Inactive Sirefef infection

O

Onionman34

Posts: 10   +0
Hello and thanks for looking at my thread.
I appear to have been infected with the sirefef trojan that has been going around. Microsoft security essentials says that it detects a trojan called Sirefef. The problem is that it is causing my pc to reboot. It gives me a error saying that my machine encountered a critical error and needs to reboot. I have looked into other threads on this board that have had similar issues. I would have simply followed the instructions from that thread but the notice that each script is written for each individual case, is deterring me from trying it.

I would like to get a little bit of assistance on how to proceed.

I am prepared to post any logs upon request. Any help would be greatly appreciated.
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Download Farbar Recovery Scan Tool and save it to a flash drive.


Depending on your type of system, you will have to select 32-bit or 64-bit accordingly. How do I tell?

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Place a check next to List Drivers MD5 as well as the default check marks that are already there
  • Press Scan button.
  • type exit and reboot the computer normally
  • FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.
 
Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 29-07-2012 11:38:30
Running from K:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-03-17] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [31072 2008-10-25] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe [529848 2011-10-31] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641664 2012-04-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
HKLM-x32\...\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe [x]
HKLM-x32\...\Run: [tsnp2uvc] C:\Program Files (x86)\Common Files\SNP2UVC\tsnp2uvc.exe [317952 2011-10-17] (Sonix Technology Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [WheelMouse] C:\ADVANC~1\wh_exec.exe [147456 2010-10-04] ()
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot [296056 2012-06-26] (RealNetworks, Inc.)
HKU\Mcx1-RUSSELL-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)
HKU\Russell\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-10-29] (Google Inc.)
HKU\Russell\...\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe" [495616 2007-09-02] ()
HKU\Russell\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKU\Russell\...\Run: [] [x]
HKU\Russell\...\Run: [AdobeBridge] [x]
HKU\Russell\...\Run: [EPSON NX100 Series (Copy 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEDA.EXE /FU "C:\Windows\TEMP\E_SC67D.tmp" /EF "HKCU" [221696 2008-02-05] (SEIKO EPSON CORPORATION)
HKU\Russell\...\Run: [EPSON NX620 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAA.EXE /FU "C:\Windows\TEMP\E_SB2F8.tmp" /EF "HKCU" [224768 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\Russell\...\Run: [PlayNC Launcher] [x]
HKU\Russell\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17355912 2012-05-03] (Skype Technologies S.A.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{CC8AD820-C81E-44FD-9AC5-02FB8B698A4E}: [NameServer]8.8.8.8,8.8.4.4
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
Startup: C:\Users\Russell\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ======

2 AffinegyService; "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe" [569752 2010-07-28] (Affinegy, Inc.)
3 Futuremark SystemInfo Service; "C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe" [135584 2011-12-09] (Futuremark Corporation)
3 GameConsoleService; "C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe" [250616 2009-05-22] (WildTangent, Inc.)
2 Greg_Service; C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 MotoConnect Service; C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [92928 2009-12-14] ()
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
2 NACAgent; "C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe" [1151928 2011-10-31] (Cisco Systems, Inc.)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 Pharos Systems ComTaskMaster; "C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe" [345600 2010-01-14] (Pharos Systems International)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
3 sdAuxService; C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe [359624 2009-10-30] (PC Tools)
3 sdCoreService; C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe [1141712 2009-11-06] (PC Tools)
2 SplashtopRemoteService; "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" [529768 2011-12-21] (Splashtop Inc.)
2 SSUService; C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [370504 2012-03-14] (Splashtop Inc.)
2 TVersityMediaServer; "C:\Users\Russell\AppData\Local\TVersity\Media Server\MediaServer.exe" [856064 2010-02-25] ()
2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [240160 2009-07-03] (Acer)

========================== Drivers (Whitelisted) =============

3 L8042Kbd; C:\Windows\System32\Drivers\L8042Kbd.sys [35344 2008-09-26] (Logitech, Inc.)
3 L8042mou; C:\Windows\System32\Drivers\L8042mou.sys [113680 2008-09-26] (Logitech, Inc.)
3 LMouKE; C:\Windows\System32\Drivers\LMouKE.sys [112144 2008-09-26] (Logitech, Inc.)
1 msqezpkb; C:\Windows\System32\Drivers\msqezpkb.sys [50392 2012-07-29] (Microsoft Corporation)
3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [25088 2010-02-26] (Nokia)
3 nmwcdx64; C:\Windows\System32\drivers\ccdcmbx64.sys [19456 2010-02-26] (Nokia)
0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [218056 2009-11-09] (PC Tools)
3 RTL8187B; C:\Windows\System32\Drivers\RTL8187B.sys [416768 2009-06-10] (Realtek Semiconductor Corporation )
0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-03-03] (Duplex Secure Ltd.)
3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [43152 2010-06-25] (Oracle Corporation)
3 whfltr2k; C:\Windows\System32\Drivers\whfltr2k.sys [10368 2009-09-16] ()
3 XBCD; C:\Windows\System32\Drivers\XBCD.sys [25728 2010-09-12] (XBCD Project)
3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
3 dump_wmimmc; \??\C:\WeMade Entertainment\DigimonBattle\GameGuard\dump_wmimmc.sys [x]
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
4 nvlddmkm; C:\Windows\System32\DRIVERS\nvlddmkm.sys [x]
3 vserial; C:\Windows\System32\DRIVERS\vserial.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-29 07:13 - 2012-07-29 07:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7DA1445850424369
2012-07-29 07:13 - 2012-07-29 07:13 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\msqezpkb.sys
2012-07-29 07:10 - 2012-07-29 07:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.82C3DCE1266A9AC9
2012-07-29 07:06 - 2012-07-29 07:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.406F77D0EFA8E7C7
2012-07-27 14:27 - 2012-07-27 14:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8B47AE887375493B
2012-07-27 14:22 - 2012-07-27 14:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5F497183F8FEA5FC
2012-07-27 14:17 - 2012-07-27 14:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9F986A3EEE46DBE6
2012-07-27 14:00 - 2012-07-27 14:00 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-27 13:59 - 2012-07-27 13:59 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-27 13:59 - 2012-07-27 13:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-27 13:56 - 2012-07-27 13:58 - 12621696 ____A (Microsoft Corporation) C:\Users\Russell\Downloads\mseinstall.exe
2012-07-27 11:08 - 2012-07-27 17:52 - 00000000 __SHD C:\Users\Russell\AppData\Roaming\8bd9fc0
2012-07-27 11:08 - 2012-07-27 17:50 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-07-27 11:05 - 2012-07-27 14:00 - 00000342 ____A C:\Windows\Tasks\At43.job
2012-07-27 11:05 - 2012-07-27 14:00 - 00000340 ____A C:\Windows\Tasks\At19.job
2012-07-27 11:05 - 2012-07-27 12:03 - 00000340 ____A C:\Windows\Tasks\At17.job
2012-07-27 11:05 - 2012-07-27 12:00 - 00000342 ____A C:\Windows\Tasks\At41.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000342 ____A C:\Windows\Tasks\At48.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000342 ____A C:\Windows\Tasks\At47.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000342 ____A C:\Windows\Tasks\At46.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000342 ____A C:\Windows\Tasks\At45.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000342 ____A C:\Windows\Tasks\At44.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000342 ____A C:\Windows\Tasks\At42.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000342 ____A C:\Windows\Tasks\At40.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000342 ____A C:\Windows\Tasks\At39.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000342 ____A C:\Windows\Tasks\At38.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000342 ____A C:\Windows\Tasks\At37.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000342 ____A C:\Windows\Tasks\At36.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000342 ____A C:\Windows\Tasks\At35.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000342 ____A C:\Windows\Tasks\At34.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000342 ____A C:\Windows\Tasks\At33.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000342 ____A C:\Windows\Tasks\At32.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000342 ____A C:\Windows\Tasks\At31.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000342 ____A C:\Windows\Tasks\At30.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000342 ____A C:\Windows\Tasks\At29.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000342 ____A C:\Windows\Tasks\At28.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000342 ____A C:\Windows\Tasks\At27.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000342 ____A C:\Windows\Tasks\At26.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000342 ____A C:\Windows\Tasks\At25.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000340 ____A C:\Windows\Tasks\At9.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000340 ____A C:\Windows\Tasks\At8.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000340 ____A C:\Windows\Tasks\At7.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000340 ____A C:\Windows\Tasks\At6.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000340 ____A C:\Windows\Tasks\At5.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000340 ____A C:\Windows\Tasks\At4.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000340 ____A C:\Windows\Tasks\At3.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000340 ____A C:\Windows\Tasks\At24.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000340 ____A C:\Windows\Tasks\At23.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000340 ____A C:\Windows\Tasks\At22.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000340 ____A C:\Windows\Tasks\At21.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000340 ____A C:\Windows\Tasks\At20.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000340 ____A C:\Windows\Tasks\At2.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000340 ____A C:\Windows\Tasks\At18.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000340 ____A C:\Windows\Tasks\At16.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000340 ____A C:\Windows\Tasks\At15.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000340 ____A C:\Windows\Tasks\At14.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000340 ____A C:\Windows\Tasks\At13.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000340 ____A C:\Windows\Tasks\At12.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000340 ____A C:\Windows\Tasks\At11.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000340 ____A C:\Windows\Tasks\At10.job
2012-07-27 11:05 - 2012-07-27 11:15 - 00000340 ____A C:\Windows\Tasks\At1.job
2012-07-24 15:06 - 2012-07-24 15:08 - 126310400 ____A C:\Users\Russell\Downloads\Vista_Recovery_Disc.iso
2012-07-24 14:56 - 2012-07-24 14:56 - 00000082 ____A C:\Users\Russell\Documents\Acer Product Key.txt
2012-07-23 17:49 - 2012-07-23 17:49 - 00000000 ____D C:\Users\Russell\AppData\Local\Macromedia
2012-07-22 12:59 - 2012-07-22 12:59 - 00000000 ____D C:\Users\Russell\Documents\GTA San Andreas User Files
2012-07-22 12:57 - 2012-07-22 12:58 - 00000000 ____D C:\Users\Russell\Desktop\Crack No-CD (By Squall89)
2012-07-22 12:42 - 2012-07-22 12:42 - 00000000 ____D C:\Users\Russell\Downloads\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By G-ADLVR_R7
2012-07-19 13:09 - 2012-07-19 13:17 - 00000072 ____A C:\Users\Russell\Downloads\mk.jsf
2012-07-19 13:01 - 2012-07-19 13:02 - 00000072 ____A C:\Users\Russell\Downloads\fightstick.jsf
2012-07-19 12:53 - 2012-07-19 12:55 - 10689971 ____A C:\Users\Russell\Downloads\Mortal Kombat Trilogy.zip
2012-07-19 12:51 - 2012-07-19 12:51 - 00000072 ____A C:\Users\Russell\Downloads\control2.jsf
2012-07-19 12:44 - 2012-07-19 12:44 - 00000072 ____A C:\Users\Russell\Documents\controller.jsf
2012-07-19 12:42 - 2012-07-19 12:43 - 10782861 ____A C:\Users\Russell\Downloads\GoldenEye 007.zip
2012-07-19 12:41 - 2012-07-27 17:52 - 00000000 ____D C:\Program Files (x86)\Project64 1.6
2012-07-19 12:40 - 2012-07-19 12:40 - 02080797 ____A (Project64 ) C:\Users\Russell\Downloads\setup Project64 1.6.exe
2012-07-15 18:19 - 2012-07-15 18:19 - 00363232 ____A C:\Users\Russell\Documents\p04_titles.wmv
2012-07-15 18:18 - 2012-07-15 18:56 - 00366499 ____A C:\Users\Russell\Documents\Exploring_p04_Grader_IR.pptx
2012-07-15 18:18 - 2012-07-15 18:18 - 00027226 ____A C:\Users\Russell\Documents\p04_beeps.wav
2012-07-15 16:13 - 2012-07-15 17:51 - 00467316 ____A C:\Users\Russell\Documents\Exploring_p03_Grader_IR.pptx
2012-07-15 14:07 - 2012-07-15 15:26 - 00341978 ____A C:\Users\Russell\Documents\Exploring_p02_Grader_IR.pptx
2012-07-15 14:07 - 2012-07-15 14:07 - 00128081 ____A C:\Users\Russell\Documents\p02_tips.pptx
2012-07-15 11:57 - 2012-07-15 13:50 - 00120805 ____A C:\Users\Russell\Documents\Exploring_p01_Grader_IR.pptx
2012-07-13 20:57 - 2012-07-17 11:34 - 00000000 ____D C:\Users\Russell\Downloads\Badministrator - League of Legends
2012-07-13 13:25 - 2012-07-13 14:05 - 191164721 ____A C:\Users\Russell\Downloads\Badministrator - League of Legends.zip
2012-07-11 15:38 - 2012-07-27 17:52 - 00000000 ___RD C:\Users\Russell\Desktop\New folder (2)
2012-07-08 19:00 - 2012-07-08 19:42 - 00724992 ____A C:\Users\Russell\Documents\Exploring_a04_Grader_IR.accdb
2012-07-08 14:53 - 2012-07-08 16:26 - 00540672 ____A C:\Users\Russell\Documents\Exploring_a03_Grader_IR.accdb
2012-07-08 11:22 - 2012-07-08 13:21 - 00552960 ____A C:\Users\Russell\Documents\Exploring_a02_Grader_IR.accdb
2012-07-08 11:22 - 2012-07-08 11:22 - 00009902 ____A C:\Users\Russell\Documents\Exploring_a02_Birthdays.xlsx
2012-07-08 09:07 - 2012-07-08 10:29 - 00610304 ____A C:\Users\Russell\Documents\Exploring_a01_Grader_IR.accdb
2012-07-07 08:58 - 2012-07-07 08:59 - 00001033 ____A C:\Users\Russell\Desktop\Dropbox.lnk
2012-07-05 13:23 - 2012-07-05 13:23 - 00000058 ____A C:\Users\Russell\Documents\ban that bleep.txt
2012-07-03 13:57 - 2012-07-03 13:57 - 00000000 ____D C:\Users\All Users\Stardock
2012-07-03 13:57 - 2012-07-03 13:57 - 00000000 ____D C:\Program Files (x86)\Stardock
2012-07-03 13:56 - 2012-07-03 13:56 - 07897952 ____A C:\Users\Russell\Downloads\LogonStudio_public.exe
2012-07-01 17:02 - 2012-07-01 17:44 - 00019308 ____A C:\Users\Russell\Documents\Exploring_e04_Grader_IR.xlsx
2012-07-01 14:58 - 2012-07-01 15:45 - 00018306 ____A C:\Users\Russell\Documents\Exploring_e03_Grader_IR.xlsx


============ 3 Months Modified Files ========================

2012-07-29 07:22 - 2010-01-19 10:26 - 01647269 ____A C:\Windows\WindowsUpdate.log
2012-07-29 07:20 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-29 07:20 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-29 07:19 - 2010-02-28 17:12 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-29 07:17 - 2009-07-13 21:13 - 00745700 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-29 07:13 - 2012-07-29 07:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7DA1445850424369
2012-07-29 07:13 - 2012-07-29 07:13 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\msqezpkb.sys
2012-07-29 07:12 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-29 07:12 - 2009-07-13 20:51 - 00126261 ____A C:\Windows\setupact.log
2012-07-29 07:10 - 2012-07-29 07:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.82C3DCE1266A9AC9
2012-07-29 07:08 - 2010-02-28 17:12 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-29 07:06 - 2012-07-29 07:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.406F77D0EFA8E7C7
2012-07-27 14:27 - 2012-07-27 14:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8B47AE887375493B
2012-07-27 14:22 - 2012-07-27 14:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5F497183F8FEA5FC
2012-07-27 14:17 - 2012-07-27 14:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9F986A3EEE46DBE6
2012-07-27 14:00 - 2012-07-27 14:00 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-27 14:00 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At43.job
2012-07-27 14:00 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At19.job
2012-07-27 13:59 - 2010-08-15 15:20 - 00759078 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-27 13:58 - 2012-07-27 13:56 - 12621696 ____A (Microsoft Corporation) C:\Users\Russell\Downloads\mseinstall.exe
2012-07-27 12:03 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At17.job
2012-07-27 12:00 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At41.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At48.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At47.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At46.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At45.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At44.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At42.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At40.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At39.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At38.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At37.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At36.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At35.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At34.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At33.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At32.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At31.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At30.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At29.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At28.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At27.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At26.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000342 ____A C:\Windows\Tasks\At25.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At9.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At8.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At7.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At6.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At5.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At4.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At3.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At24.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At23.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At22.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At21.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At20.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At2.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At18.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At16.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At15.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At14.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At13.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At12.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At11.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At10.job
2012-07-27 11:15 - 2012-07-27 11:05 - 00000340 ____A C:\Windows\Tasks\At1.job
2012-07-27 11:15 - 2010-03-13 18:44 - 00000258 _RASH C:\Users\All Users\ntuser.pol
2012-07-27 09:49 - 2010-04-13 03:30 - 00000880 ____A C:\Windows\Tasks\Google Software Updater.job
2012-07-24 15:08 - 2012-07-24 15:06 - 126310400 ____A C:\Users\Russell\Downloads\Vista_Recovery_Disc.iso
2012-07-24 14:56 - 2012-07-24 14:56 - 00000082 ____A C:\Users\Russell\Documents\Acer Product Key.txt
2012-07-23 17:49 - 2012-05-23 15:17 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-23 17:49 - 2011-12-05 20:18 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-19 13:17 - 2012-07-19 13:09 - 00000072 ____A C:\Users\Russell\Downloads\mk.jsf
2012-07-19 13:02 - 2012-07-19 13:01 - 00000072 ____A C:\Users\Russell\Downloads\fightstick.jsf
2012-07-19 12:55 - 2012-07-19 12:53 - 10689971 ____A C:\Users\Russell\Downloads\Mortal Kombat Trilogy.zip
2012-07-19 12:51 - 2012-07-19 12:51 - 00000072 ____A C:\Users\Russell\Downloads\control2.jsf
2012-07-19 12:44 - 2012-07-19 12:44 - 00000072 ____A C:\Users\Russell\Documents\controller.jsf
2012-07-19 12:43 - 2012-07-19 12:42 - 10782861 ____A C:\Users\Russell\Downloads\GoldenEye 007.zip
2012-07-19 12:40 - 2012-07-19 12:40 - 02080797 ____A (Project64 ) C:\Users\Russell\Downloads\setup Project64 1.6.exe
2012-07-15 18:57 - 2010-04-18 10:53 - 00007680 ____A C:\Users\Russell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-15 18:56 - 2012-07-15 18:18 - 00366499 ____A C:\Users\Russell\Documents\Exploring_p04_Grader_IR.pptx
2012-07-15 18:56 - 2010-04-11 18:51 - 00571904 __ASH C:\Users\Russell\Documents\Thumbs.db
2012-07-15 18:19 - 2012-07-15 18:19 - 00363232 ____A C:\Users\Russell\Documents\p04_titles.wmv
2012-07-15 18:18 - 2012-07-15 18:18 - 00027226 ____A C:\Users\Russell\Documents\p04_beeps.wav
2012-07-15 17:51 - 2012-07-15 16:13 - 00467316 ____A C:\Users\Russell\Documents\Exploring_p03_Grader_IR.pptx
2012-07-15 15:26 - 2012-07-15 14:07 - 00341978 ____A C:\Users\Russell\Documents\Exploring_p02_Grader_IR.pptx
2012-07-15 14:07 - 2012-07-15 14:07 - 00128081 ____A C:\Users\Russell\Documents\p02_tips.pptx
2012-07-15 13:50 - 2012-07-15 11:57 - 00120805 ____A C:\Users\Russell\Documents\Exploring_p01_Grader_IR.pptx
2012-07-13 14:05 - 2012-07-13 13:25 - 191164721 ____A C:\Users\Russell\Downloads\Badministrator - League of Legends.zip
2012-07-08 19:42 - 2012-07-08 19:00 - 00724992 ____A C:\Users\Russell\Documents\Exploring_a04_Grader_IR.accdb
2012-07-08 16:26 - 2012-07-08 14:53 - 00540672 ____A C:\Users\Russell\Documents\Exploring_a03_Grader_IR.accdb
2012-07-08 13:21 - 2012-07-08 11:22 - 00552960 ____A C:\Users\Russell\Documents\Exploring_a02_Grader_IR.accdb
2012-07-08 11:22 - 2012-07-08 11:22 - 00009902 ____A C:\Users\Russell\Documents\Exploring_a02_Birthdays.xlsx
2012-07-08 10:29 - 2012-07-08 09:07 - 00610304 ____A C:\Users\Russell\Documents\Exploring_a01_Grader_IR.accdb
2012-07-07 08:59 - 2012-07-07 08:58 - 00001033 ____A C:\Users\Russell\Desktop\Dropbox.lnk
2012-07-05 13:23 - 2012-07-05 13:23 - 00000058 ____A C:\Users\Russell\Documents\ban that bleep.txt
2012-07-03 13:56 - 2012-07-03 13:56 - 07897952 ____A C:\Users\Russell\Downloads\LogonStudio_public.exe
2012-07-01 17:44 - 2012-07-01 17:02 - 00019308 ____A C:\Users\Russell\Documents\Exploring_e04_Grader_IR.xlsx
2012-07-01 15:45 - 2012-07-01 14:58 - 00018306 ____A C:\Users\Russell\Documents\Exploring_e03_Grader_IR.xlsx
2012-06-27 02:38 - 2009-10-29 04:49 - 00219638 ____A C:\Windows\PFRO.log
2012-06-26 10:23 - 2012-06-26 10:23 - 00001104 ____A C:\Users\Public\Desktop\GIMP 2.lnk
2012-06-26 10:22 - 2012-06-26 10:22 - 00001042 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2012-06-26 10:21 - 2012-06-26 10:21 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2012-06-26 10:21 - 2012-06-26 10:21 - 00198832 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2012-06-26 10:21 - 2012-06-26 10:21 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2012-06-26 10:21 - 2012-06-26 10:21 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2012-06-26 10:21 - 2010-03-14 15:44 - 00499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2012-06-26 10:21 - 2010-03-14 15:44 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-06-26 10:19 - 2012-06-26 10:19 - 00326320 ____A C:\Users\Russell\Downloads\GimpSetup.exe
2012-06-24 19:31 - 2012-06-24 19:00 - 00016512 ____A C:\Users\Russell\Documents\Exploring_e02_Grader_IR.xlsx
2012-06-24 17:29 - 2012-06-24 17:10 - 00023358 ____A C:\Users\Russell\Documents\Exploring_e01_Grader_IR.xlsx
2012-06-21 14:40 - 2012-06-21 14:40 - 00266079 ____A C:\Users\Russell\Downloads\Translation Aggregator 0.4.9.r171.rar
2012-06-21 14:30 - 2012-06-21 14:30 - 00034136 ____A C:\Users\Russell\Downloads\ITH_UpdaterV3.rar
2012-06-21 14:07 - 2012-06-21 14:07 - 04333455 ____A C:\Users\Russell\Downloads\ChiiTrans.zip
2012-06-21 14:02 - 2012-06-21 13:59 - 00000918 ____A C:\Users\Russell\Desktop\PHANTASY STAR ONLINE 2 (2).lnk
2012-06-21 13:53 - 2012-06-21 13:53 - 00029360 ____A C:\Users\Russell\Downloads\agth.rar
2012-06-21 13:52 - 2012-06-21 13:51 - 02005827 ____A C:\Users\Russell\Downloads\2- TRANSLATOR AGGREGATOR GUIDE.rar
2012-06-19 16:57 - 2012-06-19 16:57 - 00003899 ____A C:\Users\Russell\Downloads\IPS Patch.rar
2012-06-19 08:53 - 2012-06-19 08:50 - 50300053 ____A C:\Users\Russell\Downloads\VPYTv00.7z
2012-06-19 08:21 - 2012-06-19 08:21 - 03699867 ____A C:\Users\Russell\Downloads\DSONE_SDHC_Evolution_V1.0_eng_sp6_20120521.zip
2012-06-19 08:19 - 2012-06-19 08:19 - 03696626 ____A C:\Users\Russell\Downloads\DSONE_Evolution_V1.0_eng_sp6_20120521.zip
2012-06-19 08:00 - 2012-06-19 07:49 - 56701864 ____A C:\Users\Russell\Downloads\6039 - Pokemon Conquest (U).rar
2012-06-17 17:30 - 2012-06-17 17:30 - 00016564 ____A C:\Users\Russell\Documents\w04_list.xlsx
2012-06-17 13:25 - 2012-06-17 13:25 - 00001153 ____A C:\Users\Russell\Documents\w03_sources.xml
2012-06-13 15:14 - 2012-06-13 15:14 - 04171406 ____A C:\Users\Russell\Downloads\XMouseButtonControlSetup.2.4.exe
2012-06-13 15:06 - 2012-06-13 15:05 - 00415121 ____A (Igor Pavlov) C:\Users\Russell\Downloads\peripheral_driver_mouse_m6800_2.0.exe
2012-06-12 16:47 - 2012-06-12 16:47 - 00176502 ____A C:\Users\Russell\Downloads\pso2_closedbeta_text.rar
2012-06-12 16:37 - 2012-06-12 16:37 - 00001343 ____A C:\Users\Russell\Desktop\PHANTASY STAR ONLINE 2.lnk
2012-06-11 21:38 - 2012-06-11 21:38 - 00237679 ____A C:\Users\Russell\Documents\refundform.xps
2012-06-11 18:15 - 2012-06-11 16:34 - 3511034048 ____A C:\Users\Russell\Downloads\PSO2_BETA.exe
2012-06-11 16:35 - 2012-06-11 14:07 - 1620317361 ____A C:\Users\Russell\Desktop\T10010001.TMP
2012-06-11 14:07 - 2012-06-11 14:07 - 00995712 ____A (SEGA ) C:\Users\Russell\Desktop\T10010000.TMP
2012-06-11 14:07 - 2012-06-11 14:07 - 00477136 ____A (SEGA Corporation) C:\Users\Russell\Downloads\downloader.exe
2012-06-10 10:57 - 2012-06-10 10:57 - 00091100 ____A C:\Users\Russell\Downloads\W_CH01_EXPV1_IRCD.zip
2012-06-10 09:09 - 2012-06-10 08:55 - 1519417223 ____A C:\Users\Russell\Downloads\LOLPBE.zip
2012-06-09 18:54 - 2011-10-16 10:14 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-06-09 18:54 - 2011-10-16 10:14 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-06-05 10:43 - 2012-06-05 10:43 - 00001198 ____A C:\Users\Public\Desktop\Diablo III.lnk
2012-06-05 10:41 - 2012-06-05 10:41 - 40048208 ____A (Blizzard Entertainment) C:\Users\Russell\Downloads\Diablo-III-Setup-enUS.exe
2012-06-03 18:59 - 2012-06-03 18:59 - 00030720 ____A C:\Users\Russell\Downloads\IglehartChap2-47.xls
2012-06-03 18:57 - 2012-06-03 10:55 - 00045568 ____A C:\Users\Russell\Downloads\TAccounts_wjc_cpa.xls
2012-06-03 17:56 - 2012-06-03 17:56 - 00026624 ____A C:\Users\Russell\Downloads\IglehartChap1PP.xls
2012-06-03 17:56 - 2012-06-03 14:37 - 00012151 ____A C:\Users\Russell\Documents\IglehartChap2.xlsx
2012-06-02 14:19 - 2012-06-21 14:33 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 14:33 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 14:33 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 14:33 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 14:33 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 14:33 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 14:33 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-21 14:32 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-21 14:32 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-31 08:25 - 2010-02-28 17:10 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-30 17:38 - 2012-05-30 17:26 - 829732526 ____A C:\Users\Russell\Downloads\2-Blade_and_Soul_Updated_Client.part3.rar.part
2012-05-28 12:14 - 2012-05-28 12:14 - 00010339 ____A C:\Users\Russell\Documents\IglehartChap1-Ex.xlsx
2012-05-28 12:08 - 2012-05-28 12:08 - 00014163 ____A C:\Users\Russell\Documents\IglehartChap1-pr.xlsx
2012-05-28 12:08 - 2012-05-28 12:01 - 00007419 ____A C:\Users\Russell\Documents\Problem47.xlsx
2012-05-28 12:07 - 2012-05-28 12:07 - 00014163 ____A C:\Users\Russell\Documents\IglehartChap1.xlsx
2012-05-28 11:38 - 2012-05-28 11:18 - 00010852 ____A C:\Users\Russell\Documents\prOBEL44.xlsx
2012-05-28 10:51 - 2012-05-28 10:51 - 00009876 ____A C:\Users\Russell\Documents\Chapter1-39.xlsx
2012-05-27 19:58 - 2012-05-27 19:58 - 24832136 ____A (Skype Technologies S.A.) C:\Users\Russell\Downloads\SkypeSetupFull.exe
2012-05-27 19:58 - 2012-05-27 19:58 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-05-27 19:19 - 2012-05-27 19:19 - 00000828 ____A C:\Users\Public\Desktop\AMCap.lnk
2012-05-27 19:19 - 2009-07-13 18:34 - 00000536 ____A C:\Windows\win.ini
2012-05-27 19:09 - 2012-05-27 19:08 - 17937259 ____A C:\Users\Russell\Downloads\WC1_Setup.zip
2012-05-26 07:21 - 2012-05-26 07:21 - 02959376 ____A (Microsoft Corporation) C:\Users\Russell\Downloads\dotnetfx35setup.exe
2012-05-26 06:42 - 2012-05-26 06:42 - 00001729 ____A C:\Users\Public\Desktop\Play League of Legends.lnk
2012-05-26 06:11 - 2012-05-26 06:11 - 08340523 ____A C:\Users\Russell\Downloads\SIU 3.330-Lite.zip
2012-05-24 13:55 - 2012-05-24 13:55 - 00003033 ____A C:\Users\Russell\Desktop\Launch MyITLab.lnk
2012-05-24 13:55 - 2012-05-23 15:17 - 00683801 ____A () C:\Windows\unins000.exe
2012-05-24 13:55 - 2012-05-23 15:17 - 00001690 ____A C:\Windows\unins000.dat
2012-05-23 15:06 - 2012-05-23 15:06 - 00220676 ____A C:\Users\Russell\Documents\Coupon.xps
2012-05-23 13:27 - 2012-05-23 13:27 - 00000349 ____A C:\Users\Russell\Downloads\Books Needed.txt
2012-05-21 16:58 - 2012-05-05 08:08 - 00000126 ____A C:\Users\Russell\Downloads\mcc.txt
2012-05-20 07:32 - 2010-01-19 10:33 - 00328934 ____A C:\Windows\DirectX.log
2012-05-19 22:02 - 2012-05-19 22:02 - 00002042 ____A C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
2012-05-19 22:02 - 2012-05-19 22:02 - 00002033 ____A C:\Users\Public\Desktop\Tribes Ascend.lnk
2012-05-19 22:01 - 2012-05-19 22:00 - 13235336 ____A (Hi-Rez Studios) C:\Users\Russell\Downloads\InstallHiRezGamesEnglish.exe
2012-05-15 05:49 - 2012-05-15 05:49 - 00000024 ____A C:\Users\Russell\Downloads\hgkhgj.txt
2012-05-15 02:03 - 2012-05-15 02:03 - 01374540 ____A C:\Users\Russell\Downloads\sf2t.zip
2012-05-15 01:46 - 2012-05-15 01:41 - 40222265 ____A C:\Users\Russell\Downloads\kof98.zip
2012-05-15 01:41 - 2012-05-15 01:41 - 00099992 ____A C:\Users\Russell\Downloads\xmen6p.zip
2012-05-15 01:39 - 2012-05-15 01:38 - 13166999 ____A C:\Users\Russell\Downloads\mslug.zip
2012-05-15 01:38 - 2012-05-15 01:38 - 05493447 ____A C:\Users\Russell\Downloads\mk.zip
2012-05-15 01:38 - 2012-05-15 01:38 - 02483913 ____A C:\Users\Russell\Downloads\simpsons.zip
2012-05-15 01:38 - 2012-05-15 01:38 - 01607365 ____A C:\Users\Russell\Downloads\ghouls.zip
2012-05-15 01:30 - 2012-05-15 01:30 - 01526440 ____A (Roman Scherzer) C:\Users\Russell\Downloads\cmp405_32.exe
2012-05-15 01:14 - 2012-05-15 01:14 - 04485441 ____A C:\Users\Russell\Downloads\TigerFBA_release_3.0.5.apk
2012-05-15 01:06 - 2012-05-15 01:06 - 05763309 ____A C:\Users\Russell\Downloads\Final Fantasy - Tactics Advanced(1).zip
2012-05-15 01:06 - 2012-05-15 01:06 - 05344029 ____A C:\Users\Russell\Downloads\Pokemon - Fire Red.zip
2012-05-15 00:22 - 2012-05-15 00:22 - 01740459 ____A C:\Users\Russell\Downloads\u6jc0-MM.apk
2012-05-15 00:10 - 2012-05-15 00:10 - 01435651 ____A C:\Users\Russell\Downloads\TigerGBA_Market_v2.7.4.apk
2012-05-14 22:51 - 2012-05-14 22:49 - 155275140 ____A C:\Users\Russell\Downloads\G_Harmony_ICSv1.3.zip
2012-05-14 22:33 - 2012-05-14 22:33 - 35600840 ____A C:\Users\Russell\Downloads\adb_fastboot_and_other_tools.zip
2012-05-14 22:11 - 2012-05-14 22:11 - 37456234 ____A (Google Inc.) C:\Users\Russell\Downloads\installer_r18-windows.exe
2012-05-14 22:09 - 2012-05-14 22:09 - 00285844 ____A C:\Users\Russell\Downloads\fastboot-win32.zip
2012-05-14 22:08 - 2012-05-14 22:06 - 86282728 ____A C:\Users\Russell\Downloads\3DGtaB-GAppZ-8.3.zip
2012-05-14 21:39 - 2012-05-14 21:39 - 00327905 ____A C:\Users\Russell\Downloads\nvflash_windows_5.118.zip
2012-05-14 21:28 - 2012-05-14 21:19 - 211392820 ____A C:\Users\Russell\Downloads\TeamDRH-ICS-Beta-1.2.zip
2012-05-14 21:23 - 2012-05-14 21:17 - 107186513 ____A C:\Users\Russell\Downloads\Full_Stock_NVFlash_CWM_5504_Touch.zip
2012-05-14 20:53 - 2012-05-14 20:53 - 04000309 ____A C:\Users\Russell\Downloads\GPlay_3.5.19.apk
2012-05-11 22:48 - 2012-05-11 22:48 - 00000175 ____A C:\Users\Public\Desktop\DragonNest.url
2012-05-11 19:20 - 2012-05-11 19:20 - 00000207 ____A C:\Users\Public\Desktop\Vindictus.url
2012-05-11 18:36 - 2012-05-11 18:36 - 01960400 ____A C:\Users\Russell\Downloads\VindictusDownloaderV152.exe
2012-05-11 13:40 - 2012-05-11 13:40 - 00001228 ____A C:\Users\Public\Desktop\3DMark Vantage.lnk
2012-05-11 13:38 - 2012-05-11 13:28 - 365678592 ____A (Futuremark Corporation) C:\Users\Russell\Downloads\3DMark_Vantage_v110_installer-Bjorn3D.exe
2012-05-11 12:56 - 2012-05-11 12:56 - 00792704 ____A (AMD) C:\Users\Russell\Downloads\amddriverdownloader.exe
2012-05-11 12:37 - 2012-05-11 12:37 - 00000041 ____A C:\Users\Russell\Downloads\ok.txt
2012-05-11 12:33 - 2012-05-11 12:33 - 00001809 ____A C:\Users\Public\Desktop\3DMark 11.lnk
2012-05-11 12:29 - 2012-05-11 12:24 - 294237056 ____A (Futuremark Corporation) C:\Users\Russell\Downloads\3DMark_11_v103_installer.exe
2012-05-07 20:26 - 2012-05-07 20:26 - 00002002 ____A C:\Users\Russell\Desktop\Aion.lnk
2012-05-07 20:14 - 2012-05-07 20:14 - 00002037 ____A C:\Users\Public\Desktop\NCsoft Launcher.lnk
2012-05-07 20:12 - 2012-05-07 20:11 - 06523640 ____A (Macrovision Corporation) C:\Users\Russell\Downloads\NCsoftLauncherSetup.exe
2012-05-05 09:25 - 2012-05-05 09:25 - 00001461 ____A C:\Users\Public\Desktop\Batman Arkham City.lnk
2012-05-05 08:18 - 2012-05-05 08:18 - 00002126 ____A C:\Users\Public\Desktop\Street Fighter X Tekken.lnk
2012-05-04 12:19 - 2012-05-04 12:19 - 00323377 ____A C:\Users\Russell\Documents\rebate.xps
2012-05-04 12:04 - 2012-05-04 11:43 - 2050742762 ____A C:\Users\Russell\Downloads\a175-win.exe
2012-05-03 21:20 - 2012-05-03 21:20 - 35989856 ____A (NVIDIA Corporation) C:\Users\Russell\Downloads\PhysX_9.09.1112_SystemSoftware.exe
2012-05-03 17:21 - 2012-05-03 15:37 - 127657364 ____A C:\Users\Russell\Downloads\891VSW764.zip
2012-05-03 16:51 - 2012-05-03 16:29 - 00000182 ____A C:\Users\Russell\Downloads\bench results.txt
2012-05-03 15:49 - 2012-05-03 15:49 - 00000000 ____A C:\Windows\ativpsrm.bin

ZeroAccess:
C:\Windows\Installer\{08cc644e-38bb-6c32-dc41-f68d6cce7543}
C:\Windows\Installer\{08cc644e-38bb-6c32-dc41-f68d6cce7543}\@
C:\Windows\Installer\{08cc644e-38bb-6c32-dc41-f68d6cce7543}\L
C:\Windows\Installer\{08cc644e-38bb-6c32-dc41-f68d6cce7543}\n
C:\Windows\Installer\{08cc644e-38bb-6c32-dc41-f68d6cce7543}\U
C:\Windows\Installer\{08cc644e-38bb-6c32-dc41-f68d6cce7543}\U\00000001.@

ZeroAccess:
C:\Users\Russell\AppData\Local\{08cc644e-38bb-6c32-dc41-f68d6cce7543}
C:\Users\Russell\AppData\Local\{08cc644e-38bb-6c32-dc41-f68d6cce7543}\@
C:\Users\Russell\AppData\Local\{08cc644e-38bb-6c32-dc41-f68d6cce7543}\L
C:\Users\Russell\AppData\Local\{08cc644e-38bb-6c32-dc41-f68d6cce7543}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 18%
Total physical RAM: 4095.23 MB
Available physical RAM: 3353.07 MB
Total Pagefile: 4093.38 MB
Available Pagefile: 3348.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (eMachines) (Fixed) (Total:684.54 GB) (Free:255.33 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:14 GB) (Free:4.99 GB) NTFS
8 Drive k: (KINGSTON) (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
10 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 Online 1919 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 14 GB 1024 KB
Partition 2 Primary 100 MB 14 GB
Partition 3 Primary 684 GB 14 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E PQSERVICE NTFS Partition 14 GB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 Y SYSTEM RESE NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C eMachines NTFS Partition 684 GB Healthy

==================================================================================

Partitions of Disk 6:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1915 MB 4032 KB

==================================================================================

Disk: 6
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 K KINGSTON FAT Removable 1915 MB Healthy

==================================================================================

testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


==========================================================

Last Boot: 2012-07-24 22:33

======================= End Of Log ==========================
 
Additional FRST Scan

Once again, please boot to the System Recovery Options and run FRST, as done previously.

Type the following text in the blank box after Search:

services.exe

Click: Search file(s)

FRST2.gif


When done searching, FRST makes a log, Search.txt, on the C:\ drive.

Please provide the Search.txt in your reply.

Don't mean to hold you up. But, I'll be back tomorrow morning. I've got other work to attend to. Sit tight. :)
 
Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-30 16:18:59
Running from K:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======


Feel free to take as much time as you need and thank you for assisting me here.
 
FRST64 Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
C:\Windows\Tasks\At*.job
2012-07-29 07:13 - 2012-07-29 07:13 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\msqezpkb.sys
C:\Users\Russell\Downloads\*.*
C:\Windows\Installer\{08cc644e-38bb-6c32-dc41-f68d6cce7543}
C:\Users\Russell\AppData\Local\{08cc644e-38bb-6c32-dc41-f68d6cce7543}
C:\Windows\TEMP\*.*
Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
end
Click to expand...

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.
 
Should I go get combofix or something or am I good to go?

I am not rushing you anything like that. I just cant seem to find the edit button and I meant to ask this in my previous post.
 
Go ahead...

ComboFix

Please download ComboFix
combofix.gif
by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:
  • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  • It is important to rename ComboFix before the download.
  • Please do not rename ComboFix to other names, but only the one indicated.
After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on svchost.exe & follow the prompts.
  • It will attempt to install the Recovery Console:
  • When ComboFix finishes, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.
 
ComboFix 12-07-31.03 - Russell 08/01/2012 11:05:49.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2505 [GMT -4:00]
Running from: c:\users\Russell\Desktop\ComboFix.exe
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Mozilla Firefox\components\AskHPRFF.js
c:\program files (x86)\Mozilla Firefox\searchplugins\google_search.xml
c:\programdata\E1D.tmp
c:\users\Russell\AppData\Local\assembly\tmp
c:\users\Russell\AppData\Roaming\8bd9fc0
c:\users\Russell\AppData\Roaming\8bd9fc0\8bd9fc0.cfg
c:\users\Russell\AppData\Roaming\8bd9fc0\8bd9fc0.exe
c:\users\Russell\AppData\Roaming\Cawuny
c:\users\Russell\AppData\Roaming\Cawuny\apvu.ebn
c:\windows\apppatch\AppLoc.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
.
.
((((((((((((((((((((((((( Files Created from 2012-07-01 to 2012-08-01 )))))))))))))))))))))))))))))))
.
.
2012-08-01 15:20 . 2012-08-01 15:20 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2012-08-01 15:20 . 2012-08-01 15:20 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2012-08-01 15:20 . 2012-08-01 15:20 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2012-08-01 15:20 . 2012-08-01 15:20 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2012-08-01 15:20 . 2012-08-01 15:20 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2012-08-01 15:20 . 2012-08-01 15:20 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2012-08-01 15:20 . 2012-08-01 15:20 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2012-08-01 15:20 . 2012-08-01 15:20 1651 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2012-08-01 15:20 . 2012-08-01 15:20 8288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2012-08-01 15:20 . 2012-08-01 15:20 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2012-08-01 15:20 . 2012-08-01 15:20 6208 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2012-08-01 15:20 . 2012-08-01 15:20 18541 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2012-08-01 15:19 . 2012-08-01 15:19 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2012-08-01 15:19 . 2012-08-01 15:19 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2012-08-01 15:19 . 2012-08-01 15:19 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2012-08-01 15:19 . 2012-08-01 15:19 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2012-07-31 14:18 . 2012-08-01 15:19 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DC1A2FA8-05D6-4E1B-981D-CC81F55E6DE6}\offreg.dll
2012-07-29 19:38 . 2012-07-29 19:38 -------- d-----w- C:\FRST
2012-07-29 15:13 . 2012-07-29 15:13 328704 ----a-w- c:\windows\system32\services.exe.7DA1445850424369
2012-07-29 15:10 . 2012-07-29 15:10 328704 ----a-w- c:\windows\system32\services.exe.82C3DCE1266A9AC9
2012-07-29 15:06 . 2012-07-29 15:06 328704 ----a-w- c:\windows\system32\services.exe.406F77D0EFA8E7C7
2012-07-27 22:27 . 2012-07-27 22:27 328704 ----a-w- c:\windows\system32\services.exe.8B47AE887375493B
2012-07-27 22:22 . 2012-07-27 22:22 328704 ----a-w- c:\windows\system32\services.exe.5F497183F8FEA5FC
2012-07-27 22:17 . 2012-07-27 22:17 328704 ----a-w- c:\windows\system32\services.exe.9F986A3EEE46DBE6
2012-07-27 22:12 . 2012-02-09 18:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4E9DB436-8C71-476D-B444-1B2427E361D2}\gapaengine.dll
2012-07-27 22:12 . 2012-07-16 06:40 9133488 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DC1A2FA8-05D6-4E1B-981D-CC81F55E6DE6}\mpengine.dll
2012-07-27 21:59 . 2012-07-27 21:59 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-27 21:59 . 2012-07-27 21:59 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-27 19:08 . 2012-07-28 01:50 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-24 01:49 . 2012-07-24 01:49 -------- d-----w- c:\users\Russell\AppData\Local\Macromedia
2012-07-19 20:41 . 2012-07-19 20:41 40960 ----a-r- c:\users\Russell\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2012-07-19 20:41 . 2012-07-19 20:41 40960 ----a-r- c:\users\Russell\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2012-07-19 20:41 . 2012-07-28 01:52 -------- d-----w- c:\program files (x86)\Project64 1.6
2012-07-05 22:45 . 2012-07-05 22:45 5030088 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-07-03 21:57 . 2012-07-03 21:57 -------- d-----w- c:\programdata\Stardock
2012-07-03 21:57 . 2012-07-03 21:57 -------- d-----w- c:\program files (x86)\Stardock
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-24 01:49 . 2012-05-23 23:17 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-24 01:49 . 2011-12-06 04:18 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-26 18:21 . 2010-03-14 23:44 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-06-26 18:21 . 2010-03-14 23:44 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-06-02 22:19 . 2012-06-21 22:33 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 22:33 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 22:33 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 22:33 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 22:33 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 22:33 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 22:33 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 22:32 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 22:32 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 16:25 . 2010-03-01 01:10 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-24 21:55 . 2012-05-23 23:17 683801 ----a-w- c:\windows\unins000.exe
2006-05-03 09:06 163328 --sh--r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\SysWOW64\nbDX.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 20:50 1197448 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Russell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Russell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Russell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Russell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-29 39408]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-10-26 393216]
"EPSON NX100 Series (Copy 1)"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIEDA.EXE" [2008-02-05 221696]
"EPSON NX620 Series"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIGAA.EXE" [2010-01-12 224768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NACAgentUI"="c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2011-10-31 529848]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"tsnp2uvc"="c:\program files (x86)\Common Files\SNP2UVC\tsnp2uvc.exe" [2011-10-17 317952]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"WheelMouse"="c:\advanc~1\wh_exec.exe" [2010-10-04 147456]
"TkBellExe"="c:\program files (x86)\real\realplayer\update\realsched.exe" [2012-06-26 296056]
.
c:\users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Russell\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-2-28 1200144]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2010-6-13 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 msqezpkb;msqezpkb;c:\windows\system32\drivers\msqezpkb.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-01 135664]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 dump_wmimmc;dump_wmimmc;c:\wemade entertainment\DigimonBattle\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-01 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2009-05-08 53632]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2009-10-27 28160]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 netr7364;Belkin Wireless 54G USB Network Adapter Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [2010-03-01 575488]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2010-02-26 25088]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2010-02-26 12288]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2010-02-26 173056]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2010-02-26 19456]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 416768]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\Spyware Doctor\pctsAuxs.exe [2009-10-30 359624]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2010-05-25 126952]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-06-25 144656]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2010-06-25 43152]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-02 1255736]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2009-11-09 218056]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-03 834544]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-06-25 202704]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-06-25 53968]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2011-03-10 14952]
S2 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2009-12-14 92928]
S2 NACAgent;Cisco NAC Agent;c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2011-10-31 1151928]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2011-12-21 529768]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]
S2 XMouseButton Launcher;XMouseButton Launcher;c:\program files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe [2012-03-04 87040]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-06-25 164176]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [2009-09-16 10368]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-29 03:36]
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-01 01:12]
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-01 01:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Russell\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Russell\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Russell\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Russell\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 236544]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=15153&l=dis
uLocal Page = c:\windows\system32\blank.htm
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173602102206p0465v165r4401s457
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173602102206p0465v165r4401s457
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173602102206p0465v165r4401s457
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: myitlab.com
Trusted Zone: pearsoncmg.com
Trusted Zone: pearsoned.com
Trusted Zone: researchnavigator.com
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{CC8AD820-C81E-44FD-9AC5-02FB8B698A4E}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\51lga81r.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
Wow6432Node-HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe
Notify-LBTWlgn - (no file)
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-AudioEdit Deluxe - c:\programdata\{F481FC18-57D5-4479-B2FB-083BFF223F8F}\setup_aed.exe
AddRemove-{2E1DE390-879C-4291-9B68-DA032D2CC98E} - c:\programdata\{F481FC18-57D5-4479-B2FB-083BFF223F8F}\setup_aed.exe
AddRemove-Shoddy Battle - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2047133502-1733002249-781369946-1000\Software\AliceSoft\ å* Ô* ·*]
@Allowed: (Read) (RestrictedCode)
"ALK01"="c:\\AliceSoft\\‘å”Ô’·\\AliceLogo.alk"
"DLL"="c:\\AliceSoft\\‘å”Ô’·\\DLL\00eLogo.alk"
"DLL01"="c:\\AliceSoft\\‘å”Ô’·\\ijl15.dll\00alk"
"SaveData"="c:\\AliceSoft\\‘å”Ô’·\\SaveData\00\00alk"
"Ini01"="c:\\AliceSoft\\‘å”Ô’·\\StreamMusic.ini"
"Execute"="c:\\AliceSoft\\‘å”Ô’·\\System40.exe\00ni"
"Ini02"="c:\\AliceSoft\\‘å”Ô’·\\System40.ini\00ni"
"ScenarioA"="c:\\AliceSoft\\‘å”Ô’·\\‘å”Ô’·.ain\00i\00ni"
"Icon"="c:\\AliceSoft\\‘å”Ô’·\\‘å”Ô’·.ico\00i\00ni"
"BgmA"="c:\\AliceSoft\\‘å”Ô’·\\‘å”Ô’·BA.ald\00ni"
"Bgi"="c:\\AliceSoft\\‘å”Ô’·\\‘å”Ô’·BA.bgi\00ni"
"DataA"="c:\\AliceSoft\\‘å”Ô’·\\‘å”Ô’·DA.ald\00ni"
"ALK02"="c:\\AliceSoft\\‘å”Ô’·\\‘å”Ô’·ED.alk\00ni"
"GraphicA"="c:\\AliceSoft\\‘å”Ô’·\\‘å”Ô’·GA.ald\00ni"
"ALK03"="c:\\AliceSoft\\‘å”Ô’·\\‘å”Ô’·OP.alk\00ni"
"WaveA"="c:\\AliceSoft\\‘å”Ô’·\\‘å”Ô’·WA.ald\00ni"
"Wai"="c:\\AliceSoft\\‘å”Ô’·\\‘å”Ô’·WA.wai\00ni"
"WaveB"="c:\\AliceSoft\\‘å”Ô’·\\‘å”Ô’·WB.ald\00ni"
@="c:\\AliceSoft\\‘å”Ô’·\\\00å”Ô’·WB.ald\00ni"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\progra~2\PHAROS~1\Core\CTskMstr.exe
c:\users\Russell\AppData\Local\TVersity\Media Server\MediaServer.exe
c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
c:\program files (x86)\Motorola\MotoConnectService\MotoConnect.exe
c:\advanced wheel mouse\wh_exec.exe
c:\program files\Logitech\SetPoint\x86\SetPoint32.exe
c:\program files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe
.
**************************************************************************
.
Completion time: 2012-08-01 11:25:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-01 15:25
.
Pre-Run: 293,092,417,536 bytes free
Post-Run: 292,701,814,784 bytes free
.
- - End Of File - - FDCAE9F19FE4431FBFF334AD51FE8248
 
ComboFix Script

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the codebox below into it:
    ClearJavaCache::
    Click to expand...
  • Save this as CFScript.txt, in the same location as ComboFix.exe

    CFScriptB-4.gif
  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.

Please download DDS by sUBs from BleepingComputer.com or Forospyware.com and save it to your Desktop.

Note: Before scanning, make sure all other running programs are closed. There shouldn't be any scheduled antivirus scans running while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click Yes to the Optional_Scan
  • Please follow the instructions that pop up for posting the results. Post only the contents of both logs.
  • Close the program window, and delete the program from your Desktop.
 
ComboFix 12-07-31.03 - Russell 08/02/2012 9:10.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.1763 [GMT -4:00]
Running from: c:\users\Russell\Desktop\ComboFix.exe
Command switches used :: c:\users\Russell\Desktop\CFscript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))
.
.
2012-08-02 13:22 . 2012-08-02 13:22 -------- d-----w- c:\users\Mcx1-RUSSELL-PC\AppData\Local\temp
2012-08-02 13:22 . 2012-08-02 13:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-02 04:39 . 2012-08-02 04:39 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3938D0EB-657F-46A7-BA49-7848DEABDD5F}\offreg.dll
2012-08-01 16:02 . 2012-07-16 06:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3938D0EB-657F-46A7-BA49-7848DEABDD5F}\mpengine.dll
2012-08-01 15:20 . 2012-08-01 15:20 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2012-08-01 15:20 . 2012-08-01 15:20 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2012-08-01 15:20 . 2012-08-01 15:20 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2012-08-01 15:20 . 2012-08-01 15:20 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2012-08-01 15:20 . 2012-08-01 15:20 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2012-08-01 15:20 . 2012-08-01 15:20 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2012-08-01 15:20 . 2012-08-01 15:20 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2012-08-01 15:20 . 2012-08-01 15:20 1651 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2012-08-01 15:20 . 2012-08-01 15:20 8288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2012-08-01 15:20 . 2012-08-01 15:20 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2012-08-01 15:20 . 2012-08-01 15:20 6208 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2012-08-01 15:20 . 2012-08-01 15:20 18541 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2012-08-01 15:19 . 2012-08-01 15:19 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2012-08-01 15:19 . 2012-08-01 15:19 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2012-08-01 15:19 . 2012-08-01 15:19 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2012-08-01 15:19 . 2012-08-01 15:19 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2012-08-01 15:19 . 2012-08-01 15:19 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2012-07-29 19:38 . 2012-07-29 19:38 -------- d-----w- C:\FRST
2012-07-29 15:13 . 2012-07-29 15:13 328704 ----a-w- c:\windows\system32\services.exe.7DA1445850424369
2012-07-29 15:10 . 2012-07-29 15:10 328704 ----a-w- c:\windows\system32\services.exe.82C3DCE1266A9AC9
2012-07-29 15:06 . 2012-07-29 15:06 328704 ----a-w- c:\windows\system32\services.exe.406F77D0EFA8E7C7
2012-07-27 22:27 . 2012-07-27 22:27 328704 ----a-w- c:\windows\system32\services.exe.8B47AE887375493B
2012-07-27 22:22 . 2012-07-27 22:22 328704 ----a-w- c:\windows\system32\services.exe.5F497183F8FEA5FC
2012-07-27 22:17 . 2012-07-27 22:17 328704 ----a-w- c:\windows\system32\services.exe.9F986A3EEE46DBE6
2012-07-27 22:12 . 2012-02-09 18:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4E9DB436-8C71-476D-B444-1B2427E361D2}\gapaengine.dll
2012-07-27 21:59 . 2012-07-27 21:59 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-27 21:59 . 2012-07-27 21:59 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-27 19:08 . 2012-07-28 01:50 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-24 01:49 . 2012-07-24 01:49 -------- d-----w- c:\users\Russell\AppData\Local\Macromedia
2012-07-19 20:41 . 2012-07-19 20:41 40960 ----a-r- c:\users\Russell\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2012-07-19 20:41 . 2012-07-19 20:41 40960 ----a-r- c:\users\Russell\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2012-07-19 20:41 . 2012-07-28 01:52 -------- d-----w- c:\program files (x86)\Project64 1.6
2012-07-05 22:45 . 2012-07-05 22:45 5030088 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-07-03 21:57 . 2012-07-03 21:57 -------- d-----w- c:\programdata\Stardock
2012-07-03 21:57 . 2012-07-03 21:57 -------- d-----w- c:\program files (x86)\Stardock
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-24 01:49 . 2012-05-23 23:17 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-24 01:49 . 2011-12-06 04:18 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-26 18:21 . 2010-03-14 23:44 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-06-26 18:21 . 2010-03-14 23:44 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-06-02 22:19 . 2012-06-21 22:33 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 22:33 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 22:33 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 22:33 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 22:33 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 22:33 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 22:33 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 22:32 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 22:32 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 16:25 . 2010-03-01 01:10 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-24 21:55 . 2012-05-23 23:17 683801 ----a-w- c:\windows\unins000.exe
2006-05-03 09:06 163328 --sh--r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\SysWOW64\nbDX.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-01_15.19.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-01 03:50 . 2012-08-01 15:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-01 03:50 . 2012-08-01 14:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-01 03:50 . 2012-08-01 15:21 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-01 03:50 . 2012-08-01 14:58 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-01 03:50 . 2012-08-01 14:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-01 03:50 . 2012-08-01 15:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-01 00:08 . 2012-08-01 15:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-01 00:08 . 2012-08-01 14:58 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-01 00:08 . 2012-08-01 15:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-03-01 00:08 . 2012-08-01 14:58 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 02:36 . 2012-08-01 15:00 637270 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-01 16:43 637270 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-01 16:43 111550 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-08-01 15:00 111550 c:\windows\system32\perfc009.dat
- 2010-01-19 18:31 . 2012-07-31 14:42 147456 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-19 18:31 . 2012-08-01 15:24 147456 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-31 14:42 196608 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-01 15:24 196608 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 02:34 . 2012-08-02 11:30 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-07-31 15:01 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2010-01-19 18:31 . 2012-07-31 14:42 2342912 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-19 18:31 . 2012-08-01 15:24 2342912 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 20:50 1197448 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Russell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Russell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Russell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Russell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-29 39408]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-10-26 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NACAgentUI"="c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2011-10-31 529848]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"tsnp2uvc"="c:\program files (x86)\Common Files\SNP2UVC\tsnp2uvc.exe" [2011-10-17 317952]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"WheelMouse"="c:\advanc~1\wh_exec.exe" [2010-10-04 147456]
"TkBellExe"="c:\program files (x86)\real\realplayer\update\realsched.exe" [2012-06-26 296056]
.
c:\users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Russell\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-2-28 1200144]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2010-6-13 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
[BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 msqezpkb;msqezpkb;c:\windows\system32\drivers\msqezpkb.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-01 135664]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 dump_wmimmc;dump_wmimmc;c:\wemade entertainment\DigimonBattle\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-01 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2009-05-08 53632]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2009-10-27 28160]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 netr7364;Belkin Wireless 54G USB Network Adapter Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [2010-03-01 575488]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2010-02-26 25088]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2010-02-26 12288]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2010-02-26 173056]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2010-02-26 19456]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 416768]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\Spyware Doctor\pctsAuxs.exe [2009-10-30 359624]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2010-05-25 126952]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-06-25 144656]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2010-06-25 43152]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-02 1255736]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2009-11-09 218056]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-03 834544]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-06-25 202704]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-06-25 53968]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2011-03-10 14952]
S2 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2009-12-14 92928]
S2 NACAgent;Cisco NAC Agent;c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2011-10-31 1151928]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2011-12-21 529768]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]
S2 XMouseButton Launcher;XMouseButton Launcher;c:\program files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe [2012-03-04 87040]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-06-25 164176]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [2009-09-16 10368]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-29 03:36]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-01 01:12]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-01 01:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Russell\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Russell\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Russell\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Russell\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 236544]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=15153&l=dis
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173602102206p0465v165r4401s457
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: myitlab.com
Trusted Zone: pearsoncmg.com
Trusted Zone: pearsoned.com
Trusted Zone: researchnavigator.com
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{CC8AD820-C81E-44FD-9AC5-02FB8B698A4E}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\51lga81r.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2047133502-1733002249-781369946-1000\Software\AliceSoft\ å* Ô* ·*]
@Allowed: (Read) (RestrictedCode)
"ALK01"="c:\\AliceSoft\\‘å”Ô’·\\AliceLogo.alk"
"DLL"="c:\\AliceSoft\\‘å”Ô’·\\DLL\00eLogo.alk"
"DLL01"="c:\\AliceSoft\\‘å”Ô’·\\ijl15.dll\00alk"
"SaveData"="c:\\AliceSoft\\‘å”Ô’·\\SaveData\00\00alk"
"Ini01"="c:\\AliceSoft\\‘å”Ô’·\\StreamMusic.ini"
"Execute"="c:\\AliceSoft\\‘å”Ô’·\\System40.exe\00ni"
"Ini02"="c:\\AliceSoft\\‘å”Ô’·\\System40.ini\00ni"
"ScenarioA"="c:\\AliceSoft\\‘å”Ô’·\\‘å”Ô’·.ain\00i\00ni"
"Icon"="c:\\AliceSoft\\‘å”Ô’·\\‘å”Ô’·.ico\00i\00ni"
"BgmA"="c:\\AliceSoft\\‘å”Ô’·\\‘å”Ô’·BA.ald\00ni"
"Bgi"="c:\\AliceSoft\\‘å”Ô’·\\‘å”Ô’·BA.bgi\00ni"
"DataA"="c:\\AliceSoft\\‘å”Ô’·\\‘å”Ô’·DA.ald\00ni"
"ALK02"="c:\\AliceSoft\\‘å”Ô’·\\‘å”Ô’·ED.alk\00ni"
"GraphicA"="c:\\AliceSoft\\‘å”Ô’·\\‘å”Ô’·GA.ald\00ni"
"ALK03"="c:\\AliceSoft\\‘å”Ô’·\\‘å”Ô’·OP.alk\00ni"
"WaveA"="c:\\AliceSoft\\‘å”Ô’·\\‘å”Ô’·WA.ald\00ni"
"Wai"="c:\\AliceSoft\\‘å”Ô’·\\‘å”Ô’·WA.wai\00ni"
"WaveB"="c:\\AliceSoft\\‘å”Ô’·\\‘å”Ô’·WB.ald\00ni"
@="c:\\AliceSoft\\‘å”Ô’·\\\00å”Ô’·WB.ald\00ni"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-02 09:24:54
ComboFix-quarantined-files.txt 2012-08-02 13:24
ComboFix2.txt 2012-08-01 15:25
.
Pre-Run: 291,622,535,168 bytes free
Post-Run: 291,332,153,344 bytes free
.
- - End Of File - - 59ED71B837BD7ABE328250C910CA71FA
 
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.4.1
Run by Russell at 9:55:03 on 2012-08-02
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2013 [GMT -4:00]
.
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Advanced Wheel Mouse\wh_exec.exe
C:\Program Files (x86)\real\realplayer\Update\realsched.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com?o=15153&l=dis
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173602102206p0465v165r4401s457
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: PodcastBHO Class: {65134fdf-f8a5-4b3d-91d9-cdf273cfd578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [tsnp2uvc] C:\Program Files (x86)\Common Files\SNP2UVC\tsnp2uvc.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [WheelMouse] C:\ADVANC~1\wh_exec.exe
mRun: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot
StartupFolder: C:\Users\Russell\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Russell\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: myitlab.com
Trusted Zone: pearsoncmg.com
Trusted Zone: pearsoned.com
Trusted Zone: researchnavigator.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{88825C1B-53B3-4FB8-863B-CAFD67D96392} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{88825C1B-53B3-4FB8-863B-CAFD67D96392}\C696E6B6379737 : DhcpNameServer = 64.233.217.3 64.233.217.5
TCP: Interfaces\{CC8AD820-C81E-44FD-9AC5-02FB8B698A4E} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{CC8AD820-C81E-44FD-9AC5-02FB8B698A4E} : DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{E7B3807D-ADE6-4561-AE2A-3B03C8755F58} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{EE277A8E-E533-49CE-A929-B3B796D2F29E} : DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{EE277A8E-E533-49CE-A929-B3B796D2F29E}\E4544574541425 : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: PodcastBHO Class: {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
BHO-X64: dTPodcastBHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [tsnp2uvc] C:\Program Files (x86)\Common Files\SNP2UVC\tsnp2uvc.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [WheelMouse] C:\ADVANC~1\wh_exec.exe
mRun-x64: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\51lga81r.default\
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-5-20 8704]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 iPodDrv;iPodDrv;\??\C:\Windows\system32\drivers\iPodDrv.sys --> C:\Windows\system32\drivers\iPodDrv.sys [?]
R2 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-7-3 92928]
R2 NACAgent;Cisco NAC Agent;C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2011-10-31 1151928]
R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2011-12-21 529768]
R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-3-15 370504]
R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-10-29 240160]
R2 XMouseButton Launcher;XMouseButton Launcher;C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe [2012-3-4 87040]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;C:\Windows\system32\DRIVERS\whfltr2k.sys --> C:\Windows\system32\DRIVERS\whfltr2k.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-28 135664]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-8-5 1153368]
S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys --> C:\Windows\system32\DRIVERS\motfilt.sys [?]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2010-3-3 25832]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-5-11 135584]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-28 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MotDev;Motorola Inc. USB Device;C:\Windows\system32\DRIVERS\motodrv.sys --> C:\Windows\system32\DRIVERS\motodrv.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys --> C:\Windows\system32\DRIVERS\Motousbnet.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
S3 netr7364;Belkin Wireless 54G USB Network Adapter Driver for Vista;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 nmwcdcx64;Nokia USB Generic;C:\Windows\system32\drivers\ccdcmbox64.sys --> C:\Windows\system32\drivers\ccdcmbox64.sys [?]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\system32\drivers\nmwcdnsucx64.sys --> C:\Windows\system32\drivers\nmwcdnsucx64.sys [?]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsux64.sys --> C:\Windows\system32\drivers\nmwcdnsux64.sys [?]
S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\system32\drivers\ccdcmbx64.sys --> C:\Windows\system32\drivers\ccdcmbx64.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187B.sys --> C:\Windows\system32\DRIVERS\RTL8187B.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe [2010-4-13 359624]
S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe [2010-4-13 1141712]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys --> C:\Windows\system32\DRIVERS\ssadserd.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 VBoxUSB;VirtualBox USB;C:\Windows\system32\Drivers\VBoxUSB.sys --> C:\Windows\system32\Drivers\VBoxUSB.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-08-02 04:39:40 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3938D0EB-657F-46A7-BA49-7848DEABDD5F}\offreg.dll
2012-08-01 16:02:34 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3938D0EB-657F-46A7-BA49-7848DEABDD5F}\mpengine.dll
2012-08-01 15:02:49 98816 ----a-w- C:\Windows\sed.exe
2012-08-01 15:02:49 518144 ----a-w- C:\Windows\SWREG.exe
2012-08-01 15:02:49 256000 ----a-w- C:\Windows\PEV.exe
2012-08-01 15:02:49 208896 ----a-w- C:\Windows\MBR.exe
2012-07-29 19:38:07 -------- d-----w- C:\FRST
2012-07-29 15:13:39 328704 ----a-w- C:\Windows\System32\services.exe.7DA1445850424369
2012-07-29 15:10:53 328704 ----a-w- C:\Windows\System32\services.exe.82C3DCE1266A9AC9
2012-07-29 15:06:22 328704 ----a-w- C:\Windows\System32\services.exe.406F77D0EFA8E7C7
2012-07-27 22:27:01 328704 ----a-w- C:\Windows\System32\services.exe.8B47AE887375493B
2012-07-27 22:22:23 328704 ----a-w- C:\Windows\System32\services.exe.5F497183F8FEA5FC
2012-07-27 22:17:43 328704 ----a-w- C:\Windows\System32\services.exe.9F986A3EEE46DBE6
2012-07-27 22:12:37 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4E9DB436-8C71-476D-B444-1B2427E361D2}\gapaengine.dll
2012-07-27 21:59:36 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-07-27 21:59:25 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-07-27 19:08:09 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-07-24 01:49:34 -------- d-----w- C:\Users\Russell\AppData\Local\Macromedia
2012-07-19 20:41:09 40960 ----a-r- C:\Users\Russell\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2012-07-19 20:41:09 40960 ----a-r- C:\Users\Russell\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2012-07-19 20:41:08 -------- d-----w- C:\Program Files (x86)\Project64 1.6
2012-07-05 22:45:34 5030088 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-07-03 21:57:15 -------- d-----w- C:\ProgramData\Stardock
2012-07-03 21:57:12 -------- d-----w- C:\Program Files (x86)\Stardock
.
==================== Find3M ====================
.
2012-07-24 01:49:16 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-24 01:49:16 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-26 18:21:42 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-06-26 18:21:42 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-05-24 21:55:22 683801 ----a-w- C:\Windows\unins000.exe
2006-05-03 09:06:54 163328 --sh--r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- C:\Windows\SysWOW64\nbDX.dll
.
============= FINISH: 9:55:33.50 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/28/2010 7:08:12 PM
System Uptime: 8/1/2012 11:18:39 AM (23 hours ago)
.
Motherboard: eMachines | | EMCP73VT-PM
Processor: Pentium(R) Dual-Core CPU E5400 @ 2.70GHz | CPU 1 | 2700/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 685 GiB total, 271.437 GiB free.
E: is Removable
F: is Removable
G: is Removable
H: is Removable
J: is CDROM ()
X: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VirtualBox Host-Only Ethernet Adapter
Device ID: ROOT\NET\0000
Manufacturer: Sun Microsystems, Inc.
Name: VirtualBox Host-Only Ethernet Adapter
PNP Device ID: ROOT\NET\0000
Service: VBoxNetAdp
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: PS/2 Mouse
Device ID: ACPI\PNP0F03\4&EABE7E6&0
Manufacturer: Logitech
Name: PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&EABE7E6&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP213: 7/27/2012 4:05:17 PM - Removed GTA San Andreas
RP214: 7/27/2012 4:08:09 PM - Restore Operation
RP215: 8/1/2012 11:02:57 AM - ComboFix created restore point
.
==== Installed Programs ======================
.
µTorrent
2007 Microsoft Office Suite Service Pack 2 (SP2)
3DMark 11
3DMark Vantage
AC3Filter 1.63b
Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CS3
Adobe Photoshop CS4
Adobe Photoshop CS5
Adobe Reader X (10.1.1)
Adobe Setup
Adobe Shockwave Player 11.5
Advanced Wheel Mouse 6.0.0.011
Advertising Center
Aion
Alarm 2.0.4
Alarm Clock v1.0
Android Commander version 0.7.9.9
Android SDK Tools
Apple Application Support
Apple Software Update
Ask Toolbar
AudioEdit Deluxe
Audiosurf Demo
AviSynth 2.5
Bandisoft MPEG-1 Decoder
Batman Arkham City version 1.0
Belkin 54Mbps Wireless Network Adapter
Belkin Setup and Router Monitor
CamStudio
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco NAC Agent
clrmamepro
Compatibility Pack for the 2007 Office system
ControlMK 0.232
DebugMode Wax 2.0
Diablo III
doubleTwist
Dragon Age: Origins
DragonNest
Dropbox
eBay Worldwide
eMachines Games
eMachines Recovery Management
eMachines Registration
eMachines ScreenSaver
eMachines Updater
EPSON Scan
erLT
ESET Online Scanner v3
ffdshow [rev 2527] [2008-12-19]
FrostWire 4.20.7
Futuremark SystemInfo
GGPO
GIMP 2.6.11
GmoteServer
Google Update Helper
Google Updater
Graph 4.3
Haali Media Splitter
Handbrake 0.9.4
Hard Disk Low Level Format Tool 2.36 build 1181
Heroes of Might and Magic V Collector Edition
Hi-Rez Studios Authenticate and Update Service
HydraVision
Identity Card
ImagXpress
ImgBurn
Inkscape 0.48.0
Internet TV for Windows Media Center
JAF Setup
Java Auto Updater
Java Launcher 3.201 (Standard edition)
Java(TM) 6 Update 27
Java(TM) 7 Update 4
JavaFX 2.1.0
JDownloader
JPEG to PDF 1.0
Junk Mail filter update
KeyHoleTV
KMDX 1.00
League of Legends
Logitech SetPoint
LogonStudio
Mad Catz Xbox PC Driver
Magic ISO Maker v5.5 (build 0281)
Magicka - Demo
Malwarebytes' Anti-Malware
ManyCam 2.4 (remove only)
MathType 6
McAfee Security Scan Plus
Media Player Classic - Home Cinema v. 1.3.1249.0
Microsoft AppLocale
Microsoft Choice Guard
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Microsoft XNA Framework Redistributable 3.1
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Motorola Phone Tools
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyITLab
MyITLab ActiveX Installer 2, 9, 8, 65535
NCsoft Launcher
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
Nexon Game Manager
Nokia Connectivity Cable Driver
Nokia Ovi Player
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
Nokia PC Suite
Nokia_Multimedia_Common_Components_2_5
NVIDIA PhysX
Oblivion
Odboso PhotoRetrieval 1.8.0
OnLive
Overgrowth (remove only)
Ovi Desktop Sync Engine
OviMPlatform
Pando Media Booster
PC Connectivity Solution
PDF Settings CS5
PHANTASY STAR ONLINE 2
PHANTASY STAR ONLINE 2 ??????????????
Pharos
Pokemon Online 1.0.53
PowerISO
Project64 1.6
QuickTime
Rainmeter (remove only)
Realm of the Mad God
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Revo Uninstaller 1.93
RocketDock 1.3.5
Rosetta Stone Version 3
RSDLite
Schtserv PsoBB
SDFormatter
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Skype Click to Call
Skype™ 5.9
SONIC ADVENTURE DX-Director's Cut
Splashtop Streamer
Spybot - Search & Destroy
Spyware Doctor 7.0
Steam
Street Fighter X Tekken
SUPER © Version 2010.bld.38 (May 2, 2010)
Super Mario Bros. X version 1.3
System Requirements Lab
System Requirements Lab CYRI
Team Fortress 2
Tribes Ascend
TVersity Media Server 1.8 Beta
Unified Remote
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Word 2007 (KB974631)
Update for Outlook 2007 Junk Email Filter (kb2202131)
USB Video Device
Videora Nokia 5800 XpressMusic Converter 5.04
Vindictus
Visual C++ 2008 Runtime (x64)
Vizzed Retro Game Room
Wallpaperio Nokia 5800 XpressMusic Maker 2.03
Welcome Center
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
Winkawaks 1.61
X-Mouse Button Control 2.4
YVD
ZyAIR USB Utility
.
==== Event Viewer Messages From Past Week ========
.
8/2/2012 9:22:19 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/2/2012 9:08:45 AM, Error: Service Control Manager [7034] - The TVersityMediaServer service terminated unexpectedly. It has done this 1 time(s).
8/2/2012 9:08:45 AM, Error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).
8/2/2012 9:07:37 AM, Error: Service Control Manager [7034] - The SBSD Security Center Service service terminated unexpectedly. It has done this 1 time(s).
8/2/2012 12:39:58 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Shetwirl.A&threatid=2147638931 Name: Trojan:DOS/Shetwirl.A ID: 2147638931 Severity: Severe Category: Trojan Path: boot:_\Device\Harddisk0\DR0;boot:_\Device\Harddisk0\DR0\(MBR);boot:_\Device\Harddisk0\DR0\(MBR)\(MBR) Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\Defrag.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070032 Error description: The request is not supported. Signature Version: AV: 1.131.829.0, AS: 1.131.829.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
8/1/2012 11:29:50 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.829.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
8/1/2012 11:29:50 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.829.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
8/1/2012 11:20:19 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Shetwirl.A&threatid=2147638931 Name: Trojan:DOS/Shetwirl.A ID: 2147638931 Severity: Severe Category: Trojan Path: boot:_\Device\Harddisk0\DR0\(MBR);boot:_\Device\Harddisk0\DR0\(MBR)\(MBR) Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x80070032 Error description: The request is not supported. Signature Version: AV: 1.131.829.0, AS: 1.131.829.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
8/1/2012 11:19:25 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
8/1/2012 11:17:06 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
8/1/2012 11:08:33 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.829.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
8/1/2012 10:56:45 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Shetwirl.A&threatid=2147638931 Name: Trojan:DOS/Shetwirl.A ID: 2147638931 Severity: Severe Category: Trojan Path: boot:_\Device\Harddisk0\DR0\(MBR);boot:_\Device\Harddisk0\DR0\(MBR)\(MBR) Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x80070032 Error description: The request is not supported. Signature Version: AV: 1.131.829.0, AS: 1.131.829.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
8/1/2012 10:55:32 AM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
8/1/2012 10:55:32 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
8/1/2012 10:55:25 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
8/1/2012 10:55:24 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
7/31/2012 10:29:02 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.829.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
7/31/2012 10:20:26 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Shetwirl.A&threatid=2147638931 Name: Trojan:DOS/Shetwirl.A ID: 2147638931 Severity: Severe Category: Trojan Path: boot:_\Device\Harddisk0\DR0;boot:_\Device\Harddisk0\DR0\(MBR);boot:_\Device\Harddisk0\DR0\(MBR)\(MBR) Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\svchost.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070032 Error description: The request is not supported. Signature Version: AV: 1.131.829.0, AS: 1.131.829.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
7/29/2012 11:22:54 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.829.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
7/29/2012 11:13:59 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Shetwirl.A&threatid=2147638931 Name: Trojan:DOS/Shetwirl.A ID: 2147638931 Severity: Severe Category: Trojan Path: boot:_\Device\Harddisk0\DR0;boot:_\Device\Harddisk0\DR0\(MBR);boot:_\Device\Harddisk0\DR0\(MBR)\(MBR) Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\svchost.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070032 Error description: The request is not supported. Signature Version: AV: 1.131.829.0, AS: 1.131.829.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
7/29/2012 11:10:53 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:676 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.131.829.0, AS: 1.131.829.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
7/29/2012 11:09:24 AM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
7/29/2012 11:06:22 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\system32\services.exe;file:_C:\Windows\system32\services.exe->731;process:_pid:468 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.131.829.0, AS: 1.131.829.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
7/29/2012 11:05:37 AM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
7/29/2012 11:05:13 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdrom DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr sptd tdx VBoxDrv VBoxUSBMon Wanarpv6 WfpLwf
7/29/2012 11:05:13 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/29/2012 11:05:13 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/29/2012 11:05:13 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
7/29/2012 11:05:13 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/29/2012 11:05:13 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/29/2012 11:05:13 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
7/29/2012 11:05:13 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
7/29/2012 11:05:13 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/29/2012 11:05:13 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
7/29/2012 11:05:13 AM, Error: Service Control Manager [7001] - The MotoConnect Service service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
7/29/2012 11:05:13 AM, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
7/29/2012 11:05:13 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/29/2012 11:05:13 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/29/2012 11:05:13 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
7/29/2012 11:05:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
7/29/2012 11:04:49 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .
7/27/2012 6:30:23 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Shetwirl.A&threatid=2147638931 Name: Trojan:DOS/Shetwirl.A ID: 2147638931 Severity: Severe Category: Trojan Path: boot:_\Device\Harddisk0\DR0;boot:_\Device\Harddisk0\DR0\(MBR);boot:_\Device\Harddisk0\DR0\(MBR)\(MBR) Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\svchost.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070032 Error description: The request is not supported. Signature Version: AV: 1.131.829.0, AS: 1.131.829.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
7/27/2012 6:27:01 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\system32\services.exe;file:_C:\Windows\system32\services.exe->731;process:_pid:684 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.131.829.0, AS: 1.131.829.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
7/27/2012 6:26:28 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Shetwirl.A&threatid=2147638931 Name: Trojan:DOS/Shetwirl.A ID: 2147638931 Severity: Severe Category: Trojan Path: boot:_\Device\Harddisk0\DR0;boot:_\Device\Harddisk0\DR0\(MBR);boot:_\Device\Harddisk0\DR0\(MBR)\(MBR) Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\svchost.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070032 Error description: The request is not supported. Signature Version: AV: 1.131.829.0, AS: 1.131.829.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
7/27/2012 6:22:23 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\system32\services.exe;file:_C:\Windows\system32\services.exe->731;process:_pid:680 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.131.829.0, AS: 1.131.829.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
7/27/2012 6:21:35 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Shetwirl.A&threatid=2147638931 Name: Trojan:DOS/Shetwirl.A ID: 2147638931 Severity: Severe Category: Trojan Path: boot:_\Device\Harddisk0\DR0;boot:_\Device\Harddisk0\DR0\(MBR);boot:_\Device\Harddisk0\DR0\(MBR)\(MBR) Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\svchost.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070032 Error description: The request is not supported. Signature Version: AV: 1.131.829.0, AS: 1.131.829.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
7/27/2012 6:17:43 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:672 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.131.829.0, AS: 1.131.829.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
7/27/2012 6:13:21 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.829.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
7/27/2012 6:13:21 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.829.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
7/27/2012 6:13:21 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.829.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
7/27/2012 6:13:21 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.829.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
7/27/2012 6:13:21 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.829.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
7/27/2012 6:00:46 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
7/27/2012 6:00:26 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
7/27/2012 5:41:22 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MotoConnect Service service.
7/27/2012 5:40:05 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
7/27/2012 4:30:08 PM, Error: Service Control Manager [7034] - The Updater Service service terminated unexpectedly. It has done this 1 time(s).
7/27/2012 4:30:03 PM, Error: Service Control Manager [7034] - The GRegService service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
 
ComboFix Script

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the codebox below into it:
    DDS::
    uStart Page = hxxp://www.ask.com?o=15153&l=dis
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO-X64: Ask Toolbar BHO - No File
    TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    Click to expand...
  • Save this as CFScript.txt, in the same location as ComboFix.exe

    CFScriptB-4.gif

  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.
 
ComboFix 12-07-31.03 - Russell 08/02/2012 16:48:49.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2190 [GMT -4:00]
Running from: c:\users\Russell\Desktop\ComboFix.exe
Command switches used :: c:\users\Russell\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))
.
.
2012-08-02 20:59 . 2012-08-02 20:59 -------- d-----w- c:\users\Mcx1-RUSSELL-PC\AppData\Local\temp
2012-08-02 20:59 . 2012-08-02 20:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-02 15:30 . 2012-07-16 06:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4F3B07DE-C4FB-4627-8369-D56469B16B1F}\mpengine.dll
2012-08-01 16:02 . 2012-07-16 06:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-01 15:20 . 2012-08-01 15:20 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2012-08-01 15:20 . 2012-08-01 15:20 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2012-08-01 15:20 . 2012-08-01 15:20 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2012-08-01 15:20 . 2012-08-01 15:20 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2012-08-01 15:20 . 2012-08-01 15:20 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2012-08-01 15:20 . 2012-08-01 15:20 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2012-08-01 15:20 . 2012-08-01 15:20 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2012-08-01 15:20 . 2012-08-01 15:20 1651 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2012-08-01 15:20 . 2012-08-01 15:20 8288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2012-08-01 15:20 . 2012-08-01 15:20 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2012-08-01 15:20 . 2012-08-01 15:20 6208 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2012-08-01 15:20 . 2012-08-01 15:20 18541 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2012-08-01 15:19 . 2012-08-01 15:19 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2012-08-01 15:19 . 2012-08-01 15:19 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2012-08-01 15:19 . 2012-08-01 15:19 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2012-08-01 15:19 . 2012-08-01 15:19 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2012-08-01 15:19 . 2012-08-01 15:19 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2012-07-29 19:38 . 2012-07-29 19:38 -------- d-----w- C:\FRST
2012-07-29 15:13 . 2012-07-29 15:13 328704 ----a-w- c:\windows\system32\services.exe.7DA1445850424369
2012-07-29 15:10 . 2012-07-29 15:10 328704 ----a-w- c:\windows\system32\services.exe.82C3DCE1266A9AC9
2012-07-29 15:06 . 2012-07-29 15:06 328704 ----a-w- c:\windows\system32\services.exe.406F77D0EFA8E7C7
2012-07-27 22:27 . 2012-07-27 22:27 328704 ----a-w- c:\windows\system32\services.exe.8B47AE887375493B
2012-07-27 22:22 . 2012-07-27 22:22 328704 ----a-w- c:\windows\system32\services.exe.5F497183F8FEA5FC
2012-07-27 22:17 . 2012-07-27 22:17 328704 ----a-w- c:\windows\system32\services.exe.9F986A3EEE46DBE6
2012-07-27 22:12 . 2012-02-09 18:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4E9DB436-8C71-476D-B444-1B2427E361D2}\gapaengine.dll
2012-07-27 21:59 . 2012-07-27 21:59 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-27 21:59 . 2012-07-27 21:59 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-27 19:08 . 2012-07-28 01:50 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-24 01:49 . 2012-07-24 01:49 -------- d-----w- c:\users\Russell\AppData\Local\Macromedia
2012-07-19 20:41 . 2012-07-19 20:41 40960 ----a-r- c:\users\Russell\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2012-07-19 20:41 . 2012-07-19 20:41 40960 ----a-r- c:\users\Russell\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2012-07-19 20:41 . 2012-07-28 01:52 -------- d-----w- c:\program files (x86)\Project64 1.6
2012-07-05 22:45 . 2012-07-05 22:45 5030088 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-07-03 21:57 . 2012-07-03 21:57 -------- d-----w- c:\programdata\Stardock
2012-07-03 21:57 . 2012-07-03 21:57 -------- d-----w- c:\program files (x86)\Stardock
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-24 01:49 . 2012-05-23 23:17 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-24 01:49 . 2011-12-06 04:18 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-26 18:21 . 2010-03-14 23:44 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-06-26 18:21 . 2010-03-14 23:44 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-06-02 22:19 . 2012-06-21 22:33 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 22:33 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 22:33 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 22:33 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 22:33 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 22:33 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 22:33 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 22:32 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 22:32 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 16:25 . 2010-03-01 01:10 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-24 21:55 . 2012-05-23 23:17 683801 ----a-w- c:\windows\unins000.exe
2006-05-03 09:06 163328 --sh--r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\SysWOW64\nbDX.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-01_15.19.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-01 03:50 . 2012-08-01 15:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-01 03:50 . 2012-08-01 14:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-01 03:50 . 2012-08-01 15:21 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-01 03:50 . 2012-08-01 14:58 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-01 03:50 . 2012-08-01 14:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-01 03:50 . 2012-08-01 15:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-01 00:08 . 2012-08-01 15:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-01 00:08 . 2012-08-01 14:58 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-01 00:08 . 2012-08-01 15:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-03-01 00:08 . 2012-08-01 14:58 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 02:36 . 2012-08-01 15:00 637270 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-01 16:43 637270 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-01 16:43 111550 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-08-01 15:00 111550 c:\windows\system32\perfc009.dat
- 2010-01-19 18:31 . 2012-07-31 14:42 147456 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-19 18:31 . 2012-08-01 15:24 147456 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-31 14:42 196608 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-01 15:24 196608 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 02:34 . 2012-08-02 15:39 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-07-31 15:01 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2010-01-19 18:31 . 2012-07-31 14:42 2342912 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-19 18:31 . 2012-08-01 15:24 2342912 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Russell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Russell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Russell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Russell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-29 39408]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-10-26 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NACAgentUI"="c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2011-10-31 529848]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"tsnp2uvc"="c:\program files (x86)\Common Files\SNP2UVC\tsnp2uvc.exe" [2011-10-17 317952]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"WheelMouse"="c:\advanc~1\wh_exec.exe" [2010-10-04 147456]
"TkBellExe"="c:\program files (x86)\real\realplayer\update\realsched.exe" [2012-06-26 296056]
.
c:\users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Russell\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-2-28 1200144]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2010-6-13 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
[BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 msqezpkb;msqezpkb;c:\windows\system32\drivers\msqezpkb.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-01 135664]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 dump_wmimmc;dump_wmimmc;c:\wemade entertainment\DigimonBattle\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-01 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2009-05-08 53632]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2009-10-27 28160]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 netr7364;Belkin Wireless 54G USB Network Adapter Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [2010-03-01 575488]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2010-02-26 25088]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2010-02-26 12288]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2010-02-26 173056]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2010-02-26 19456]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 416768]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\Spyware Doctor\pctsAuxs.exe [2009-10-30 359624]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2010-05-25 126952]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-06-25 144656]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2010-06-25 43152]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-02 1255736]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2009-11-09 218056]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-03 834544]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-06-25 202704]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-06-25 53968]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2011-03-10 14952]
S2 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2009-12-14 92928]
S2 NACAgent;Cisco NAC Agent;c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2011-10-31 1151928]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2011-12-21 529768]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]
S2 XMouseButton Launcher;XMouseButton Launcher;c:\program files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe [2012-03-04 87040]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-06-25 164176]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [2009-09-16 10368]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-29 03:36]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-01 01:12]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-01 01:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Russell\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Russell\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Russell\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Russell\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 236544]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173602102206p0465v165r4401s457
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: myitlab.com
Trusted Zone: pearsoncmg.com
Trusted Zone: pearsoned.com
Trusted Zone: researchnavigator.com
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{CC8AD820-C81E-44FD-9AC5-02FB8B698A4E}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\51lga81r.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2047133502-1733002249-781369946-1000\Software\AliceSoft\ å* Ô* ·*]
@Allowed: (Read) (RestrictedCode)
"ALK01"="c:\\AliceSoft\\‘å”Ô’·\\AliceLogo.alk"
"DLL"="c:\\AliceSoft\\‘å”Ô’·\\DLL\00eLogo.alk"
"DLL01"="c:\\AliceSoft\\‘å”Ô’·\\ijl15.dll\00alk"
"SaveData"="c:\\AliceSoft\\‘å”Ô’·\\SaveData\00\00alk"
"Ini01"="c:\\AliceSoft\\‘å”Ô’·\\StreamMusic.ini"
"Execute"="c:\\AliceSoft\\‘å”Ô’·\\System40.exe\00ni"
"Ini02"="c:\\AliceSoft\\‘å”Ô’·\\System40.ini\00ni"
"ScenarioA"="c:\\AliceSoft\\‘å”Ô’·\\‘å”Ô’·.ain\00i\00ni"
"Icon"="c:\\AliceSoft\\‘å”Ô’·\\‘å”Ô’·.ico\00i\00ni"
"BgmA"="c:\\AliceSoft\\‘å”Ô’·\\‘å”Ô’·BA.ald\00ni"
"Bgi"="c:\\AliceSoft\\‘å”Ô’·\\‘å”Ô’·BA.bgi\00ni"
"DataA"="c:\\AliceSoft\\‘å”Ô’·\\‘å”Ô’·DA.ald\00ni"
"ALK02"="c:\\AliceSoft\\‘å”Ô’·\\‘å”Ô’·ED.alk\00ni"
"GraphicA"="c:\\AliceSoft\\‘å”Ô’·\\‘å”Ô’·GA.ald\00ni"
"ALK03"="c:\\AliceSoft\\‘å”Ô’·\\‘å”Ô’·OP.alk\00ni"
"WaveA"="c:\\AliceSoft\\‘å”Ô’·\\‘å”Ô’·WA.ald\00ni"
"Wai"="c:\\AliceSoft\\‘å”Ô’·\\‘å”Ô’·WA.wai\00ni"
"WaveB"="c:\\AliceSoft\\‘å”Ô’·\\‘å”Ô’·WB.ald\00ni"
@="c:\\AliceSoft\\‘å”Ô’·\\\00å”Ô’·WB.ald\00ni"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-02 17:02:31
ComboFix-quarantined-files.txt 2012-08-02 21:02
ComboFix2.txt 2012-08-02 13:24
ComboFix3.txt 2012-08-01 15:25
.
Pre-Run: 290,010,783,744 bytes free
Post-Run: 289,911,910,400 bytes free
.
- - End Of File - - CF3B9976770E7563A164125BDC79C589
 
Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death
 
Hello. Are you still with us?

Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

Thanks.
 
You must log in or register to reply here.

Similar threads

M
Virus warning popup
Replies
1
Views
532
Mark Fuller
M
N
Google Sheets as database. Design advice
Replies
0
Views
156
NicMarshallBBT
N
dcovalencia
Solved Downloaded a .exe file from a copy of a website
Replies
23
Views
3K
Broni
Broni

Latest posts

Back