 2012-07-05 10:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CD5C983E7C44341C
2012-07-05 10:04 - 2012-07-05 10:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EA70B982FF6D3F14
2012-07-05 09:44 - 2012-07-05 09:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0ED12FE98066BD6D
2012-07-05 09:31 - 2012-07-05 09:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DDBB3068455F163D
2012-07-05 09:26 - 2012-07-05 09:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3F1D5AD3C222271F
2012-07-05 09:23 - 2012-07-05 09:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6B235131359A432C
2012-07-05 09:20 - 2012-07-05 09:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D200829D103BF9A8
2012-07-05 09:17 - 2012-07-05 09:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E9B0F07C8D9E87B6
2012-07-05 09:14 - 2012-07-05 09:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D81AC4A80E8886F1
2012-07-05 09:12 - 2012-07-05 09:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C7DA40BBB3BA3EBC
2012-07-05 09:05 - 2012-07-05 09:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.099F438738A1CCC2
2012-07-05 05:58 - 2012-07-05 14:03 - 00000000 ____D C:\Users\Tony\Downloads\Camera Surveillance Q-See Software Manual
2012-07-03 09:48 - 2012-07-03 09:48 - 00000000 ____D C:\Users\Tony\Downloads\11anweb
2012-07-03 09:47 - 2012-07-03 09:47 - 00823485 ____A C:\Users\Tony\Downloads\11anweb.zip
2012-07-02 10:55 - 2012-06-29 06:23 - 00017920 ____A C:\Users\Tony\Downloads\4. June 25 - 29, 2012.xls
2012-07-02 09:49 - 2012-07-02 09:49 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-29 12:45 - 2012-07-05 13:12 - 00003726 ____A C:\Windows\setupact.log
2012-06-29 12:45 - 2012-06-29 12:45 - 00000000 ____A C:\Windows\setuperr.log
2012-06-29 10:19 - 2012-06-29 10:13 - 00017408 ____A C:\Users\Tony\Downloads\BILLING SUMMARY 6-25 thru 6-29.xls
2012-06-29 09:16 - 2012-06-29 09:14 - 00029696 ____A C:\Users\Tony\Downloads\Client Remit.xls
2012-06-28 11:51 - 2012-06-28 11:48 - 00048128 ____A C:\Users\Tony\Downloads\5-2012 Williams Goodhue county.xls
2012-06-28 11:51 - 2012-06-28 11:35 - 00041984 ____A C:\Users\Tony\Downloads\James Williams correction Transportation .xls
2012-06-25 10:22 - 2012-06-25 10:22 - 00000958 ____A C:\Users\Tony\Desktop\A-PDF Split.lnk
2012-06-25 10:22 - 2012-06-25 10:22 - 00000000 ____D C:\Program Files (x86)\A-PDF Split
2012-06-25 06:26 - 2012-06-25 06:13 - 00017408 ____A C:\Users\Tony\Downloads\3. June 18 - 22, 2012.xls
2012-06-22 10:13 - 2012-07-02 12:01 - 00000000 ____D C:\Users\Tony\Downloads\Aalix D auth
2012-06-22 10:11 - 2012-06-22 10:11 - 00000000 ____D C:\Users\Tony\Desktop\Town and Country
2012-06-22 10:10 - 2012-06-22 10:10 - 00000000 ____D C:\Users\Tony\Downloads\Brian B auth
2012-06-22 10:09 - 2012-07-02 13:37 - 00000000 ____D C:\Users\Tony\Downloads\Jason Revland auth
2012-06-22 05:13 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-22 05:13 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-22 05:13 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-22 05:13 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-22 05:13 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-22 05:13 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-22 05:13 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-22 05:12 - 2012-06-02 12:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-22 05:12 - 2012-06-02 12:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-21 06:54 - 2012-07-03 04:33 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2012-06-21 06:52 - 2012-06-21 06:54 - 00000000 ____D C:\Users\Tony\AppData\Local\BlueStacksSetup
2012-06-15 08:34 - 2012-06-15 09:28 - 00035840 ____A C:\Users\Tony\Downloads\Jessica_Billing_6-8-12.xls
2012-06-14 08:01 - 2012-06-14 09:09 - 00000000 __SHD C:\Users\Tony\Documents\cache
2012-06-14 08:00 - 2012-06-14 08:00 - 00000000 ____D C:\Users\Tony\AppData\Roaming\webex
2012-06-14 04:53 - 2012-06-14 04:53 - 00000000 ____D C:\Users\Tony\AppData\Local\Macromedia
2012-06-13 05:39 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-13 05:39 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-13 05:39 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-13 05:39 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-13 05:39 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-13 05:39 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-13 05:39 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-13 05:39 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-13 05:39 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-13 05:39 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-13 05:39 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-13 05:39 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-13 05:39 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-13 05:39 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-13 05:39 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-13 05:39 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-13 05:39 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-13 05:39 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-13 05:39 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-13 05:39 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-13 05:39 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-13 05:39 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-13 05:39 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-13 05:39 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-13 05:39 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-13 05:39 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-13 05:38 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-13 05:38 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-13 00:48 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-13 00:48 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-13 00:48 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-13 00:48 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-13 00:47 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-13 00:47 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-13 00:47 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-13 00:47 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-13 00:47 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 00:47 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 00:47 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 00:47 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 00:47 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-13 00:47 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-13 00:47 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-13 00:47 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-13 00:47 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-11 13:03 - 2012-06-11 13:03 - 00000537 ____A C:\Users\Tony\Desktop\Emdeon.lnk
2012-06-11 09:24 - 2012-06-11 09:24 - 00001032 ____A C:\Users\Tony\Desktop\Danette Billing 2012 - Shortcut.lnk
2012-06-06 07:53 - 2012-06-06 07:53 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2012-06-06 05:44 - 2012-06-06 05:44 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2012-06-06 05:43 - 2012-06-06 05:44 - 00000000 ____D C:\Windows\WindowsMobile

============ 3 Months Modified Files ========================
2012-07-05 13:12 - 2012-06-29 12:45 - 00003726 ____A C:\Windows\setupact.log
2012-07-05 13:12 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-05 13:10 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-07-05 13:08 - 2012-07-05 13:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0F4B13D4CD158A5C
2012-07-05 13:02 - 2010-06-04 11:25 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-05 13:01 - 2012-07-05 13:01 - 00000462 ____A C:\Windows\Tasks\SpeedyPC Update Version3.job
2012-07-05 13:01 - 2012-07-05 13:01 - 00000418 ____A C:\Windows\Tasks\SpeedyPC Pro.job
2012-07-05 13:00 - 2012-07-05 13:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D919F98941C164BD
2012-07-05 12:54 - 2012-07-05 12:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3D6ECA92EF71CB65
2012-07-05 12:51 - 2012-07-05 12:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E27BB3C5ECD275CD
2012-07-05 12:49 - 2012-07-05 12:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.138850909EAE450B
2012-07-05 12:46 - 2012-07-05 12:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8F7EE9767B7B87DF
2012-07-05 12:43 - 2012-07-05 12:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6372B1BD2CBEAC10
2012-07-05 12:41 - 2012-07-05 12:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F2BC1D3B4D32A2FE
2012-07-05 12:40 - 2009-07-13 21:08 - 00032556 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-05 12:36 - 2012-07-05 12:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FBC2FB45D0334C88
2012-07-05 12:33 - 2012-07-05 12:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2CCABA87DE832326
2012-07-05 12:32 - 2012-04-12 04:20 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-05 12:31 - 2012-07-05 12:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AE297D55A257B084
2012-07-05 12:28 - 2012-07-05 12:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D396217839CB5D2E
2012-07-05 12:28 - 2012-07-05 12:28 - 00000000 ____A C:\Users\Tony\Downloads\FRST64.exe
2012-07-05 12:23 - 2012-07-05 12:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F2C43487BA98347D
2012-07-05 12:22 - 2012-07-05 11:21 - 00126034 ____A C:\Users\Tony\AppData\Local\census.cache
2012-07-05 12:22 - 2012-07-05 11:20 - 00080912 ____A C:\Users\Tony\AppData\Local\ars.cache
2012-07-05 12:19 - 2009-07-13 21:13 - 00743290 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-05 12:19 - 2009-07-13 20:45 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-05 12:19 - 2009-07-13 20:45 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-05 12:16 - 2012-03-09 13:31 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-05 12:16 - 2010-05-25 12:15 - 01741153 ____A C:\Windows\WindowsUpdate.log
2012-07-05 12:15 - 2012-07-05 12:15 - 12621696 ____A (Microsoft Corporation) C:\Users\Tony\Downloads\mseinstall.exe
2012-07-05 12:15 - 2012-03-09 13:31 - 00756948 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-05 12:15 - 2010-06-04 11:25 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-05 12:12 - 2012-07-05 12:12 - 00001578 ____A C:\Windows\PFRO.log
2012-07-05 11:29 - 2012-07-05 11:29 - 02617648 ____A (VS Revo Group Ltd.) C:\Users\Tony\Downloads\revosetup.exe
2012-07-05 11:29 - 2012-06-05 05:33 - 00001264 ____A C:\Users\Tony\Desktop\Revo Uninstaller.lnk
2012-07-05 11:28 - 2012-07-05 11:28 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-05 11:27 - 2012-07-05 11:27 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Tony\Downloads\mbam-setup-1.61.0.1400.exe
2012-07-05 11:21 - 2012-07-05 11:21 - 00102400 ____A C:\Windows\RegBootClean.exe
2012-07-05 11:16 - 2012-07-05 11:16 - 02002944 ____A (Trend Micro Inc.) C:\Users\Tony\Downloads\HousecallLauncher.exe
2012-07-05 11:16 - 2012-07-05 11:16 - 00000036 ____A C:\Users\Tony\AppData\Local\housecall.guid.cache
2012-07-05 11:09 - 2012-07-05 11:08 - 00251392 ____A C:\Users\Tony\Downloads\hijackthis_sfx.exe
2012-07-05 10:43 - 2012-07-05 10:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3F0A5E498702DF09
2012-07-05 10:35 - 2012-07-05 10:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.26A35AFBD39348A4
2012-07-05 10:33 - 2012-07-05 10:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1EC01D38735E0301
2012-07-05 10:27 - 2012-07-05 10:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AE77620C56AD2624
2012-07-05 10:12 - 2012-07-05 10:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A4C4CB375DCAA796
2012-07-05 10:09 - 2012-07-05 10:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CD5C983E7C44341C
2012-07-05 10:04 - 2012-07-05 10:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EA70B982FF6D3F14
2012-07-05 09:44 - 2012-07-05 09:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0ED12FE98066BD6D
2012-07-05 09:31 - 2012-07-05 09:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DDBB3068455F163D
2012-07-05 09:26 - 2012-07-05 09:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3F1D5AD3C222271F
2012-07-05 09:23 - 2012-07-05 09:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6B235131359A432C
2012-07-05 09:20 - 2012-07-05 09:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D200829D103BF9A8
2012-07-05 09:17 - 2012-07-05 09:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E9B0F07C8D9E87B6
2012-07-05 09:14 - 2012-07-05 09:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D81AC4A80E8886F1
2012-07-05 09:12 - 2012-07-05 09:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C7DA40BBB3BA3EBC
2012-07-05 09:05 - 2012-07-05 09:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.099F438738A1CCC2
2012-07-03 09:47 - 2012-07-03 09:47 - 00823485 ____A C:\Users\Tony\Downloads\11anweb.zip
2012-07-02 13:39 - 2010-05-25 12:21 - 00000956 ____A C:\Windows\Brpfx04a.ini
2012-07-02 09:46 - 2012-04-12 04:20 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-02 09:46 - 2011-06-10 09:53 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-01 02:34 - 2012-07-05 12:43 - 00002480 ____A C:\Users\Tony\Desktop\BITS.reg
2012-07-01 02:34 - 2012-07-05 12:43 - 00002208 ____A C:\Users\Tony\Desktop\wuauserv.reg
2012-06-29 12:45 - 2012-06-29 12:45 - 00000000 ____A C:\Windows\setuperr.log
2012-06-29 10:13 - 2012-06-29 10:19 - 00017408 ____A C:\Users\Tony\Downloads\BILLING SUMMARY 6-25 thru 6-29.xls
2012-06-29 09:14 - 2012-06-29 09:16 - 00029696 ____A C:\Users\Tony\Downloads\Client Remit.xls
2012-06-29 06:23 - 2012-07-02 10:55 - 00017920 ____A C:\Users\Tony\Downloads\4. June 25 - 29, 2012.xls
2012-06-28 11:48 - 2012-06-28 11:51 - 00048128 ____A C:\Users\Tony\Downloads\5-2012 Williams Goodhue county.xls
2012-06-28 11:35 - 2012-06-28 11:51 - 00041984 ____A C:\Users\Tony\Downloads\James Williams correction Transportation .xls
2012-06-25 10:22 - 2012-06-25 10:22 - 00000958 ____A C:\Users\Tony\Desktop\A-PDF Split.lnk
2012-06-25 06:13 - 2012-06-25 06:26 - 00017408 ____A C:\Users\Tony\Downloads\3. June 18 - 22, 2012.xls
2012-06-22 05:02 - 2011-10-14 04:35 - 00000338 ____A C:\Windows\Tasks\Regwork.job
2012-06-15 09:28 - 2012-06-15 08:34 - 00035840 ____A C:\Users\Tony\Downloads\Jessica_Billing_6-8-12.xls
2012-06-13 06:24 - 2009-07-13 20:45 - 00302024 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-13 05:46 - 2011-10-14 03:30 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-13 05:38 - 2012-03-14 12:08 - 00000748 ___AH C:\IPH.PH
2012-06-13 05:37 - 2012-03-14 12:08 - 00001911 ____A C:\Users\Public\Desktop\AIM.lnk
2012-06-11 13:03 - 2012-06-11 13:03 - 00000537 ____A C:\Users\Tony\Desktop\Emdeon.lnk
2012-06-11 09:24 - 2012-06-11 09:24 - 00001032 ____A C:\Users\Tony\Desktop\Danette Billing 2012 - Shortcut.lnk
2012-06-11 08:29 - 2012-05-18 12:08 - 00029184 ____A C:\Users\Tony\Desktop\Jessica Billing 2012.xls
2012-06-11 08:28 - 2012-04-17 09:00 - 00002184 ____A C:\Users\Tony\Desktop\Shared Folder - Shortcut.lnk
2012-06-07 13:31 - 2012-07-05 12:43 - 00002075 ____A C:\Users\Tony\Desktop\wscsvc.reg
2012-06-07 13:05 - 2012-07-05 12:43 - 00120395 ____A C:\Users\Tony\Desktop\bfe.reg
2012-06-07 12:59 - 2012-07-05 12:43 - 00197027 ____A C:\Users\Tony\Desktop\sharedaccess.reg
2012-06-07 12:56 - 2012-07-05 12:43 - 00002380 ____A C:\Users\Tony\Desktop\mpssvc.reg
2012-06-06 05:44 - 2012-06-06 05:44 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2012-06-05 05:33 - 2012-06-05 05:17 - 00002662 ____A C:\Users\Tony\Documents\tonysci.profile
2012-06-05 05:33 - 2012-06-05 05:16 - 00000245 ____A C:\Users\Tony\Documents\iSafeguard.log
2012-06-04 23:37 - 2012-07-05 11:16 - 00256904 ____A (Trend Micro Inc.) C:\Windows\SysWOW64\Drivers\tmcomm.sys
2012-06-02 14:19 - 2012-06-22 05:13 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-22 05:13 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-22 05:13 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-22 05:13 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-22 05:13 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-22 05:13 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-22 05:13 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 12:19 - 2012-06-22 05:12 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:15 - 2012-06-22 05:12 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-23 09:03 - 2012-05-23 09:03 - 00002659 ____A C:\Users\Public\Desktop\PSS(admin).lnk
2012-05-23 09:03 - 2012-05-23 09:03 - 00002617 ____A C:\Users\Public\Desktop\PSS.lnk
2012-05-23 08:50 - 2012-05-23 08:50 - 00000153 ____A C:\Users\Tony\RmDvrUserCfg85.ini
2012-05-18 05:27 - 2012-05-18 05:31 - 00063488 ____A C:\Users\Tony\Downloads\5-18-12 WHO IS IN GROUP new.xls
2012-05-17 18:47 - 2012-06-13 05:39 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-13 05:38 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-13 05:39 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-13 05:39 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-13 05:39 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-13 05:39 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-13 05:39 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-13 05:39 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-13 05:39 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-13 05:39 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-13 05:39 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-13 05:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-13 05:39 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-13 05:39 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-13 05:39 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-13 05:38 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-13 05:39 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-13 05:39 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-13 05:39 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-13 05:39 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-13 05:39 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-13 05:39 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-13 05:39 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-13 05:39 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-13 05:39 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-13 05:39 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-13 05:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-13 05:39 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-14 17:32 - 2012-06-13 00:47 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-09 05:45 - 2012-05-09 05:45 - 00001436 ____A C:\Users\Tony\Desktop\Tony Cover Sheet Billing Dept - Shortcut.lnk
2012-05-04 10:03 - 2012-04-20 07:30 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-05-04 03:06 - 2012-06-13 00:47 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-13 00:47 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 00:47 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-03 08:24 - 2012-05-03 08:24 - 00002969 ____A C:\Users\Tony\Desktop\EasyPrint.lnk
2012-05-03 08:24 - 2012-05-03 08:24 - 00000092 ____A C:\Users\Tony\AppData\Local\fusioncache.dat
2012-05-02 12:52 - 2012-05-02 12:52 - 00000939 ____A C:\Users\Tony\Desktop\A-PDF PDFLabel.lnk
2012-05-02 09:21 - 2010-05-25 12:55 - 00000426 ____A C:\Windows\BRWMARK.INI
2012-04-30 21:40 - 2012-06-13 00:48 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:55 - 2012-06-13 00:47 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-26 08:34 - 2012-06-05 04:23 - 00002338 ____A C:\Users\Tony\Desktop\PSYCH - Shortcut.lnk
2012-04-25 21:41 - 2012-06-13 00:48 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-13 00:48 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-13 00:48 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-25 10:43 - 2012-04-04 08:14 - 00028160 ____A C:\Users\Tony\Desktop\list of clients and groups.xls
2012-04-23 21:37 - 2012-06-13 00:47 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-13 00:47 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-13 00:47 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-13 00:47 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-13 00:47 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-13 00:47 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-18 05:53 - 2012-04-18 05:53 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-04-17 05:25 - 2012-04-11 12:14 - 00017920 ____A C:\Users\Tony\Desktop\Tony's TO DO LIST.xls
2012-04-13 06:41 - 2012-04-13 06:35 - 257265978 ____A C:\Users\Tony\Documents\Matterhorn Bobsleds in HD both tracks at Disneyland.mp4
2012-04-11 12:14 - 2012-04-11 12:14 - 00017920 ____A C:\Users\Tony\Downloads\Tony's TO DO LIST.xls
2012-04-09 04:27 - 2012-04-03 11:11 - 00064648 ____A C:\Users\Tony\AppData\Local\GDIPFONTCACHEV1.DAT
ZeroAccess:
C:\Windows\Installer\{1a868d5d-dd53-d8ab-fbb9-f391889fbdb9}
C:\Windows\Installer\{1a868d5d-dd53-d8ab-fbb9-f391889fbdb9}\@
C:\Windows\Installer\{1a868d5d-dd53-d8ab-fbb9-f391889fbdb9}\L
C:\Windows\Installer\{1a868d5d-dd53-d8ab-fbb9-f391889fbdb9}\U
C:\Windows\Installer\{1a868d5d-dd53-d8ab-fbb9-f391889fbdb9}\U\00000001.@
C:\Windows\Installer\{1a868d5d-dd53-d8ab-fbb9-f391889fbdb9}\U\80000000.@
C:\Windows\Installer\{1a868d5d-dd53-d8ab-fbb9-f391889fbdb9}\U\800000cb.@
ZeroAccess:
C:\Users\Tony\AppData\Local\{1a868d5d-dd53-d8ab-fbb9-f391889fbdb9}
C:\Users\Tony\AppData\Local\{1a868d5d-dd53-d8ab-fbb9-f391889fbdb9}\@
C:\Users\Tony\AppData\Local\{1a868d5d-dd53-d8ab-fbb9-f391889fbdb9}\L
C:\Users\Tony\AppData\Local\{1a868d5d-dd53-d8ab-fbb9-f391889fbdb9}\U
========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 36%
Total physical RAM: 2013.05 MB
Available physical RAM: 1281.43 MB
Total Pagefile: 2013.05 MB
Available Pagefile: 1267.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:288.19 GB) (Free:248.25 GB) NTFS
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===============================================

Do NOT create multiple topics!
I deleted your other thread.

===============================================

In Vista or Windows 7: Boot to System Recovery Options and run FRST.
In Windows XP: Please boot to UBCD and run FRST.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes to your reply.
 
Farbar Recovery Scan Tool Version: 08-07-2012
Ran by SYSTEM at 2012-07-08 20:41:18
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2012-07-05 13:10] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

C:\Users\Tony\Desktop\services.exe
[2012-07-05 12:43] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

The services.exe on the desktop was part of another fix I was trying before I found your website. It didn't seem to have any effect but it appears the copy is in the winsx folder.

Thanks,

Tony
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next....

Restart normally.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 

Attachments

  • fixlist.txt
    4.2 KB · Views: 8
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 08-07-2012
Ran by SYSTEM at 2012-07-08 21:30:44 Run:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore Value deleted successfully.
C:\Windows\System32\services.exe.0F4B13D4CD158A5C moved successfully.
C:\Windows\System32\services.exe.D919F98941C164BD moved successfully.
C:\Windows\System32\services.exe.3D6ECA92EF71CB65 moved successfully.
C:\Windows\System32\services.exe.E27BB3C5ECD275CD moved successfully.
C:\Windows\System32\services.exe.138850909EAE450B moved successfully.
C:\Windows\System32\services.exe.8F7EE9767B7B87DF moved successfully.
C:\Windows\System32\services.exe.6372B1BD2CBEAC10 moved successfully.
C:\Users\Tony\Desktop\services.exe moved successfully.
C:\Windows\System32\services.exe.F2BC1D3B4D32A2FE moved successfully.
C:\Windows\System32\services.exe.FBC2FB45D0334C88 moved successfully.
C:\Windows\System32\services.exe.2CCABA87DE832326 moved successfully.
C:\Windows\System32\services.exe.AE297D55A257B084 moved successfully.
C:\Windows\System32\services.exe.D396217839CB5D2E moved successfully.
C:\Windows\System32\services.exe.F2C43487BA98347D moved successfully.
C:\Windows\System32\services.exe.3F0A5E498702DF09 moved successfully.
C:\Windows\System32\services.exe.26A35AFBD39348A4 moved successfully.
C:\Windows\System32\services.exe.1EC01D38735E0301 moved successfully.
C:\Windows\System32\services.exe.AE77620C56AD2624 moved successfully.
C:\Windows\System32\services.exe.A4C4CB375DCAA796 moved successfully.
C:\Windows\System32\services.exe.CD5C983E7C44341C moved successfully.
C:\Windows\System32\services.exe.EA70B982FF6D3F14 moved successfully.
C:\Windows\System32\services.exe.0ED12FE98066BD6D moved successfully.
C:\Windows\System32\services.exe.DDBB3068455F163D moved successfully.
C:\Windows\System32\services.exe.3F1D5AD3C222271F moved successfully.
C:\Windows\System32\services.exe.6B235131359A432C moved successfully.
C:\Windows\System32\services.exe.D200829D103BF9A8 moved successfully.
C:\Windows\System32\services.exe.E9B0F07C8D9E87B6 moved successfully.
C:\Windows\System32\services.exe.D81AC4A80E8886F1 moved successfully.
C:\Windows\System32\services.exe.C7DA40BBB3BA3EBC moved successfully.
C:\Windows\System32\services.exe.099F438738A1CCC2 moved successfully.
C:\Windows\Installer\{1a868d5d-dd53-d8ab-fbb9-f391889fbdb9} moved successfully.
C:\Users\Tony\AppData\Local\{1a868d5d-dd53-d8ab-fbb9-f391889fbdb9} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====
 
ComboFix 12-07-08.01 - Tony 07/08/2012 21:40:23.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2013.1084 [GMT -5:00]
Running from: c:\users\Tony\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tony\AppData\Roaming\system32
c:\users\Tony\AppData\Roaming\system32\rundll32.exe
c:\users\Wanda\g2ax_customer_downloadhelper_win32_x86.exe
c:\users\Wanda\g2mdlhlpx.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-09 to 2012-07-09 )))))))))))))))))))))))))))))))
.
.
2012-07-09 02:48 . 2012-07-09 02:48 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BE693EF1-F828-4B4E-B267-D7536632D8D5}\offreg.dll
2012-07-06 16:09 . 2012-07-06 16:09 -------- d-----w- C:\FRST
2012-07-05 21:01 . 2012-07-05 21:01 -------- d-----w- c:\program files (x86)\Common Files\SpeedyPC Software
2012-07-05 21:01 . 2012-07-05 21:01 -------- d-----w- c:\programdata\SpeedyPC Software
2012-07-05 21:01 . 2012-07-05 21:01 -------- d-----w- c:\program files (x86)\SpeedyPC Software
2012-07-05 20:17 . 2012-02-09 19:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7D3B093E-ED1E-4E63-83DA-9EF19B702D7B}\gapaengine.dll
2012-07-05 20:16 . 2012-06-18 08:12 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BE693EF1-F828-4B4E-B267-D7536632D8D5}\mpengine.dll
2012-07-05 20:15 . 2012-07-05 20:15 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-05 20:15 . 2012-07-05 20:15 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-05 19:28 . 2012-07-05 19:28 -------- d-----w- c:\users\Tony\AppData\Roaming\Malwarebytes
2012-07-05 19:21 . 2012-07-05 19:21 102400 ----a-w- c:\windows\RegBootClean.exe
2012-07-05 19:16 . 2012-06-05 07:37 256904 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2012-07-05 19:09 . 2012-07-05 19:09 -------- d-----w- c:\program files (x86)\Hijack this
2012-07-02 17:49 . 2012-07-02 17:49 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-25 18:22 . 2012-06-25 18:22 -------- d-----w- c:\program files (x86)\A-PDF Split
2012-06-22 13:13 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 13:13 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 13:13 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 13:13 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 13:13 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 13:13 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 13:13 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 13:12 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 13:12 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 14:54 . 2012-07-03 12:33 -------- d-----w- c:\program files (x86)\BlueStacks
2012-06-21 14:52 . 2012-06-21 14:54 -------- d-----w- c:\users\Tony\AppData\Local\BlueStacksSetup
2012-06-20 14:07 . 2012-06-20 14:07 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-20 14:07 . 2012-06-20 14:07 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-14 16:00 . 2012-06-14 16:00 -------- d-----w- c:\users\Tony\AppData\Roaming\webex
2012-06-14 12:53 . 2012-06-14 12:53 -------- d-----w- c:\users\Tony\AppData\Local\Macromedia
2012-06-13 13:37 . 2012-06-13 13:37 -------- d-----w- c:\program files (x86)\Common Files\Software Update Utility
2012-06-13 08:48 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 08:48 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 08:48 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 08:48 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-02 17:46 . 2012-04-12 12:20 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-02 17:46 . 2011-06-10 17:53 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2006-12-18 622592]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-04 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-02 257224]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-04 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-20 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-27 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2011-03-16 133944]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 17:46]
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-04 19:25]
.
2012-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-04 19:25]
.
2012-07-05 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-01-30 22:17]
.
2012-07-05 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-01-30 22:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
DPF: {748E146C-5842-4AD4-8A01-ACA7E61C6FCE} - hxxp://192.168.1.2/DvrOcx.cab
FF - ProfilePath - c:\users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\93vcy0ey.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7Bbaace6bf-fb66-4b72-8041-2c51ec275dad%7D&mid=d7b21972571180c115144455af338579-e68493407ff72486406743d37d5f0f4a3813c7f3&ds=ft011&v=11.1.1.7&lang=en&pr=sa&d=2012-05-23%2012%3A01%3A55&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
.
**************************************************************************
.
Completion time: 2012-07-08 21:52:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-09 02:52
.
Pre-Run: 266,403,418,112 bytes free
Post-Run: 266,521,620,480 bytes free
.
- - End Of File - - C88221B862CE547FD1ABE7C063FA1C62
 
Looks good :)

Any current issues?

====================================

Uninstall SpeedyPC Software.
Registry cleaners/optimizers are not recommended for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


===============================================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
I used a couple times and it seemed to be working but this morning MS sec essentials wouldn't start. I ran MBAM and here is the log. I'll run OTL and post that log also.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.11.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Tony :: WANDA-PC [administrator]

7/11/2012 8:03:28 AM
mbam-log-2012-07-11 (08-03-28).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 351538
Time elapsed: 39 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> Data: C:\Windows\system32\regedit.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\FRST\Quarantine\{1a868d5d-dd53-d8ab-fbb9-f391889fbdb9}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Tony\AppData\Roaming\System32\rundll32.exe.vir (Trojan.Phex.THAGen3) -> Quarantined and deleted successfully.
C:\Users\Tony\AppData\Local\{1a868d5d-dd53-d8ab-fbb9-f391889fbdb9}\n (Trojan.Sirefef) -> Delete on reboot.
C:\Windows\Installer\{1a868d5d-dd53-d8ab-fbb9-f391889fbdb9}\n (Trojan.Sirefef) -> Quarantined and deleted successfully.
C:\Windows\Installer\{1a868d5d-dd53-d8ab-fbb9-f391889fbdb9}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\System32\regedit.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)
 
OTL logfile created on: 7/11/2012 8:57:45 AM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Tony\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 59.15% Memory free
7.43 Gb Paging File | 6.55 Gb Available in Paging File | 88.05% Paging File free
Paging file location(s): c:\pagefile.sys 5600 6144 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.19 Gb Total Space | 243.48 Gb Free Space | 84.48% Space Free | Partition Type: NTFS

Computer Name: WANDA-PC | User Name: Tony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/11 08:27:24 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Tony\Desktop\OTL.exe
PRC - [2012/07/10 09:03:13 | 001,192,664 | ---- | M] () -- C:\Users\Tony\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/07/10 07:54:00 | 000,038,400 | ---- | M] (DeLOCK) -- C:\Users\Tony\0i763f66bz.exe
PRC - [2012/04/04 00:53:56 | 000,035,736 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
PRC - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/16 11:29:35 | 000,133,944 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\SysWOW64\atashost.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/10 09:03:13 | 001,192,664 | ---- | M] () -- C:\Users\Tony\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/10 07:54:29 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/20 09:07:04 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/16 11:29:35 | 000,133,944 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/10 16:40:58 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3A 4B EE 2E DC 17 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid=...a3813c7f3&lang=en&ds=ft011&pr=sa&d=2012-05-23 12:01:55&v=11.1.1.7&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid=...lang=en&pr=sa&d=2012-05-23 12:01:55&sap=ku&q="
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/20 09:07:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/23 12:04:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/07/10 10:04:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/20 09:07:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/23 12:04:17 | 000,000,000 | ---D | M]

[2012/04/06 10:43:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tony\AppData\Roaming\Mozilla\Extensions
[2012/07/03 07:35:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\93vcy0ey.default\extensions
[2012/04/19 07:40:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/20 09:07:05 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/05/23 12:01:49 | 000,003,751 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/20 09:07:02 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/20 09:07:02 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/08 21:48:15 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKCU..\Run: [0i763f66bz] C:\Users\Tony\0i763f66bz.exe (DeLOCK)
O4 - HKCU..\Run: [Spotify] C:\Users\Tony\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Tony\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
O16:64bit: - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {748E146C-5842-4AD4-8A01-ACA7E61C6FCE} http://192.168.1.2/DvrOcx.cab (Dvr Net 85 Multidownload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A4DF35B-F760-4376-86BE-CC0CFFEA7601}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/11 08:26:59 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Tony\Desktop\OTL.exe
[2012/07/10 14:15:24 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Roaming\Softplicity
[2012/07/10 14:15:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Combine
[2012/07/10 14:15:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Combine
[2012/07/10 14:05:49 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Roaming\Free PDF to Word Converter
[2012/07/10 14:05:42 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free PDF to Word Converter
[2012/07/10 14:05:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Smart Soft
[2012/07/10 14:05:41 | 000,000,000 | ---D | C] -- C:\Program Files\Free PDF to Word Converter
[2012/07/10 09:03:06 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Roaming\Spotify
[2012/07/10 07:54:00 | 000,038,400 | ---- | C] (DeLOCK) -- C:\Users\Tony\0i763f66bz.exe
[2012/07/08 22:12:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/08 21:38:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/08 21:38:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/08 21:38:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/08 21:38:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/08 21:38:00 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/08 21:37:08 | 004,573,972 | R--- | C] (Swearware) -- C:\Users\Tony\Desktop\ComboFix.exe
[2012/07/06 11:09:17 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/05 16:01:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedyPC Software
[2012/07/05 16:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/07/05 16:01:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedyPC Software
[2012/07/05 15:15:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/07/05 15:15:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/07/05 14:29:41 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/07/05 14:28:05 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Roaming\Malwarebytes
[2012/07/05 14:16:52 | 000,256,904 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2012/07/05 14:12:50 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2012/07/05 14:09:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hijack this
[2012/07/02 12:49:22 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/06/22 13:11:04 | 000,000,000 | ---D | C] -- C:\Users\Tony\Desktop\Town and Country
[2012/06/21 09:54:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BlueStacks
[2012/06/21 09:52:20 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\BlueStacksSetup
[2012/06/14 11:01:02 | 000,000,000 | -HSD | C] -- C:\Users\Tony\Documents\cache
[2012/06/14 11:00:57 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Roaming\webex
[2012/06/14 07:53:07 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\Macromedia
[2012/06/13 08:37:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM
[2012/06/13 08:37:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility

========== Files - Modified Within 30 Days ==========

[2012/07/11 08:56:54 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/11 08:56:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/11 08:56:32 | 1583,128,576 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/11 08:32:17 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/11 08:27:24 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Tony\Desktop\OTL.exe
[2012/07/11 08:21:47 | 000,000,925 | ---- | M] () -- C:\Windows\Brpfx04a.ini
[2012/07/11 08:17:28 | 000,000,186 | ---- | M] () -- C:\Users\Tony\RmDvrUserCfg85.ini
[2012/07/11 08:15:02 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/10 14:15:21 | 000,001,038 | ---- | M] () -- C:\Users\Tony\Desktop\PDFCombine.lnk
[2012/07/10 14:05:42 | 000,000,940 | ---- | M] () -- C:\Users\Public\Desktop\Free PDF to Word Converter.lnk
[2012/07/10 09:03:14 | 000,001,762 | ---- | M] () -- C:\Users\Tony\Desktop\Spotify.lnk
[2012/07/10 07:54:00 | 000,038,400 | ---- | M] (DeLOCK) -- C:\Users\Tony\0i763f66bz.exe
[2012/07/09 14:31:06 | 000,000,148 | ---- | M] () -- C:\Users\Tony\Desktop\Camera.url
[2012/07/09 08:21:42 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/09 08:21:42 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/08 22:00:31 | 000,743,290 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/08 22:00:31 | 000,635,204 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/08 22:00:31 | 000,111,738 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/08 21:48:15 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/08 21:37:15 | 004,573,972 | R--- | M] (Swearware) -- C:\Users\Tony\Desktop\ComboFix.exe
[2012/07/05 16:01:11 | 000,000,462 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/07/05 16:01:11 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/07/05 15:22:32 | 000,126,034 | ---- | M] () -- C:\Users\Tony\AppData\Local\census.cache
[2012/07/05 15:22:31 | 000,080,912 | ---- | M] () -- C:\Users\Tony\AppData\Local\ars.cache
[2012/07/05 15:16:04 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/07/05 15:15:51 | 000,756,948 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/05 14:29:42 | 000,001,264 | ---- | M] () -- C:\Users\Tony\Desktop\Revo Uninstaller.lnk
[2012/07/05 14:28:02 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/05 14:21:21 | 000,102,400 | ---- | M] () -- C:\Windows\RegBootClean.exe
[2012/07/05 14:16:37 | 000,000,036 | ---- | M] () -- C:\Users\Tony\AppData\Local\housecall.guid.cache
[2012/07/05 08:51:16 | 000,551,217 | ---- | M] () -- C:\Users\Tony\Documents\QSEE internet set up.pdf
[2012/07/03 12:22:46 | 003,788,551 | ---- | M] () -- C:\Users\Tony\Desktop\MA Fee Schedule.pdf
[2012/07/02 16:02:01 | 002,677,830 | ---- | M] () -- C:\Users\Tony\Desktop\Grapefruit.jpg
[2012/06/13 09:24:41 | 000,302,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/13 08:38:03 | 000,000,748 | -H-- | M] () -- C:\IPH.PH
[2012/06/13 08:37:52 | 000,001,935 | ---- | M] () -- C:\Users\Tony\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2012/06/13 08:37:52 | 000,001,911 | ---- | M] () -- C:\Users\Public\Desktop\AIM.lnk
[2012/06/12 09:31:54 | 000,235,502 | ---- | M] () -- C:\Users\Tony\Desktop\jason r.pdf
[2012/06/12 08:40:52 | 000,235,502 | ---- | M] () -- C:\Users\Tony\Desktop\MHPreAuthForm.pdf
[2012/06/11 16:03:29 | 000,000,537 | ---- | M] () -- C:\Users\Tony\Desktop\Emdeon.lnk
[2012/06/11 12:24:28 | 000,001,032 | ---- | M] () -- C:\Users\Tony\Desktop\Danette Billing 2012 - Shortcut.lnk
[2012/06/11 11:28:02 | 000,002,184 | ---- | M] () -- C:\Users\Tony\Desktop\Shared Folder - Shortcut.lnk

========== Files Created - No Company Name ==========

[2012/07/11 09:01:05 | 000,022,016 | ---- | C] () -- C:\Windows\Installer\{1a868d5d-dd53-d8ab-fbb9-f391889fbdb9}\U\800000cb.@
[2012/07/10 14:15:21 | 000,001,038 | ---- | C] () -- C:\Users\Tony\Desktop\PDFCombine.lnk
[2012/07/10 14:05:42 | 000,000,940 | ---- | C] () -- C:\Users\Public\Desktop\Free PDF to Word Converter.lnk
[2012/07/10 09:03:14 | 000,001,762 | ---- | C] () -- C:\Users\Tony\Desktop\Spotify.lnk
[2012/07/10 09:03:14 | 000,001,748 | ---- | C] () -- C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2012/07/10 07:54:18 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{1a868d5d-dd53-d8ab-fbb9-f391889fbdb9}\U\80000000.@
[2012/07/10 07:54:17 | 000,001,696 | ---- | C] () -- C:\Windows\Installer\{1a868d5d-dd53-d8ab-fbb9-f391889fbdb9}\U\00000001.@
[2012/07/09 14:31:06 | 000,000,148 | ---- | C] () -- C:\Users\Tony\Desktop\Camera.url
[2012/07/08 21:38:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/08 21:38:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/08 21:38:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/08 21:38:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/08 21:38:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/05 16:01:11 | 000,000,462 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/07/05 16:01:11 | 000,000,418 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/07/05 15:15:56 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/07/05 14:28:02 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/05 14:21:15 | 000,102,400 | ---- | C] () -- C:\Windows\RegBootClean.exe
[2012/07/05 14:21:03 | 000,126,034 | ---- | C] () -- C:\Users\Tony\AppData\Local\census.cache
[2012/07/05 14:20:57 | 000,080,912 | ---- | C] () -- C:\Users\Tony\AppData\Local\ars.cache
[2012/07/05 14:16:37 | 000,000,036 | ---- | C] () -- C:\Users\Tony\AppData\Local\housecall.guid.cache
[2012/07/05 08:51:16 | 000,551,217 | ---- | C] () -- C:\Users\Tony\Documents\QSEE internet set up.pdf
[2012/07/02 16:01:58 | 002,677,830 | ---- | C] () -- C:\Users\Tony\Desktop\Grapefruit.jpg
[2012/06/13 08:37:52 | 000,001,935 | ---- | C] () -- C:\Users\Tony\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2012/06/12 09:31:54 | 000,235,502 | ---- | C] () -- C:\Users\Tony\Desktop\jason r.pdf
[2012/06/12 08:40:47 | 000,235,502 | ---- | C] () -- C:\Users\Tony\Desktop\MHPreAuthForm.pdf
[2012/06/11 16:03:29 | 000,000,537 | ---- | C] () -- C:\Users\Tony\Desktop\Emdeon.lnk
[2012/06/11 12:24:28 | 000,001,032 | ---- | C] () -- C:\Users\Tony\Desktop\Danette Billing 2012 - Shortcut.lnk
[2012/05/23 11:50:36 | 000,000,186 | ---- | C] () -- C:\Users\Tony\RmDvrUserCfg85.ini
[2012/05/03 11:24:27 | 000,000,092 | ---- | C] () -- C:\Users\Tony\AppData\Local\fusioncache.dat
[2012/03/09 16:31:18 | 000,756,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/11 07:55:46 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{1a868d5d-dd53-d8ab-fbb9-f391889fbdb9}\@
[2012/01/11 07:55:46 | 000,002,048 | -HS- | C] () -- C:\Users\Tony\AppData\Local\{1a868d5d-dd53-d8ab-fbb9-f391889fbdb9}\@
[2011/02/15 15:43:14 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxTHA.dll
[2011/02/08 08:45:06 | 000,029,696 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxCHS.dll
[2011/01/29 10:49:52 | 000,020,992 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxRUS.dll
[2011/01/26 10:15:48 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxDEU.dll
[2011/01/26 10:15:48 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxTRK.dll
[2011/01/26 10:15:48 | 000,020,992 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxPLK.dll
[2011/01/26 10:15:48 | 000,020,992 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxNLD.dll
[2011/01/26 10:15:48 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxFAR.dll
[2011/01/26 10:15:48 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxCSY.dll
[2011/01/26 10:15:48 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxCHT.dll
[2010/12/24 09:03:46 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxTRK(KNOWLEDGE).dll
[2010/12/24 09:03:42 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxRUS(DIT).dll
[2010/12/24 09:03:34 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxPTB.dll
[2010/12/24 09:03:26 | 000,020,992 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxITA.dll
[2010/12/23 18:56:40 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxHUN.dll
[2010/12/23 18:55:38 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxELL.dll
[2010/12/03 09:26:30 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxFRA.dll
[2010/12/03 09:26:30 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxESP.dll
[2010/12/03 09:26:28 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxPTG.dll
[2010/11/26 09:11:32 | 000,921,685 | ---- | C] () -- C:\Windows\SysWow64\RM_DVRNET_DLL.dll
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

========== LOP Check ==========

[2012/04/04 11:13:38 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\acccore
[2012/07/10 14:05:49 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Free PDF to Word Converter
[2012/07/03 07:27:01 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Izemail
[2012/06/05 08:16:31 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\MXC Software
[2012/07/05 17:04:01 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\PC-FAX TX
[2012/07/10 14:15:24 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Softplicity
[2012/07/11 08:57:21 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Spotify
[2012/04/06 10:43:55 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Thunderbird
[2012/06/14 11:00:57 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\webex
[2012/07/05 15:40:16 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/07/05 16:01:11 | 000,000,418 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Pro.job
[2012/07/05 16:01:11 | 000,000,462 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Update Version3.job

========== Purity Check ==========



< End of report >
 
OTL Extras logfile created on: 7/11/2012 8:57:45 AM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Tony\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 59.15% Memory free
7.43 Gb Paging File | 6.55 Gb Available in Paging File | 88.05% Paging File free
Paging file location(s): c:\pagefile.sys 5600 6144 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.19 Gb Total Space | 243.48 Gb Free Space | 84.48% Space Free | Partition Type: NTFS

Computer Name: WANDA-PC | User Name: Tony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\regedit.exe ()

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Free PDF to Word Converter_is1" = Free PDF to Word Converter 5.1.0.383
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD YouTube Downloader & Converter 3.6
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6DD3F923-BD72-4784-8722-5440A7E9EE83}" = Crystal Reports Runtime
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9211CCBB-BEFE-4A0C-9199-D7A535DBFE5F}" = Brother MFL-Pro Suite
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B28C9804-BFCE-4ADB-8C18-1DD9DA1C530A}" = Pro Surveillance System(EN)
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{F1B8E271-3651-4205-BA5C-1A86617672B6}" = Medicare Remit EasyPrint
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"7-Zip" = 7-Zip 9.20
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AIM_7" = AIM 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"Mozilla Thunderbird 13.0.1 (x86 en-US)" = Mozilla Thunderbird 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PDF Combine_is1" = PDF Combine
"Revo Uninstaller" = Revo Uninstaller 1.94
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Trusted Software Assistant_is1" = File Type Assistant
"WinRAR archiver" = WinRAR 4.11 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/29/2012 8:43:18 AM | Computer Name = Wanda-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 6/29/2012 5:24:39 PM | Computer Name = Wanda-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 7/3/2012 5:08:58 PM | Computer Name = Wanda-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 7/5/2012 3:31:44 PM | Computer Name = Wanda-PC | Source = Application Hang | ID = 1002
Description = The program spotify.exe version 0.8.3.222 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 8d8 Start
Time: 01cd5ae3a866a34e Termination Time: 0 Application Path: C:\Users\Tony\AppData\Roaming\Spotify\spotify.exe

Report
Id:

Error - 7/5/2012 5:00:51 PM | Computer Name = Wanda-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = The Cryptographic Services service failed to initialize the VSS backup
"System Writer" object. Details: Could not query the status of the EventSystem service.

System
Error: The RPC server is unavailable. .

Error - 7/9/2012 11:12:39 AM | Computer Name = Wanda-PC | Source = Application Error | ID = 1000
Description = Faulting application name: FlashPlayerPlugin_11_3_300_262.exe, version:
11.3.300.262, time stamp: 0x4fe20fae Faulting module name: NPSWF32_11_3_300_262.dll,
version: 11.3.300.262, time stamp: 0x4fe21212 Exception code: 0xc0000005 Fault offset:
0x00166597 Faulting process id: 0xb94 Faulting application start time: 0x01cd5dd5e2ae05f5
Faulting
application path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
Faulting
module path: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll Report
Id: 8513b50f-c9d8-11e1-ae1e-00256404ffcb

Error - 7/9/2012 4:55:00 PM | Computer Name = Wanda-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 7/10/2012 9:04:23 AM | Computer Name = Wanda-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4fe34b51 Faulting module name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4fe34b51 Exception code: 0xc0000005 Fault offset: 0x0000cecd Faulting process
id: 0xe7c Faulting application start time: 0x01cd5e9b13e6cb1d Faulting application
path: C:\Windows\SysWOW64\svchost.exe Faulting module path: C:\Windows\SysWOW64\svchost.exe
Report
Id: c4ac645d-ca8f-11e1-ae1e-00256404ffcb

Error - 7/10/2012 9:36:35 AM | Computer Name = Wanda-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
time stamp: 0x4fb57c8f Faulting module name: msvcrt.dll, version: 7.0.7601.17744,
time stamp: 0x4eeaf722 Exception code: 0xc0000005 Fault offset: 0x00009b60 Faulting
process id: 0x358 Faulting application start time: 0x01cd5e9e946fd3d4 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\syswow64\msvcrt.dll Report Id: 446d9459-ca94-11e1-ae1e-00256404ffcb

Error - 7/11/2012 1:43:13 AM | Computer Name = Wanda-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 12/20/2011 9:04:20 AM | Computer Name = Wanda-PC | Source = DCOM | ID = 10016
Description =

Error - 12/20/2011 4:07:09 PM | Computer Name = Wanda-PC | Source = DCOM | ID = 10016
Description =

Error - 12/21/2011 10:33:21 AM | Computer Name = Wanda-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:20:24 AM on ?12/?21/?2011 was unexpected.

Error - 12/28/2011 1:18:21 PM | Computer Name = Wanda-PC | Source = DCOM | ID = 10016
Description =

Error - 12/28/2011 1:18:21 PM | Computer Name = Wanda-PC | Source = DCOM | ID = 10016
Description =

Error - 12/28/2011 1:20:18 PM | Computer Name = Wanda-PC | Source = DCOM | ID = 10016
Description =

Error - 12/28/2011 1:20:18 PM | Computer Name = Wanda-PC | Source = DCOM | ID = 10016
Description =

Error - 12/29/2011 11:36:50 AM | Computer Name = Wanda-PC | Source = DCOM | ID = 10016
Description =

Error - 12/29/2011 11:36:50 AM | Computer Name = Wanda-PC | Source = DCOM | ID = 10016
Description =

Error - 1/3/2012 9:59:01 AM | Computer Name = Wanda-PC | Source = DCOM | ID = 10016
Description =


< End of report >
 
Ok, I'm back to square one. It is back to rebooting so I have run the frst64 and searched for services.exe. I'll put the logs here.

Scan result of Farbar Recovery Scan Tool Version: 11-07-2012
Ran by SYSTEM at 11-07-2012 14:09:07
Running from F:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [162328 2011-02-11] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2011-02-11] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [417304 2011-02-11] (Intel Corporation)
HKLM\...\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [x]
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [622592 2006-12-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [65536 2006-07-19] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-04-03] (Adobe Systems Incorporated)
HKU\Tony\...\Run: [0i763f66bz] C:\Users\Tony\0i763f66bz.exe [38400 2012-07-10] (DeLOCK)
HKU\Tony\...\Run: [Spotify] "C:\Users\Tony\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [7609560 2012-07-10] (Spotify Ltd)
HKU\Tony\...\Run: [Spotify Web Helper] "C:\Users\Tony\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1192664 2012-07-10] ()
HKU\Wanda\...\Run: [Installation Diagnostics] "C:\Program Files (x86)\Brother\Brmfl05c\Brinstck.exe" /I MFC-8860DN LAN#2 [126976 2006-11-04] (Brother Industries, Ltd.)
HKU\Wanda\...\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US [4331392 2012-05-30] (AOL Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
==================== Services (Whitelisted) ======
2 atashost; "C:\Windows\SysWOW64\atashost.exe" [133944 2011-03-16] (Cisco WebEx LLC)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [225672 2007-05-31] (Microsoft Corporation)
2 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [443784 2007-05-31] (Microsoft Corporation)
========================== Drivers (Whitelisted) =============
3 catchme; \??\C:\ComboFix\catchme.sys [x]
========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============
2012-07-11 10:40 - 2012-07-11 10:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6D9B585F5201D39B
2012-07-11 10:37 - 2012-07-11 10:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FE6069015E94A27B
2012-07-11 10:34 - 2012-07-11 10:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.29C44DC555402B07
2012-07-11 10:31 - 2012-07-11 10:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.48E615586D180025
2012-07-11 10:27 - 2012-07-11 10:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1C0F93FF7600BD63
2012-07-11 10:24 - 2012-07-11 10:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7B3D22E965BB8961
2012-07-11 10:21 - 2012-07-11 10:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AA1CBAB954EC1534
2012-07-11 10:18 - 2012-07-11 10:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.462329C606EB7ECD
2012-07-11 10:15 - 2012-07-11 10:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B31CA05838FCC2FC
2012-07-11 10:12 - 2012-07-11 10:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1A19BF73025E0A37
2012-07-11 10:09 - 2012-07-11 10:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2A86278B10F4F598
2012-07-11 10:06 - 2012-07-11 10:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1AA224D997BF83DF
2012-07-11 10:03 - 2012-07-11 10:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E1F21131CB9F388D
2012-07-11 10:00 - 2012-07-11 10:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.064FED1ACD67B854
2012-07-11 09:57 - 2012-07-11 09:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ACB1AEAB59A037CC
2012-07-11 09:54 - 2012-07-11 09:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CEF2E5838A71FA5A
2012-07-11 09:51 - 2012-07-11 09:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4F9CC23E58A7606E
2012-07-11 09:48 - 2012-07-11 09:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.520337C6DD94F2D5
2012-07-11 09:45 - 2012-07-11 09:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.96E7E2C8BD9A4541
2012-07-11 09:42 - 2012-07-11 09:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E3FCF930D4BFA02F
2012-07-11 09:39 - 2012-07-11 09:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AF07D5BF7C2EC662
2012-07-11 09:36 - 2012-07-11 09:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.589DC3AB8EB4CAA7
2012-07-11 09:33 - 2012-07-11 09:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B0BBE56A202B5605
2012-07-11 09:30 - 2012-07-11 09:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F458263526E44C9D
2012-07-11 09:20 - 2012-07-11 09:21 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-11 09:20 - 2012-07-11 09:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-11 09:02 - 2012-07-11 09:02 - 00000000 ____D C:\Users\Tony\Desktop\RK_Quarantine
2012-07-11 09:01 - 2012-07-11 09:01 - 01558016 ____A C:\Users\Tony\Desktop\RogueKiller.exe
2012-07-11 06:04 - 2012-07-11 06:04 - 00032746 ____A C:\Users\Tony\Desktop\Extras.Txt
2012-07-11 06:03 - 2012-07-11 06:03 - 00070100 ____A C:\Users\Tony\Desktop\OTL.Txt
2012-07-11 05:56 - 2012-07-11 05:56 - 00001138 ____A C:\Windows\PFRO.log
2012-07-11 05:26 - 2012-07-11 05:27 - 00595968 ____A (OldTimer Tools) C:\Users\Tony\Desktop\OTL.exe
2012-07-10 11:15 - 2012-07-10 11:15 - 00001038 ____A C:\Users\Tony\Desktop\PDFCombine.lnk
2012-07-10 11:15 - 2012-07-10 11:15 - 00000000 ____D C:\Users\Tony\AppData\Roaming\Softplicity
2012-07-10 11:15 - 2012-07-10 11:15 - 00000000 ____D C:\Program Files (x86)\PDF Combine
2012-07-10 11:05 - 2012-07-10 11:05 - 00000940 ____A C:\Users\Public\Desktop\Free PDF to Word Converter.lnk
2012-07-10 11:05 - 2012-07-10 11:05 - 00000000 ____D C:\Users\Tony\AppData\Roaming\Free PDF to Word Converter
2012-07-10 11:05 - 2012-07-10 11:05 - 00000000 ____D C:\Users\All Users\Smart Soft
2012-07-10 11:05 - 2012-07-10 11:05 - 00000000 ____D C:\Program Files\Free PDF to Word Converter
2012-07-10 06:03 - 2012-07-11 09:29 - 00000000 ____D C:\Users\Tony\AppData\Roaming\Spotify
2012-07-10 06:03 - 2012-07-10 06:03 - 00001762 ____A C:\Users\Tony\Desktop\Spotify.lnk
2012-07-10 04:54 - 2012-07-10 04:54 - 00038400 ____A (DeLOCK) C:\Users\Tony\0i763f66bz.exe
2012-07-09 11:31 - 2012-07-09 11:31 - 00000148 ____A C:\Users\Tony\Desktop\Camera.url
2012-07-09 06:05 - 2012-07-09 06:05 - 00017408 ____A C:\Users\Tony\Downloads\BILLING SUMMARY 7-2 thru 7-6.xls
2012-07-09 06:04 - 2012-07-03 11:21 - 00017408 ____A C:\Users\Tony\Downloads\5. July 2 - 6, 2012.xls
2012-07-09 05:14 - 2012-07-11 10:45 - 00001792 ____A C:\Windows\setupact.log
2012-07-09 05:14 - 2012-07-09 05:14 - 00000000 ____A C:\Windows\setuperr.log
2012-07-08 18:52 - 2012-07-08 18:52 - 00014542 ____A C:\ComboFix.txt
2012-07-08 18:38 - 2012-07-08 18:52 - 00000000 ____D C:\Qoobox
2012-07-08 18:38 - 2012-07-08 18:50 - 00000000 ____D C:\Windows\erdnt
2012-07-08 18:38 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-07-08 18:38 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-07-08 18:38 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-07-08 18:38 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-07-08 18:38 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-07-08 18:38 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-07-08 18:38 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-07-08 18:38 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-07-08 18:37 - 2012-07-08 18:37 - 04573972 ____R (Swearware) C:\Users\Tony\Desktop\ComboFix.exe
2012-07-06 08:09 - 2012-07-06 08:09 - 00000000 ____D C:\FRST
2012-07-05 13:01 - 2012-07-05 13:01 - 00000462 ____A C:\Windows\Tasks\SpeedyPC Update Version3.job
2012-07-05 13:01 - 2012-07-05 13:01 - 00000418 ____A C:\Windows\Tasks\SpeedyPC Pro.job
2012-07-05 13:01 - 2012-07-05 13:01 - 00000000 ____D C:\Users\All Users\SpeedyPC Software
2012-07-05 13:01 - 2012-07-05 13:01 - 00000000 ____D C:\Program Files (x86)\SpeedyPC Software
2012-07-05 12:28 - 2012-07-08 18:34 - 00000416 ____A C:\Users\Tony\Downloads\FRST64.exe
2012-07-05 12:15 - 2012-07-05 12:15 - 12621696 ____A (Microsoft Corporation) C:\Users\Tony\Downloads\mseinstall.exe
2012-07-05 11:28 - 2012-07-05 11:28 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-05 11:28 - 2012-07-05 11:28 - 00000000 ____D C:\Users\Tony\AppData\Roaming\Malwarebytes
2012-07-05 11:21 - 2012-07-05 12:22 - 00126034 ____A C:\Users\Tony\AppData\Local\census.cache
2012-07-05 11:21 - 2012-07-05 11:21 - 00102400 ____A C:\Windows\RegBootClean.exe
2012-07-05 11:20 - 2012-07-05 12:22 - 00080912 ____A C:\Users\Tony\AppData\Local\ars.cache
2012-07-05 11:16 - 2012-07-05 11:16 - 00000036 ____A C:\Users\Tony\AppData\Local\housecall.guid.cache
2012-07-05 11:16 - 2012-06-04 23:37 - 00256904 ____A (Trend Micro Inc.) C:\Windows\SysWOW64\Drivers\tmcomm.sys
2012-07-05 11:12 - 2012-07-05 11:12 - 00000000 ____D C:\Program Files\HijackThis
2012-07-05 11:09 - 2012-07-05 11:09 - 00000000 ____D C:\Program Files (x86)\Hijack this
2012-07-05 05:58 - 2012-07-05 14:03 - 00000000 ____D C:\Users\Tony\Downloads\Camera Surveillance Q-See Software Manual
2012-07-03 09:48 - 2012-07-03 09:48 - 00000000 ____D C:\Users\Tony\Downloads\11anweb
2012-07-03 09:47 - 2012-07-03 09:47 - 00823485 ____A C:\Users\Tony\Downloads\11anweb.zip
2012-07-02 10:55 - 2012-06-29 06:23 - 00017920 ____A C:\Users\Tony\Downloads\4. June 25 - 29, 2012.xls
2012-07-02 09:49 - 2012-07-02 09:49 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-29 10:19 - 2012-06-29 10:13 - 00017408 ____A C:\Users\Tony\Downloads\BILLING SUMMARY 6-25 thru 6-29.xls
2012-06-29 09:16 - 2012-06-29 09:14 - 00029696 ____A C:\Users\Tony\Downloads\Client Remit.xls
2012-06-28 11:51 - 2012-06-28 11:48 - 00048128 ____A C:\Users\Tony\Downloads\5-2012 Williams Goodhue county.xls
2012-06-28 11:51 - 2012-06-28 11:35 - 00041984 ____A C:\Users\Tony\Downloads\James Williams correction Transportation .xls
2012-06-25 06:26 - 2012-06-25 06:13 - 00017408 ____A C:\Users\Tony\Downloads\3. June 18 - 22, 2012.xls
2012-06-22 10:13 - 2012-07-02 12:01 - 00000000 ____D C:\Users\Tony\Downloads\Aalix D auth
2012-06-22 10:11 - 2012-06-22 10:11 - 00000000 ____D C:\Users\Tony\Desktop\Town and Country
2012-06-22 10:10 - 2012-07-11 06:57 - 00000000 ____D C:\Users\Tony\Downloads\Brian B auth
2012-06-22 10:09 - 2012-07-02 13:37 - 00000000 ____D C:\Users\Tony\Downloads\Jason Revland auth
2012-06-22 05:13 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-22 05:13 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-22 05:13 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-22 05:13 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-22 05:13 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-22 05:13 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-22 05:13 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-22 05:12 - 2012-06-02 12:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-22 05:12 - 2012-06-02 12:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-21 06:54 - 2012-07-03 04:33 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2012-06-21 06:52 - 2012-06-21 06:54 - 00000000 ____D C:\Users\Tony\AppData\Local\BlueStacksSetup
2012-06-15 08:34 - 2012-06-15 09:28 - 00035840 ____A C:\Users\Tony\Downloads\Jessica_Billing_6-8-12.xls
2012-06-14 08:01 - 2012-06-14 09:09 - 00000000 __SHD C:\Users\Tony\Documents\cache
2012-06-14 08:00 - 2012-06-14 08:00 - 00000000 ____D C:\Users\Tony\AppData\Roaming\webex
2012-06-14 04:53 - 2012-06-14 04:53 - 00000000 ____D C:\Users\Tony\AppData\Local\Macromedia
2012-06-13 05:39 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-13 05:39 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-13 05:39 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-13 05:39 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-13 05:39 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-13 05:39 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-13 05:39 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-13 05:39 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-13 05:39 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-13 05:39 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-13 05:39 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-13 05:39 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-13 05:39 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-13 05:39 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-13 05:39 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-13 05:39 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-13 05:39 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-13 05:39 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-13 05:39 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-13 05:39 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-13 05:39 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-13 05:39 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-13 05:39 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-13 05:39 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-13 05:39 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-13 05:39 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-13 05:38 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-13 05:38 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-13 00:48 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-13 00:48 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-13 00:48 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-13 00:48 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-13 00:47 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-13 00:47 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-13 00:47 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-13 00:47 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-13 00:47 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 00:47 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 00:47 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 00:47 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 00:47 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-13 00:47 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-13 00:47 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-13 00:47 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-13 00:47 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-11 13:03 - 2012-06-11 13:03 - 00000537 ____A C:\Users\Tony\Desktop\Emdeon.lnk
2012-06-11 09:24 - 2012-06-11 09:24 - 00001032 ____A C:\Users\Tony\Desktop\Danette Billing 2012 - Shortcut.lnk

============ 3 Months Modified Files ========================
2012-07-11 10:46 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-07-11 10:45 - 2012-07-09 05:14 - 00001792 ____A C:\Windows\setupact.log
2012-07-11 10:45 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-11 10:43 - 2012-07-11 10:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1F3594C868D7281A
2012-07-11 10:40 - 2012-07-11 10:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6D9B585F5201D39B
2012-07-11 10:37 - 2012-07-11 10:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FE6069015E94A27B
2012-07-11 10:34 - 2012-07-11 10:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.29C44DC555402B07
2012-07-11 10:32 - 2012-04-12 04:20 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-11 10:31 - 2012-07-11 10:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.48E615586D180025
2012-07-11 10:27 - 2012-07-11 10:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1C0F93FF7600BD63
2012-07-11 10:24 - 2012-07-11 10:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7B3D22E965BB8961
2012-07-11 10:21 - 2012-07-11 10:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AA1CBAB954EC1534
2012-07-11 10:18 - 2012-07-11 10:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.462329C606EB7ECD
2012-07-11 10:15 - 2012-07-11 10:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B31CA05838FCC2FC
2012-07-11 10:15 - 2010-06-04 11:25 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-11 10:12 - 2012-07-11 10:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1A19BF73025E0A37
2012-07-11 10:09 - 2012-07-11 10:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2A86278B10F4F598
2012-07-11 10:06 - 2012-07-11 10:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1AA224D997BF83DF
2012-07-11 10:03 - 2012-07-11 10:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E1F21131CB9F388D
2012-07-11 10:00 - 2012-07-11 10:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.064FED1ACD67B854
2012-07-11 09:57 - 2012-07-11 09:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ACB1AEAB59A037CC
2012-07-11 09:54 - 2012-07-11 09:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CEF2E5838A71FA5A
2012-07-11 09:51 - 2012-07-11 09:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4F9CC23E58A7606E
2012-07-11 09:48 - 2012-07-11 09:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.520337C6DD94F2D5
2012-07-11 09:45 - 2012-07-11 09:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.96E7E2C8BD9A4541
2012-07-11 09:42 - 2012-07-11 09:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E3FCF930D4BFA02F
2012-07-11 09:39 - 2012-07-11 09:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AF07D5BF7C2EC662
2012-07-11 09:36 - 2012-07-11 09:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.589DC3AB8EB4CAA7
2012-07-11 09:33 - 2012-07-11 09:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B0BBE56A202B5605
2012-07-11 09:30 - 2012-07-11 09:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F458263526E44C9D
2012-07-11 09:29 - 2010-06-04 11:25 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-11 09:21 - 2012-03-09 13:31 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-11 09:21 - 2010-05-25 12:15 - 01828392 ____A C:\Windows\WindowsUpdate.log
2012-07-11 09:20 - 2012-03-09 13:31 - 00756948 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-11 09:01 - 2012-07-11 09:01 - 01558016 ____A C:\Users\Tony\Desktop\RogueKiller.exe
2012-07-11 06:49 - 2012-05-23 08:50 - 00000186 ____A C:\Users\Tony\RmDvrUserCfg85.ini
2012-07-11 06:04 - 2012-07-11 06:04 - 00032746 ____A C:\Users\Tony\Desktop\Extras.Txt
2012-07-11 06:03 - 2012-07-11 06:03 - 00070100 ____A C:\Users\Tony\Desktop\OTL.Txt
2012-07-11 06:03 - 2009-07-13 20:45 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-11 06:03 - 2009-07-13 20:45 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-11 05:56 - 2012-07-11 05:56 - 00001138 ____A C:\Windows\PFRO.log
2012-07-11 05:27 - 2012-07-11 05:26 - 00595968 ____A (OldTimer Tools) C:\Users\Tony\Desktop\OTL.exe
2012-07-11 05:21 - 2010-05-25 12:21 - 00000925 ____A C:\Windows\Brpfx04a.ini
2012-07-10 11:15 - 2012-07-10 11:15 - 00001038 ____A C:\Users\Tony\Desktop\PDFCombine.lnk
2012-07-10 11:05 - 2012-07-10 11:05 - 00000940 ____A C:\Users\Public\Desktop\Free PDF to Word Converter.lnk
2012-07-10 06:03 - 2012-07-10 06:03 - 00001762 ____A C:\Users\Tony\Desktop\Spotify.lnk
2012-07-10 04:54 - 2012-07-10 04:54 - 00038400 ____A (DeLOCK) C:\Users\Tony\0i763f66bz.exe
2012-07-10 04:54 - 2012-04-12 04:20 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-10 04:54 - 2011-06-10 09:53 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-09 11:31 - 2012-07-09 11:31 - 00000148 ____A C:\Users\Tony\Desktop\Camera.url
2012-07-09 06:05 - 2012-07-09 06:05 - 00017408 ____A C:\Users\Tony\Downloads\BILLING SUMMARY 7-2 thru 7-6.xls
2012-07-09 05:14 - 2012-07-09 05:14 - 00000000 ____A C:\Windows\setuperr.log
2012-07-08 19:00 - 2009-07-13 21:13 - 00743290 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-08 18:52 - 2012-07-08 18:52 - 00014542 ____A C:\ComboFix.txt
2012-07-08 18:48 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-07-08 18:37 - 2012-07-08 18:37 - 04573972 ____R (Swearware) C:\Users\Tony\Desktop\ComboFix.exe
2012-07-08 18:34 - 2012-07-05 12:28 - 00000416 ____A C:\Users\Tony\Downloads\FRST64.exe
2012-07-05 13:01 - 2012-07-05 13:01 - 00000462 ____A C:\Windows\Tasks\SpeedyPC Update Version3.job
2012-07-05 13:01 - 2012-07-05 13:01 - 00000418 ____A C:\Windows\Tasks\SpeedyPC Pro.job
2012-07-05 12:40 - 2009-07-13 21:08 - 00032556 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-05 12:22 - 2012-07-05 11:21 - 00126034 ____A C:\Users\Tony\AppData\Local\census.cache
2012-07-05 12:22 - 2012-07-05 11:20 - 00080912 ____A C:\Users\Tony\AppData\Local\ars.cache
2012-07-05 12:15 - 2012-07-05 12:15 - 12621696 ____A (Microsoft Corporation) C:\Users\Tony\Downloads\mseinstall.exe
2012-07-05 11:29 - 2012-06-05 05:33 - 00001264 ____A C:\Users\Tony\Desktop\Revo Uninstaller.lnk
2012-07-05 11:28 - 2012-07-05 11:28 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-05 11:21 - 2012-07-05 11:21 - 00102400 ____A C:\Windows\RegBootClean.exe
2012-07-05 11:16 - 2012-07-05 11:16 - 00000036 ____A C:\Users\Tony\AppData\Local\housecall.guid.cache
2012-07-03 11:21 - 2012-07-09 06:04 - 00017408 ____A C:\Users\Tony\Downloads\5. July 2 - 6, 2012.xls
2012-07-03 09:47 - 2012-07-03 09:47 - 00823485 ____A C:\Users\Tony\Downloads\11anweb.zip
2012-06-29 10:13 - 2012-06-29 10:19 - 00017408 ____A C:\Users\Tony\Downloads\BILLING SUMMARY 6-25 thru 6-29.xls
2012-06-29 09:14 - 2012-06-29 09:16 - 00029696 ____A C:\Users\Tony\Downloads\Client Remit.xls
2012-06-29 06:23 - 2012-07-02 10:55 - 00017920 ____A C:\Users\Tony\Downloads\4. June 25 - 29, 2012.xls
2012-06-28 11:48 - 2012-06-28 11:51 - 00048128 ____A C:\Users\Tony\Downloads\5-2012 Williams Goodhue county.xls
2012-06-28 11:35 - 2012-06-28 11:51 - 00041984 ____A C:\Users\Tony\Downloads\James Williams correction Transportation .xls
2012-06-25 06:13 - 2012-06-25 06:26 - 00017408 ____A C:\Users\Tony\Downloads\3. June 18 - 22, 2012.xls
2012-06-15 09:28 - 2012-06-15 08:34 - 00035840 ____A C:\Users\Tony\Downloads\Jessica_Billing_6-8-12.xls
2012-06-13 06:24 - 2009-07-13 20:45 - 00302024 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-13 05:46 - 2011-10-14 03:30 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-13 05:38 - 2012-03-14 12:08 - 00000748 ___AH C:\IPH.PH
2012-06-13 05:37 - 2012-03-14 12:08 - 00001911 ____A C:\Users\Public\Desktop\AIM.lnk
2012-06-11 13:03 - 2012-06-11 13:03 - 00000537 ____A C:\Users\Tony\Desktop\Emdeon.lnk
2012-06-11 09:24 - 2012-06-11 09:24 - 00001032 ____A C:\Users\Tony\Desktop\Danette Billing 2012 - Shortcut.lnk
2012-06-11 08:29 - 2012-05-18 12:08 - 00029184 ____A C:\Users\Tony\Desktop\Jessica Billing 2012.xls
2012-06-11 08:28 - 2012-04-17 09:00 - 00002184 ____A C:\Users\Tony\Desktop\Shared Folder - Shortcut.lnk
2012-06-06 05:44 - 2012-06-06 05:44 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2012-06-05 05:33 - 2012-06-05 05:17 - 00002662 ____A C:\Users\Tony\Documents\tonysci.profile
2012-06-05 05:33 - 2012-06-05 05:16 - 00000245 ____A C:\Users\Tony\Documents\iSafeguard.log
2012-06-04 23:37 - 2012-07-05 11:16 - 00256904 ____A (Trend Micro Inc.) C:\Windows\SysWOW64\Drivers\tmcomm.sys
2012-06-02 14:19 - 2012-06-22 05:13 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-22 05:13 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-22 05:13 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-22 05:13 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-22 05:13 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-22 05:13 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-22 05:13 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 12:19 - 2012-06-22 05:12 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:15 - 2012-06-22 05:12 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-23 09:03 - 2012-05-23 09:03 - 00002659 ____A C:\Users\Public\Desktop\PSS(admin).lnk
2012-05-23 09:03 - 2012-05-23 09:03 - 00002617 ____A C:\Users\Public\Desktop\PSS.lnk
2012-05-18 05:27 - 2012-05-18 05:31 - 00063488 ____A C:\Users\Tony\Downloads\5-18-12 WHO IS IN GROUP new.xls
2012-05-17 18:47 - 2012-06-13 05:39 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-13 05:38 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-13 05:39 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-13 05:39 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-13 05:39 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-13 05:39 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-13 05:39 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-13 05:39 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-13 05:39 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-13 05:39 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-13 05:39 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-13 05:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-13 05:39 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-13 05:39 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-13 05:39 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-13 05:38 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-13 05:39 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-13 05:39 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-13 05:39 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-13 05:39 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-13 05:39 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-13 05:39 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-13 05:39 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-13 05:39 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-13 05:39 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-13 05:39 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-13 05:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-13 05:39 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-14 17:32 - 2012-06-13 00:47 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-09 05:45 - 2012-05-09 05:45 - 00001436 ____A C:\Users\Tony\Desktop\Tony Cover Sheet Billing Dept - Shortcut.lnk
2012-05-04 10:03 - 2012-04-20 07:30 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-05-04 03:06 - 2012-06-13 00:47 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-13 00:47 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 00:47 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-03 08:24 - 2012-05-03 08:24 - 00002969 ____A C:\Users\Tony\Desktop\EasyPrint.lnk
2012-05-03 08:24 - 2012-05-03 08:24 - 00000092 ____A C:\Users\Tony\AppData\Local\fusioncache.dat
2012-05-02 09:21 - 2010-05-25 12:55 - 00000426 ____A C:\Windows\BRWMARK.INI
2012-04-30 21:40 - 2012-06-13 00:48 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:55 - 2012-06-13 00:47 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-26 08:34 - 2012-06-05 04:23 - 00002338 ____A C:\Users\Tony\Desktop\PSYCH - Shortcut.lnk
2012-04-25 21:41 - 2012-06-13 00:48 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-13 00:48 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-13 00:48 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-25 10:43 - 2012-04-04 08:14 - 00028160 ____A C:\Users\Tony\Desktop\list of clients and groups.xls
2012-04-23 21:37 - 2012-06-13 00:47 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-13 00:47 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-13 00:47 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-13 00:47 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-13 00:47 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-13 00:47 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-18 05:53 - 2012-04-18 05:53 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-04-17 05:25 - 2012-04-11 12:14 - 00017920 ____A C:\Users\Tony\Desktop\Tony's TO DO LIST.xls
2012-04-13 06:41 - 2012-04-13 06:35 - 257265978 ____A C:\Users\Tony\Documents\Matterhorn Bobsleds in HD both tracks at Disneyland.mp4
ZeroAccess:
C:\Windows\Installer\{1a868d5d-dd53-d8ab-fbb9-f391889fbdb9}
C:\Windows\Installer\{1a868d5d-dd53-d8ab-fbb9-f391889fbdb9}\@
C:\Windows\Installer\{1a868d5d-dd53-d8ab-fbb9-f391889fbdb9}\L
C:\Windows\Installer\{1a868d5d-dd53-d8ab-fbb9-f391889fbdb9}\U
C:\Windows\Installer\{1a868d5d-dd53-d8ab-fbb9-f391889fbdb9}\U\00000001.@
C:\Windows\Installer\{1a868d5d-dd53-d8ab-fbb9-f391889fbdb9}\U\80000000.@
C:\Windows\Installer\{1a868d5d-dd53-d8ab-fbb9-f391889fbdb9}\U\800000cb.@
ZeroAccess:
C:\Users\Tony\AppData\Local\{1a868d5d-dd53-d8ab-fbb9-f391889fbdb9}
C:\Users\Tony\AppData\Local\{1a868d5d-dd53-d8ab-fbb9-f391889fbdb9}\@
C:\Users\Tony\AppData\Local\{1a868d5d-dd53-d8ab-fbb9-f391889fbdb9}\L
C:\Users\Tony\AppData\Local\{1a868d5d-dd53-d8ab-fbb9-f391889fbdb9}\U
========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 36%
Total physical RAM: 2013.05 MB
Available physical RAM: 1275.53 MB
Total Pagefile: 2013.05 MB
Available Pagefile: 1260.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:288.19 GB) (Free:243.35 GB) NTFS
3 Drive f: () (Removable) (Total:1.88 GB) (Free:1.88 GB) FAT
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
9 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 1927 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 100 MB 40 MB
Partition 3 Primary 288 GB 140 MB
Partition 4 Primary 9 GB 288 GB
==================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 FAT Partition 39 MB Healthy Hidden
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy
==================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 288 GB Healthy
==================================================================================
Disk: 0
Partition 4
Type : DB
Hidden: Yes
Active: No
There is no volume associated with this partition.
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1927 MB 31 KB
==================================================================================
Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Removable 1927 MB Healthy
==================================================================================
==========================================================
Last Boot: 2012-07-09 12:53
======================= End Of Log ==========================
 
Farbar Recovery Scan Tool Version: 11-07-2012
Ran by SYSTEM at 2012-07-11 14:22:26
Running from F:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2012-07-11 10:46] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
C:\Windows\erdnt\cache64\services.exe
[2012-07-08 18:50] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
====== End Of Search ======
 
It looks like you got reinfected.

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Restart normally and post new Combofix log.
 

Attachments

  • fixlist.txt
    3.5 KB · Views: 1
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 11-07-2012
Ran by SYSTEM at 2012-07-12 07:34:09 Run:2
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
HKEY_USERS\Tony\Software\Microsoft\Windows\CurrentVersion\Run\\0i763f66bz Value deleted successfully.
C:\Windows\System32\services.exe.6D9B585F5201D39B moved successfully.
C:\Windows\System32\services.exe.FE6069015E94A27B moved successfully.
C:\Windows\System32\services.exe.29C44DC555402B07 moved successfully.
C:\Windows\System32\services.exe.48E615586D180025 moved successfully.
C:\Windows\System32\services.exe.1C0F93FF7600BD63 moved successfully.
C:\Windows\System32\services.exe.7B3D22E965BB8961 moved successfully.
C:\Windows\System32\services.exe.AA1CBAB954EC1534 moved successfully.
C:\Windows\System32\services.exe.462329C606EB7ECD moved successfully.
C:\Windows\System32\services.exe.B31CA05838FCC2FC moved successfully.
C:\Windows\System32\services.exe.1A19BF73025E0A37 moved successfully.
C:\Windows\System32\services.exe.2A86278B10F4F598 moved successfully.
C:\Windows\System32\services.exe.1AA224D997BF83DF moved successfully.
C:\Windows\System32\services.exe.E1F21131CB9F388D moved successfully.
C:\Windows\System32\services.exe.064FED1ACD67B854 moved successfully.
C:\Windows\System32\services.exe.ACB1AEAB59A037CC moved successfully.
C:\Windows\System32\services.exe.CEF2E5838A71FA5A moved successfully.
C:\Windows\System32\services.exe.4F9CC23E58A7606E moved successfully.
C:\Windows\System32\services.exe.520337C6DD94F2D5 moved successfully.
C:\Windows\System32\services.exe.96E7E2C8BD9A4541 moved successfully.
C:\Windows\System32\services.exe.E3FCF930D4BFA02F moved successfully.
C:\Windows\System32\services.exe.AF07D5BF7C2EC662 moved successfully.
C:\Windows\System32\services.exe.589DC3AB8EB4CAA7 moved successfully.
C:\Windows\System32\services.exe.B0BBE56A202B5605 moved successfully.
C:\Windows\System32\services.exe.F458263526E44C9D moved successfully.
C:\Windows\Installer\{1a868d5d-dd53-d8ab-fbb9-f391889fbdb9} moved successfully.
C:\Users\Tony\AppData\Local\{1a868d5d-dd53-d8ab-fbb9-f391889fbdb9} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====
 
ComboFix 12-07-12.02 - Tony 07/12/2012 8:00.3.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2013.779 [GMT -5:00]
Running from: c:\users\Tony\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-- Previous Run --
.
c:\windows\SysWow64\sfcfiles.dll . . . is missing!!
.
--------
.
.
((((((((((((((((((((((((( Files Created from 2012-06-12 to 2012-07-12 )))))))))))))))))))))))))))))))
.
.
2012-07-12 13:06 . 2012-07-12 13:06 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{208B66A4-2E42-4C9B-90A3-8BC828F9900A}\offreg.dll
2012-07-12 13:05 . 2012-07-12 13:05 -------- d-----w- c:\users\Wanda\AppData\Local\temp
2012-07-12 13:05 . 2012-07-12 13:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-11 18:43 . 2012-07-11 18:43 328704 ----a-w- c:\windows\system32\services.exe.1F3594C868D7281A
2012-07-11 17:21 . 2012-02-09 19:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{35D483B1-9A1E-49CC-B51E-45CCC7A4348A}\gapaengine.dll
2012-07-11 17:21 . 2012-06-18 08:12 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{208B66A4-2E42-4C9B-90A3-8BC828F9900A}\mpengine.dll
2012-07-11 17:20 . 2012-07-11 17:20 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-11 17:20 . 2012-07-11 17:21 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-10 19:15 . 2012-07-10 19:15 -------- d-----w- c:\users\Tony\AppData\Roaming\Softplicity
2012-07-10 19:15 . 2012-07-10 19:15 -------- d-----w- c:\program files (x86)\PDF Combine
2012-07-10 19:05 . 2012-07-10 19:05 -------- d-----w- c:\users\Tony\AppData\Roaming\Free PDF to Word Converter
2012-07-10 19:05 . 2012-07-10 19:05 -------- d-----w- c:\programdata\Smart Soft
2012-07-10 19:05 . 2012-07-10 19:05 -------- d-----w- c:\program files\Free PDF to Word Converter
2012-07-10 14:03 . 2012-07-12 12:36 -------- d-----w- c:\users\Tony\AppData\Roaming\Spotify
2012-07-06 16:09 . 2012-07-06 16:09 -------- d-----w- C:\FRST
2012-07-05 21:01 . 2012-07-05 21:01 -------- d-----w- c:\program files (x86)\Common Files\SpeedyPC Software
2012-07-05 21:01 . 2012-07-05 21:01 -------- d-----w- c:\programdata\SpeedyPC Software
2012-07-05 21:01 . 2012-07-05 21:01 -------- d-----w- c:\program files (x86)\SpeedyPC Software
2012-07-05 19:28 . 2012-07-05 19:28 -------- d-----w- c:\users\Tony\AppData\Roaming\Malwarebytes
2012-07-05 19:21 . 2012-07-05 19:21 102400 ----a-w- c:\windows\RegBootClean.exe
2012-07-05 19:16 . 2012-06-05 07:37 256904 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2012-07-05 19:09 . 2012-07-05 19:09 -------- d-----w- c:\program files (x86)\Hijack this
2012-07-02 17:49 . 2012-07-02 17:49 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-22 13:13 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 13:13 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 13:13 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 13:13 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 13:13 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 13:13 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 13:13 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 13:12 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 13:12 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 14:54 . 2012-07-03 12:33 -------- d-----w- c:\program files (x86)\BlueStacks
2012-06-21 14:52 . 2012-06-21 14:54 -------- d-----w- c:\users\Tony\AppData\Local\BlueStacksSetup
2012-06-20 14:07 . 2012-06-20 14:07 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-20 14:07 . 2012-06-20 14:07 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-14 16:00 . 2012-06-14 16:00 -------- d-----w- c:\users\Tony\AppData\Roaming\webex
2012-06-14 12:53 . 2012-06-14 12:53 -------- d-----w- c:\users\Tony\AppData\Local\Macromedia
2012-06-13 13:37 . 2012-06-13 13:37 -------- d-----w- c:\program files (x86)\Common Files\Software Update Utility
2012-06-13 08:48 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 08:48 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 08:48 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 08:48 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-10 12:54 . 2012-04-12 12:20 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-10 12:54 . 2011-06-10 17:53 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-09_02.48.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-25 21:27 . 2012-07-11 13:58 30458 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-12 13:08 36028 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-07-02 18:39 . 2012-07-11 15:52 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
- 2012-07-02 18:39 . 2012-07-05 19:52 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-07-11 05:42 . 2012-07-11 17:17 65536 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012071120120712\index.dat
+ 2012-07-10 13:23 . 2012-07-11 04:34 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012071020120711\index.dat
+ 2012-07-10 13:23 . 2012-07-10 13:23 65536 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012070220120709\index.dat
+ 2012-07-02 17:55 . 2012-07-11 17:25 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-07-02 17:55 . 2012-07-05 20:20 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-07-02 17:49 . 2012-07-11 17:25 16384 c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
- 2012-07-02 17:49 . 2012-07-05 20:15 16384 c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2010-11-10 14:45 . 2012-07-11 13:55 3734 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-04-17 12:25 . 2012-07-12 13:08 5032 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-52383786-3910629975-2101294700-1001_UserData.bin
- 2012-07-09 02:47 . 2012-07-09 02:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-12 13:06 . 2012-07-12 13:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-09 02:47 . 2012-07-09 02:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-12 13:06 . 2012-07-12 13:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-02 17:46 . 2012-07-10 12:54 686280 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
- 2012-07-02 17:46 . 2012-07-02 17:46 686280 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
- 2012-07-02 17:46 . 2012-07-02 17:46 465096 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.dll
+ 2012-07-02 17:46 . 2012-07-10 12:54 465096 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.dll
+ 2012-04-12 12:20 . 2012-07-10 12:54 257224 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
- 2012-04-12 12:20 . 2012-07-02 17:46 257224 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2011-06-23 15:53 . 2012-07-11 12:28 241638 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2012-07-09 02:38 635204 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-12 12:37 635204 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-09 02:38 111738 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-07-12 12:37 111738 c:\windows\system32\perfc009.dat
- 2012-07-02 17:45 . 2012-07-02 17:45 417480 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_257_ActiveX.exe
+ 2012-07-02 17:45 . 2012-07-10 12:54 417480 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_257_ActiveX.exe
- 2012-07-02 17:45 . 2012-07-02 17:45 512200 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_257_ActiveX.dll
+ 2012-07-02 17:45 . 2012-07-10 12:54 512200 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_257_ActiveX.dll
+ 2010-05-25 20:16 . 2012-07-12 12:42 475136 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2012-07-09 02:52 105184 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 05:01 . 2012-07-12 13:05 263936 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-09 02:45 263936 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-25 08:01 . 2012-07-11 17:21 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\SCEP.exe
- 2012-04-25 08:01 . 2012-07-05 20:15 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\SCEP.exe
+ 2012-07-11 17:21 . 2012-07-11 17:21 123352 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\MSE.exe
- 2012-07-05 20:15 . 2012-07-05 20:15 123352 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\MSE.exe
+ 2012-04-25 08:01 . 2012-07-11 17:21 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\INTUNE.exe
- 2012-04-25 08:01 . 2012-07-05 20:15 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\INTUNE.exe
+ 2012-04-25 08:01 . 2012-07-11 17:21 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\FEP.exe
- 2012-04-25 08:01 . 2012-07-05 20:15 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\FEP.exe
+ 2012-04-25 08:01 . 2012-07-11 17:21 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\EPP.exe
- 2012-04-25 08:01 . 2012-07-05 20:15 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\EPP.exe
+ 2010-05-25 20:16 . 2012-07-12 12:42 3424256 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-27 00:21 . 2012-03-27 00:21 7622656 c:\windows\Installer\ba792f.msi
+ 2009-07-14 04:54 . 2012-07-12 12:42 14254080 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-16 20:51 . 2012-07-12 13:05 45023492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-52383786-3910629975-2101294700-1001-8192.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="c:\users\Tony\AppData\Roaming\Spotify\Spotify.exe" [2012-07-10 7609560]
"Spotify Web Helper"="c:\users\Tony\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-10 1192664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2006-12-18 622592]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-04 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-10 257224]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-04 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-20 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-27 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2011-03-16 133944]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 12:54]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-04 19:25]
.
2012-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-04 19:25]
.
2012-07-05 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-01-30 22:17]
.
2012-07-05 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-01-30 22:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
DPF: {748E146C-5842-4AD4-8A01-ACA7E61C6FCE} - hxxp://192.168.1.2/DvrOcx.cab
FF - ProfilePath - c:\users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\93vcy0ey.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7Bbaace6bf-fb66-4b72-8041-2c51ec275dad%7D&mid=d7b21972571180c115144455af338579-e68493407ff72486406743d37d5f0f4a3813c7f3&ds=ft011&v=11.1.1.7&lang=en&pr=sa&d=2012-05-23%2012%3A01%3A55&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
.
**************************************************************************
.
Completion time: 2012-07-12 08:11:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-12 13:11
ComboFix2.txt 2012-07-09 02:52
.
Pre-Run: 264,111,796,224 bytes free
Post-Run: 263,947,923,456 bytes free
.
- - End Of File - - BE0E7319952656415DF829C1CFE6EEA5
 
Looks better but we still have some issues.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box and paste it into the main textfield:
    Code: 
    :filefind
sfcfiles.dll
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
 
SystemLook 30.07.11 by jpshortstuff
Log created at 16:54 on 12/07/2012 by Tony
Administrator - Elevation successful

========== filefind ==========

Searching for "sfcfiles.dll"
No files found.

-= EOF =-
 
Uninstall SpeedyPC Software.
Registry cleaners/optimizers are not recommended for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


===============================================

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
c:\windows\system32\services.exe.1F3594C868D7281A

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
ComboFix 12-07-13.01 - Tony 07/13/2012 7:35.4.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2013.950 [GMT -5:00]
Running from: c:\users\Tony\Desktop\ComboFix.exe
Command switches used :: c:\users\Tony\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
FILE ::
"c:\windows\system32\services.exe.1F3594C868D7281A"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\services.exe.1F3594C868D7281A
.
.
((((((((((((((((((((((((( Files Created from 2012-06-13 to 2012-07-13 )))))))))))))))))))))))))))))))
.
.
2012-07-13 12:41 . 2012-07-13 12:41 -------- d-----w- c:\users\Wanda\AppData\Local\temp
2012-07-13 12:41 . 2012-07-13 12:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-11 17:21 . 2012-02-09 19:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{35D483B1-9A1E-49CC-B51E-45CCC7A4348A}\gapaengine.dll
2012-07-11 17:21 . 2012-06-18 08:12 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{208B66A4-2E42-4C9B-90A3-8BC828F9900A}\mpengine.dll
2012-07-11 17:20 . 2012-07-11 17:20 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-11 17:20 . 2012-07-11 17:21 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-10 19:15 . 2012-07-10 19:15 -------- d-----w- c:\users\Tony\AppData\Roaming\Softplicity
2012-07-10 19:05 . 2012-07-10 19:05 -------- d-----w- c:\users\Tony\AppData\Roaming\Free PDF to Word Converter
2012-07-10 14:03 . 2012-07-12 20:43 -------- d-----w- c:\users\Tony\AppData\Roaming\Spotify
2012-07-06 16:09 . 2012-07-06 16:09 -------- d-----w- C:\FRST
2012-07-05 21:01 . 2012-07-05 21:01 -------- d-----w- c:\program files (x86)\Common Files\SpeedyPC Software
2012-07-05 21:01 . 2012-07-05 21:01 -------- d-----w- c:\programdata\SpeedyPC Software
2012-07-05 21:01 . 2012-07-05 21:01 -------- d-----w- c:\program files (x86)\SpeedyPC Software
2012-07-05 19:28 . 2012-07-05 19:28 -------- d-----w- c:\users\Tony\AppData\Roaming\Malwarebytes
2012-07-05 19:21 . 2012-07-05 19:21 102400 ----a-w- c:\windows\RegBootClean.exe
2012-07-05 19:16 . 2012-06-05 07:37 256904 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2012-07-05 19:09 . 2012-07-05 19:09 -------- d-----w- c:\program files (x86)\Hijack this
2012-07-02 17:49 . 2012-07-02 17:49 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-22 13:13 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 13:13 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 13:13 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 13:13 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 13:13 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 13:13 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 13:13 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 13:12 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 13:12 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 14:54 . 2012-07-03 12:33 -------- d-----w- c:\program files (x86)\BlueStacks
2012-06-21 14:52 . 2012-06-21 14:54 -------- d-----w- c:\users\Tony\AppData\Local\BlueStacksSetup
2012-06-20 14:07 . 2012-06-20 14:07 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-20 14:07 . 2012-06-20 14:07 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-14 16:00 . 2012-06-14 16:00 -------- d-----w- c:\users\Tony\AppData\Roaming\webex
2012-06-14 12:53 . 2012-06-14 12:53 -------- d-----w- c:\users\Tony\AppData\Local\Macromedia
2012-06-13 13:37 . 2012-06-13 13:37 -------- d-----w- c:\program files (x86)\Common Files\Software Update Utility
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 15:32 . 2012-04-12 12:20 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 15:32 . 2011-06-10 17:53 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-15 01:32 . 2012-06-13 08:47 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-05-04 11:06 . 2012-06-13 08:47 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 08:47 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 08:47 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 08:48 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 08:47 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 08:48 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 08:48 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 08:48 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-13 08:47 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-13 08:47 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-13 08:47 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 08:47 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-13 08:47 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 08:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-07-12_13.06.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-06-25 13:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-12 15:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-12 15:32 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-25 13:32 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-12 15:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-25 13:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-25 21:27 . 2012-07-12 13:19 30538 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-13 12:44 36044 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-11-10 14:45 . 2012-07-11 13:55 3734 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2010-11-10 14:45 . 2012-07-12 13:14 3734 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-04-17 12:25 . 2012-07-13 12:44 5304 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-52383786-3910629975-2101294700-1001_UserData.bin
+ 2012-07-13 12:42 . 2012-07-13 12:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-12 13:06 . 2012-07-12 13:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-12 15:32 . 2012-07-12 15:32 686280 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_Plugin.exe
+ 2012-07-12 14:32 . 2012-07-12 14:32 686280 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
+ 2012-07-12 14:32 . 2012-07-12 14:32 465096 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.dll
+ 2012-04-12 12:20 . 2012-07-12 15:32 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2011-06-23 15:53 . 2012-07-13 12:27 245336 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2012-07-12 15:32 . 2012-07-12 15:32 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_265_Plugin.exe
+ 2012-07-12 14:32 . 2012-07-12 14:32 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_265_ActiveX.exe
+ 2012-07-12 14:32 . 2012-07-12 14:32 512200 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_265_ActiveX.dll
- 2010-05-25 20:16 . 2012-07-12 12:42 475136 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-25 20:16 . 2012-07-12 15:32 475136 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 05:01 . 2012-07-12 13:05 263936 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-13 12:41 263936 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-07-12 15:32 . 2012-07-12 15:32 9465032 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
+ 2012-07-12 15:32 . 2012-07-12 15:32 1536712 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
- 2010-05-25 20:16 . 2012-07-12 12:42 3424256 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-25 20:16 . 2012-07-12 15:32 3424256 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-07-12 15:32 . 2012-07-12 15:32 12314312 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll
- 2009-07-14 04:54 . 2012-07-12 12:42 14254080 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-12 15:32 14254080 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-16 20:51 . 2012-07-13 12:41 45325708 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-52383786-3910629975-2101294700-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="c:\users\Tony\AppData\Roaming\Spotify\Spotify.exe" [2012-07-10 7609560]
"Spotify Web Helper"="c:\users\Tony\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-10 1192664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2006-12-18 622592]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-04 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-04 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-20 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-27 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2011-03-16 133944]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 15:32]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-04 19:25]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-04 19:25]
.
2012-07-05 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-01-30 22:17]
.
2012-07-05 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-01-30 22:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
DPF: {748E146C-5842-4AD4-8A01-ACA7E61C6FCE} - hxxp://192.168.1.2/DvrOcx.cab
FF - ProfilePath - c:\users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\93vcy0ey.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7Bbaace6bf-fb66-4b72-8041-2c51ec275dad%7D&mid=d7b21972571180c115144455af338579-e68493407ff72486406743d37d5f0f4a3813c7f3&ds=ft011&v=11.1.1.7&lang=en&pr=sa&d=2012-05-23%2012%3A01%3A55&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
.
**************************************************************************
.
Completion time: 2012-07-13 07:47:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-13 12:47
ComboFix2.txt 2012-07-12 13:11
ComboFix3.txt 2012-07-09 02:52
.
Pre-Run: 263,985,090,560 bytes free
Post-Run: 263,713,964,032 bytes free
.
- - End Of File - - 82F24236D88EB14FABDA7A60C27C7035
 
Ok, after reboot MSE says virus:Win64/Sirefef.B is there and needs to be removed? How should I proceed on this.
 
You can remove it.
Most likely it's already quarantined by one of our tools.

Any other issues?

====================================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.16.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Tony :: WANDA-PC [administrator]

7/16/2012 11:05:20 AM
mbam-log-2012-07-16 (11-05-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 232332
Time elapsed: 3 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
OTL logfile created on: 7/16/2012 11:23:21 AM - Run 2
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Tony\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 0.68 Gb Available Physical Memory | 34.83% Memory free
7.43 Gb Paging File | 5.42 Gb Available in Paging File | 72.91% Paging File free
Paging file location(s): c:\pagefile.sys 5600 6144 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.19 Gb Total Space | 244.61 Gb Free Space | 84.88% Space Free | Partition Type: NTFS
Drive E: | 1.88 Gb Total Space | 1.88 Gb Free Space | 99.81% Space Free | Partition Type: FAT

Computer Name: WANDA-PC | User Name: Tony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/16 11:14:48 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Tony\Desktop\OTL.exe
PRC - [2012/07/12 10:32:29 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
PRC - [2012/07/10 09:03:13 | 007,609,560 | ---- | M] (Spotify Ltd) -- C:\Users\Tony\AppData\Roaming\Spotify\spotify.exe
PRC - [2012/07/10 09:03:13 | 001,192,664 | ---- | M] () -- C:\Users\Tony\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/06/20 09:07:05 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/05/30 12:18:07 | 004,331,392 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/16 11:29:35 | 000,133,944 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\SysWOW64\atashost.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/12 10:32:28 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
MOD - [2012/07/10 09:03:13 | 020,214,784 | ---- | M] () -- C:\Users\Tony\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2012/07/10 09:03:13 | 001,192,664 | ---- | M] () -- C:\Users\Tony\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012/06/20 09:07:04 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/05/30 12:11:47 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\AIM\nssckbi.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/12 10:32:29 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/20 09:07:04 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/16 11:29:35 | 000,133,944 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/10 16:40:58 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3A 4B EE 2E DC 17 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid=...a3813c7f3&lang=en&ds=ft011&pr=sa&d=2012-05-23 12:01:55&v=11.1.1.7&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid=...lang=en&pr=sa&d=2012-05-23 12:01:55&sap=ku&q="
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/20 09:07:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/23 12:04:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/07/10 10:04:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/20 09:07:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/23 12:04:17 | 000,000,000 | ---D | M]

[2012/04/06 10:43:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tony\AppData\Roaming\Mozilla\Extensions
[2012/07/03 07:35:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\93vcy0ey.default\extensions
[2012/04/19 07:40:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/20 09:07:05 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/05/23 12:01:49 | 000,003,751 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/20 09:07:02 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/20 09:07:02 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/13 07:42:47 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKCU..\Run: [Spotify] C:\Users\Tony\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Tony\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
O16:64bit: - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {748E146C-5842-4AD4-8A01-ACA7E61C6FCE} http://192.168.1.2/DvrOcx.cab (Dvr Net 85 Multidownload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A4DF35B-F760-4376-86BE-CC0CFFEA7601}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/16 11:19:34 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\ElevatedDiagnostics
[2012/07/16 11:14:19 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Tony\Desktop\OTL.exe
[2012/07/16 11:02:56 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Tony\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/13 07:43:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/12 08:35:40 | 000,000,000 | ---D | C] -- C:\Users\Tony\Desktop\Docs
[2012/07/12 08:25:51 | 000,000,000 | ---D | C] -- C:\Users\Tony\Desktop\Utilities
[2012/07/12 07:36:58 | 004,577,573 | R--- | C] (Swearware) -- C:\Users\Tony\Desktop\ComboFix.exe
[2012/07/11 12:20:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/07/11 12:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/07/10 14:15:24 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Roaming\Softplicity
[2012/07/10 14:05:49 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Roaming\Free PDF to Word Converter
[2012/07/10 09:03:06 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Roaming\Spotify
[2012/07/08 21:38:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/08 21:38:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/08 21:38:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/08 21:38:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/08 21:38:00 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/06 11:09:17 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/05 16:01:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedyPC Software
[2012/07/05 16:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/07/05 16:01:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedyPC Software
[2012/07/05 14:29:41 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/07/05 14:28:05 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Roaming\Malwarebytes
[2012/07/05 14:16:52 | 000,256,904 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2012/07/05 14:12:50 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2012/07/05 14:09:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hijack this
[2012/07/02 12:49:22 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/06/22 13:11:04 | 000,000,000 | ---D | C] -- C:\Users\Tony\Desktop\Town and Country
[2012/06/22 08:13:35 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/22 08:13:34 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/22 08:13:34 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/22 08:13:23 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/22 08:13:23 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/22 08:13:23 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/22 08:12:59 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/22 08:12:59 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/21 09:54:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BlueStacks
[2012/06/21 09:52:20 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\BlueStacksSetup

========== Files - Modified Within 30 Days ==========

[2012/07/16 11:32:20 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/16 11:20:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/16 11:14:48 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Tony\Desktop\OTL.exe
[2012/07/16 11:04:45 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/16 11:03:07 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Tony\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/16 09:14:25 | 000,000,957 | ---- | M] () -- C:\Windows\Brpfx04a.ini
[2012/07/16 08:20:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/16 08:18:18 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/16 08:18:18 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/16 08:12:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/16 08:12:11 | 1583,128,576 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/13 15:46:25 | 000,000,186 | ---- | M] () -- C:\Users\Tony\RmDvrUserCfg85.ini
[2012/07/13 10:14:26 | 000,743,290 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/13 10:14:26 | 000,635,204 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/13 10:14:26 | 000,111,738 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/13 07:42:47 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/13 07:33:35 | 004,577,573 | R--- | M] (Swearware) -- C:\Users\Tony\Desktop\ComboFix.exe
[2012/07/12 16:52:37 | 000,165,376 | ---- | M] () -- C:\Users\Tony\Desktop\SystemLook_x64.exe
[2012/07/12 10:32:28 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/12 10:32:28 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/11 12:21:08 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/07/11 12:20:59 | 000,756,948 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/10 09:03:14 | 000,001,762 | ---- | M] () -- C:\Users\Tony\Desktop\Spotify.lnk
[2012/07/09 14:31:06 | 000,000,148 | ---- | M] () -- C:\Users\Tony\Desktop\Camera.url
[2012/07/05 16:01:11 | 000,000,462 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/07/05 16:01:11 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/07/05 15:22:32 | 000,126,034 | ---- | M] () -- C:\Users\Tony\AppData\Local\census.cache
[2012/07/05 15:22:31 | 000,080,912 | ---- | M] () -- C:\Users\Tony\AppData\Local\ars.cache
[2012/07/05 14:29:42 | 000,001,264 | ---- | M] () -- C:\Users\Tony\Desktop\Revo Uninstaller.lnk
[2012/07/05 14:21:21 | 000,102,400 | ---- | M] () -- C:\Windows\RegBootClean.exe
[2012/07/05 14:16:37 | 000,000,036 | ---- | M] () -- C:\Users\Tony\AppData\Local\housecall.guid.cache
[2012/07/05 08:51:16 | 000,551,217 | ---- | M] () -- C:\Users\Tony\Documents\QSEE internet set up.pdf
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/02 16:02:01 | 002,677,830 | ---- | M] () -- C:\Users\Tony\Desktop\Grapefruit.jpg

========== Files Created - No Company Name ==========

[2012/07/16 11:04:45 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 16:52:31 | 000,165,376 | ---- | C] () -- C:\Users\Tony\Desktop\SystemLook_x64.exe
[2012/07/11 12:21:03 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/07/10 09:03:14 | 000,001,762 | ---- | C] () -- C:\Users\Tony\Desktop\Spotify.lnk
[2012/07/10 09:03:14 | 000,001,748 | ---- | C] () -- C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2012/07/09 14:31:06 | 000,000,148 | ---- | C] () -- C:\Users\Tony\Desktop\Camera.url
[2012/07/08 21:38:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/08 21:38:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/08 21:38:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/08 21:38:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/05 16:01:11 | 000,000,462 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/07/05 16:01:11 | 000,000,418 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/07/05 14:21:15 | 000,102,400 | ---- | C] () -- C:\Windows\RegBootClean.exe
[2012/07/05 14:21:03 | 000,126,034 | ---- | C] () -- C:\Users\Tony\AppData\Local\census.cache
[2012/07/05 14:20:57 | 000,080,912 | ---- | C] () -- C:\Users\Tony\AppData\Local\ars.cache
[2012/07/05 14:16:37 | 000,000,036 | ---- | C] () -- C:\Users\Tony\AppData\Local\housecall.guid.cache
[2012/07/05 08:51:16 | 000,551,217 | ---- | C] () -- C:\Users\Tony\Documents\QSEE internet set up.pdf
[2012/07/02 16:01:58 | 002,677,830 | ---- | C] () -- C:\Users\Tony\Desktop\Grapefruit.jpg
[2012/05/23 11:50:36 | 000,000,186 | ---- | C] () -- C:\Users\Tony\RmDvrUserCfg85.ini
[2012/05/03 11:24:27 | 000,000,092 | ---- | C] () -- C:\Users\Tony\AppData\Local\fusioncache.dat
[2012/03/09 16:31:18 | 000,756,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/15 15:43:14 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxTHA.dll
[2011/02/08 08:45:06 | 000,029,696 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxCHS.dll
[2011/01/29 10:49:52 | 000,020,992 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxRUS.dll
[2011/01/26 10:15:48 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxDEU.dll
[2011/01/26 10:15:48 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxTRK.dll
[2011/01/26 10:15:48 | 000,020,992 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxPLK.dll
[2011/01/26 10:15:48 | 000,020,992 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxNLD.dll
[2011/01/26 10:15:48 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxFAR.dll
[2011/01/26 10:15:48 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxCSY.dll
[2011/01/26 10:15:48 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxCHT.dll
[2010/12/24 09:03:46 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxTRK(KNOWLEDGE).dll
[2010/12/24 09:03:42 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxRUS(DIT).dll
[2010/12/24 09:03:34 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxPTB.dll
[2010/12/24 09:03:26 | 000,020,992 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxITA.dll
[2010/12/23 18:56:40 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxHUN.dll
[2010/12/23 18:55:38 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxELL.dll
[2010/12/03 09:26:30 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxFRA.dll
[2010/12/03 09:26:30 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxESP.dll
[2010/12/03 09:26:28 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxPTG.dll
[2010/11/26 09:11:32 | 000,921,685 | ---- | C] () -- C:\Windows\SysWow64\RM_DVRNET_DLL.dll
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

< End of report >
 
You must log in or register to reply here.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
NonTechyDad
Solved Malware removal for my son's pc
2
Replies
33
Views
5K
Broni
Broni

Latest posts

Back