also @ TechSpot: Onion Pi transforms Raspberry Pi into anonymous Wi-Fi hotspot

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

Sirefef.w/b/y removal

Discussion in 'Virus and Malware Removal' started by Lyr21, Mar 14, 2013.

Post New Reply

Page 2 of 3

Lyr21 Newcomer, in training Posts: 34

Done. Unfortunately I'm back to the same situation getting the "the request is not supported" when I do a normal boot and try to login. I get this error after entering the username/password. So I had to reboot into safe mode and login, then combo fix was able to finish running and generate the following log file:

ComboFix 13-03-19.01 - Administrator 03/19/2013 16:10:28.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3993.2510 [GMT -4:00]
Running from: c:\users\Administrator.skelce-l7\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-02-19 to 2013-03-19 )))))))))))))))))))))))))))))))
.
.
2013-03-19 20:16 . 2013-03-19 20:16--------d-----w-c:\users\tlesniak\AppData\Local\temp
2013-03-19 20:16 . 2013-03-19 20:16--------d-----w-c:\users\skelce\AppData\Local\temp
2013-03-18 19:19 . 2013-02-07 20:289162192----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{77C3C763-32EC-429C-A745-5659E13B1E6D}\mpengine.dll
2013-03-18 14:41 . 2013-03-18 14:418294480----a-w-c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2013-03-15 13:44 . 2013-01-08 22:01768000----a-w-c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-03-15 13:44 . 2013-01-09 01:10996352----a-w-c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-03-15 13:33 . 2012-12-16 17:1146080----a-w-c:\windows\system32\atmlib.dll
2013-03-15 13:33 . 2012-12-16 14:1334304----a-w-c:\windows\SysWow64\atmlib.dll
2013-03-15 13:33 . 2012-12-16 14:45367616----a-w-c:\windows\system32\atmfd.dll
2013-03-15 13:33 . 2012-12-16 14:13295424----a-w-c:\windows\SysWow64\atmfd.dll
2013-03-14 20:32 . 2012-06-02 05:41184320----a-w-c:\windows\system32\cryptsvc.dll
2013-03-14 20:32 . 2012-06-02 05:41140288----a-w-c:\windows\system32\cryptnet.dll
2013-03-14 20:32 . 2012-06-02 05:411464320----a-w-c:\windows\system32\crypt32.dll
2013-03-14 20:32 . 2012-06-02 04:36140288----a-w-c:\windows\SysWow64\cryptsvc.dll
2013-03-14 20:32 . 2012-06-02 04:361159680----a-w-c:\windows\SysWow64\crypt32.dll
2013-03-14 20:32 . 2012-06-02 04:36103936----a-w-c:\windows\SysWow64\cryptnet.dll
2013-03-14 20:32 . 2013-01-05 05:535553512----a-w-c:\windows\system32\ntoskrnl.exe
2013-03-14 20:32 . 2013-01-05 05:003967848----a-w-c:\windows\SysWow64\ntkrnlpa.exe
2013-03-14 20:32 . 2013-01-05 05:003913064----a-w-c:\windows\SysWow64\ntoskrnl.exe
2013-03-14 20:30 . 2012-11-01 05:432002432----a-w-c:\windows\system32\msxml6.dll
2013-03-14 20:30 . 2012-11-01 05:431882624----a-w-c:\windows\system32\msxml3.dll
2013-03-14 20:30 . 2012-11-01 04:471389568----a-w-c:\windows\SysWow64\msxml6.dll
2013-03-14 20:30 . 2012-11-01 04:471236992----a-w-c:\windows\SysWow64\msxml3.dll
2013-03-14 20:30 . 2010-06-26 03:552048----a-w-c:\windows\system32\msxml3r.dll
2013-03-14 20:30 . 2010-06-26 03:242048----a-w-c:\windows\SysWow64\msxml3r.dll
2013-03-14 20:28 . 2012-08-11 00:56715776----a-w-c:\windows\system32\kerberos.dll
2013-03-14 20:28 . 2012-08-10 23:56542208----a-w-c:\windows\SysWow64\kerberos.dll
2013-03-14 20:28 . 2012-09-25 22:4778336----a-w-c:\windows\SysWow64\synceng.dll
2013-03-14 20:28 . 2012-09-25 22:4695744----a-w-c:\windows\system32\synceng.dll
2013-03-14 20:28 . 2012-11-23 03:1368608----a-w-c:\windows\system32\taskhost.exe
2013-03-14 20:28 . 2012-07-04 22:1673216----a-w-c:\windows\system32\netapi32.dll
2013-03-14 20:28 . 2012-07-04 22:1359392----a-w-c:\windows\system32\browcli.dll
2013-03-14 20:28 . 2012-07-04 22:13136704----a-w-c:\windows\system32\browser.dll
2013-03-14 20:28 . 2012-07-04 21:1441984----a-w-c:\windows\SysWow64\browcli.dll
2013-03-14 20:18 . 2013-03-14 20:18972264------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8CC589DA-1DC2-4BD0-9CED-19F1C9717AF0}\gapaengine.dll
2013-03-14 20:18 . 2013-02-07 20:289162192----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-14 20:12 . 2013-03-14 20:12--------d-----w-c:\program files (x86)\Microsoft Security Client
2013-03-14 20:12 . 2013-03-14 20:13--------d-----w-c:\program files\Microsoft Security Client
2013-03-14 20:01 . 2013-03-14 20:01--------d-----w-c:\windows\system32\appmgmt
2013-03-14 19:24 . 2013-03-14 19:24--------d-----w-c:\programdata\Malwarebytes
2013-03-14 19:24 . 2013-03-14 19:24--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-14 19:24 . 2012-12-14 20:4924176----a-w-c:\windows\system32\drivers\mbam.sys
2013-03-14 18:45 . 2013-03-14 18:4527256----a-w-c:\windows\system32\drivers\FixZeroAccess.sys
2013-03-14 18:27 . 2013-03-14 18:33--------d-----w-C:\TDSSKiller_Quarantine
2013-03-14 18:17 . 2013-03-14 18:17--------d-----w-C:\6db4f6672811fe965da4e9c38ef5
2013-03-14 17:51 . 2013-03-14 17:5150392----a-w-c:\windows\system32\drivers\qiylpclo.sys
2013-03-14 17:40 . 2013-03-18 19:20--------d-----w-c:\users\Administrator
2013-02-28 17:13 . 2013-02-28 17:13--------d-----w-c:\programdata\Creative
2013-02-28 14:38 . 2013-02-28 14:38--------d-----w-c:\programdata\Ask
2013-02-28 14:37 . 2013-02-28 14:37861088----a-w-c:\windows\SysWow64\npDeployJava1.dll
2013-02-28 14:17 . 2013-02-28 14:17--------d-----w-c:\programdata\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-14 18:05 . 2009-07-13 23:19328704----a-w-c:\windows\system32\services.exe
2013-03-04 18:53 . 2011-10-21 18:0872013344----a-w-c:\windows\system32\MRT.exe
2013-02-28 14:37 . 2011-10-12 15:16782240----a-w-c:\windows\SysWow64\deployJava1.dll
2013-01-30 09:00 . 2010-11-21 03:27273840------w-c:\windows\system32\MpSigStub.exe
2013-01-20 19:59 . 2013-01-20 19:59230320----a-w-c:\windows\system32\drivers\MpFilter.sys
2013-01-20 19:59 . 2013-01-20 19:59130008----a-w-c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-04 04:43 . 2013-03-14 20:2944032----a-w-c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-2-8 1136928]
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-1-20 1552240]
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2011-10-12 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\ATService.exe [2010-05-10 2683712]
R2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2010-06-29 158720]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-01-20 517488]
R2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe [2010-10-08 56592]
R2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe [2010-10-08 957712]
R2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [2010-10-08 697616]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
R2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe [2003-04-19 8192]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-03 2656280]
R2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-07-01 1600000]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-05-16 616960]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-10-12 349736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-10-12 39464]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-09-16 172960]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys [2011-01-03 72808]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [2010-09-02 17408]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-21 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2011-07-16 22128]
S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [2010-09-02 21504]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2011-07-22 27760]
S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7x64.sys [2011-01-03 74984]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys [2011-03-23 83560]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 13:47]
.
2013-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 13:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-05-27 22:46139128----a-w-c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-05-27 22:46139128----a-w-c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-05 608112]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-28 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-28 416024]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2011-01-15 6492672]
"TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-05-27 257392]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2011-07-25 686704]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.0.25.9 10.0.25.10
DPF: {1943FDF7-2330-4EEC-B7E3-74D9C7864ECE} - hxxps://conference.lyrix.com/buddies/eDialCollabViewer.cab
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Adobe ARM - c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
SafeBoot-MsMpSvc
HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
Toolbar-Locked - (no file)
AddRemove-Adobe Flash Player ActiveX - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe
AddRemove-Adobe Flash Player Plugin - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_171_Plugin.exe
AddRemove-Google Chrome - c:\program files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1028007176-880241210-1398436644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1028007176-880241210-1398436644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1028007176-880241210-1398436644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1028007176-880241210-1398436644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1028007176-880241210-1398436644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-19 16:25:25 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-19 20:25
ComboFix2.txt 2013-03-18 21:00
ComboFix3.txt 2013-03-18 19:46
.
Pre-Run: 250,769,440,768 bytes free
Post-Run: 250,329,329,664 bytes free
.
- - End Of File - - EC384447D40BE09EC40C840379A8B3AB

Lyr21, Mar 19, 2013

#21
Broni Malware Annihilator Posts: 40,091 +187

Give me fresh FRST log.

Broni, Mar 19, 2013

#22
Lyr21 Newcomer, in training Posts: 34

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2013 (ATTENTION: FRST version is 6 days old)
Ran by SYSTEM at 19-03-2013 16:33:36
Running from F:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [608112 2011-04-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [6492672 2011-01-15] (Dell Inc.)
HKLM\...\Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [257392 2011-05-27] (Wave Systems Corp.)
HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-07-25] ()
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [462993 2010-03-12] (Creative Technology Ltd)
HKLM-x32\...\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [50472 2010-04-29] (CyberLink Corp.)
HKU\skelce.LYRIX\...\Run: [Actual Multiple Monitors] "C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe" [1675592 2011-08-05] (Actual Tools)
HKU\tlesniak\...\Run: [OfficeSuite Softphone] "C:\Program Files (x86)\Broadview\officesuite.exe" [14979072 2011-04-11] ()
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.25.9 10.0.25.10
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Dell System Manager.lnk
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )

==================== Services (Whitelisted) ===================

2 BrcmMgmtAgent; "C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe" -service [158720 2010-06-29] (Broadcom Corporation)
2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -service [56592 2010-10-07] ()
2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe -service [957712 2010-10-07] ()
2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service [697616 2010-10-07] ()
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [379360 2013-01-27] (Microsoft Corporation)
2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] ()
2 tcsd_win32.exe; "C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe" [1633280 2011-02-17] ()
2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1600000 2011-07-01] (Wave Systems Corp.)
2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [x]
3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [x]
3 BBSvc; "C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE" [x]
2 BBUpdate; "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" [x]

==================== Drivers (Whitelisted) =====================

0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2013-03-19 15:30 - 2013-03-19 15:30 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2013-03-19 12:33 - 2013-03-19 12:33 - 00108840 ____A C:\Users\Administrator.skelce-l7\AppData\Local\GDIPFONTCACHEV1.DAT
2013-03-19 12:33 - 2013-03-19 12:33 - 00000000 ____D C:\Users\Administrator.skelce-l7\Documents\Bluetooth Exchange Folder
2013-03-19 12:33 - 2013-03-19 12:33 - 00000000 ____D C:\Users\Administrator.skelce-l7\AppData\Roaming\Creative
2013-03-19 12:33 - 2013-03-19 12:33 - 00000000 ____D C:\Users\Administrator.skelce-l7\AppData\Local\Broadcom
2013-03-19 12:32 - 2013-03-19 12:32 - 00000020 ___SH C:\Users\Administrator.skelce-l7\ntuser.ini
2013-03-19 12:32 - 2013-03-19 12:32 - 00000000 ____D C:\users\Administrator.skelce-l7
2013-03-19 12:32 - 2011-10-24 13:57 - 00000000 ____D C:\Users\Administrator.skelce-l7\AppData\Local\Microsoft Help
2013-03-19 12:25 - 2013-03-19 12:25 - 00021054 ____A C:\ComboFix.txt
2013-03-19 12:06 - 2013-03-19 12:07 - 05041561 ____R (Swearware) C:\Users\Administrator.skelce-l7\Desktop\ComboFix.exe
2013-03-19 12:05 - 2013-03-19 12:05 - 00000000 ____D C:\Users\Administrator.skelce-l7\AppData\Local\Google
2013-03-19 10:03 - 2013-03-19 10:03 - 00000000 ____D C:\FRST
2013-03-18 12:32 - 2013-03-18 12:32 - 05041875 ____R (Swearware) C:\Users\Administrator\Desktop\lyr-fix.exe
2013-03-18 12:32 - 2013-03-18 12:32 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\Administrator\Desktop\rkill.exe
2013-03-18 11:30 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2013-03-18 11:30 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2013-03-18 11:30 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-03-18 11:30 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-03-18 11:30 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-03-18 11:30 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2013-03-18 11:30 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2013-03-18 11:30 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2013-03-18 11:28 - 2013-03-19 12:16 - 00000000 ____D C:\Windows\erdnt
2013-03-18 10:10 - 2013-03-19 12:25 - 00000000 ____D C:\Qoobox
2013-03-15 05:33 - 2012-12-16 09:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-03-15 05:33 - 2012-12-16 06:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-03-15 05:33 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-03-15 05:33 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-03-15 05:31 - 2013-03-15 05:31 - 00000000 ____D C:\Users\Administrator\Desktop\mbar-1.01.0.1021
2013-03-15 05:28 - 2013-03-15 05:30 - 00001818 ____A C:\Users\Administrator\Desktop\RKreport[2]_D_03152013_02d0928.txt
2013-03-15 05:27 - 2013-02-01 23:31 - 17815040 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-03-15 05:27 - 2013-02-01 22:58 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-03-15 05:27 - 2013-02-01 22:57 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-03-15 05:27 - 2013-02-01 22:48 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-03-15 05:27 - 2013-02-01 22:47 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-03-15 05:27 - 2013-02-01 22:47 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-03-15 05:27 - 2013-02-01 22:46 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-03-15 05:27 - 2013-02-01 22:43 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-03-15 05:27 - 2013-02-01 22:42 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-03-15 05:27 - 2013-02-01 22:42 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-03-15 05:27 - 2013-02-01 22:41 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-03-15 05:27 - 2013-02-01 22:40 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-03-15 05:27 - 2013-02-01 22:39 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-03-15 05:27 - 2013-02-01 22:38 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-03-15 05:27 - 2013-02-01 22:38 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-03-15 05:27 - 2013-02-01 22:34 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-03-15 05:27 - 2013-02-01 20:09 - 12321792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-03-15 05:27 - 2013-02-01 19:42 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-03-15 05:27 - 2013-02-01 19:38 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-03-15 05:27 - 2013-02-01 19:31 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-03-15 05:27 - 2013-02-01 19:30 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-03-15 05:27 - 2013-02-01 19:30 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-03-15 05:27 - 2013-02-01 19:29 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-03-15 05:27 - 2013-02-01 19:27 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-03-15 05:27 - 2013-02-01 19:26 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-03-15 05:27 - 2013-02-01 19:26 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-03-15 05:27 - 2013-02-01 19:26 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-03-15 05:27 - 2013-02-01 19:25 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-03-15 05:27 - 2013-02-01 19:23 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-03-15 05:27 - 2013-02-01 19:23 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-03-15 05:27 - 2013-02-01 19:23 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-03-15 05:27 - 2013-02-01 19:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-03-15 05:26 - 2013-03-15 05:26 - 00001748 ____A C:\Users\Administrator\Desktop\RKreport[1]_S_03152013_02d0926.txt
2013-03-15 05:24 - 2013-03-15 05:28 - 00000000 ____D C:\Users\Administrator\Desktop\RK_Quarantine
2013-03-15 05:21 - 2013-03-15 05:21 - 13786977 ____A C:\Users\Administrator\Desktop\mbar-1.01.0.1021.zip
2013-03-15 05:20 - 2013-03-15 05:20 - 00815616 ____A C:\Users\Administrator\Desktop\RogueKiller.exe
2013-03-14 13:02 - 2013-03-14 13:09 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Notepad++
2013-03-14 12:57 - 2013-03-14 12:57 - 00075075 ____A C:\Users\Administrator\Desktop\attach.txt
2013-03-14 12:57 - 2013-03-14 12:57 - 00016267 ____A C:\Users\Administrator\Desktop\dds.txt
2013-03-14 12:32 - 2013-01-04 21:53 - 05553512 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-03-14 12:32 - 2013-01-04 21:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-03-14 12:32 - 2013-01-04 21:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-03-14 12:32 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-03-14 12:32 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-03-14 12:32 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-03-14 12:32 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-03-14 12:32 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-03-14 12:32 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-03-14 12:31 - 2013-01-03 19:26 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-03-14 12:31 - 2012-11-08 21:45 - 00750592 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-03-14 12:31 - 2012-11-08 21:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-03-14 12:31 - 2012-11-08 20:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-03-14 12:31 - 2012-11-08 20:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-03-14 12:31 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-03-14 12:31 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-03-14 12:31 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-03-14 12:31 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-03-14 12:31 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2013-03-14 12:31 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-03-14 12:31 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-03-14 12:31 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-03-14 12:31 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-03-14 12:30 - 2012-10-31 21:43 - 02002432 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-03-14 12:30 - 2012-10-31 21:43 - 01882624 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2013-03-14 12:30 - 2012-10-31 20:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-03-14 12:30 - 2012-10-31 20:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-03-14 12:30 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2013-03-14 12:30 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2013-03-14 12:29 - 2013-01-03 21:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-03-14 12:29 - 2013-01-03 20:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-03-14 12:29 - 2013-01-03 18:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-03-14 12:29 - 2013-01-03 18:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-03-14 12:29 - 2013-01-03 18:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-03-14 12:29 - 2013-01-03 18:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-03-14 12:29 - 2013-01-02 22:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-03-14 12:29 - 2013-01-02 22:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2013-03-14 12:29 - 2012-11-19 21:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-03-14 12:29 - 2012-11-19 20:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-03-14 12:29 - 2012-11-01 21:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2013-03-14 12:29 - 2012-11-01 21:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2013-03-14 12:29 - 2012-10-04 09:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2013-03-14 12:29 - 2012-10-04 09:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-03-14 12:29 - 2012-10-04 09:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2013-03-14 12:29 - 2012-10-04 09:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-03-14 12:29 - 2012-10-04 09:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-03-14 12:29 - 2012-10-04 09:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-03-14 12:29 - 2012-10-04 08:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 07:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-03-14 12:29 - 2012-10-04 06:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 06:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 06:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 06:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-03-14 12:29 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-03-14 12:29 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-03-14 12:29 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2013-03-14 12:28 - 2012-11-22 19:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe
2013-03-14 12:28 - 2012-09-25 14:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2013-03-14 12:28 - 2012-09-25 14:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2013-03-14 12:28 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2013-03-14 12:28 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-03-14 12:28 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2013-03-14 12:28 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2013-03-14 12:28 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2013-03-14 12:28 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2013-03-14 12:28 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2013-03-14 12:13 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2013-03-14 12:13 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2013-03-14 12:13 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2013-03-14 12:12 - 2013-03-14 12:13 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-03-14 12:12 - 2013-03-14 12:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-03-14 12:01 - 2013-03-14 12:01 - 00000000 ____D C:\Windows\System32\appmgmt
2013-03-14 11:38 - 2013-03-14 11:38 - 00688992 ____R (Swearware) C:\Users\Administrator\Desktop\dds.com
2013-03-14 11:24 - 2013-03-14 11:24 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-03-14 11:24 - 2013-03-14 11:24 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-03-14 11:24 - 2013-03-14 11:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-03-14 11:24 - 2013-03-14 11:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-14 11:24 - 2012-12-14 12:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-03-14 11:21 - 2013-03-14 11:22 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-1.70.0.1100.exe
2013-03-14 10:45 - 2013-03-14 10:45 - 01805736 ____A (Symantec Corporation) C:\Users\Administrator\Downloads\FixZeroAccess.exe
2013-03-14 10:45 - 2013-03-14 10:45 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2013-03-14 10:27 - 2013-03-14 10:33 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-03-14 10:24 - 2013-03-14 10:24 - 02218636 ____A C:\Users\Administrator\Desktop\tdsskiller.zip
2013-03-14 10:24 - 2013-03-14 10:24 - 00000000 ____D C:\Users\Administrator\Desktop\tdsskiller
2013-03-14 10:24 - 2013-03-14 10:24 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\WinRAR
2013-03-14 10:17 - 2013-03-14 10:17 - 00000000 ____D C:\6db4f6672811fe965da4e9c38ef5
2013-03-14 10:09 - 2013-03-14 10:09 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2013-03-14 10:08 - 2013-03-14 10:08 - 00000000 ____D C:\Users\Administrator\Documents\Bluetooth Exchange Folder
2013-03-14 10:08 - 2013-03-14 10:08 - 00000000 ____D C:\Users\Administrator\AppData\Local\Broadcom
2013-03-14 10:07 - 2013-03-14 10:07 - 00108840 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2013-03-14 10:07 - 2013-03-14 10:07 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Creative
2013-03-14 09:51 - 2013-03-14 09:51 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\qiylpclo.sys
2013-03-14 09:40 - 2013-03-18 11:20 - 00000000 ____D C:\users\Administrator
2013-03-14 09:40 - 2013-03-14 09:40 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2013-03-14 09:40 - 2011-10-24 13:57 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2013-03-14 09:21 - 2013-03-14 09:22 - 13475464 ____A (Microsoft Corporation) C:\Users\skelce.LYRIX\Downloads\mseinstall.exe
2013-03-14 06:45 - 2013-03-14 06:45 - 00008046 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (16).wav
2013-03-14 04:36 - 2013-03-14 04:36 - 00012597 ____A C:\Users\skelce.LYRIX\Downloads\Heather's Timesheet Mar 1 to Mar 15 2013.xlsx
2013-03-13 06:58 - 2013-03-13 06:58 - 00047402 ____A C:\Users\skelce.LYRIX\Downloads\TimeSheet March 15 2013.xlsm
2013-03-12 12:34 - 2013-03-12 12:34 - 00045006 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (15).wav
2013-03-12 12:32 - 2013-03-12 12:32 - 00040526 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (14).wav
2013-03-12 10:01 - 2013-03-12 10:01 - 00346606 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (13).wav
2013-03-12 09:46 - 2013-03-12 09:46 - 03122563 ____A C:\Users\skelce.LYRIX\Downloads\2013 February Mobile, ADSL and home line Expenses cash GBP.zip
2013-03-11 07:22 - 2013-03-11 07:22 - 00198766 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (12).wav
2013-03-11 07:20 - 2013-03-11 07:20 - 00198766 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (11).wav
2013-03-11 05:44 - 2013-03-11 05:44 - 00036846 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (10).wav
2013-03-06 10:08 - 2013-03-06 10:08 - 00060206 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (9).wav
2013-03-04 11:14 - 2013-03-04 11:14 - 00000078 ____A C:\Users\skelce.LYRIX\Downloads\ArchiveService (7).csv
2013-03-04 11:14 - 2013-03-04 11:14 - 00000078 ____A C:\Users\skelce.LYRIX\Downloads\ArchiveService (6).csv
2013-03-04 11:11 - 2013-03-04 11:11 - 00000022 ____A C:\Users\skelce.LYRIX\Downloads\ArchiveService (5).csv
2013-02-28 09:13 - 2013-02-28 09:13 - 00000000 ____D C:\Users\tlesniak\Documents\Dell WebCam Central
2013-02-28 09:13 - 2013-02-28 09:13 - 00000000 ____D C:\ProgramData\Creative
2013-02-28 08:56 - 2013-02-28 08:56 - 01004952 ____A (Solid State Networks) C:\Users\skelce.LYRIX\Downloads\install_flashplayer11x32_mssa_aih.exe
2013-02-28 06:38 - 2013-02-28 06:38 - 00000000 ____D C:\ProgramData\Ask
2013-02-28 06:37 - 2013-02-28 06:37 - 00861088 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-02-28 06:17 - 2013-02-28 06:17 - 00000000 ____D C:\ProgramData\McAfee
2013-02-27 06:54 - 2013-02-27 06:54 - 00047314 ____A C:\Users\skelce.LYRIX\Downloads\TimeSheet February 28 2013.xlsm
2013-02-26 13:22 - 2013-02-26 13:22 - 00522926 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (8).wav
2013-02-26 06:03 - 2013-02-26 06:03 - 00012568 ____A C:\Users\skelce.LYRIX\Downloads\Heather's Timesheet Feb16 to Feb 28 2013.xlsx
2013-02-21 12:06 - 2013-02-21 12:06 - 00811672 ____A C:\Users\skelce.LYRIX\Downloads\message_zdm (3).html
2013-02-20 13:40 - 2013-02-20 13:40 - 00142650 ____A C:\Users\skelce.LYRIX\Downloads\importantpleasecompletetheadprtipreparationform (1).zip
2013-02-20 13:38 - 2013-02-20 13:38 - 00142650 ____A C:\Users\skelce.LYRIX\Downloads\importantpleasecompletetheadprtipreparationform.zip

==================== One Month Modified Files and Folders =======

2013-03-19 15:30 - 2013-03-19 15:30 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2013-03-19 12:33 - 2013-03-19 12:33 - 00108840 ____A C:\Users\Administrator.skelce-l7\AppData\Local\GDIPFONTCACHEV1.DAT
2013-03-19 12:33 - 2013-03-19 12:33 - 00000000 ____D C:\Users\Administrator.skelce-l7\Documents\Bluetooth Exchange Folder
2013-03-19 12:33 - 2013-03-19 12:33 - 00000000 ____D C:\Users\Administrator.skelce-l7\AppData\Roaming\Creative
2013-03-19 12:33 - 2013-03-19 12:33 - 00000000 ____D C:\Users\Administrator.skelce-l7\AppData\Local\Broadcom
2013-03-19 12:32 - 2013-03-19 12:32 - 00000020 ___SH C:\Users\Administrator.skelce-l7\ntuser.ini
2013-03-19 12:32 - 2013-03-19 12:32 - 00000000 ____D C:\users\Administrator.skelce-l7
2013-03-19 12:25 - 2013-03-19 12:25 - 00021054 ____A C:\ComboFix.txt
2013-03-19 12:25 - 2013-03-18 10:10 - 00000000 ____D C:\Qoobox
2013-03-19 12:20 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2013-03-19 12:18 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-03-19 12:18 - 2009-07-13 20:51 - 00055827 ____A C:\Windows\setupact.log
2013-03-19 12:17 - 2011-10-21 05:47 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-03-19 12:17 - 2010-11-20 19:47 - 00029564 ____A C:\Windows\PFRO.log
2013-03-19 12:16 - 2013-03-18 11:28 - 00000000 ____D C:\Windows\erdnt
2013-03-19 12:16 - 2009-07-13 18:34 - 68464640 ____A C:\Windows\System32\config\SOFTWARE.bak
2013-03-19 12:16 - 2009-07-13 18:34 - 14417920 ____A C:\Windows\System32\config\SYSTEM.bak
2013-03-19 12:16 - 2009-07-13 18:34 - 00335872 ____A C:\Windows\System32\config\DEFAULT.bak
2013-03-19 12:16 - 2009-07-13 18:34 - 00061440 ____A C:\Windows\System32\config\SAM.bak
2013-03-19 12:16 - 2009-07-13 18:34 - 00028672 ____A C:\Windows\System32\config\SECURITY.bak
2013-03-19 12:10 - 2009-07-13 20:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-03-19 12:10 - 2009-07-13 20:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-03-19 12:07 - 2013-03-19 12:06 - 05041561 ____R (Swearware) C:\Users\Administrator.skelce-l7\Desktop\ComboFix.exe
2013-03-19 12:05 - 2013-03-19 12:05 - 00000000 ____D C:\Users\Administrator.skelce-l7\AppData\Local\Google
2013-03-19 12:05 - 2009-07-13 21:13 - 00796280 ____A C:\Windows\System32\PerfStringBackup.INI
2013-03-19 10:03 - 2013-03-19 10:03 - 00000000 ____D C:\FRST
2013-03-18 13:12 - 2011-10-12 07:07 - 02030933 ____A C:\Windows\WindowsUpdate.log
2013-03-18 12:32 - 2013-03-18 12:32 - 05041875 ____R (Swearware) C:\Users\Administrator\Desktop\lyr-fix.exe
2013-03-18 12:32 - 2013-03-18 12:32 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\Administrator\Desktop\rkill.exe
2013-03-18 12:32 - 2011-10-20 12:46 - 00000224 ____A C:\Windows\System32\config\netlogon.ftl
2013-03-18 11:38 - 2011-10-21 10:47 - 00000000 ____D C:\users\skelce.LYRIX
2013-03-18 11:27 - 2011-10-21 05:47 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-03-18 11:20 - 2013-03-14 09:40 - 00000000 ____D C:\users\Administrator
2013-03-18 11:18 - 2011-10-21 05:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-03-18 11:18 - 2011-10-20 12:48 - 00000000 ____D C:\users\tlesniak
2013-03-18 11:18 - 2011-10-20 12:17 - 00000000 ____D C:\users\skelce
2013-03-18 11:17 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-03-18 06:27 - 2012-05-11 11:58 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-03-18 06:27 - 2012-05-11 11:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-03-18 06:27 - 2009-07-13 20:45 - 00412624 ____A C:\Windows\System32\FNTCACHE.DAT
2013-03-15 06:10 - 2012-01-11 09:25 - 00000000 __SHD C:\Users\skelce.LYRIX\AppData\Local\{43c45790-a302-66a2-21db-bedf28d52ae1}
2013-03-15 06:09 - 2011-10-21 08:06 - 00000039 ____A C:\Windows\vbaddin.ini
2013-03-15 06:09 - 2011-10-21 06:07 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-03-15 06:08 - 2011-02-10 06:33 - 00773050 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-03-15 05:31 - 2013-03-15 05:31 - 00000000 ____D C:\Users\Administrator\Desktop\mbar-1.01.0.1021
2013-03-15 05:30 - 2013-03-15 05:28 - 00001818 ____A C:\Users\Administrator\Desktop\RKreport[2]_D_03152013_02d0928.txt
2013-03-15 05:28 - 2013-03-15 05:24 - 00000000 ____D C:\Users\Administrator\Desktop\RK_Quarantine
2013-03-15 05:26 - 2013-03-15 05:26 - 00001748 ____A C:\Users\Administrator\Desktop\RKreport[1]_S_03152013_02d0926.txt
2013-03-15 05:24 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
2013-03-15 05:21 - 2013-03-15 05:21 - 13786977 ____A C:\Users\Administrator\Desktop\mbar-1.01.0.1021.zip
2013-03-15 05:20 - 2013-03-15 05:20 - 00815616 ____A C:\Users\Administrator\Desktop\RogueKiller.exe
2013-03-14 13:09 - 2013-03-14 13:02 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Notepad++
2013-03-14 12:57 - 2013-03-14 12:57 - 00075075 ____A C:\Users\Administrator\Desktop\attach.txt
2013-03-14 12:57 - 2013-03-14 12:57 - 00016267 ____A C:\Users\Administrator\Desktop\dds.txt
2013-03-14 12:13 - 2013-03-14 12:12 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-03-14 12:13 - 2011-10-21 05:31 - 00001945 ____A C:\Windows\epplauncher.mif
2013-03-14 12:12 - 2013-03-14 12:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-03-14 12:03 - 2011-10-21 05:39 - 00000000 ____D C:\ProgramData\Adobe
2013-03-14 12:01 - 2013-03-14 12:01 - 00000000 ____D C:\Windows\System32\appmgmt
2013-03-14 11:38 - 2013-03-14 11:38 - 00688992 ____R (Swearware) C:\Users\Administrator\Desktop\dds.com
2013-03-14 11:24 - 2013-03-14 11:24 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-03-14 11:24 - 2013-03-14 11:24 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-03-14 11:24 - 2013-03-14 11:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-03-14 11:24 - 2013-03-14 11:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-14 11:22 - 2013-03-14 11:21 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-1.70.0.1100.exe
2013-03-14 10:45 - 2013-03-14 10:45 - 01805736 ____A (Symantec Corporation) C:\Users\Administrator\Downloads\FixZeroAccess.exe
2013-03-14 10:45 - 2013-03-14 10:45 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2013-03-14 10:33 - 2013-03-14 10:27 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-03-14 10:28 - 2012-07-18 09:59 - 00002185 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-03-14 10:24 - 2013-03-14 10:24 - 02218636 ____A C:\Users\Administrator\Desktop\tdsskiller.zip
2013-03-14 10:24 - 2013-03-14 10:24 - 00000000 ____D C:\Users\Administrator\Desktop\tdsskiller
2013-03-14 10:24 - 2013-03-14 10:24 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\WinRAR
2013-03-14 10:17 - 2013-03-14 10:17 - 00000000 ____D C:\6db4f6672811fe965da4e9c38ef5
2013-03-14 10:09 - 2013-03-14 10:09 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2013-03-14 10:08 - 2013-03-14 10:08 - 00000000 ____D C:\Users\Administrator\Documents\Bluetooth Exchange Folder
2013-03-14 10:08 - 2013-03-14 10:08 - 00000000 ____D C:\Users\Administrator\AppData\Local\Broadcom
2013-03-14 10:07 - 2013-03-14 10:07 - 00108840 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2013-03-14 10:07 - 2013-03-14 10:07 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Creative
2013-03-14 10:05 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2013-03-14 09:51 - 2013-03-14 09:51 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\qiylpclo.sys
2013-03-14 09:40 - 2013-03-14 09:40 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2013-03-14 09:22 - 2013-03-14 09:21 - 13475464 ____A (Microsoft Corporation) C:\Users\skelce.LYRIX\Downloads\mseinstall.exe
2013-03-14 09:17 - 2011-10-21 11:14 - 00000000 ____D C:\Users\skelce.LYRIX\AppData\Roaming\Skinux
2013-03-14 06:45 - 2013-03-14 06:45 - 00008046 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (16).wav
2013-03-14 04:36 - 2013-03-14 04:36 - 00012597 ____A C:\Users\skelce.LYRIX\Downloads\Heather's Timesheet Mar 1 to Mar 15 2013.xlsx
2013-03-13 06:58 - 2013-03-13 06:58 - 00047402 ____A C:\Users\skelce.LYRIX\Downloads\TimeSheet March 15 2013.xlsm
2013-03-12 12:34 - 2013-03-12 12:34 - 00045006 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (15).wav
2013-03-12 12:32 - 2013-03-12 12:32 - 00040526 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (14).wav
2013-03-12 10:01 - 2013-03-12 10:01 - 00346606 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (13).wav
2013-03-12 09:46 - 2013-03-12 09:46 - 03122563 ____A C:\Users\skelce.LYRIX\Downloads\2013 February Mobile, ADSL and home line Expenses cash GBP.zip
2013-03-11 07:22 - 2013-03-11 07:22 - 00198766 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (12).wav
2013-03-11 07:20 - 2013-03-11 07:20 - 00198766 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (11).wav
2013-03-11 05:44 - 2013-03-11 05:44 - 00036846 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (10).wav
2013-03-06 10:08 - 2013-03-06 10:08 - 00060206 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (9).wav
2013-03-04 11:14 - 2013-03-04 11:14 - 00000078 ____A C:\Users\skelce.LYRIX\Downloads\ArchiveService (7).csv
2013-03-04 11:14 - 2013-03-04 11:14 - 00000078 ____A C:\Users\skelce.LYRIX\Downloads\ArchiveService (6).csv
2013-03-04 11:11 - 2013-03-04 11:11 - 00000022 ____A C:\Users\skelce.LYRIX\Downloads\ArchiveService (5).csv
2013-03-04 10:53 - 2011-10-21 10:08 - 72013344 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-02-28 09:45 - 2011-10-21 10:19 - 00000000 ____D C:\Users\tlesniak\AppData\Roaming\Skinux
2013-02-28 09:13 - 2013-02-28 09:13 - 00000000 ____D C:\Users\tlesniak\Documents\Dell WebCam Central
2013-02-28 09:13 - 2013-02-28 09:13 - 00000000 ____D C:\ProgramData\Creative
2013-02-28 09:11 - 2011-10-21 05:48 - 00002261 ____A C:\Users\tlesniak\Desktop\Google Chrome.lnk
2013-02-28 09:11 - 2011-10-20 12:49 - 00108840 ____A C:\Users\tlesniak\AppData\Local\GDIPFONTCACHEV1.DAT
2013-02-28 08:56 - 2013-02-28 08:56 - 01004952 ____A (Solid State Networks) C:\Users\skelce.LYRIX\Downloads\install_flashplayer11x32_mssa_aih.exe
2013-02-28 08:49 - 2012-04-20 07:22 - 00012389 ____A C:\Users\skelce.LYRIX\Desktop\EE Stock Ownership Addresses.xlsx
2013-02-28 06:38 - 2013-02-28 06:38 - 00000000 ____D C:\ProgramData\Ask
2013-02-28 06:37 - 2013-02-28 06:37 - 00861088 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-02-28 06:37 - 2011-10-12 07:16 - 00782240 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-02-28 06:17 - 2013-02-28 06:17 - 00000000 ____D C:\ProgramData\McAfee
2013-02-27 06:54 - 2013-02-27 06:54 - 00047314 ____A C:\Users\skelce.LYRIX\Downloads\TimeSheet February 28 2013.xlsm
2013-02-26 13:22 - 2013-02-26 13:22 - 00522926 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (8).wav
2013-02-26 06:03 - 2013-02-26 06:03 - 00012568 ____A C:\Users\skelce.LYRIX\Downloads\Heather's Timesheet Feb16 to Feb 28 2013.xlsx
2013-02-21 12:06 - 2013-02-21 12:06 - 00811672 ____A C:\Users\skelce.LYRIX\Downloads\message_zdm (3).html
2013-02-20 13:40 - 2013-02-20 13:40 - 00142650 ____A C:\Users\skelce.LYRIX\Downloads\importantpleasecompletetheadprtipreparationform (1).zip
2013-02-20 13:38 - 2013-02-20 13:38 - 00142650 ____A C:\Users\skelce.LYRIX\Downloads\importantpleasecompletetheadprtipreparationform.zip

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-01-18 07:54:32
Restore point made on: 2013-02-13 13:22:03
Restore point made on: 2013-02-28 06:36:48
Restore point made on: 2013-02-28 06:37:22
Restore point made on: 2013-03-14 12:00:32
Restore point made on: 2013-03-14 12:02:54
Restore point made on: 2013-03-14 12:04:58
Restore point made on: 2013-03-14 12:18:28
Restore point made on: 2013-03-15 05:22:18
Restore point made on: 2013-03-18 06:36:34
Restore point made on: 2013-03-18 10:04:27
Restore point made on: 2013-03-18 11:13:04
Restore point made on: 2013-03-19 12:04:03

==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 3992.93 MB
Available physical RAM: 3351.72 MB
Total Pagefile: 3991.13 MB
Available Pagefile: 3338.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:286.29 GB) (Free:233.22 GB) NTFS
3 Drive f: () (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (RECOVERY) (Fixed) (Total:11.76 GB) (Free:5.34 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 1920 MB 0 B

Partitions of Disk 0:
===============

Disk ID: 1A17B0CE

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 11 GB 40 MB
Partition 3 Primary 286 GB 11 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 39 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 11 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 286 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Disk ID: 00000001

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 1920 MB 0 B

==================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

=========================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 1A17B0CE

Partition 1:
=========
Hex: 00010100DEFE3F043F00000086390100
Active: NO
Type: DE
Size: 39 MB

Partition 2:
=========
Hex: 8019150507FEFFFF0040010000607801
Active: YES
Type: 07 (NTFS)
Size: 12 GB

Partition 3:
=========
Hex: 00FEFFFF07FEFFFF00A079010040C923
Active: NO
Type: 07 (NTFS)
Size: 286 GB

==============================
Partitions of Disk 1:
===============
Disk ID: 6F20736B

Partition 1:
=========
Hex: 6F74686572206D656469612EFF0D0A44
Active: NO
Type: 72
Size: 544 GB

Partition 2:
=========
Hex: 69736B206572726F72FF0D0A50726573
Active: NO
Type: 65
Size: 923 GB

Partition 3:
=========
Hex: 7320616E79206B657920746F20726573
Active: NO
Type: 79
Size: 923 GB

Partition 4:
=========
Hex: 746172740D0A00000000000000ACCBD8
Active: NO
Type: 0D
Size: -336763289600 byte

Last Boot: 2013-03-05 08:03

==================== End Of Log =============================

Lyr21, Mar 19, 2013

#23
Broni Malware Annihilator Posts: 40,091 +187
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if you can boot normally.
Attached Files:
- fixlist.txt
  
  File size:
  
  27 bytes
  
  Views:
  
  1
Broni, Mar 19, 2013

#24
Lyr21 Newcomer, in training Posts: 34

I am able to login when booting normally. Here is the fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2013
Ran by SYSTEM at 2013-03-19 16:45:11 Run:2
Running from F:\

==============================================

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====

Lyr21, Mar 19, 2013

#25

Broni Malware Annihilator Posts: 40,091 +187

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.

Double click on adwcleaner.exe to run the tool.

Click on Delete.

Confirm each time with Ok.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the contents of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Broni, Mar 19, 2013

#26

Lyr21 Newcomer, in training Posts: 34

AdwCleaner[S1].txt

# AdwCleaner v2.115 - Logfile created 03/19/2013 at 17:51:44
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Administrator - SKELCE-L7
# Boot Mode : Normal
# Running from : C:\Users\Administrator.skelce-l7.000\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\Ask

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Google Chrome v25.0.1364.97

*************************

AdwCleaner[S1].txt - [618 octets] - [19/03/2013 17:51:44]

########## EOF - C:\AdwCleaner[S1].txt - [677 octets] ##########

JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows 7 Professional x64
Ran by Administrator on Tue 03/19/2013 at 17:56:44.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 03/19/2013 at 18:02:41.85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Lyr21, Mar 19, 2013

#27
Lyr21 Newcomer, in training Posts: 34

OTL.txt

OTL logfile created on: 3/19/2013 6:03:56 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator.skelce-l7.000\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 2.82 Gb Available Physical Memory | 72.35% Memory free
7.80 Gb Paging File | 6.57 Gb Available in Paging File | 84.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.29 Gb Total Space | 233.17 Gb Free Space | 81.45% Space Free | Partition Type: NTFS

Computer Name: SKELCE-L7 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2013/03/19 17:54:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator.skelce-l7.000\Desktop\OTL.exe
PRC - [2011/07/25 09:43:18 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2011/02/24 01:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011/02/08 02:41:16 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010/12/03 16:19:26 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/03 16:19:20 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/08/13 21:25:08 | 000,223,848 | ---- | M] (O2Micro.) -- c:\Windows\SysWOW64\SDIOAssist.exe
PRC - [2010/03/12 11:42:02 | 000,462,993 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/07/06 15:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2003/04/18 22:06:26 | 000,008,192 | ---- | M] () -- c:\Windows\SysWOW64\srvany.exe

========== Modules (No Company Name) ==========

MOD - [2011/07/25 09:43:18 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

========== Services (SafeList) ==========

SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/07/01 14:52:32 | 001,600,000 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe -- (Wave Authentication Manager Service)
SRV:64bit: - [2011/05/27 18:46:56 | 003,792,240 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV:64bit: - [2011/05/24 16:42:08 | 002,154,888 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV:64bit: - [2011/02/08 02:41:16 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011/01/25 05:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/01/20 12:33:20 | 000,517,488 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV:64bit: - [2011/01/15 15:00:02 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2010/10/08 01:18:46 | 000,697,616 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -- (ipsecd)
SRV:64bit: - [2010/10/08 01:18:46 | 000,056,592 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -- (dtpd)
SRV:64bit: - [2010/10/08 01:18:44 | 000,957,712 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\iked.exe -- (iked)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/29 17:12:20 | 000,158,720 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent)
SRV:64bit: - [2010/05/10 16:23:54 | 002,683,712 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\ATService.exe -- (ATService)
SRV:64bit: - [2010/02/10 21:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/03 06:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2011/02/24 01:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011/02/17 10:08:52 | 001,633,280 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2010/12/03 16:19:26 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/03 16:19:20 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2003/04/18 22:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- c:\Windows\SysWOW64\srvany.exe -- (O2SDIOAssist)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/12 12:56:38 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/10/12 12:56:38 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/10/12 11:17:39 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011/10/12 11:17:39 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/10/12 11:17:39 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011/10/12 11:17:39 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011/10/12 11:17:39 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011/07/22 12:28:56 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\accelern.sys -- (Acceler)
DRV:64bit: - [2011/07/15 21:31:22 | 000,022,128 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2011/06/10 15:16:08 | 012,230,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/04/05 04:36:46 | 000,355,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/03/23 17:51:32 | 000,083,560 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR)
DRV:64bit: - [2011/02/07 10:49:38 | 000,411,688 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2011/01/25 05:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/01/15 15:00:00 | 000,022,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2011/01/15 14:59:54 | 004,719,680 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/01/03 18:19:56 | 000,074,984 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\O2MDRw7x64.sys -- (O2MDRRDR)
DRV:64bit: - [2011/01/03 16:04:44 | 000,072,808 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys -- (O2MDFRDR)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc60.sys -- (netvsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusVideoM.sys -- (SynthVid)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/05 22:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 05:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/03 11:40:24 | 000,104,960 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\basp.sys -- (Blfp)
DRV:64bit: - [2010/09/02 03:18:46 | 000,021,504 | ---- | M] (Shrew Soft Inc) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vfilter.sys -- (vflt)
DRV:64bit: - [2010/09/02 03:18:46 | 000,017,408 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\virtualnet.sys -- (vnet)
DRV:64bit: - [2010/07/21 14:13:40 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV.SYS -- (PBADRV)
DRV:64bit: - [2010/02/26 20:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/16 17:08:48 | 000,172,960 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/15 21:56:06 | 000,616,960 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{E7C4FF30-E6F3-416C-8DB6-68620A121915}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{E7C4FF30-E6F3-416C-8DB6-68620A121915}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1028007176-880241210-1398436644-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKU\S-1-5-21-1028007176-880241210-1398436644-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1
IE - HKU\S-1-5-21-1028007176-880241210-1398436644-500\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1028007176-880241210-1398436644-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/21 09:32:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/02/28 10:37:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/09/29 02:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/28 20:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://g.msn.com/USREL/1
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U15 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/03/19 16:20:24 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll File not found
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" File not found
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\S-1-5-21-1028007176-880241210-1398436644-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {1943FDF7-2330-4EEC-B7E3-74D9C7864ECE} https://conference.lyrix.com/buddies/eDialCollabViewer.cab (CvncViewer Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.25.9 10.0.25.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Lyrix.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{333C415A-D9CD-4CC1-930F-61EBC822D465}: DhcpNameServer = 10.0.25.9 10.0.25.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CE328ED-8EEF-41A7-9937-8723F37EF483}: DhcpNameServer = 10.0.25.9 10.0.25.10
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Authentication Packages - (wvauth) - C:\Windows\SysNative\wvauth.dll (Wave Systems Corp.)
O30 - LSA: Authentication Packages - (wvauth) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/19 17:56:43 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/03/19 17:56:32 | 000,000,000 | ---D | C] -- C:\JRT
[2013/03/19 17:54:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator.skelce-l7.000\Desktop\OTL.exe
[2013/03/19 17:53:57 | 000,549,920 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Administrator.skelce-l7.000\Desktop\JRT.exe
[2013/03/19 17:53:06 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
[2013/03/19 17:50:04 | 005,041,561 | ---- | C] (Swearware) -- C:\Users\Administrator.skelce-l7.000\Desktop\ComboFix.exe
[2013/03/19 17:47:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator.skelce-l7.000\AppData\Local\Broadcom
[2013/03/19 17:47:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator.skelce-l7.000\Documents\Bluetooth Exchange Folder
[2013/03/19 17:47:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator.skelce-l7.000\AppData\Local\Google
[2013/03/19 17:47:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator.skelce-l7.000\AppData\Roaming\Creative
[2013/03/19 17:47:01 | 000,000,000 | R--D | C] -- C:\Users\Administrator.skelce-l7.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/03/19 17:47:01 | 000,000,000 | R--D | C] -- C:\Users\Administrator.skelce-l7.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/03/19 17:47:00 | 000,000,000 | R--D | C] -- C:\Users\Administrator.skelce-l7.000\Searches
[2013/03/19 17:47:00 | 000,000,000 | -H-D | C] -- C:\Users\Administrator.skelce-l7.000\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/03/19 17:46:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator.skelce-l7.000\AppData\Roaming\Identities
[2013/03/19 17:46:46 | 000,000,000 | R--D | C] -- C:\Users\Administrator.skelce-l7.000\Contacts
[2013/03/19 17:46:38 | 000,000,000 | --SD | C] -- C:\Users\Administrator.skelce-l7.000\AppData\Roaming\Microsoft
[2013/03/19 17:46:38 | 000,000,000 | R--D | C] -- C:\Users\Administrator.skelce-l7.000\Videos
[2013/03/19 17:46:38 | 000,000,000 | R--D | C] -- C:\Users\Administrator.skelce-l7.000\Saved Games
[2013/03/19 17:46:38 | 000,000,000 | R--D | C] -- C:\Users\Administrator.skelce-l7.000\Pictures
[2013/03/19 17:46:38 | 000,000,000 | R--D | C] -- C:\Users\Administrator.skelce-l7.000\Music
[2013/03/19 17:46:38 | 000,000,000 | R--D | C] -- C:\Users\Administrator.skelce-l7.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/03/19 17:46:38 | 000,000,000 | R--D | C] -- C:\Users\Administrator.skelce-l7.000\Links
[2013/03/19 17:46:38 | 000,000,000 | R--D | C] -- C:\Users\Administrator.skelce-l7.000\Favorites
[2013/03/19 17:46:38 | 000,000,000 | R--D | C] -- C:\Users\Administrator.skelce-l7.000\Downloads
[2013/03/19 17:46:38 | 000,000,000 | R--D | C] -- C:\Users\Administrator.skelce-l7.000\Documents
[2013/03/19 17:46:38 | 000,000,000 | R--D | C] -- C:\Users\Administrator.skelce-l7.000\Desktop
[2013/03/19 17:46:38 | 000,000,000 | R--D | C] -- C:\Users\Administrator.skelce-l7.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/03/19 17:46:38 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.skelce-l7.000\AppData\Local\Temporary Internet Files
[2013/03/19 17:46:38 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.skelce-l7.000\Templates
[2013/03/19 17:46:38 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.skelce-l7.000\Start Menu
[2013/03/19 17:46:38 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.skelce-l7.000\SendTo
[2013/03/19 17:46:38 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.skelce-l7.000\Recent
[2013/03/19 17:46:38 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.skelce-l7.000\PrintHood
[2013/03/19 17:46:38 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.skelce-l7.000\NetHood
[2013/03/19 17:46:38 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.skelce-l7.000\Documents\My Videos
[2013/03/19 17:46:38 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.skelce-l7.000\Documents\My Pictures
[2013/03/19 17:46:38 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.skelce-l7.000\Documents\My Music
[2013/03/19 17:46:38 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.skelce-l7.000\My Documents
[2013/03/19 17:46:38 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.skelce-l7.000\Local Settings
[2013/03/19 17:46:38 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.skelce-l7.000\AppData\Local\History
[2013/03/19 17:46:38 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.skelce-l7.000\Cookies
[2013/03/19 17:46:38 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.skelce-l7.000\Application Data
[2013/03/19 17:46:38 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.skelce-l7.000\AppData\Local\Application Data
[2013/03/19 17:46:38 | 000,000,000 | -H-D | C] -- C:\Users\Administrator.skelce-l7.000\AppData
[2013/03/19 17:46:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator.skelce-l7.000\AppData\Local\temp
[2013/03/19 17:46:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator.skelce-l7.000\AppData\Local\Microsoft Help
[2013/03/19 17:46:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator.skelce-l7.000\AppData\Local\Microsoft
[2013/03/19 17:46:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator.skelce-l7.000\AppData\Roaming\Media Center Programs
[2013/03/19 16:25:27 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/03/19 16:20:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/03/19 14:03:07 | 000,000,000 | ---D | C] -- C:\FRST
[2013/03/18 15:30:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/03/18 15:30:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/03/18 15:30:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/03/18 15:28:51 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/03/18 14:10:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/14 16:12:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/03/14 16:12:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/03/14 16:01:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013/03/14 15:24:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/03/14 15:24:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/14 15:24:00 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/03/14 15:24:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/03/14 14:45:31 | 000,027,256 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys
[2013/03/14 14:27:20 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/03/14 14:17:13 | 000,000,000 | ---D | C] -- C:\6db4f6672811fe965da4e9c38ef5
[2013/02/28 13:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2013/02/28 10:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/19 17:59:57 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/19 17:59:57 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/19 17:58:37 | 000,813,676 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/19 17:58:37 | 000,685,582 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/19 17:58:37 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/19 17:54:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator.skelce-l7.000\Desktop\OTL.exe
[2013/03/19 17:54:05 | 000,549,920 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Administrator.skelce-l7.000\Desktop\JRT.exe
[2013/03/19 17:53:03 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/19 17:52:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/19 17:52:38 | 3140,169,728 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/19 17:51:19 | 000,609,993 | ---- | M] () -- C:\Users\Administrator.skelce-l7.000\Desktop\adwcleaner.exe
[2013/03/19 17:50:04 | 005,041,561 | ---- | M] (Swearware) -- C:\Users\Administrator.skelce-l7.000\Desktop\ComboFix.exe
[2013/03/19 16:20:24 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/03/18 15:27:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/18 10:27:49 | 000,412,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/03/15 10:08:11 | 000,773,050 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/03/14 16:13:05 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/03/14 15:24:07 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/14 14:45:31 | 000,027,256 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys
[2013/03/14 14:28:21 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/19 17:51:17 | 000,609,993 | ---- | C] () -- C:\Users\Administrator.skelce-l7.000\Desktop\adwcleaner.exe
[2013/03/19 17:47:04 | 000,001,411 | ---- | C] () -- C:\Users\Administrator.skelce-l7.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/03/19 17:47:02 | 000,001,445 | ---- | C] () -- C:\Users\Administrator.skelce-l7.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/03/19 17:46:38 | 000,000,290 | ---- | C] () -- C:\Users\Administrator.skelce-l7.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/03/19 17:46:38 | 000,000,272 | ---- | C] () -- C:\Users\Administrator.skelce-l7.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/03/18 15:30:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/03/18 15:30:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/03/18 15:30:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/03/18 15:30:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/03/18 15:30:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/03/14 16:12:57 | 000,002,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/03/14 15:24:07 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/10/12 12:40:20 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/10/12 12:40:19 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/10/12 12:40:17 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/10/12 12:40:15 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/10/12 12:40:12 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/10/12 11:26:45 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll
[2011/10/12 11:26:27 | 000,004,500 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/10/12 11:26:06 | 000,000,206 | ---- | C] () -- C:\Windows\hbcikrnl.ini
[2011/10/12 11:22:33 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/03/14 17:09:40 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Notepad++
[2011/10/25 08:33:14 | 000,000,000 | ---D | M] -- C:\Users\skelce.LYRIX\AppData\Roaming\Actual Tools
[2011/10/21 15:14:04 | 000,000,000 | ---D | M] -- C:\Users\skelce.LYRIX\AppData\Roaming\Broadview Networks
[2013/03/14 13:17:52 | 000,000,000 | ---D | M] -- C:\Users\skelce.LYRIX\AppData\Roaming\Skinux
[2012/08/08 11:01:31 | 000,000,000 | ---D | M] -- C:\Users\skelce.LYRIX\AppData\Roaming\webex
[2011/10/21 13:46:57 | 000,000,000 | ---D | M] -- C:\Users\tlesniak\AppData\Roaming\Broadview Networks
[2011/10/21 09:36:27 | 000,000,000 | ---D | M] -- C:\Users\tlesniak\AppData\Roaming\Notepad++
[2013/02/28 13:45:30 | 000,000,000 | ---D | M] -- C:\Users\tlesniak\AppData\Roaming\Skinux
[2011/10/20 16:53:20 | 000,000,000 | ---D | M] -- C:\Users\tlesniak\AppData\Roaming\Wave Systems Corp

========== Purity Check ==========

< End of report >

Lyr21, Mar 19, 2013

#28
Lyr21 Newcomer, in training Posts: 34

Extras.txt

OTL Extras logfile created on: 3/19/2013 6:03:56 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator.skelce-l7.000\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 2.82 Gb Available Physical Memory | 72.35% Memory free
7.80 Gb Paging File | 6.57 Gb Available in Paging File | 84.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.29 Gb Total Space | 233.17 Gb Free Space | 81.45% Space Free | Partition Type: NTFS

Computer Name: SKELCE-L7 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1028007176-880241210-1398436644-500\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0335701D-8E28-4A7F-B0EF-312974755BB2}" = Modem Diagnostic Tool
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software Installer
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)
"{2EECD5EF-5095-467C-B80C-4AB3096EFD60}" = SPBA 5.9
"{377672F0-6B8A-467D-8DDC-79338BCCD531}" = 64 Bit HP CIO Components Installer
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3DCDFCDB-4D96-4CF0-9BB3-C91DAE9073F3}" = PC-CCID
"{414B7B9C-B353-4821-9393-78AE034079E7}" = NTRU TCG Software Stack
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4E60E212-3177-4B16-BCB3-616CCC52357D}" = Upek Touchchip Fingerprint Reader
"{50B4B603-A4C6-4739-AE96-6C76A0F8A388}" = Dell Backup and Recovery Manager
"{560DCF39-61D1-43B0-86DA-5EFF8F7A5144}" = AuthenTec Fingerprint Software
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64973F6A-8754-43D1-BDD0-FC6F0546347B}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6AC87FB3-ACFC-4416-890C-8976D5A9B371}" = Trusted Drive Manager
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7206B668-FEE0-455B-BB1F-9B5A2E0EC94A}" = Custom
"{732D0C79-C6E3-4EDE-8D11-67D58697E0DE}" = O2Micro OZ776 SCR Driver
"{777FF553-493D-4068-BAC7-EE2D73DB7434}" = Wave Infrastructure Installer
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{91CE5F03-3A2A-4268-935A-04944F058AE9}" = Gemalto
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}" = BioAPI Framework
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Data Protection | Access
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F839C6BD-E92E-48FA-9CE6-7BFAF94F7096}" = DellAccess
"{FDF509ED-9624-4FDE-9BAA-9566C186AB96}" = Dell System Manager
"9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
"DW WLAN Card Utility" = DW WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Shrew Soft VPN Client" = Shrew Soft VPN Client
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02BCCCFB-9741-498A-A89E-2C9BFF66DA14}" = OfficeSuite Softphone
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2B2B45B1-3CA0-4F8D-BBB3-AC77ED46A0FE}" = Dell Client System Update
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Netwaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}" = Dell Data Protection | Access | Drivers
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}" = Dell Data Protection | Access | Middleware
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_SMALLBUSINESSR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.VISIOR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.VISIOR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.VISIOR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
"{90140000-0054-0409-0000-0000000FF1CE}_Office14.VISIOR_{CDC4310F-8189-485F-B47D-D972217CE173}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.VISIOR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.VISIOR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.VISIOR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7D91856-258D-4C87-8041-B170851CE432}" = Dell Data Protection | Access
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
"{C28D96C0-6A90-459E-A077-A6706F4EC0FC}" = Bing Bar
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Actual Multiple Monitors_is1" = Actual Multiple Monitors 3.3
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Dell Webcam Central" = Dell Webcam Central
"Google Chrome" = Google Chrome
"InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver
"InstallShield_{732D0C79-C6E3-4EDE-8D11-67D58697E0DE}" = O2Micro OZ776 SCR Driver
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"Notepad++" = Notepad++
"Office14.VISIOR" = Microsoft Visio Premium 2010
"PuTTY_is1" = PuTTY version 0.61
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.3.5

========== Last 20 Event Log Errors ==========

[ Broadcom Wireless LAN Events ]
Error - 3/14/2013 1:49:48 PM | Computer Name = skelce-l7.Lyrix.com | Source = WLAN-Tray | ID = 0
Description = 13:49:48, Thu, Mar 14, 13 Error - Unable to gain access to user store

Error - 3/14/2013 1:53:05 PM | Computer Name = skelce-l7.Lyrix.com | Source = WLAN-Tray | ID = 0
Description = 13:53:05, Thu, Mar 14, 13 Error - Unable to gain access to user store

[ OSession Events ]
Error - 7/25/2012 4:12:56 PM | Computer Name = skelce-l7.Lyrix.com | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 218
seconds with 0 seconds of active time. This session ended with a crash.

< End of report >

Lyr21, Mar 19, 2013

#29

Broni Malware Annihilator Posts: 40,091 +187

Run OTL
Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll File not found
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll File not found
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Authentication Packages - (wvauth) - File not found

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Windows Defender

Press "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

Broni, Mar 19, 2013

#30

Lyr21 Newcomer, in training Posts: 34
I ran OTL again with your above fix and it did appear to hang. When this happened the custom fix box at the bottom still had the following in it

Code:

[emptytemp] [emptyjava] [emptyflash] [Reboot]

I rebooted into safe mode and a log file popped up. Here is that log file:

Files\Folders moved on Reboot...
File move failed. C:\Users\Administrator.skelce-l7.000\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Since you had said that OTL could stall, to run the fix from safe mode, I proceeded to re-run the fix in safe mode. This seemed to hang in the same place, but I just let it be, finally after about 10-15 minutes I got the blue activity bar moving at the bottom of the OTL window. That went on for a good 20+ minutes and finally it said that it needed to reboot. I rebooted, but now I'm getting the "the request is not supported" login error again after I try to enter my username/password in a normal boot.

I rebooted into safe mode expecting OTL to show a log file of what it did, but there are no log files from the previous fix.
Lyr21, Mar 20, 2013

#31
Lyr21 Newcomer, in training Posts: 34

I re-ran FRST, here is the log file:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2013 (ATTENTION: FRST version is 7 days old)
Ran by SYSTEM at 20-03-2013 11:46:54
Running from F:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [608112 2011-04-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [6492672 2011-01-15] (Dell Inc.)
HKLM\...\Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [257392 2011-05-27] (Wave Systems Corp.)
HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-07-25] ()
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [462993 2010-03-12] (Creative Technology Ltd)
HKLM-x32\...\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [50472 2010-04-29] (CyberLink Corp.)
HKU\skelce.LYRIX\...\Run: [Actual Multiple Monitors] "C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe" [1675592 2011-08-05] (Actual Tools)
HKU\tlesniak\...\Run: [OfficeSuite Softphone] "C:\Program Files (x86)\Broadview\officesuite.exe" [14979072 2011-04-11] ()
HKLM-x32\...\RunOnce: [OTL] "C:\Users\Administrator.skelce-l7.000\Desktop\OTL.exe" [602112 2013-03-19] (OldTimer Tools)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.25.9 10.0.25.10
Lsa: [Authentication Packages] msv1_0
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Dell System Manager.lnk
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )

==================== Services (Whitelisted) ===================

2 BrcmMgmtAgent; "C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe" -service [158720 2010-06-29] (Broadcom Corporation)
2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -service [56592 2010-10-07] ()
2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe -service [957712 2010-10-07] ()
2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service [697616 2010-10-07] ()
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [379360 2013-01-27] (Microsoft Corporation)
2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] ()
2 tcsd_win32.exe; "C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe" [1633280 2011-02-17] ()
2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1600000 2011-07-01] (Wave Systems Corp.)
2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [x]
3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [x]
3 BBSvc; "C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE" [x]
2 BBUpdate; "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" [x]

==================== Drivers (Whitelisted) =====================

0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2013-03-20 06:25 - 2013-03-20 06:25 - 00000498 ____A C:\Users\Administrator.skelce-l7.000\Desktop\03202013_101110.log
2013-03-20 06:11 - 2013-03-20 06:11 - 00000000 ____D C:\_OTL
2013-03-19 15:30 - 2013-03-19 16:45 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2013-03-19 14:08 - 2013-03-19 14:12 - 00000000 ____D C:\Users\Administrator.skelce-l7.000\AppData\Roaming\Notepad++
2013-03-19 14:07 - 2013-03-19 14:07 - 00090462 ____A C:\Users\Administrator.skelce-l7.000\Desktop\OTL.Txt
2013-03-19 14:07 - 2013-03-19 14:07 - 00041968 ____A C:\Users\Administrator.skelce-l7.000\Desktop\Extras.Txt
2013-03-19 14:02 - 2013-03-19 14:02 - 00000641 ____A C:\Users\Administrator.skelce-l7.000\Desktop\JRT.txt
2013-03-19 13:56 - 2013-03-19 13:56 - 00000000 ____D C:\Windows\ERUNT
2013-03-19 13:56 - 2013-03-19 13:56 - 00000000 ____D C:\JRT
2013-03-19 13:54 - 2013-03-19 13:54 - 00602112 ____A (OldTimer Tools) C:\Users\Administrator.skelce-l7.000\Desktop\OTL.exe
2013-03-19 13:53 - 2013-03-19 13:54 - 00549920 ____A (Oleg N. Scherbakov) C:\Users\Administrator.skelce-l7.000\Desktop\JRT.exe
2013-03-19 13:51 - 2013-03-19 13:51 - 00609993 ____A C:\Users\Administrator.skelce-l7.000\Desktop\adwcleaner.exe
2013-03-19 13:51 - 2013-03-19 13:51 - 00000745 ____A C:\AdwCleaner[S1].txt
2013-03-19 13:50 - 2013-03-19 13:50 - 05041561 ____A (Swearware) C:\Users\Administrator.skelce-l7.000\Desktop\ComboFix.exe
2013-03-19 13:47 - 2013-03-19 13:47 - 00108840 ____A C:\Users\Administrator.skelce-l7.000\AppData\Local\GDIPFONTCACHEV1.DAT
2013-03-19 13:47 - 2013-03-19 13:47 - 00000000 ____D C:\Users\Administrator.skelce-l7.000\Documents\Bluetooth Exchange Folder
2013-03-19 13:47 - 2013-03-19 13:47 - 00000000 ____D C:\Users\Administrator.skelce-l7.000\AppData\Roaming\Creative
2013-03-19 13:47 - 2013-03-19 13:47 - 00000000 ____D C:\Users\Administrator.skelce-l7.000\AppData\Local\Google
2013-03-19 13:47 - 2013-03-19 13:47 - 00000000 ____D C:\Users\Administrator.skelce-l7.000\AppData\Local\Broadcom
2013-03-19 13:46 - 2013-03-19 13:47 - 00000000 ____D C:\users\Administrator.skelce-l7.000
2013-03-19 13:46 - 2013-03-19 13:46 - 00000020 ___SH C:\Users\Administrator.skelce-l7.000\ntuser.ini
2013-03-19 13:46 - 2011-10-24 13:57 - 00000000 ____D C:\Users\Administrator.skelce-l7.000\AppData\Local\Microsoft Help
2013-03-19 12:33 - 2013-03-19 12:33 - 00108840 ____A C:\Users\Administrator.skelce-l7\AppData\Local\GDIPFONTCACHEV1.DAT
2013-03-19 12:33 - 2013-03-19 12:33 - 00000000 ____D C:\Users\Administrator.skelce-l7\Documents\Bluetooth Exchange Folder
2013-03-19 12:33 - 2013-03-19 12:33 - 00000000 ____D C:\Users\Administrator.skelce-l7\AppData\Roaming\Creative
2013-03-19 12:33 - 2013-03-19 12:33 - 00000000 ____D C:\Users\Administrator.skelce-l7\AppData\Local\Broadcom
2013-03-19 12:32 - 2013-03-19 12:32 - 00000020 ___SH C:\Users\Administrator.skelce-l7\ntuser.ini
2013-03-19 12:32 - 2013-03-19 12:32 - 00000000 ____D C:\users\Administrator.skelce-l7
2013-03-19 12:32 - 2011-10-24 13:57 - 00000000 ____D C:\Users\Administrator.skelce-l7\AppData\Local\Microsoft Help
2013-03-19 12:25 - 2013-03-19 12:25 - 00021054 ____A C:\ComboFix.txt
2013-03-19 12:06 - 2013-03-19 12:07 - 05041561 ____R (Swearware) C:\Users\Administrator.skelce-l7\Desktop\ComboFix.exe
2013-03-19 12:05 - 2013-03-19 12:05 - 00000000 ____D C:\Users\Administrator.skelce-l7\AppData\Local\Google
2013-03-19 10:03 - 2013-03-19 10:03 - 00000000 ____D C:\FRST
2013-03-18 12:32 - 2013-03-18 12:32 - 05041875 ____R (Swearware) C:\Users\Administrator\Desktop\lyr-fix.exe
2013-03-18 12:32 - 2013-03-18 12:32 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\Administrator\Desktop\rkill.exe
2013-03-18 11:30 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2013-03-18 11:30 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2013-03-18 11:30 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-03-18 11:30 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-03-18 11:30 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-03-18 11:30 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2013-03-18 11:30 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2013-03-18 11:30 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2013-03-18 11:28 - 2013-03-19 12:16 - 00000000 ____D C:\Windows\erdnt
2013-03-18 10:10 - 2013-03-19 12:25 - 00000000 ____D C:\Qoobox
2013-03-15 05:33 - 2012-12-16 09:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-03-15 05:33 - 2012-12-16 06:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-03-15 05:33 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-03-15 05:33 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-03-15 05:31 - 2013-03-15 05:31 - 00000000 ____D C:\Users\Administrator\Desktop\mbar-1.01.0.1021
2013-03-15 05:28 - 2013-03-15 05:30 - 00001818 ____A C:\Users\Administrator\Desktop\RKreport[2]_D_03152013_02d0928.txt
2013-03-15 05:27 - 2013-02-01 23:31 - 17815040 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-03-15 05:27 - 2013-02-01 22:58 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-03-15 05:27 - 2013-02-01 22:57 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-03-15 05:27 - 2013-02-01 22:48 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-03-15 05:27 - 2013-02-01 22:47 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-03-15 05:27 - 2013-02-01 22:47 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-03-15 05:27 - 2013-02-01 22:46 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-03-15 05:27 - 2013-02-01 22:43 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-03-15 05:27 - 2013-02-01 22:42 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-03-15 05:27 - 2013-02-01 22:42 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-03-15 05:27 - 2013-02-01 22:41 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-03-15 05:27 - 2013-02-01 22:40 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-03-15 05:27 - 2013-02-01 22:39 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-03-15 05:27 - 2013-02-01 22:38 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-03-15 05:27 - 2013-02-01 22:38 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-03-15 05:27 - 2013-02-01 22:34 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-03-15 05:27 - 2013-02-01 20:09 - 12321792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-03-15 05:27 - 2013-02-01 19:42 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-03-15 05:27 - 2013-02-01 19:38 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-03-15 05:27 - 2013-02-01 19:31 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-03-15 05:27 - 2013-02-01 19:30 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-03-15 05:27 - 2013-02-01 19:30 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-03-15 05:27 - 2013-02-01 19:29 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-03-15 05:27 - 2013-02-01 19:27 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-03-15 05:27 - 2013-02-01 19:26 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-03-15 05:27 - 2013-02-01 19:26 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-03-15 05:27 - 2013-02-01 19:26 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-03-15 05:27 - 2013-02-01 19:25 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-03-15 05:27 - 2013-02-01 19:23 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-03-15 05:27 - 2013-02-01 19:23 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-03-15 05:27 - 2013-02-01 19:23 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-03-15 05:27 - 2013-02-01 19:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-03-15 05:26 - 2013-03-15 05:26 - 00001748 ____A C:\Users\Administrator\Desktop\RKreport[1]_S_03152013_02d0926.txt
2013-03-15 05:24 - 2013-03-15 05:28 - 00000000 ____D C:\Users\Administrator\Desktop\RK_Quarantine
2013-03-15 05:21 - 2013-03-15 05:21 - 13786977 ____A C:\Users\Administrator\Desktop\mbar-1.01.0.1021.zip
2013-03-15 05:20 - 2013-03-15 05:20 - 00815616 ____A C:\Users\Administrator\Desktop\RogueKiller.exe
2013-03-14 13:02 - 2013-03-14 13:09 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Notepad++
2013-03-14 12:57 - 2013-03-14 12:57 - 00075075 ____A C:\Users\Administrator\Desktop\attach.txt
2013-03-14 12:57 - 2013-03-14 12:57 - 00016267 ____A C:\Users\Administrator\Desktop\dds.txt
2013-03-14 12:32 - 2013-01-04 21:53 - 05553512 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-03-14 12:32 - 2013-01-04 21:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-03-14 12:32 - 2013-01-04 21:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-03-14 12:32 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-03-14 12:32 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-03-14 12:32 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-03-14 12:32 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-03-14 12:32 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-03-14 12:32 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-03-14 12:31 - 2013-01-03 19:26 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-03-14 12:31 - 2012-11-08 21:45 - 00750592 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-03-14 12:31 - 2012-11-08 21:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-03-14 12:31 - 2012-11-08 20:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-03-14 12:31 - 2012-11-08 20:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-03-14 12:31 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-03-14 12:31 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-03-14 12:31 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-03-14 12:31 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-03-14 12:31 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2013-03-14 12:31 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-03-14 12:31 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-03-14 12:31 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-03-14 12:31 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-03-14 12:30 - 2012-10-31 21:43 - 02002432 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-03-14 12:30 - 2012-10-31 21:43 - 01882624 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2013-03-14 12:30 - 2012-10-31 20:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-03-14 12:30 - 2012-10-31 20:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-03-14 12:30 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2013-03-14 12:30 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2013-03-14 12:29 - 2013-01-03 21:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-03-14 12:29 - 2013-01-03 20:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-03-14 12:29 - 2013-01-03 18:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-03-14 12:29 - 2013-01-03 18:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-03-14 12:29 - 2013-01-03 18:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-03-14 12:29 - 2013-01-03 18:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-03-14 12:29 - 2013-01-02 22:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-03-14 12:29 - 2013-01-02 22:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2013-03-14 12:29 - 2012-11-19 21:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-03-14 12:29 - 2012-11-19 20:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-03-14 12:29 - 2012-11-01 21:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2013-03-14 12:29 - 2012-11-01 21:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2013-03-14 12:29 - 2012-10-04 09:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2013-03-14 12:29 - 2012-10-04 09:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-03-14 12:29 - 2012-10-04 09:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2013-03-14 12:29 - 2012-10-04 09:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-03-14 12:29 - 2012-10-04 09:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-03-14 12:29 - 2012-10-04 09:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-03-14 12:29 - 2012-10-04 08:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 07:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-03-14 12:29 - 2012-10-04 06:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 06:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 06:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-03-14 12:29 - 2012-10-04 06:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-03-14 12:29 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-03-14 12:29 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-03-14 12:29 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2013-03-14 12:28 - 2012-11-22 19:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe
2013-03-14 12:28 - 2012-09-25 14:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2013-03-14 12:28 - 2012-09-25 14:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2013-03-14 12:28 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2013-03-14 12:28 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-03-14 12:28 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2013-03-14 12:28 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2013-03-14 12:28 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2013-03-14 12:28 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2013-03-14 12:28 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2013-03-14 12:13 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2013-03-14 12:13 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2013-03-14 12:13 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2013-03-14 12:12 - 2013-03-14 12:13 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-03-14 12:12 - 2013-03-14 12:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-03-14 12:01 - 2013-03-14 12:01 - 00000000 ____D C:\Windows\System32\appmgmt
2013-03-14 11:38 - 2013-03-14 11:38 - 00688992 ____R (Swearware) C:\Users\Administrator\Desktop\dds.com
2013-03-14 11:24 - 2013-03-14 11:24 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-03-14 11:24 - 2013-03-14 11:24 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-03-14 11:24 - 2013-03-14 11:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-03-14 11:24 - 2013-03-14 11:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-14 11:24 - 2012-12-14 12:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-03-14 11:21 - 2013-03-14 11:22 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-1.70.0.1100.exe
2013-03-14 10:45 - 2013-03-14 10:45 - 01805736 ____A (Symantec Corporation) C:\Users\Administrator\Downloads\FixZeroAccess.exe
2013-03-14 10:45 - 2013-03-14 10:45 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2013-03-14 10:27 - 2013-03-14 10:33 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-03-14 10:24 - 2013-03-14 10:24 - 02218636 ____A C:\Users\Administrator\Desktop\tdsskiller.zip
2013-03-14 10:24 - 2013-03-14 10:24 - 00000000 ____D C:\Users\Administrator\Desktop\tdsskiller
2013-03-14 10:24 - 2013-03-14 10:24 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\WinRAR
2013-03-14 10:17 - 2013-03-14 10:17 - 00000000 ____D C:\6db4f6672811fe965da4e9c38ef5
2013-03-14 10:09 - 2013-03-14 10:09 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2013-03-14 10:08 - 2013-03-14 10:08 - 00000000 ____D C:\Users\Administrator\Documents\Bluetooth Exchange Folder
2013-03-14 10:08 - 2013-03-14 10:08 - 00000000 ____D C:\Users\Administrator\AppData\Local\Broadcom
2013-03-14 10:07 - 2013-03-14 10:07 - 00108840 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2013-03-14 10:07 - 2013-03-14 10:07 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Creative
2013-03-14 09:51 - 2013-03-14 09:51 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\qiylpclo.sys
2013-03-14 09:40 - 2013-03-18 11:20 - 00000000 ____D C:\users\Administrator
2013-03-14 09:40 - 2013-03-14 09:40 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2013-03-14 09:40 - 2011-10-24 13:57 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2013-03-14 09:21 - 2013-03-14 09:22 - 13475464 ____A (Microsoft Corporation) C:\Users\skelce.LYRIX\Downloads\mseinstall.exe
2013-03-14 06:45 - 2013-03-14 06:45 - 00008046 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (16).wav
2013-03-14 04:36 - 2013-03-14 04:36 - 00012597 ____A C:\Users\skelce.LYRIX\Downloads\Heather's Timesheet Mar 1 to Mar 15 2013.xlsx
2013-03-13 06:58 - 2013-03-13 06:58 - 00047402 ____A C:\Users\skelce.LYRIX\Downloads\TimeSheet March 15 2013.xlsm
2013-03-12 12:34 - 2013-03-12 12:34 - 00045006 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (15).wav
2013-03-12 12:32 - 2013-03-12 12:32 - 00040526 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (14).wav
2013-03-12 10:01 - 2013-03-12 10:01 - 00346606 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (13).wav
2013-03-12 09:46 - 2013-03-12 09:46 - 03122563 ____A C:\Users\skelce.LYRIX\Downloads\2013 February Mobile, ADSL and home line Expenses cash GBP.zip
2013-03-11 07:22 - 2013-03-11 07:22 - 00198766 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (12).wav
2013-03-11 07:20 - 2013-03-11 07:20 - 00198766 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (11).wav
2013-03-11 05:44 - 2013-03-11 05:44 - 00036846 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (10).wav
2013-03-06 10:08 - 2013-03-06 10:08 - 00060206 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (9).wav
2013-03-04 11:14 - 2013-03-04 11:14 - 00000078 ____A C:\Users\skelce.LYRIX\Downloads\ArchiveService (7).csv
2013-03-04 11:14 - 2013-03-04 11:14 - 00000078 ____A C:\Users\skelce.LYRIX\Downloads\ArchiveService (6).csv
2013-03-04 11:11 - 2013-03-04 11:11 - 00000022 ____A C:\Users\skelce.LYRIX\Downloads\ArchiveService (5).csv
2013-02-28 09:13 - 2013-02-28 09:13 - 00000000 ____D C:\Users\tlesniak\Documents\Dell WebCam Central
2013-02-28 09:13 - 2013-02-28 09:13 - 00000000 ____D C:\ProgramData\Creative
2013-02-28 08:56 - 2013-02-28 08:56 - 01004952 ____A (Solid State Networks) C:\Users\skelce.LYRIX\Downloads\install_flashplayer11x32_mssa_aih.exe
2013-02-28 06:37 - 2013-02-28 06:37 - 00861088 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-02-28 06:17 - 2013-02-28 06:17 - 00000000 ____D C:\ProgramData\McAfee
2013-02-27 06:54 - 2013-02-27 06:54 - 00047314 ____A C:\Users\skelce.LYRIX\Downloads\TimeSheet February 28 2013.xlsm
2013-02-26 13:22 - 2013-02-26 13:22 - 00522926 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (8).wav
2013-02-26 06:03 - 2013-02-26 06:03 - 00012568 ____A C:\Users\skelce.LYRIX\Downloads\Heather's Timesheet Feb16 to Feb 28 2013.xlsx
2013-02-21 12:06 - 2013-02-21 12:06 - 00811672 ____A C:\Users\skelce.LYRIX\Downloads\message_zdm (3).html
2013-02-20 13:40 - 2013-02-20 13:40 - 00142650 ____A C:\Users\skelce.LYRIX\Downloads\importantpleasecompletetheadprtipreparationform (1).zip
2013-02-20 13:38 - 2013-02-20 13:38 - 00142650 ____A C:\Users\skelce.LYRIX\Downloads\importantpleasecompletetheadprtipreparationform.zip

==================== One Month Modified Files and Folders =======

2013-03-20 07:37 - 2009-07-13 21:13 - 00813676 ____A C:\Windows\System32\PerfStringBackup.INI
2013-03-20 07:30 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-03-20 07:30 - 2009-07-13 20:51 - 00056051 ____A C:\Windows\setupact.log
2013-03-20 06:25 - 2013-03-20 06:25 - 00000498 ____A C:\Users\Administrator.skelce-l7.000\Desktop\03202013_101110.log
2013-03-20 06:14 - 2009-07-13 20:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-03-20 06:14 - 2009-07-13 20:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-03-20 06:11 - 2013-03-20 06:11 - 00000000 ____D C:\_OTL
2013-03-20 06:07 - 2011-10-21 05:47 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-03-19 16:45 - 2013-03-19 15:30 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2013-03-19 14:12 - 2013-03-19 14:08 - 00000000 ____D C:\Users\Administrator.skelce-l7.000\AppData\Roaming\Notepad++
2013-03-19 14:07 - 2013-03-19 14:07 - 00090462 ____A C:\Users\Administrator.skelce-l7.000\Desktop\OTL.Txt
2013-03-19 14:07 - 2013-03-19 14:07 - 00041968 ____A C:\Users\Administrator.skelce-l7.000\Desktop\Extras.Txt
2013-03-19 14:02 - 2013-03-19 14:02 - 00000641 ____A C:\Users\Administrator.skelce-l7.000\Desktop\JRT.txt
2013-03-19 13:56 - 2013-03-19 13:56 - 00000000 ____D C:\Windows\ERUNT
2013-03-19 13:56 - 2013-03-19 13:56 - 00000000 ____D C:\JRT
2013-03-19 13:54 - 2013-03-19 13:54 - 00602112 ____A (OldTimer Tools) C:\Users\Administrator.skelce-l7.000\Desktop\OTL.exe
2013-03-19 13:54 - 2013-03-19 13:53 - 00549920 ____A (Oleg N. Scherbakov) C:\Users\Administrator.skelce-l7.000\Desktop\JRT.exe
2013-03-19 13:51 - 2013-03-19 13:51 - 00609993 ____A C:\Users\Administrator.skelce-l7.000\Desktop\adwcleaner.exe
2013-03-19 13:51 - 2013-03-19 13:51 - 00000745 ____A C:\AdwCleaner[S1].txt
2013-03-19 13:50 - 2013-03-19 13:50 - 05041561 ____A (Swearware) C:\Users\Administrator.skelce-l7.000\Desktop\ComboFix.exe
2013-03-19 13:47 - 2013-03-19 13:47 - 00108840 ____A C:\Users\Administrator.skelce-l7.000\AppData\Local\GDIPFONTCACHEV1.DAT
2013-03-19 13:47 - 2013-03-19 13:47 - 00000000 ____D C:\Users\Administrator.skelce-l7.000\Documents\Bluetooth Exchange Folder
2013-03-19 13:47 - 2013-03-19 13:47 - 00000000 ____D C:\Users\Administrator.skelce-l7.000\AppData\Roaming\Creative
2013-03-19 13:47 - 2013-03-19 13:47 - 00000000 ____D C:\Users\Administrator.skelce-l7.000\AppData\Local\Google
2013-03-19 13:47 - 2013-03-19 13:47 - 00000000 ____D C:\Users\Administrator.skelce-l7.000\AppData\Local\Broadcom
2013-03-19 13:47 - 2013-03-19 13:46 - 00000000 ____D C:\users\Administrator.skelce-l7.000
2013-03-19 13:46 - 2013-03-19 13:46 - 00000020 ___SH C:\Users\Administrator.skelce-l7.000\ntuser.ini
2013-03-19 12:33 - 2013-03-19 12:33 - 00108840 ____A C:\Users\Administrator.skelce-l7\AppData\Local\GDIPFONTCACHEV1.DAT
2013-03-19 12:33 - 2013-03-19 12:33 - 00000000 ____D C:\Users\Administrator.skelce-l7\Documents\Bluetooth Exchange Folder
2013-03-19 12:33 - 2013-03-19 12:33 - 00000000 ____D C:\Users\Administrator.skelce-l7\AppData\Roaming\Creative
2013-03-19 12:33 - 2013-03-19 12:33 - 00000000 ____D C:\Users\Administrator.skelce-l7\AppData\Local\Broadcom
2013-03-19 12:32 - 2013-03-19 12:32 - 00000020 ___SH C:\Users\Administrator.skelce-l7\ntuser.ini
2013-03-19 12:32 - 2013-03-19 12:32 - 00000000 ____D C:\users\Administrator.skelce-l7
2013-03-19 12:25 - 2013-03-19 12:25 - 00021054 ____A C:\ComboFix.txt
2013-03-19 12:25 - 2013-03-18 10:10 - 00000000 ____D C:\Qoobox
2013-03-19 12:20 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2013-03-19 12:17 - 2010-11-20 19:47 - 00029564 ____A C:\Windows\PFRO.log
2013-03-19 12:16 - 2013-03-18 11:28 - 00000000 ____D C:\Windows\erdnt
2013-03-19 12:16 - 2009-07-13 18:34 - 68464640 ____A C:\Windows\System32\config\SOFTWARE.bak
2013-03-19 12:16 - 2009-07-13 18:34 - 14417920 ____A C:\Windows\System32\config\SYSTEM.bak
2013-03-19 12:16 - 2009-07-13 18:34 - 00335872 ____A C:\Windows\System32\config\DEFAULT.bak
2013-03-19 12:16 - 2009-07-13 18:34 - 00061440 ____A C:\Windows\System32\config\SAM.bak
2013-03-19 12:16 - 2009-07-13 18:34 - 00028672 ____A C:\Windows\System32\config\SECURITY.bak
2013-03-19 12:07 - 2013-03-19 12:06 - 05041561 ____R (Swearware) C:\Users\Administrator.skelce-l7\Desktop\ComboFix.exe
2013-03-19 12:05 - 2013-03-19 12:05 - 00000000 ____D C:\Users\Administrator.skelce-l7\AppData\Local\Google
2013-03-19 10:03 - 2013-03-19 10:03 - 00000000 ____D C:\FRST
2013-03-18 13:12 - 2011-10-12 07:07 - 02030933 ____A C:\Windows\WindowsUpdate.log
2013-03-18 12:32 - 2013-03-18 12:32 - 05041875 ____R (Swearware) C:\Users\Administrator\Desktop\lyr-fix.exe
2013-03-18 12:32 - 2013-03-18 12:32 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\Administrator\Desktop\rkill.exe
2013-03-18 12:32 - 2011-10-20 12:46 - 00000224 ____A C:\Windows\System32\config\netlogon.ftl
2013-03-18 11:38 - 2011-10-21 10:47 - 00000000 ____D C:\users\skelce.LYRIX
2013-03-18 11:27 - 2011-10-21 05:47 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-03-18 11:20 - 2013-03-14 09:40 - 00000000 ____D C:\users\Administrator
2013-03-18 11:18 - 2011-10-21 05:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-03-18 11:18 - 2011-10-20 12:48 - 00000000 ____D C:\users\tlesniak
2013-03-18 11:18 - 2011-10-20 12:17 - 00000000 ____D C:\users\skelce
2013-03-18 11:17 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-03-18 06:27 - 2012-05-11 11:58 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-03-18 06:27 - 2012-05-11 11:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-03-18 06:27 - 2009-07-13 20:45 - 00412624 ____A C:\Windows\System32\FNTCACHE.DAT
2013-03-15 06:10 - 2012-01-11 09:25 - 00000000 __SHD C:\Users\skelce.LYRIX\AppData\Local\{43c45790-a302-66a2-21db-bedf28d52ae1}
2013-03-15 06:09 - 2011-10-21 08:06 - 00000039 ____A C:\Windows\vbaddin.ini
2013-03-15 06:09 - 2011-10-21 06:07 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-03-15 06:08 - 2011-02-10 06:33 - 00773050 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-03-15 05:31 - 2013-03-15 05:31 - 00000000 ____D C:\Users\Administrator\Desktop\mbar-1.01.0.1021
2013-03-15 05:30 - 2013-03-15 05:28 - 00001818 ____A C:\Users\Administrator\Desktop\RKreport[2]_D_03152013_02d0928.txt
2013-03-15 05:28 - 2013-03-15 05:24 - 00000000 ____D C:\Users\Administrator\Desktop\RK_Quarantine
2013-03-15 05:26 - 2013-03-15 05:26 - 00001748 ____A C:\Users\Administrator\Desktop\RKreport[1]_S_03152013_02d0926.txt
2013-03-15 05:24 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
2013-03-15 05:21 - 2013-03-15 05:21 - 13786977 ____A C:\Users\Administrator\Desktop\mbar-1.01.0.1021.zip
2013-03-15 05:20 - 2013-03-15 05:20 - 00815616 ____A C:\Users\Administrator\Desktop\RogueKiller.exe
2013-03-14 13:09 - 2013-03-14 13:02 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Notepad++
2013-03-14 12:57 - 2013-03-14 12:57 - 00075075 ____A C:\Users\Administrator\Desktop\attach.txt
2013-03-14 12:57 - 2013-03-14 12:57 - 00016267 ____A C:\Users\Administrator\Desktop\dds.txt
2013-03-14 12:13 - 2013-03-14 12:12 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-03-14 12:13 - 2011-10-21 05:31 - 00001945 ____A C:\Windows\epplauncher.mif
2013-03-14 12:12 - 2013-03-14 12:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-03-14 12:03 - 2011-10-21 05:39 - 00000000 ____D C:\ProgramData\Adobe
2013-03-14 12:01 - 2013-03-14 12:01 - 00000000 ____D C:\Windows\System32\appmgmt
2013-03-14 11:38 - 2013-03-14 11:38 - 00688992 ____R (Swearware) C:\Users\Administrator\Desktop\dds.com
2013-03-14 11:24 - 2013-03-14 11:24 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-03-14 11:24 - 2013-03-14 11:24 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-03-14 11:24 - 2013-03-14 11:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-03-14 11:24 - 2013-03-14 11:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-14 11:22 - 2013-03-14 11:21 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-1.70.0.1100.exe
2013-03-14 10:45 - 2013-03-14 10:45 - 01805736 ____A (Symantec Corporation) C:\Users\Administrator\Downloads\FixZeroAccess.exe
2013-03-14 10:45 - 2013-03-14 10:45 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2013-03-14 10:33 - 2013-03-14 10:27 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-03-14 10:28 - 2012-07-18 09:59 - 00002185 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-03-14 10:24 - 2013-03-14 10:24 - 02218636 ____A C:\Users\Administrator\Desktop\tdsskiller.zip
2013-03-14 10:24 - 2013-03-14 10:24 - 00000000 ____D C:\Users\Administrator\Desktop\tdsskiller
2013-03-14 10:24 - 2013-03-14 10:24 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\WinRAR
2013-03-14 10:17 - 2013-03-14 10:17 - 00000000 ____D C:\6db4f6672811fe965da4e9c38ef5
2013-03-14 10:09 - 2013-03-14 10:09 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2013-03-14 10:08 - 2013-03-14 10:08 - 00000000 ____D C:\Users\Administrator\Documents\Bluetooth Exchange Folder
2013-03-14 10:08 - 2013-03-14 10:08 - 00000000 ____D C:\Users\Administrator\AppData\Local\Broadcom
2013-03-14 10:07 - 2013-03-14 10:07 - 00108840 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2013-03-14 10:07 - 2013-03-14 10:07 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Creative
2013-03-14 10:05 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2013-03-14 09:51 - 2013-03-14 09:51 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\qiylpclo.sys
2013-03-14 09:40 - 2013-03-14 09:40 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2013-03-14 09:22 - 2013-03-14 09:21 - 13475464 ____A (Microsoft Corporation) C:\Users\skelce.LYRIX\Downloads\mseinstall.exe
2013-03-14 09:17 - 2011-10-21 11:14 - 00000000 ____D C:\Users\skelce.LYRIX\AppData\Roaming\Skinux
2013-03-14 06:45 - 2013-03-14 06:45 - 00008046 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (16).wav
2013-03-14 04:36 - 2013-03-14 04:36 - 00012597 ____A C:\Users\skelce.LYRIX\Downloads\Heather's Timesheet Mar 1 to Mar 15 2013.xlsx
2013-03-13 06:58 - 2013-03-13 06:58 - 00047402 ____A C:\Users\skelce.LYRIX\Downloads\TimeSheet March 15 2013.xlsm
2013-03-12 12:34 - 2013-03-12 12:34 - 00045006 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (15).wav
2013-03-12 12:32 - 2013-03-12 12:32 - 00040526 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (14).wav
2013-03-12 10:01 - 2013-03-12 10:01 - 00346606 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (13).wav
2013-03-12 09:46 - 2013-03-12 09:46 - 03122563 ____A C:\Users\skelce.LYRIX\Downloads\2013 February Mobile, ADSL and home line Expenses cash GBP.zip
2013-03-11 07:22 - 2013-03-11 07:22 - 00198766 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (12).wav
2013-03-11 07:20 - 2013-03-11 07:20 - 00198766 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (11).wav
2013-03-11 05:44 - 2013-03-11 05:44 - 00036846 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (10).wav
2013-03-06 10:08 - 2013-03-06 10:08 - 00060206 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (9).wav
2013-03-04 11:14 - 2013-03-04 11:14 - 00000078 ____A C:\Users\skelce.LYRIX\Downloads\ArchiveService (7).csv
2013-03-04 11:14 - 2013-03-04 11:14 - 00000078 ____A C:\Users\skelce.LYRIX\Downloads\ArchiveService (6).csv
2013-03-04 11:11 - 2013-03-04 11:11 - 00000022 ____A C:\Users\skelce.LYRIX\Downloads\ArchiveService (5).csv
2013-03-04 10:53 - 2011-10-21 10:08 - 72013344 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-02-28 09:45 - 2011-10-21 10:19 - 00000000 ____D C:\Users\tlesniak\AppData\Roaming\Skinux
2013-02-28 09:13 - 2013-02-28 09:13 - 00000000 ____D C:\Users\tlesniak\Documents\Dell WebCam Central
2013-02-28 09:13 - 2013-02-28 09:13 - 00000000 ____D C:\ProgramData\Creative
2013-02-28 09:11 - 2011-10-21 05:48 - 00002261 ____A C:\Users\tlesniak\Desktop\Google Chrome.lnk
2013-02-28 09:11 - 2011-10-20 12:49 - 00108840 ____A C:\Users\tlesniak\AppData\Local\GDIPFONTCACHEV1.DAT
2013-02-28 08:56 - 2013-02-28 08:56 - 01004952 ____A (Solid State Networks) C:\Users\skelce.LYRIX\Downloads\install_flashplayer11x32_mssa_aih.exe
2013-02-28 08:49 - 2012-04-20 07:22 - 00012389 ____A C:\Users\skelce.LYRIX\Desktop\EE Stock Ownership Addresses.xlsx
2013-02-28 06:37 - 2013-02-28 06:37 - 00861088 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-02-28 06:37 - 2011-10-12 07:16 - 00782240 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-02-28 06:17 - 2013-02-28 06:17 - 00000000 ____D C:\ProgramData\McAfee
2013-02-27 06:54 - 2013-02-27 06:54 - 00047314 ____A C:\Users\skelce.LYRIX\Downloads\TimeSheet February 28 2013.xlsm
2013-02-26 13:22 - 2013-02-26 13:22 - 00522926 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (8).wav
2013-02-26 06:03 - 2013-02-26 06:03 - 00012568 ____A C:\Users\skelce.LYRIX\Downloads\Heather's Timesheet Feb16 to Feb 28 2013.xlsx
2013-02-21 12:06 - 2013-02-21 12:06 - 00811672 ____A C:\Users\skelce.LYRIX\Downloads\message_zdm (3).html
2013-02-20 13:40 - 2013-02-20 13:40 - 00142650 ____A C:\Users\skelce.LYRIX\Downloads\importantpleasecompletetheadprtipreparationform (1).zip
2013-02-20 13:38 - 2013-02-20 13:38 - 00142650 ____A C:\Users\skelce.LYRIX\Downloads\importantpleasecompletetheadprtipreparationform.zip

Lyr21, Mar 20, 2013

#32
Lyr21 Newcomer, in training Posts: 34

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-01-18 07:54:32
Restore point made on: 2013-02-13 13:22:03
Restore point made on: 2013-02-28 06:36:48
Restore point made on: 2013-02-28 06:37:22
Restore point made on: 2013-03-14 12:00:32
Restore point made on: 2013-03-14 12:02:54
Restore point made on: 2013-03-14 12:04:58
Restore point made on: 2013-03-14 12:18:28
Restore point made on: 2013-03-15 05:22:18
Restore point made on: 2013-03-18 06:36:34
Restore point made on: 2013-03-18 10:04:27
Restore point made on: 2013-03-18 11:13:04
Restore point made on: 2013-03-19 12:04:03

==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 3992.93 MB
Available physical RAM: 3350.59 MB
Total Pagefile: 3991.13 MB
Available Pagefile: 3334.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:286.29 GB) (Free:237.88 GB) NTFS
3 Drive f: () (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (RECOVERY) (Fixed) (Total:11.76 GB) (Free:5.34 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 1920 MB 0 B

Partitions of Disk 0:
===============

Disk ID: 1A17B0CE

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 11 GB 40 MB
Partition 3 Primary 286 GB 11 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 39 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 11 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 286 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Disk ID: 00000001

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 1920 MB 0 B

==================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

=========================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 1A17B0CE

Partition 1:
=========
Hex: 00010100DEFE3F043F00000086390100
Active: NO
Type: DE
Size: 39 MB

Partition 2:
=========
Hex: 8019150507FEFFFF0040010000607801
Active: YES
Type: 07 (NTFS)
Size: 12 GB

Partition 3:
=========
Hex: 00FEFFFF07FEFFFF00A079010040C923
Active: NO
Type: 07 (NTFS)
Size: 286 GB

==============================
Partitions of Disk 1:
===============
Disk ID: 6F20736B

Partition 1:
=========
Hex: 6F74686572206D656469612EFF0D0A44
Active: NO
Type: 72
Size: 544 GB

Partition 2:
=========
Hex: 69736B206572726F72FF0D0A50726573
Active: NO
Type: 65
Size: 923 GB

Partition 3:
=========
Hex: 7320616E79206B657920746F20726573
Active: NO
Type: 79
Size: 923 GB

Partition 4:
=========
Hex: 746172740D0A00000000000000ACCBD8
Active: NO
Type: 0D
Size: -336763289600 byte

Last Boot: 2013-03-05 08:03

==================== End Of Log =============================

Lyr21, Mar 20, 2013

#33
Broni Malware Annihilator Posts: 40,091 +187
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if you can boot normally.
Attached Files:
- fixlist.txt
  
  File size:
  
  27 bytes
  
  Views:
  
  1
Broni, Mar 20, 2013

#34
Lyr21 Newcomer, in training Posts: 34

I can now boot normally and login after running the frst fix. Here is the log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2013
Ran by SYSTEM at 2013-03-21 14:05:01 Run:3
Running from F:\

==============================================

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====

Lyr21, Mar 21, 2013

#35
Broni Malware Annihilator Posts: 40,091 +187

Good news but what bothers me is why running Combofix fix or OTL fix causes some issues for you.

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

Go to Step 4 and under "System Restore" click on Create button:

Go to Start Repairs tab and click Start button.

Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start button.

Post Windows Repair log (_windows_repair_log.txt) which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

Broni, Mar 21, 2013

#36
Lyr21 Newcomer, in training Posts: 34

Ran the checkdisk, no troubles found.
Ran the system file check and I believe that it did fix a few issues. I've got the log file but it's 1.5million characters, so I'm not going to be posting that (and you didn't request it anyway).
Ran the repairs and here is the windows repair logfile:

Running Repair Under System Account
Running Repair Under System Account
Starting Repairs...
Start (3/21/2013 4:42:49 PM)

Reset Registry Permissions 01/03
HKEY_CURRENT_USER & Sub Keys
Start (3/21/2013 4:42:49 PM)
Running Repair Under Current User Account
Done (3/21/2013 4:42:52 PM)

Reset Registry Permissions 02/03
HKEY_LOCAL_MACHINE & Sub Keys
Start (3/21/2013 4:42:52 PM)
Running Repair Under System Account
Done (3/21/2013 4:43:39 PM)

Reset Registry Permissions 03/03
HKEY_CLASSES_ROOT & Sub Keys
Start (3/21/2013 4:43:39 PM)
Running Repair Under System Account
Done (3/21/2013 4:44:09 PM)

Register System Files
Start (3/21/2013 4:44:09 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/21/2013 4:44:28 PM)

Repair WMI
Start (3/21/2013 4:44:28 PM)
Running Repair Under Current User Account
Invalid Global Switch.

Invalid Global Switch.

Running Repair Under System Account
Invalid Global Switch.

Invalid Global Switch.

Done (3/21/2013 4:46:12 PM)

Repair Windows Firewall
Start (3/21/2013 4:46:12 PM)
Running Repair Under Current User Account
The service name is invalid.

More help is available by typing NET HELPMSG 2185.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

Running Repair Under System Account
The service name is invalid.

More help is available by typing NET HELPMSG 2185.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

Done (3/21/2013 4:46:17 PM)

Repair Internet Explorer
Start (3/21/2013 4:46:17 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/21/2013 4:46:23 PM)

Repair MDAC/MS Jet
Start (3/21/2013 4:46:23 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/21/2013 4:46:34 PM)

Repair Hosts File
Start (3/21/2013 4:46:34 PM)
Running Repair Under System Account
Done (3/21/2013 4:46:37 PM)

Remove Policies Set By Infections
Start (3/21/2013 4:46:37 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/21/2013 4:46:41 PM)

Repair Icons
Start (3/21/2013 4:46:42 PM)
Running Repair Under System Account
Could Not Find C:\Users\Administrator.skelce-l7.001\AppData\Local\IconCache.db.bak
Could Not Find C:\Users\Administrator.skelce-l7.001\AppData\Local\IconCache.db
Done (3/21/2013 4:46:44 PM)

Repair Winsock & DNS Cache
Start (3/21/2013 4:46:44 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/21/2013 4:46:59 PM)

Repair Proxy Settings
Start (3/21/2013 4:46:59 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/21/2013 4:47:04 PM)

Repair Windows Updates
Start (3/21/2013 4:47:04 PM)
Running Repair Under Current User Account
The service name is invalid.

More help is available by typing NET HELPMSG 2185.

The Windows Update service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.
Running Repair Under System Account
The Cryptographic Services service is not started.

More help is available by typing NET HELPMSG 3521.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

The Windows Update service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.
Done (3/21/2013 4:47:38 PM)

Repair CD/DVD Missing/Not Working
Start (3/21/2013 4:47:38 PM)
Done (3/21/2013 4:47:38 PM)

Repair Volume Shadow Copy Service
Start (3/21/2013 4:47:38 PM)
Running Repair Under Current User Account
The Volume Shadow Copy service is not started.

More help is available by typing NET HELPMSG 3521.

Running Repair Under System Account
The Volume Shadow Copy service is not started.

More help is available by typing NET HELPMSG 3521.

The Microsoft Software Shadow Copy Provider service is not started.

More help is available by typing NET HELPMSG 3521.

Done (3/21/2013 4:47:45 PM)

Repair MSI (Windows Installer)
Start (3/21/2013 4:47:45 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/21/2013 4:47:54 PM)

Repair bat Association
Start (3/21/2013 4:47:54 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/21/2013 4:47:58 PM)

Repair cmd Association
Start (3/21/2013 4:47:58 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/21/2013 4:48:03 PM)

Repair com Association
Start (3/21/2013 4:48:03 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/21/2013 4:48:08 PM)

Repair Directory Association
Start (3/21/2013 4:48:08 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/21/2013 4:48:13 PM)

Repair Drive Association
Start (3/21/2013 4:48:13 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/21/2013 4:48:17 PM)

Repair exe Association
Start (3/21/2013 4:48:17 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/21/2013 4:48:22 PM)

Repair Folder Association
Start (3/21/2013 4:48:22 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/21/2013 4:48:27 PM)

Repair inf Association
Start (3/21/2013 4:48:27 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/21/2013 4:48:32 PM)

Repair lnk (Shortcuts) Association
Start (3/21/2013 4:48:32 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/21/2013 4:48:36 PM)

Repair msc Association
Start (3/21/2013 4:48:36 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/21/2013 4:48:41 PM)

Repair reg Association
Start (3/21/2013 4:48:41 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/21/2013 4:48:46 PM)

Repair scr Association
Start (3/21/2013 4:48:46 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/21/2013 4:48:51 PM)

Repair Windows Safe Mode
Start (3/21/2013 4:48:51 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/21/2013 4:48:55 PM)

Repair Print Spooler
Start (3/21/2013 4:48:55 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/21/2013 4:49:08 PM)

Restore Important Windows Services
Start (3/21/2013 4:49:08 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/21/2013 4:49:13 PM)

Set Windows Services To Default Startup
Start (3/21/2013 4:49:13 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/21/2013 4:49:18 PM)

Cleaning up empty logs...

All Selected Repairs Done.
Done (3/21/2013 4:49:18 PM)
Total Repair Time: 00:06:29

...YOU MUST RESTART YOUR SYSTEM...
Running Repair Under System Account

Lyr21, Mar 21, 2013

#37
Broni Malware Annihilator Posts: 40,091 +187

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

Now try to run OTL fix again.

Broni, Mar 21, 2013

#38
Lyr21 Newcomer, in training Posts: 34

Just want to confirm that you want me to run the OTL with the fix that you included in post #30 and not just run OTL in scan mode.

Lyr21, Mar 21, 2013

#39
Broni Malware Annihilator Posts: 40,091 +187

Yes. Post #30.

Broni, Mar 21, 2013

#40

Page 2 of 3

Add New Comment

	TechSpot Members Login or sign up for free, it takes about 30 seconds.			You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.