Inactive Sirefef

S

skfr33

Posts: 10   +0
I believe I have, or had the Sirefef trojan that seems to be very popular here.
The file "C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe" lead me to believe this along with a huge slowdown due to a services.exe process. I did not get any restarts or antivirus shutdowns like many have reported. I attempted to fix this using previous threads, but I am not sure if it was removed completely due to the file still being there.

I did use the ComboFix method before and it seemed to get rid of the services process slowing down my computer. The only other things I did were some scans which didn't look to be bad.

Can someone please help me make sure this thing is gone, and gone for good? I really appreciate it!
 
I did use the ComboFix method before and it seemed to get rid of the services process slowing down my computer. The only other things I did were some scans which didn't look to be bad.

Can someone please help me make sure this thing is gone, and gone for good? I really appreciate it!
Click to expand...

Perhaps you can give us something to work with> Although we try to discourage users running Combofix on their own, since you went ahead, if it's been in the past few days, please paste the Combofix log in your next reply.
NOTE: if you do not have that log, don't run it again at this time.
====================================
Please follow these steps: Preliminary Virus and Malware Removal.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

NOTE: Please do no run any other scanning or cleaning programs except those I instruct you to.
 
Here is my Combofix log, after running this is when the services.exe stopped using all of my process.


ComboFix 12-07-02.01 - Spencer 07/02/2012 5:41.1.6 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8191.6588 [GMT -4:00]
Running from: c:\users\Spencer\Desktop\ComboFix.exe
Command switches used :: c:\users\Spencer\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\CrashLog_20120325.txt
c:\cflog\EPLog.txt
c:\users\Spencer\Documents\ShopToWin
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\wpcap.dll
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --> c:\windows\System32\services.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-06-02 to 2012-07-02 )))))))))))))))))))))))))))))))
.
.
2012-07-02 07:58 . 2012-07-02 07:58--------d-sh--w-c:\windows\SysWow64\%APPDATA%
2012-07-02 07:57 . 2012-07-02 07:57--------d-----w-c:\users\Spencer\AppData\Local\Futuremark_Corporation
2012-07-02 07:54 . 2012-07-02 07:54--------d-----w-c:\program files (x86)\Common Files\Futuremark Shared
2012-06-29 22:05 . 2012-06-29 22:05--------d-----w-c:\users\Spencer\AppData\Local\PreEmptive Solutions
2012-06-29 22:01 . 2012-06-29 22:15--------d-----w-c:\users\Spencer\AppData\Local\Gapotchenko
2012-06-29 05:32 . 2012-06-29 05:32--------d-----w-c:\users\Spencer\AppData\Roaming\Awesomium
2012-06-29 01:38 . 2012-06-29 01:38--------d-----w-c:\users\Spencer\AppData\Local\SCE
2012-06-29 01:38 . 2012-06-29 01:38--------d-----w-C:\Crash
2012-06-23 03:57 . 2007-03-20 16:3343520----a-w-c:\windows\SysWow64\libusb0.dll
2012-06-21 21:01 . 2012-06-02 22:192428952----a-w-c:\windows\system32\wuaueng.dll
2012-06-21 21:01 . 2012-06-02 22:1957880----a-w-c:\windows\system32\wuauclt.exe
2012-06-21 21:01 . 2012-06-02 22:1944056----a-w-c:\windows\system32\wups2.dll
2012-06-21 21:01 . 2012-06-02 22:152622464----a-w-c:\windows\system32\wucltux.dll
2012-06-21 21:01 . 2012-06-02 22:1938424----a-w-c:\windows\system32\wups.dll
2012-06-21 21:01 . 2012-06-02 22:19701976----a-w-c:\windows\system32\wuapi.dll
2012-06-21 21:01 . 2012-06-02 22:1599840----a-w-c:\windows\system32\wudriver.dll
2012-06-21 21:01 . 2012-06-02 19:19186752----a-w-c:\windows\system32\wuwebv.dll
2012-06-21 21:01 . 2012-06-02 19:1536864----a-w-c:\windows\system32\wuapp.exe
2012-06-20 05:33 . 2012-06-20 05:33--------d-----w-c:\users\Spencer\AppData\Local\NuGet
2012-06-20 05:32 . 2012-06-20 05:32--------d-----w-c:\users\Spencer\AppData\Roaming\NuGet
2012-06-19 07:51 . 2012-06-19 07:51--------d--h--w-c:\programdata\Common Files
2012-06-19 07:43 . 2012-06-19 07:43--------d-----w-c:\users\Spencer\AppData\Local\Macromedia
2012-06-18 22:44 . 2012-06-18 22:44--------d-----w-c:\users\Spencer\AppData\Local\Funcom
2012-06-18 20:40 . 2012-06-18 20:40275360----a-w-c:\windows\system32\DreamScene.dll
2012-06-18 20:40 . 2012-06-18 20:40--------d-----w-c:\windows\system32\WDSA
2012-06-15 07:55 . 2012-06-15 07:55--------d-----w-c:\programdata\NVIDIA
2012-06-13 22:04 . 2012-04-26 05:3476288----a-w-c:\windows\system32\rdpwsx.dll
2012-06-13 22:04 . 2012-04-26 05:34149504----a-w-c:\windows\system32\rdpcorekmts.dll
2012-06-13 22:04 . 2012-04-26 05:289216----a-w-c:\windows\system32\rdrmemptylst.exe
2012-06-13 22:04 . 2012-05-02 05:32208896----a-w-c:\windows\system32\profsvc.dll
2012-06-13 22:04 . 2012-05-04 10:525505392----a-w-c:\windows\system32\ntoskrnl.exe
2012-06-13 22:04 . 2012-05-04 10:083958128----a-w-c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 22:04 . 2012-05-04 10:083902320----a-w-c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 22:04 . 2012-05-15 01:323144192----a-w-c:\windows\system32\win32k.sys
2012-06-13 22:04 . 2012-04-28 03:50204800----a-w-c:\windows\system32\drivers\rdpwd.sys
2012-06-13 22:03 . 2012-04-07 12:183213824----a-w-c:\windows\system32\msi.dll
2012-06-13 22:03 . 2012-04-07 11:342342400----a-w-c:\windows\SysWow64\msi.dll
2012-06-13 22:03 . 2012-04-24 05:591460224----a-w-c:\windows\system32\crypt32.dll
2012-06-13 22:03 . 2012-04-24 05:59182272----a-w-c:\windows\system32\cryptsvc.dll
2012-06-13 22:03 . 2012-04-24 05:59140288----a-w-c:\windows\system32\cryptnet.dll
2012-06-13 22:03 . 2012-04-24 04:471156608----a-w-c:\windows\SysWow64\crypt32.dll
2012-06-13 22:03 . 2012-04-24 04:47139264----a-w-c:\windows\SysWow64\cryptsvc.dll
2012-06-13 22:03 . 2012-04-24 04:47103936----a-w-c:\windows\SysWow64\cryptnet.dll
2012-06-08 02:03 . 2012-06-08 02:03--------d-----w-c:\users\Spencer\AppData\Local\ESN Sonar
2012-06-06 07:00 . 2012-06-06 07:00--------d-----w-c:\program files (x86)\Common Files\PX Storage Engine
2012-06-06 06:40 . 2011-03-30 20:2698304----a-w-c:\program files (x86)\Windows Media Player\wmp.dll
2012-06-06 06:40 . 2012-06-06 06:40--------d-----w-c:\program files (x86)\Windows Media Player Plus!
2012-06-05 06:27 . 2012-06-05 06:27--------d-----w-c:\programdata\ATI
2012-06-05 06:26 . 2012-06-05 06:26--------d-----w-c:\program files (x86)\AMD AVT
2012-06-05 06:26 . 2012-06-05 06:26--------d-----w-c:\program files (x86)\AMD APP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-29 05:32 . 2012-01-20 22:45283312----a-w-c:\windows\SysWow64\PnkBstrB.xtr
2012-06-29 05:32 . 2012-01-20 22:40283312----a-w-c:\windows\SysWow64\PnkBstrB.exe
2012-06-29 01:40 . 2012-01-20 22:40282512----a-w-c:\windows\SysWow64\PnkBstrB.ex0
2012-06-29 01:39 . 2012-01-20 22:4076888----a-w-c:\windows\SysWow64\PnkBstrA.exe
2012-06-24 23:10 . 2012-04-06 01:11276504----a-w-c:\windows\SysWow64\atiglpxx.dll
2012-06-24 23:10 . 2012-04-06 01:11359960----a-w-c:\windows\system32\atig6pxx.dll
2012-06-24 23:10 . 2012-02-15 03:18197656----a-w-c:\windows\SysWow64\aticfx32.dll
2012-06-24 23:10 . 2011-12-06 03:16344088----a-w-c:\windows\system32\aticfx64.dll
2012-06-12 19:59 . 2012-04-04 00:26426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-12 19:59 . 2012-01-21 06:1470344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-09 19:49 . 2012-02-05 06:05314392----a-w-c:\windows\system32\EvoDisplayHelper.dll
2012-06-09 19:49 . 2012-02-05 06:05197144----a-w-c:\windows\SysWow64\EvoDisplayHelper.dll
2012-05-29 02:06 . 2012-02-13 04:33466456----a-w-c:\windows\system32\wrap_oal.dll
2012-05-29 02:06 . 2012-02-13 04:33444952----a-w-c:\windows\SysWow64\wrap_oal.dll
2012-05-29 02:06 . 2012-02-13 04:33122904----a-w-c:\windows\system32\OpenAL32.dll
2012-05-29 02:06 . 2012-02-13 04:33109080----a-w-c:\windows\SysWow64\OpenAL32.dll
2012-05-02 04:49 . 2012-05-02 04:492337865----a-w-c:\windows\SysWow64\pbsvc.exe
2012-04-22 21:54 . 2012-04-22 21:54374792----a-w-c:\windows\system32\drivers\UMDF\lgSSQVGA.dll
2012-04-22 21:54 . 2012-04-22 21:54157704----a-w-c:\windows\system32\drivers\UMDF\lgSSBW.dll
2012-04-14 07:38 . 2012-04-04 00:368741536----a-w-c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-06 05:22 . 2012-04-06 05:2211174400----a-w-c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:34 . 2012-04-06 02:34187392----a-w-c:\windows\system32\clinfo.exe
2012-04-06 02:34 . 2012-04-06 02:3474752----a-w-c:\windows\system32\OpenVideo64.dll
2012-04-06 02:34 . 2012-04-06 02:3464512----a-w-c:\windows\SysWow64\OpenVideo.dll
2012-04-06 02:33 . 2012-04-06 02:3363488----a-w-c:\windows\system32\OVDecode64.dll
2012-04-06 02:33 . 2012-04-06 02:3356320----a-w-c:\windows\SysWow64\OVDecode.dll
2012-04-06 02:33 . 2012-04-06 02:3316457216----a-w-c:\windows\system32\amdocl64.dll
2012-04-06 02:32 . 2012-04-06 02:3213007872----a-w-c:\windows\SysWow64\amdocl.dll
2012-04-06 02:22 . 2012-04-06 02:22159744----a-w-c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2011-12-06 03:17909312----a-w-c:\windows\SysWow64\aticfx32_evolve.dll
2012-04-06 02:20 . 2011-12-06 03:161067520----a-w-c:\windows\system32\aticfx64_evolve.dll
2012-04-06 02:16 . 2012-02-15 03:13442368----a-w-c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16503808----a-w-c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16236544----a-w-c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14120320----a-w-c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:1421504----a-w-c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:1459392----a-w-c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:1443520----a-w-c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-04-06 02:136800896----a-w-c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-02-15 03:2126181632----a-w-c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2011-12-06 02:1864000----a-w-c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2011-12-06 02:517479296----a-w-c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:5019753984----a-w-c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:351120768----a-w-c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:341831424----a-w-c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-02-15 02:404731904----a-w-c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-02-15 02:346203392----a-w-c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:3051200----a-w-c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:3046080----a-w-c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:3044544----a-w-c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:3044032----a-w-c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:2916090624----a-w-c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:2513764096----a-w-c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-02-15 02:257431680----a-w-c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-02-15 02:294795904----a-w-c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-02-15 02:14514560----a-w-c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11360448----a-w-c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2011-12-06 02:1217408----a-w-c:\windows\system32\atig6pxx_evolve.dll
2012-04-06 01:11 . 2012-04-06 01:1114848----a-w-c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2011-12-06 02:1214848----a-w-c:\windows\SysWow64\atiglpxx_evolve.dll
2012-04-06 01:11 . 2012-02-15 02:1341984----a-w-c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:1033280----a-w-c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10343040----a-w-c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2011-12-06 02:1154784----a-w-c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-04-06 01:0941984----a-w-c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-02-15 02:1244544----a-w-c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2011-12-06 02:1132256----a-w-c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:0953248----a-w-c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:0654784----a-w-c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:0654784----a-w-c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:0653760----a-w-c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:0653760----a-w-c:\windows\SysWow64\amdpcom32.dll
2012-04-04 19:56 . 2012-04-29 01:3924904----a-w-c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:5894208----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:5894208----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:5894208----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvolveClient"="d:\program files\Echobit\Evolve\EvolveClient.exe" [2012-06-24 2466840]
"Steam"="d:\program files (x86)\Steam\steam.exe" [2012-05-04 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-06-14 5309056]
"Razer Mamba Elite Driver"="c:\program files (x86)\Razer\Mamba\RazerMambaSysTray.exe" [2011-11-25 973720]
"QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe" [2010-03-25 888960]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"amd_dc_opt"="d:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
.
c:\users\Spencer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Spencer\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 EvoSvc;Evolve Service;d:\program files\Echobit\Evolve\EvoSvc.exe [2012-06-24 1511448]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-12-14 128928]
R3 IDVistaService;Input Director Vista Service;d:\program files (x86)\Input Director\IDVistaService.exe [2009-02-08 13824]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 36720]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-22 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R3 X6va007;X6va007; [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R4 AdvancedSystemCareService5;Advanced SystemCare Service 5;d:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-30 497496]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-06 361984]
R4 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896]
R4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;d:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
R4 hshld;Hotspot Shield Service;d:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-03-26 542040]
R4 HssWd;Hotspot Shield Monitoring Service;d:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-03-26 329544]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 NETGEARGenieDaemon;NETGEARGenieDaemon;d:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2011-10-24 1370400]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2011-04-11 71800]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 InputDirector;Input Director Service;d:\program files (x86)\Input Director\IDWinService.exe [2010-02-01 36864]
S2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 EvoKbFilter;Evolve Keyboard Filter Driver;c:\windows\system32\Drivers\EvoKbFilter.sys [2012-02-05 27800]
S3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys [2012-02-05 21656]
S3 EvoMouFilter;Evolve Mouse Filter Driver;c:\windows\system32\Drivers\EvoMouFilter.sys [2012-02-05 24216]
S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys [2011-04-11 410184]
S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys [2011-04-11 341832]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-297926242-239688007-3628787549-1000Core.job
- c:\users\Spencer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-22 00:02]
.
2012-07-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-297926242-239688007-3628787549-1000UA.job
- c:\users\Spencer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-22 00:02]
.
2012-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-297926242-239688007-3628787549-1000Core.job
- c:\users\Spencer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-20 20:25]
.
2012-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-297926242-239688007-3628787549-1000UA.job
- c:\users\Spencer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-20 20:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2012-03-26 21:45287048----a-w-d:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:5897792----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:5897792----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:5897792----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:5897792----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]
"McPvTray_exe"="c:\program files\McAfee\MAT\McPvTray.exe" [2011-04-08 436384]
"combofix"="c:\combofix\CF30378.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?AF=110788&tt=290312_bexdll&babsrc=HP_ss&mntrId=da23b6450000000000000000b6bb57a8
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\n580dgpp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?AF=110788&tt=290312_bexdll&babsrc=HP_ss&mntrId=da23b6450000000000000000b6bb57a8
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=110788&tt=290312_bexdll&babsrc=adbartrp&mntrId=da23b6450000000000000000b6bb57a8&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110788
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - da23b6450000000000000000b6bb57a8
FF - user.js: extensions.BabylonToolbar_i.hardId - da23b6450000000000000000b6bb57a8
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15431
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:01
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{03f38c00-dda9-46bf-9475-c6997746c740} - (no file)
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-BattlEye for A2 - d:\program files\Bohemia Interactive\ArmA 2BattlEye\UnInstallBE.exe
AddRemove-BattlEye for OA - d:\program files\Bohemia Interactive\ArmA 2Expansion\BattlEye\UnInstallBE.exe
AddRemove-{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC} - d:\program files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
d:\program files (x86)\Input Director\InputDirectorSessionHelper.exe
c:\windows\SysWOW64\rundll32.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe
.
**************************************************************************
.
Completion time: 2012-07-02 05:49:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-02 09:49
.
Pre-Run: 12,599,394,304 bytes free
Post-Run: 14,825,771,008 bytes free
.
- - End Of File - - CEA84784155225FA242E8180F84A3389
 
Here is my Malwarebytes scan.

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.02.01

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Spencer :: SPENCER-PC [administrator]

Protection: Disabled

7/2/2012 4:31:09 PM
mbam-log-2012-07-02 (16-31-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211052
Time elapsed: 1 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



GMER Scan was completely blank



DDS Scan
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Spencer at 16:44:24 on 2012-07-02
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8191.5973 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
D:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
D:\Program Files (x86)\Input Director\IDWinService.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
D:\Program Files (x86)\Input Director\InputDirectorSessionHelper.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\Users\Spencer\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Spencer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Spencer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Spencer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Spencer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Spencer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Spencer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Spencer\AppData\Local\Google\Chrome\Application\chrome.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Users\Spencer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Users\Spencer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?AF=110788&tt=290312_bexdll&babsrc=HP_ss&mntrId=da23b6450000000000000000b6bb57a8
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120622221538.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - D:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
uRun: [EvolveClient] D:\Program Files\Echobit\Evolve\EvolveClient.exe -autorun
uRun: [Steam] "D:\Program Files (x86)\Steam\steam.exe" -silent
mRun: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
mRun: [Razer Mamba Elite Driver] C:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe
mRun: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [amd_dc_opt] D:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
StartupFolder: C:\Users\Spencer\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Spencer\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 3 (0x3)
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{E8072088-3972-4F66-8A8F-772745F596B7} : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{EBAC0481-4936-4FC4-8C1C-DBC4BDF0BBB9} : DhcpNameServer = 10.1.48.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO-X64: AMD SteadyVideo BHO - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120622221538.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mRun-x64: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
mRun-x64: [Razer Mamba Elite Driver] C:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe
mRun-x64: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe"
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [amd_dc_opt] D:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\n580dgpp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?AF=110788&tt=290312_bexdll&babsrc=HP_ss&mntrId=da23b6450000000000000000b6bb57a8
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=110788&tt=290312_bexdll&babsrc=adbartrp&mntrId=da23b6450000000000000000b6bb57a8&q=
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Spencer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Spencer\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Spencer\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\n580dgpp.default\extensions\{03f38c00-dda9-46bf-9475-c6997746c740}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
FF - plugin: D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin7.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110788
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - da23b6450000000000000000b6bb57a8
FF - user.js: extensions.BabylonToolbar_i.hardId - da23b6450000000000000000b6bb57a8
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15431
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:01:28
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 McPvDrv;McPvDrv Driver;C:\Windows\system32\drivers\McPvDrv.sys --> C:\Windows\system32\drivers\McPvDrv.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 InputDirector;Input Director Service;D:\Program Files (x86)\Input Director\IDWinService.exe [2010-2-1 36864]
R2 MBAMService;MBAMService;D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-28 654408]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-1-20 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-1-20 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-1-20 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-1-20 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-1-20 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-1-20 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 EvoKbFilter;Evolve Keyboard Filter Driver;\??\C:\Windows\system32\Drivers\EvoKbFilter.sys --> C:\Windows\system32\Drivers\EvoKbFilter.sys [?]
R3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;C:\Windows\system32\DRIVERS\evolve.sys --> C:\Windows\system32\DRIVERS\evolve.sys [?]
R3 EvoMouFilter;Evolve Mouse Filter Driver;\??\C:\Windows\system32\Drivers\EvoMouFilter.sys --> C:\Windows\system32\Drivers\EvoMouFilter.sys [?]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;C:\Windows\system32\DRIVERS\ladfGSCamd64.sys --> C:\Windows\system32\DRIVERS\ladfGSCamd64.sys [?]
R3 LADF_RenderOnly;LADF Render Filter Driver;C:\Windows\system32\DRIVERS\ladfGSRamd64.sys --> C:\Windows\system32\DRIVERS\ladfGSRamd64.sys [?]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SbieDrv;SbieDrv;D:\Program Files\Sandboxie\SbieDrv.sys [2012-4-10 164528]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 EvoSvc;Evolve Service;D:\Program Files\Echobit\Evolve\EvoSvc.exe [2012-2-5 1511448]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2012-7-2 128928]
S3 IDVistaService;Input Director Vista Service;D:\Program Files (x86)\Input Director\IDVistaService.exe [2009-2-7 13824]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S4 AdvancedSystemCareService5;Advanced SystemCare Service 5;D:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-2-17 497496]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S4 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-4-5 361984]
S4 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2012-2-27 96896]
S4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe --> D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [?]
S4 hshld;Hotspot Shield Service;D:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-3-26 542040]
S4 HssWd;Hotspot Shield Monitoring Service;D:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> D:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 NETGEARGenieDaemon;NETGEARGenieDaemon;D:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2011-10-23 1370400]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
S4 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-3-19 2666880]
.
=============== Created Last 30 ================
.
2012-07-02 10:49:48--------d-----w-C:\Program Files (x86)\ESET
2012-07-02 10:25:30--------d-----w-C:\FRST
2012-07-02 09:48:03--------d-----w-C:\$RECYCLE.BIN
2012-07-02 09:41:36328704----a-w-C:\Windows\SysWow64\services.exe
2012-07-02 09:40:39--------d-----w-C:\ComboFix
2012-07-02 09:39:54208896----a-w-C:\Windows\MBR.exe
2012-07-02 09:39:5298816----a-w-C:\Windows\sed.exe
2012-07-02 09:39:52518144----a-w-C:\Windows\SWREG.exe
2012-07-02 09:39:52256000----a-w-C:\Windows\PEV.exe
2012-07-02 07:58:26--------d-sh--w-C:\Windows\SysWow64\%APPDATA%
2012-07-02 07:57:06--------d-----w-C:\Users\Spencer\AppData\Local\Futuremark_Corporation
2012-07-02 07:54:25--------d-----w-C:\Program Files (x86)\Common Files\Futuremark Shared
2012-06-29 22:05:41--------d-----w-C:\Users\Spencer\AppData\Local\PreEmptive Solutions
2012-06-29 22:01:33--------d-----w-C:\Users\Spencer\AppData\Local\Gapotchenko
2012-06-29 05:32:18--------d-----w-C:\Users\Spencer\AppData\Roaming\Awesomium
2012-06-29 01:38:11--------d-----w-C:\Users\Spencer\AppData\Local\SCE
2012-06-29 01:38:11--------d-----w-C:\Crash
2012-06-23 03:57:2243520----a-w-C:\Windows\SysWow64\libusb0.dll
2012-06-21 21:01:382622464----a-w-C:\Windows\System32\wucltux.dll
2012-06-21 21:01:3699840----a-w-C:\Windows\System32\wudriver.dll
2012-06-21 21:01:3436864----a-w-C:\Windows\System32\wuapp.exe
2012-06-21 21:01:34186752----a-w-C:\Windows\System32\wuwebv.dll
2012-06-20 05:33:13--------d-----w-C:\Users\Spencer\AppData\Local\NuGet
2012-06-20 05:32:30--------d-----w-C:\Users\Spencer\AppData\Roaming\NuGet
2012-06-19 07:51:51--------d--h--w-C:\ProgramData\Common Files
2012-06-19 07:43:07--------d-----w-C:\Users\Spencer\AppData\Local\Macromedia
2012-06-18 22:44:40--------d-----w-C:\Users\Spencer\AppData\Local\Funcom
2012-06-18 20:40:57275360----a-w-C:\Windows\System32\DreamScene.dll
2012-06-18 20:40:57--------d-----w-C:\Windows\System32\WDSA
2012-06-13 22:04:169216----a-w-C:\Windows\System32\rdrmemptylst.exe
2012-06-13 22:04:1676288----a-w-C:\Windows\System32\rdpwsx.dll
2012-06-13 22:04:16149504----a-w-C:\Windows\System32\rdpcorekmts.dll
2012-06-13 22:04:12208896----a-w-C:\Windows\System32\profsvc.dll
2012-06-13 22:04:115505392----a-w-C:\Windows\System32\ntoskrnl.exe
2012-06-13 22:04:093958128----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-13 22:04:093902320----a-w-C:\Windows\SysWow64\ntoskrnl.exe
2012-06-13 22:04:013144192----a-w-C:\Windows\System32\win32k.sys
2012-06-13 22:04:00204800----a-w-C:\Windows\System32\drivers\rdpwd.sys
2012-06-13 22:03:593213824----a-w-C:\Windows\System32\msi.dll
2012-06-13 22:03:582342400----a-w-C:\Windows\SysWow64\msi.dll
2012-06-13 22:03:551460224----a-w-C:\Windows\System32\crypt32.dll
2012-06-13 22:03:54182272----a-w-C:\Windows\System32\cryptsvc.dll
2012-06-13 22:03:54140288----a-w-C:\Windows\System32\cryptnet.dll
2012-06-13 22:03:541156608----a-w-C:\Windows\SysWow64\crypt32.dll
2012-06-13 22:03:53139264----a-w-C:\Windows\SysWow64\cryptsvc.dll
2012-06-13 22:03:53103936----a-w-C:\Windows\SysWow64\cryptnet.dll
2012-06-08 02:03:25--------d-----w-C:\Users\Spencer\AppData\Local\ESN Sonar
2012-06-06 07:00:47--------d-----w-C:\Program Files (x86)\Common Files\PX Storage Engine
2012-06-06 06:40:1398304----a-w-C:\Program Files (x86)\Windows Media Player\wmp.dll
2012-06-06 06:40:12--------d-----w-C:\Program Files (x86)\Windows Media Player Plus!
2012-06-05 06:26:58--------d-----w-C:\Program Files (x86)\AMD AVT
2012-06-05 06:26:55--------d-----w-C:\Program Files (x86)\AMD APP
.
==================== Find3M ====================
.
2012-06-29 05:32:38283312----a-w-C:\Windows\SysWow64\PnkBstrB.xtr
2012-06-29 05:32:38283312----a-w-C:\Windows\SysWow64\PnkBstrB.exe
2012-06-29 01:40:12282512----a-w-C:\Windows\SysWow64\PnkBstrB.ex0
2012-06-29 01:39:5476888----a-w-C:\Windows\SysWow64\PnkBstrA.exe
2012-06-24 23:10:55276504----a-w-C:\Windows\SysWow64\atiglpxx.dll
2012-06-24 23:10:54359960----a-w-C:\Windows\System32\atig6pxx.dll
2012-06-24 23:10:54344088----a-w-C:\Windows\System32\aticfx64.dll
2012-06-24 23:10:54197656----a-w-C:\Windows\SysWow64\aticfx32.dll
2012-06-12 19:59:5670344----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-12 19:59:56426184----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-09 19:49:09314392----a-w-C:\Windows\System32\EvoDisplayHelper.dll
2012-06-09 19:49:09197144----a-w-C:\Windows\SysWow64\EvoDisplayHelper.dll
2012-05-29 02:06:20466456----a-w-C:\Windows\System32\wrap_oal.dll
2012-05-29 02:06:20444952----a-w-C:\Windows\SysWow64\wrap_oal.dll
2012-05-29 02:06:20122904----a-w-C:\Windows\System32\OpenAL32.dll
2012-05-29 02:06:20109080----a-w-C:\Windows\SysWow64\OpenAL32.dll
2012-05-18 02:06:482311680----a-w-C:\Windows\System32\jscript9.dll
2012-05-18 01:59:141392128----a-w-C:\Windows\System32\wininet.dll
2012-05-18 01:58:391494528----a-w-C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22173056----a-w-C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:302382848----a-w-C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:371800192----a-w-C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:471129472----a-w-C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:391427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:452382848----a-w-C:\Windows\SysWow64\mshtml.tlb
2012-05-02 04:49:222337865----a-w-C:\Windows\SysWow64\pbsvc.exe
2012-04-22 21:54:51374792----a-w-C:\Windows\System32\drivers\UMDF\lgSSQVGA.dll
2012-04-22 21:54:51157704----a-w-C:\Windows\System32\drivers\UMDF\lgSSBW.dll
2012-04-14 07:38:448741536----a-w-C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-06 05:22:4011174400----a-w-C:\Windows\System32\drivers\atikmdag.sys
2012-04-06 02:34:26187392----a-w-C:\Windows\System32\clinfo.exe
2012-04-06 02:34:1074752----a-w-C:\Windows\System32\OpenVideo64.dll
2012-04-06 02:34:0464512----a-w-C:\Windows\SysWow64\OpenVideo.dll
2012-04-06 02:33:5663488----a-w-C:\Windows\System32\OVDecode64.dll
2012-04-06 02:33:5256320----a-w-C:\Windows\SysWow64\OVDecode.dll
2012-04-06 02:33:4416457216----a-w-C:\Windows\System32\amdocl64.dll
2012-04-06 02:32:5613007872----a-w-C:\Windows\SysWow64\amdocl.dll
2012-04-06 02:22:00159744----a-w-C:\Windows\System32\atiapfxx.exe
2012-04-06 02:21:52909312----a-w-C:\Windows\SysWow64\aticfx32_evolve.dll
2012-04-06 02:20:041067520----a-w-C:\Windows\System32\aticfx64_evolve.dll
2012-04-06 02:16:52442368----a-w-C:\Windows\System32\ATIDEMGX.dll
2012-04-06 02:16:46503808----a-w-C:\Windows\System32\atieclxx.exe
2012-04-06 02:16:02236544----a-w-C:\Windows\System32\atiesrxx.exe
2012-04-06 02:14:44120320----a-w-C:\Windows\System32\atitmm64.dll
2012-04-06 02:14:3021504----a-w-C:\Windows\System32\atimuixx.dll
2012-04-06 02:14:2659392----a-w-C:\Windows\System32\atiedu64.dll
2012-04-06 02:14:2043520----a-w-C:\Windows\SysWow64\ati2edxx.dll
2012-04-06 02:13:426800896----a-w-C:\Windows\SysWow64\atidxx32.dll
2012-04-06 02:10:5026181632----a-w-C:\Windows\System32\atio6axx.dll
2012-04-06 02:00:1064000----a-w-C:\Windows\System32\coinst.dll
2012-04-06 01:54:467479296----a-w-C:\Windows\System32\atidxx64.dll
2012-04-06 01:50:5619753984----a-w-C:\Windows\SysWow64\atioglxx.dll
2012-04-06 01:35:241120768----a-w-C:\Windows\System32\atiumd6v.dll
2012-04-06 01:34:501831424----a-w-C:\Windows\SysWow64\atiumdmv.dll
2012-04-06 01:34:344731904----a-w-C:\Windows\System32\atiumd6a.dll
2012-04-06 01:34:046203392----a-w-C:\Windows\SysWow64\atiumdag.dll
2012-04-06 01:30:1651200----a-w-C:\Windows\System32\aticalrt64.dll
2012-04-06 01:30:1446080----a-w-C:\Windows\SysWow64\aticalrt.dll
2012-04-06 01:30:0844544----a-w-C:\Windows\System32\aticalcl64.dll
2012-04-06 01:30:0644032----a-w-C:\Windows\SysWow64\aticalcl.dll
2012-04-06 01:29:5416090624----a-w-C:\Windows\System32\aticaldd64.dll
2012-04-06 01:25:3013764096----a-w-C:\Windows\SysWow64\aticaldd.dll
2012-04-06 01:23:247431680----a-w-C:\Windows\System32\atiumd64.dll
2012-04-06 01:22:544795904----a-w-C:\Windows\SysWow64\atiumdva.dll
2012-04-06 01:11:28514560----a-w-C:\Windows\System32\atiadlxx.dll
2012-04-06 01:11:20360448----a-w-C:\Windows\SysWow64\atiadlxy.dll
2012-04-06 01:11:0617408----a-w-C:\Windows\System32\atig6pxx_evolve.dll
2012-04-06 01:11:0414848----a-w-C:\Windows\SysWow64\atiglpxx_evolve.dll
2012-04-06 01:11:0414848----a-w-C:\Windows\System32\atiglpxx.dll
2012-04-06 01:11:0041984----a-w-C:\Windows\System32\atig6txx.dll
2012-04-06 01:10:5233280----a-w-C:\Windows\SysWow64\atigktxx.dll
2012-04-06 01:10:44343040----a-w-C:\Windows\System32\drivers\atikmpag.sys
2012-04-06 01:09:5654784----a-w-C:\Windows\System32\atiuxp64.dll
2012-04-06 01:09:4841984----a-w-C:\Windows\SysWow64\atiuxpag.dll
2012-04-06 01:09:4244544----a-w-C:\Windows\System32\atiu9p64.dll
2012-04-06 01:09:3432256----a-w-C:\Windows\SysWow64\atiu9pag.dll
2012-04-06 01:09:0253248----a-w-C:\Windows\System32\drivers\ati2erec.dll
2012-04-06 01:06:0854784----a-w-C:\Windows\System32\atimpc64.dll
2012-04-06 01:06:0854784----a-w-C:\Windows\System32\amdpcom64.dll
2012-04-06 01:06:0453760----a-w-C:\Windows\SysWow64\atimpc32.dll
2012-04-06 01:06:0453760----a-w-C:\Windows\SysWow64\amdpcom32.dll
2012-04-04 19:56:4024904----a-w-C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 16:44:39.01 ===============


These seem clean, but what is this services.exe file that I found which is also on infected computers? It got me very paranoid, but is it possible I fixed it using the ComboFix?
 
Can anyone confirm that I am clean, and is this file a threat still? "C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe"
 
Who prepared this fix?
Command switches used :: c:\users\Spencer\Desktop\CFScript.txt
Click to expand...

It looks like you live on the wild side! What I'm seeing is that it appears you followed directions given to someone else and you ran:
2012-07-02 10:49:48--------d-----w-C:\Program Files (x86)\ESET
2012-07-02 10:25:30--------d-----w-C:\FRST
2012-07-02 09:48:03--------d-----w-C:\$RECYCLE.BIN
2012-07-02 09:41:36328704----a-w-C:\Windows\SysWow64\services.exe
2012-07-02 09:40:39--------d-----w-C:\ComboFix
2012-07-02 09:39:54208896----a-w-C:\Windows\MBR.exe
2012-07-02 09:39:5298816----a-w-C:\Windows\sed.exe
2012-07-02 09:39:52518144----a-w-C:\Windows\SWREG.exe
2012-07-02 09:39:52256000----a-w-C:\Windows\PEV.exe
2012-07-02 07:58:26--------d-sh--w-C:\Windows\SysWow64\%APPDATA%
Click to expand...

Then you set up your own CFFix- not a safe thing to do! Additionally, it appears you have done this previously as there is a registry entry for "combofix"="c:\combofix\CF30378.3XE" [2009-07-14 344576]
When we have completed cleaning, we have you remove the cleaning tools, including Combofix, it's backups and logs.

And when we have you run Combofix, Combofix instructions when followed, call for disabling security before the scan- which you didn't:
AV: McAfee Anti-Virus and Anti-Spyware *Enabled
FW: McAfee Firewall *Enabled*
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/

I attempted to fix this using previous threads, but I am not sure if it was removed completely due to the file still being there.
Click to expand...

All of these scans were run this morning, including Combofix. So I am not sure what was found, what was removed- but I still see traces of the malware. The CFFix that was set up did not include everything it should have- Firefox has also been infected with the Babylon Toolbar.
=======================================
Here's what I'd like you to do:
  1. . Uninstall Combofix:
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  2. . Download Combofix from HERE or HERE and save to the desktop
      • Double click combofix.exe & follow the prompts.
      • If prompted for Recovery Console, please allow.
      • Once installed, you should see a blue screen prompt that says:
        The Recovery Console was successfully installed.
        Click to expand...
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.
      • Note: No query will be made if the Recovery Console is already on the system.
    • Close any open browsers.
    • Before you run the Combofix scan, please disable any security software you have running.
      (If you need help with this, please see HERE)
    • Click on Yes, to continue scanning for malware
    • If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
  3. Update and rescan with Eset:

    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ======================================
  4. . Please download Farbar Service Scanner
    • Check ALL boxes to include all files.
    • Press the Scan button
    • Log named FSS.txt will be created in the same directory as the tool
    • Please paste the log into your next reply
    Please leave the new logs in your next reply.

NOTE: Do not attempt to do any fixes on your own!
 
ComboFix Scan

ComboFix 12-07-02.01 - Spencer 07/02/2012 21:27:33.2.6 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8191.6231 [GMT -4:00]
Running from: c:\users\Spencer\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-03 to 2012-07-03 )))))))))))))))))))))))))))))))
.
.
2012-07-03 01:30 . 2012-07-03 01:30--------d-----w-c:\users\Default\AppData\Local\temp
2012-07-02 10:25 . 2012-07-02 10:26--------d-----w-C:\FRST
2012-07-02 09:41 . 2009-07-14 01:39328704----a-w-c:\windows\SysWow64\services.exe
2012-07-02 07:58 . 2012-07-02 07:58--------d-sh--w-c:\windows\SysWow64\%APPDATA%
2012-07-02 07:57 . 2012-07-02 07:57--------d-----w-c:\users\Spencer\AppData\Local\Futuremark_Corporation
2012-07-02 07:54 . 2012-07-02 07:54--------d-----w-c:\program files (x86)\Common Files\Futuremark Shared
2012-06-29 22:05 . 2012-06-29 22:05--------d-----w-c:\users\Spencer\AppData\Local\PreEmptive Solutions
2012-06-29 22:01 . 2012-06-29 22:15--------d-----w-c:\users\Spencer\AppData\Local\Gapotchenko
2012-06-29 05:32 . 2012-06-29 05:32--------d-----w-c:\users\Spencer\AppData\Roaming\Awesomium
2012-06-29 01:38 . 2012-06-29 01:38--------d-----w-c:\users\Spencer\AppData\Local\SCE
2012-06-29 01:38 . 2012-06-29 01:38--------d-----w-C:\Crash
2012-06-23 03:57 . 2007-03-20 16:3343520----a-w-c:\windows\SysWow64\libusb0.dll
2012-06-21 21:01 . 2012-06-02 22:192428952----a-w-c:\windows\system32\wuaueng.dll
2012-06-21 21:01 . 2012-06-02 22:1957880----a-w-c:\windows\system32\wuauclt.exe
2012-06-21 21:01 . 2012-06-02 22:1944056----a-w-c:\windows\system32\wups2.dll
2012-06-21 21:01 . 2012-06-02 22:152622464----a-w-c:\windows\system32\wucltux.dll
2012-06-21 21:01 . 2012-06-02 22:1938424----a-w-c:\windows\system32\wups.dll
2012-06-21 21:01 . 2012-06-02 22:19701976----a-w-c:\windows\system32\wuapi.dll
2012-06-21 21:01 . 2012-06-02 22:1599840----a-w-c:\windows\system32\wudriver.dll
2012-06-21 21:01 . 2012-06-02 19:19186752----a-w-c:\windows\system32\wuwebv.dll
2012-06-21 21:01 . 2012-06-02 19:1536864----a-w-c:\windows\system32\wuapp.exe
2012-06-20 05:33 . 2012-06-20 05:33--------d-----w-c:\users\Spencer\AppData\Local\NuGet
2012-06-20 05:32 . 2012-06-20 05:32--------d-----w-c:\users\Spencer\AppData\Roaming\NuGet
2012-06-19 07:51 . 2012-06-19 07:51--------d--h--w-c:\programdata\Common Files
2012-06-19 07:43 . 2012-06-19 07:43--------d-----w-c:\users\Spencer\AppData\Local\Macromedia
2012-06-18 22:44 . 2012-06-18 22:44--------d-----w-c:\users\Spencer\AppData\Local\Funcom
2012-06-18 20:40 . 2012-06-18 20:40275360----a-w-c:\windows\system32\DreamScene.dll
2012-06-18 20:40 . 2012-06-18 20:40--------d-----w-c:\windows\system32\WDSA
2012-06-15 07:55 . 2012-06-15 07:55--------d-----w-c:\programdata\NVIDIA
2012-06-13 22:04 . 2012-04-26 05:3476288----a-w-c:\windows\system32\rdpwsx.dll
2012-06-13 22:04 . 2012-04-26 05:34149504----a-w-c:\windows\system32\rdpcorekmts.dll
2012-06-13 22:04 . 2012-04-26 05:289216----a-w-c:\windows\system32\rdrmemptylst.exe
2012-06-13 22:04 . 2012-05-02 05:32208896----a-w-c:\windows\system32\profsvc.dll
2012-06-13 22:04 . 2012-05-04 10:525505392----a-w-c:\windows\system32\ntoskrnl.exe
2012-06-13 22:04 . 2012-05-04 10:083958128----a-w-c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 22:04 . 2012-05-04 10:083902320----a-w-c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 22:04 . 2012-05-15 01:323144192----a-w-c:\windows\system32\win32k.sys
2012-06-13 22:04 . 2012-04-28 03:50204800----a-w-c:\windows\system32\drivers\rdpwd.sys
2012-06-13 22:03 . 2012-04-07 12:183213824----a-w-c:\windows\system32\msi.dll
2012-06-13 22:03 . 2012-04-07 11:342342400----a-w-c:\windows\SysWow64\msi.dll
2012-06-13 22:03 . 2012-04-24 05:591460224----a-w-c:\windows\system32\crypt32.dll
2012-06-13 22:03 . 2012-04-24 05:59182272----a-w-c:\windows\system32\cryptsvc.dll
2012-06-13 22:03 . 2012-04-24 05:59140288----a-w-c:\windows\system32\cryptnet.dll
2012-06-13 22:03 . 2012-04-24 04:471156608----a-w-c:\windows\SysWow64\crypt32.dll
2012-06-13 22:03 . 2012-04-24 04:47139264----a-w-c:\windows\SysWow64\cryptsvc.dll
2012-06-13 22:03 . 2012-04-24 04:47103936----a-w-c:\windows\SysWow64\cryptnet.dll
2012-06-08 02:03 . 2012-06-08 02:03--------d-----w-c:\users\Spencer\AppData\Local\ESN Sonar
2012-06-06 07:00 . 2012-06-06 07:00--------d-----w-c:\program files (x86)\Common Files\PX Storage Engine
2012-06-06 06:40 . 2011-03-30 20:2698304----a-w-c:\program files (x86)\Windows Media Player\wmp.dll
2012-06-06 06:40 . 2012-06-06 06:40--------d-----w-c:\program files (x86)\Windows Media Player Plus!
2012-06-05 06:27 . 2012-06-05 06:27--------d-----w-c:\programdata\ATI
2012-06-05 06:26 . 2012-06-05 06:26--------d-----w-c:\program files (x86)\AMD AVT
2012-06-05 06:26 . 2012-06-05 06:26--------d-----w-c:\program files (x86)\AMD APP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-29 05:32 . 2012-01-20 22:45283312----a-w-c:\windows\SysWow64\PnkBstrB.xtr
2012-06-29 05:32 . 2012-01-20 22:40283312----a-w-c:\windows\SysWow64\PnkBstrB.exe
2012-06-29 01:40 . 2012-01-20 22:40282512----a-w-c:\windows\SysWow64\PnkBstrB.ex0
2012-06-29 01:39 . 2012-01-20 22:4076888----a-w-c:\windows\SysWow64\PnkBstrA.exe
2012-06-24 23:10 . 2012-04-06 01:11276504----a-w-c:\windows\SysWow64\atiglpxx.dll
2012-06-24 23:10 . 2012-04-06 01:11359960----a-w-c:\windows\system32\atig6pxx.dll
2012-06-24 23:10 . 2012-02-15 03:18197656----a-w-c:\windows\SysWow64\aticfx32.dll
2012-06-24 23:10 . 2011-12-06 03:16344088----a-w-c:\windows\system32\aticfx64.dll
2012-06-12 19:59 . 2012-04-04 00:26426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-12 19:59 . 2012-01-21 06:1470344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-09 19:49 . 2012-02-05 06:05314392----a-w-c:\windows\system32\EvoDisplayHelper.dll
2012-06-09 19:49 . 2012-02-05 06:05197144----a-w-c:\windows\SysWow64\EvoDisplayHelper.dll
2012-05-29 02:06 . 2012-02-13 04:33466456----a-w-c:\windows\system32\wrap_oal.dll
2012-05-29 02:06 . 2012-02-13 04:33444952----a-w-c:\windows\SysWow64\wrap_oal.dll
2012-05-29 02:06 . 2012-02-13 04:33122904----a-w-c:\windows\system32\OpenAL32.dll
2012-05-29 02:06 . 2012-02-13 04:33109080----a-w-c:\windows\SysWow64\OpenAL32.dll
2012-05-02 04:49 . 2012-05-02 04:492337865----a-w-c:\windows\SysWow64\pbsvc.exe
2012-04-22 21:54 . 2012-04-22 21:54374792----a-w-c:\windows\system32\drivers\UMDF\lgSSQVGA.dll
2012-04-22 21:54 . 2012-04-22 21:54157704----a-w-c:\windows\system32\drivers\UMDF\lgSSBW.dll
2012-04-14 07:38 . 2012-04-04 00:368741536----a-w-c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-06 05:22 . 2012-04-06 05:2211174400----a-w-c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:34 . 2012-04-06 02:34187392----a-w-c:\windows\system32\clinfo.exe
2012-04-06 02:34 . 2012-04-06 02:3474752----a-w-c:\windows\system32\OpenVideo64.dll
2012-04-06 02:34 . 2012-04-06 02:3464512----a-w-c:\windows\SysWow64\OpenVideo.dll
2012-04-06 02:33 . 2012-04-06 02:3363488----a-w-c:\windows\system32\OVDecode64.dll
2012-04-06 02:33 . 2012-04-06 02:3356320----a-w-c:\windows\SysWow64\OVDecode.dll
2012-04-06 02:33 . 2012-04-06 02:3316457216----a-w-c:\windows\system32\amdocl64.dll
2012-04-06 02:32 . 2012-04-06 02:3213007872----a-w-c:\windows\SysWow64\amdocl.dll
2012-04-06 02:22 . 2012-04-06 02:22159744----a-w-c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2011-12-06 03:17909312----a-w-c:\windows\SysWow64\aticfx32_evolve.dll
2012-04-06 02:20 . 2011-12-06 03:161067520----a-w-c:\windows\system32\aticfx64_evolve.dll
2012-04-06 02:16 . 2012-02-15 03:13442368----a-w-c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16503808----a-w-c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16236544----a-w-c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14120320----a-w-c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:1421504----a-w-c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:1459392----a-w-c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:1443520----a-w-c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-04-06 02:136800896----a-w-c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-02-15 03:2126181632----a-w-c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2011-12-06 02:1864000----a-w-c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2011-12-06 02:517479296----a-w-c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:5019753984----a-w-c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:351120768----a-w-c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:341831424----a-w-c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-02-15 02:404731904----a-w-c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-02-15 02:346203392----a-w-c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:3051200----a-w-c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:3046080----a-w-c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:3044544----a-w-c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:3044032----a-w-c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:2916090624----a-w-c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:2513764096----a-w-c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-02-15 02:257431680----a-w-c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-02-15 02:294795904----a-w-c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-02-15 02:14514560----a-w-c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11360448----a-w-c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2011-12-06 02:1217408----a-w-c:\windows\system32\atig6pxx_evolve.dll
2012-04-06 01:11 . 2012-04-06 01:1114848----a-w-c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2011-12-06 02:1214848----a-w-c:\windows\SysWow64\atiglpxx_evolve.dll
2012-04-06 01:11 . 2012-02-15 02:1341984----a-w-c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:1033280----a-w-c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10343040----a-w-c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2011-12-06 02:1154784----a-w-c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-04-06 01:0941984----a-w-c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-02-15 02:1244544----a-w-c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2011-12-06 02:1132256----a-w-c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:0953248----a-w-c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:0654784----a-w-c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:0654784----a-w-c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:0653760----a-w-c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:0653760----a-w-c:\windows\SysWow64\amdpcom32.dll
2012-04-04 19:56 . 2012-04-29 01:3924904----a-w-c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:5894208----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:5894208----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:5894208----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvolveClient"="d:\program files\Echobit\Evolve\EvolveClient.exe" [2012-06-24 2466840]
"Steam"="d:\program files (x86)\Steam\steam.exe" [2012-05-04 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-06-14 5309056]
"Razer Mamba Elite Driver"="c:\program files (x86)\Razer\Mamba\RazerMambaSysTray.exe" [2011-11-25 973720]
"QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe" [2010-03-25 888960]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"amd_dc_opt"="d:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
.
c:\users\Spencer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Spencer\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R3 EvoSvc;Evolve Service;d:\program files\Echobit\Evolve\EvoSvc.exe [2012-06-24 1511448]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-12-14 128928]
R3 IDVistaService;Input Director Vista Service;d:\program files (x86)\Input Director\IDVistaService.exe [2009-02-08 13824]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 36720]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-22 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R3 X6va007;X6va007; [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R4 AdvancedSystemCareService5;Advanced SystemCare Service 5;d:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-30 497496]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-06 361984]
R4 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896]
R4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;d:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
R4 hshld;Hotspot Shield Service;d:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-03-26 542040]
R4 HssWd;Hotspot Shield Monitoring Service;d:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-03-26 329544]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 NETGEARGenieDaemon;NETGEARGenieDaemon;d:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2011-10-24 1370400]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2011-04-11 71800]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 InputDirector;Input Director Service;d:\program files (x86)\Input Director\IDWinService.exe [2010-02-01 36864]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 EvoKbFilter;Evolve Keyboard Filter Driver;c:\windows\system32\Drivers\EvoKbFilter.sys [2012-02-05 27800]
S3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys [2012-02-05 21656]
S3 EvoMouFilter;Evolve Mouse Filter Driver;c:\windows\system32\Drivers\EvoMouFilter.sys [2012-02-05 24216]
S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys [2011-04-11 410184]
S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys [2011-04-11 341832]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-297926242-239688007-3628787549-1000Core.job
- c:\users\Spencer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-22 00:02]
.
2012-07-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-297926242-239688007-3628787549-1000UA.job
- c:\users\Spencer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-22 00:02]
.
2012-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-297926242-239688007-3628787549-1000Core.job
- c:\users\Spencer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-20 20:25]
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-297926242-239688007-3628787549-1000UA.job
- c:\users\Spencer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-20 20:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:5897792----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:5897792----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:5897792----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:5897792----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]
"McPvTray_exe"="c:\program files\McAfee\MAT\McPvTray.exe" [2011-04-08 436384]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?AF=110788&tt=290312_bexdll&babsrc=HP_ss&mntrId=da23b6450000000000000000b6bb57a8
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\n580dgpp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?AF=110788&tt=290312_bexdll&babsrc=HP_ss&mntrId=da23b6450000000000000000b6bb57a8
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=110788&tt=290312_bexdll&babsrc=adbartrp&mntrId=da23b6450000000000000000b6bb57a8&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110788
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - da23b6450000000000000000b6bb57a8
FF - user.js: extensions.BabylonToolbar_i.hardId - da23b6450000000000000000b6bb57a8
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15431
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:01
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-BattlEye for A2 - d:\program files\Bohemia Interactive\ArmA 2BattlEye\UnInstallBE.exe
AddRemove-BattlEye for OA - d:\program files\Bohemia Interactive\ArmA 2Expansion\BattlEye\UnInstallBE.exe
AddRemove-{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC} - d:\program files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
d:\program files (x86)\Input Director\InputDirectorSessionHelper.exe
c:\windows\SysWOW64\rundll32.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe
.
**************************************************************************
.
Completion time: 2012-07-02 21:33:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-03 01:33
ComboFix2.txt 2012-07-02 09:49
.
Pre-Run: 14,572,429,312 bytes free
Post-Run: 14,405,906,432 bytes free
.
- - End Of File - - 0D56BEBE78780249B03C37474A31A944





ESET Scan was clean no log was given.




Farbar Scan
Farbar Service Scanner Version: 02-07-2012
Ran by Spencer (administrator) on 03-07-2012 at 03:02:40
Running from "C:\Users\Spencer\Desktop"
Microsoft Windows 7 Ultimate (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-15 19:12] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-10 18:44] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-06-13 18:03] - [2012-04-24 01:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
 
If you were wondering, I believe the CFScript.txt I used was this

Code: 
FCopy::
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe | C:\Windows\System32\services.exe

I thought this was a universal fix since it was provided to many people for the same issue. I should have posted first, but it was really late and I was in a hurry to fix the issue.
 
FCopy is one way of replacing a bad file with a good copy. It is not universal and before it is set up, the user must run a scan on his system to see if there is a good copy. The copy will be for that user only..

We would never ask a user to try and evaluate Combofix on their own and the set up script to run.
==============================================
Do this before you run the Script in Combofix. I should then be able to see if the fix worked.

Unfortunately, the Babylon Toolbar is heavily installed in Firefox. This useless toolbar is bundled with some 3rd party programs and has nothing to do with the program being downloaded. But once on the system, it is difficult to remove:

Remove Babylon Toolbar in Firefox:
  • Click on Help at the top of the Firefox window.
  • Select Restart with Add-ons Disabled
  • This will bring up Firefox with the Firefox Safe Mode dialog.
    (For Windows XP: click the Help menu> select Restart with Add-ons Disabled)
2FmSC.png

  • Check Reset all user preferences to Firefox defaults.
  • Click on Make Changes and Restart.
  • Firefox will restart with your settings changed back to the defaults.
  • (Image courtesy superuser.com)
=====================
Suggest you remove Advanced SystemCare 5 We do not recommend a registry cleaner to anyone. The risk is greater than any smll benefit gained.
===================
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

For 64bit: http://jpshortstuff.247fixes.com/SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: 
    :filefind
afd.*
cryptsvc.*
tcpip.sys
mpssvc.dll
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
=========================================
Please run this Custom CFScript:
  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'WordWrap> and copy/paste the text in the code below into it:
Code: 
File::
c:\windows\SysWOW64\Drivers\X6va008
DDS::
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
Folder::
c:\windows\SysWow64\%APPDATA%
Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"=-
 
Clearjavacache::
 
Driver::
X6va007
X6va008
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
2012-07-02 10:26--------d-----w-C:\FRST>>> ???

Please leave logs for Combofix and SystemLook in your next reply.
 
SystemLook 30.07.11 by jpshortstuff
Log created at 13:30 on 04/07/2012 by Spencer
Administrator - Elevation successful

========== filefind ==========

Searching for "afd.*"
C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys--a---- 499712 bytes[19:35 22/01/2012][09:23 20/11/2010] D31DC7A16DEA4A9BAF179F3D6FBDB38C
C:\Windows\System32\drivers\afd.sys--a---- 499200 bytes[23:12 15/02/2012][03:59 28/12/2011] DB9D6C6B2CD95A9CA414D045B627422E
C:\Windows\System32\drivers\en-US\afd.sys.mui--a---- 14848 bytes[05:35 14/07/2009][02:30 14/07/2009] E6A5E6AD9C6F4F30061068F321C0EC5A
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a7ddb2029817a18e\afd.sys.mui--a---- 14848 bytes[05:35 14/07/2009][02:30 14/07/2009] E6A5E6AD9C6F4F30061068F321C0EC5A
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys--a---- 500224 bytes[23:21 13/07/2009][23:21 13/07/2009] B9384E03479D2506BC924C16A3DB87BC
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys--a---- 499712 bytes[08:37 22/01/2012][02:44 25/04/2011] 6EF20DDF3172E97D69F596FB90602F29
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys--a---- 499200 bytes[23:12 15/02/2012][03:59 28/12/2011] DB9D6C6B2CD95A9CA414D045B627422E
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys--a---- 499712 bytes[08:37 22/01/2012][02:44 25/04/2011] FBFF8B7C9D116229E9208A0D1CAEB49B
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys--a---- 499200 bytes[23:12 15/02/2012][04:01 28/12/2011] CCA39961E76B491DDF44B1E90FC8971D
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys--a---- 499200 bytes[08:37 22/01/2012][02:34 25/04/2011] D5B031C308A409A0A576BFF4CF083D30
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys--a---- 498688 bytes[23:12 15/02/2012][03:59 28/12/2011] 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys--a---- 499200 bytes[08:37 22/01/2012][03:09 25/04/2011] F4AD06143EAC303F55D0E86C40802976
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys--a---- 498176 bytes[23:12 15/02/2012][04:01 28/12/2011] 36A14FD1A23F57046361733B792CA8DB

Searching for "cryptsvc.*"
C:\Windows\erdnt\cache64\cryptsvc.dll--a---- 182272 bytes[09:48 02/07/2012][05:59 24/04/2012] F02786B66375292E58C8777082D4396D
C:\Windows\erdnt\cache86\cryptsvc.dll--a---- 139264 bytes[09:48 02/07/2012][04:47 24/04/2012] 520A108A2657F4BCA7FCED9CA7D885DE
C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll--a---- 177152 bytes[19:34 22/01/2012][13:25 20/11/2010] 15597883FBE9B056F276ADA3AD87D9AF
C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll--a---- 136192 bytes[19:34 22/01/2012][12:18 20/11/2010] A585BEBF7D054BD9618EDA0922D5484A
C:\Windows\System32\cryptsvc.dll--a---- 182272 bytes[22:03 13/06/2012][05:59 24/04/2012] F02786B66375292E58C8777082D4396D
C:\Windows\System32\en-US\cryptsvc.dll.mui--a---- 3584 bytes[05:35 14/07/2009][02:24 14/07/2009] 901D16DFDEB36476129DB6386B6BFCBA
C:\Windows\SysWOW64\cryptsvc.dll--a---- 139264 bytes[22:03 13/06/2012][04:47 24/04/2012] 520A108A2657F4BCA7FCED9CA7D885DE
C:\Windows\SysWOW64\en-US\cryptsvc.dll.mui--a---- 3584 bytes[05:35 14/07/2009][02:07 14/07/2009] E10A5D4A0FE1A6408BDAEC86327E4075
C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00bbc5aa103d49e7\cryptsvc.dll.mui--a---- 3584 bytes[05:35 14/07/2009][02:24 14/07/2009] 901D16DFDEB36476129DB6386B6BFCBA
C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll--a---- 175104 bytes[23:49 13/07/2009][01:40 14/07/2009] 8C57411B66282C01533CB776F98AD384
C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_d24deecfb43ce339\cryptsvc.dll--a---- 182272 bytes[22:03 13/06/2012][05:59 24/04/2012] F02786B66375292E58C8777082D4396D
C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_d2773c98cda297d3\cryptsvc.dll--a---- 183808 bytes[22:03 13/06/2012][05:36 24/04/2012] CE8BF1423AEE47DA5275FBC8AD3BD642
C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_d41dd577b1743795\cryptsvc.dll--a---- 184320 bytes[22:03 13/06/2012][05:37 24/04/2012] 4F5414602E2544A4554D95517948B705
C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_d473633acab895c2\cryptsvc.dll--a---- 186880 bytes[22:03 13/06/2012][05:22 24/04/2012] B7337E9C9E5936355BB700AA33E0936E
C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a49d2a2657dfd8b1\cryptsvc.dll.mui--a---- 3584 bytes[05:35 14/07/2009][02:07 14/07/2009] E10A5D4A0FE1A6408BDAEC86327E4075
C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll--a---- 135680 bytes[23:33 13/07/2009][01:15 14/07/2009] 9C231178CE4FB385F4B54B0A9080B8A4
C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_762f534bfbdf7203\cryptsvc.dll--a---- 139264 bytes[22:03 13/06/2012][04:47 24/04/2012] 520A108A2657F4BCA7FCED9CA7D885DE
C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_7658a1151545269d\cryptsvc.dll--a---- 141312 bytes[22:03 13/06/2012][04:33 24/04/2012] F522279B4717E2BFF269C771FAC2B78E
C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll--a---- 140288 bytes[22:03 13/06/2012][04:36 24/04/2012] 06E771AA596B8761107AB57E99F128D7
C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll--a---- 142336 bytes[22:03 13/06/2012][04:28 24/04/2012] 21993009E0CCB9B4FA195F14D3408626

Searching for "tcpip.sys"
C:\Windows\erdnt\cache64\tcpip.sys--a---- 1895280 bytes[09:48 02/07/2012][11:09 30/03/2012] 624C5B3AA4C99B3184BB922D9ECE3FF0
C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys--a---- 1924480 bytes[19:35 22/01/2012][13:33 20/11/2010] 509383E505C973ED7534A06B3D19688D
C:\Windows\System32\drivers\tcpip.sys--a---- 1895280 bytes[22:44 10/05/2012][11:09 30/03/2012] 624C5B3AA4C99B3184BB922D9ECE3FF0
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys--a---- 1898576 bytes[23:25 13/07/2009][01:45 14/07/2009] 912107716BAB424C7870E8E6AF5E07E1
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys--a---- 1896832 bytes[08:37 22/01/2012][05:32 25/04/2011] 61DC720BB065D607D5823F13D2A64321
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_0f170e9f80139ebc\tcpip.sys--a---- 1897328 bytes[08:35 22/01/2012][16:24 29/09/2011] F18F56EFC0BFB9C87BA01C37B27F4DA5
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_0f140fa780164fde\tcpip.sys--a---- 1895280 bytes[22:44 10/05/2012][11:09 30/03/2012] 624C5B3AA4C99B3184BB922D9ECE3FF0
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys--a---- 1893248 bytes[08:37 22/01/2012][05:28 25/04/2011] 1F748D5439B65E0BEBD92F65048F030D
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_0fad20ca992955d7\tcpip.sys--a---- 1886064 bytes[08:35 22/01/2012][16:17 29/09/2011] AC3E29880DB5659532A1AA3439304A43
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_0faa5514992a39a7\tcpip.sys--a---- 1877872 bytes[22:44 10/05/2012][10:19 30/03/2012] 5EFD096DEF47F8B88EF591DA92143440
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys--a---- 1923968 bytes[08:37 22/01/2012][05:33 25/04/2011] 92CE29D95AC9DD2D0EE9061D551BA250
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys--a---- 1923952 bytes[08:35 22/01/2012][16:29 29/09/2011] FC62769E7BFF2896035AEED399108162
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys--a---- 1918320 bytes[22:44 10/05/2012][11:35 30/03/2012] ACB82BDA8F46C84F465C1AFA517DC4B9
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys--a---- 1927552 bytes[08:37 22/01/2012][06:16 25/04/2011] B77977AEB2FF159D01DB08A309989C5F
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys--a---- 1912176 bytes[08:35 22/01/2012][17:41 29/09/2011] 3810F06A4D74A7D62641EE73D6B3C660
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys--a---- 1901424 bytes[22:44 10/05/2012][10:26 30/03/2012] 885B202006EE17AE99B9FBCEC9AF88C9

Searching for "mpssvc.dll"
C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7601.17514_none_f83a40e7de7c47da\MPSSVC.dll--a---- 828416 bytes[19:35 22/01/2012][13:26 20/11/2010] 54FFC9C8898113ACE189D4AA7199D2C1
C:\Windows\System32\MPSSVC.dll--a---- 824832 bytes[00:09 14/07/2009][01:41 14/07/2009] AECAB449567D1846DAD63ECE49E893E3
C:\Windows\winsxs\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7600.16385_none_f6092d1fe18dc440\MPSSVC.dll--a---- 824832 bytes[00:09 14/07/2009][01:41 14/07/2009] AECAB449567D1846DAD63ECE49E893E3

-= EOF =-




ComboFix

ComboFix 12-07-04.04 - Spencer 07/04/2012 13:38:02.3.6 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8191.6467 [GMT -4:00]
Running from: c:\users\Spencer\Desktop\ComboFix.exe
Command switches used :: c:\users\Spencer\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\SysWOW64\Drivers\X6va008"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\%APPDATA%
c:\windows\SysWow64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_X6VA007
-------\Legacy_X6VA008
-------\Service_X6va007
-------\Service_X6va008
.
.
((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 )))))))))))))))))))))))))))))))
.
.
2012-07-04 17:43 . 2012-07-04 17:43--------d-----w-c:\users\Default\AppData\Local\temp
2012-07-03 22:07 . 2012-07-03 22:07--------d-----w-c:\users\Spencer\AppData\Local\Movie_Fone
2012-07-03 01:40 . 2012-07-03 01:40--------d-----w-c:\program files (x86)\ESET
2012-07-02 10:25 . 2012-07-02 10:26--------d-----w-C:\FRST
2012-07-02 09:41 . 2009-07-14 01:39328704----a-w-c:\windows\SysWow64\services.exe
2012-07-02 07:57 . 2012-07-02 07:57--------d-----w-c:\users\Spencer\AppData\Local\Futuremark_Corporation
2012-07-02 07:54 . 2012-07-02 07:54--------d-----w-c:\program files (x86)\Common Files\Futuremark Shared
2012-06-29 22:05 . 2012-06-29 22:05--------d-----w-c:\users\Spencer\AppData\Local\PreEmptive Solutions
2012-06-29 22:01 . 2012-06-29 22:15--------d-----w-c:\users\Spencer\AppData\Local\Gapotchenko
2012-06-29 05:32 . 2012-06-29 05:32--------d-----w-c:\users\Spencer\AppData\Roaming\Awesomium
2012-06-29 01:38 . 2012-06-29 01:38--------d-----w-c:\users\Spencer\AppData\Local\SCE
2012-06-29 01:38 . 2012-06-29 01:38--------d-----w-C:\Crash
2012-06-23 03:57 . 2007-03-20 16:3343520----a-w-c:\windows\SysWow64\libusb0.dll
2012-06-21 21:01 . 2012-06-02 22:192428952----a-w-c:\windows\system32\wuaueng.dll
2012-06-21 21:01 . 2012-06-02 22:1957880----a-w-c:\windows\system32\wuauclt.exe
2012-06-21 21:01 . 2012-06-02 22:1944056----a-w-c:\windows\system32\wups2.dll
2012-06-21 21:01 . 2012-06-02 22:152622464----a-w-c:\windows\system32\wucltux.dll
2012-06-21 21:01 . 2012-06-02 22:1938424----a-w-c:\windows\system32\wups.dll
2012-06-21 21:01 . 2012-06-02 22:19701976----a-w-c:\windows\system32\wuapi.dll
2012-06-21 21:01 . 2012-06-02 22:1599840----a-w-c:\windows\system32\wudriver.dll
2012-06-21 21:01 . 2012-06-02 19:19186752----a-w-c:\windows\system32\wuwebv.dll
2012-06-21 21:01 . 2012-06-02 19:1536864----a-w-c:\windows\system32\wuapp.exe
2012-06-20 05:33 . 2012-06-20 05:33--------d-----w-c:\users\Spencer\AppData\Local\NuGet
2012-06-20 05:32 . 2012-06-20 05:32--------d-----w-c:\users\Spencer\AppData\Roaming\NuGet
2012-06-19 07:51 . 2012-06-19 07:51--------d--h--w-c:\programdata\Common Files
2012-06-19 07:43 . 2012-06-19 07:43--------d-----w-c:\users\Spencer\AppData\Local\Macromedia
2012-06-18 22:44 . 2012-06-18 22:44--------d-----w-c:\users\Spencer\AppData\Local\Funcom
2012-06-18 20:40 . 2012-06-18 20:40275360----a-w-c:\windows\system32\DreamScene.dll
2012-06-18 20:40 . 2012-06-18 20:40--------d-----w-c:\windows\system32\WDSA
2012-06-15 07:55 . 2012-06-15 07:55--------d-----w-c:\programdata\NVIDIA
2012-06-13 22:04 . 2012-04-26 05:3476288----a-w-c:\windows\system32\rdpwsx.dll
2012-06-13 22:04 . 2012-04-26 05:34149504----a-w-c:\windows\system32\rdpcorekmts.dll
2012-06-13 22:04 . 2012-04-26 05:289216----a-w-c:\windows\system32\rdrmemptylst.exe
2012-06-13 22:04 . 2012-05-02 05:32208896----a-w-c:\windows\system32\profsvc.dll
2012-06-13 22:04 . 2012-05-04 10:525505392----a-w-c:\windows\system32\ntoskrnl.exe
2012-06-13 22:04 . 2012-05-04 10:083958128----a-w-c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 22:04 . 2012-05-04 10:083902320----a-w-c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 22:04 . 2012-05-15 01:323144192----a-w-c:\windows\system32\win32k.sys
2012-06-13 22:04 . 2012-04-28 03:50204800----a-w-c:\windows\system32\drivers\rdpwd.sys
2012-06-13 22:03 . 2012-04-07 12:183213824----a-w-c:\windows\system32\msi.dll
2012-06-13 22:03 . 2012-04-07 11:342342400----a-w-c:\windows\SysWow64\msi.dll
2012-06-13 22:03 . 2012-04-24 05:591460224----a-w-c:\windows\system32\crypt32.dll
2012-06-13 22:03 . 2012-04-24 05:59182272----a-w-c:\windows\system32\cryptsvc.dll
2012-06-13 22:03 . 2012-04-24 05:59140288----a-w-c:\windows\system32\cryptnet.dll
2012-06-13 22:03 . 2012-04-24 04:471156608----a-w-c:\windows\SysWow64\crypt32.dll
2012-06-13 22:03 . 2012-04-24 04:47139264----a-w-c:\windows\SysWow64\cryptsvc.dll
2012-06-13 22:03 . 2012-04-24 04:47103936----a-w-c:\windows\SysWow64\cryptnet.dll
2012-06-08 02:03 . 2012-06-08 02:03--------d-----w-c:\users\Spencer\AppData\Local\ESN Sonar
2012-06-06 07:00 . 2012-06-06 07:00--------d-----w-c:\program files (x86)\Common Files\PX Storage Engine
2012-06-06 06:40 . 2011-03-30 20:2698304----a-w-c:\program files (x86)\Windows Media Player\wmp.dll
2012-06-06 06:40 . 2012-06-06 06:40--------d-----w-c:\program files (x86)\Windows Media Player Plus!
2012-06-05 06:27 . 2012-06-05 06:27--------d-----w-c:\programdata\ATI
2012-06-05 06:26 . 2012-06-05 06:26--------d-----w-c:\program files (x86)\AMD AVT
2012-06-05 06:26 . 2012-06-05 06:26--------d-----w-c:\program files (x86)\AMD APP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-29 05:32 . 2012-01-20 22:45283312----a-w-c:\windows\SysWow64\PnkBstrB.xtr
2012-06-29 05:32 . 2012-01-20 22:40283312----a-w-c:\windows\SysWow64\PnkBstrB.exe
2012-06-29 01:40 . 2012-01-20 22:40282512----a-w-c:\windows\SysWow64\PnkBstrB.ex0
2012-06-29 01:39 . 2012-01-20 22:4076888----a-w-c:\windows\SysWow64\PnkBstrA.exe
2012-06-24 23:10 . 2012-04-06 01:11276504----a-w-c:\windows\SysWow64\atiglpxx.dll
2012-06-24 23:10 . 2012-04-06 01:11359960----a-w-c:\windows\system32\atig6pxx.dll
2012-06-24 23:10 . 2012-02-15 03:18197656----a-w-c:\windows\SysWow64\aticfx32.dll
2012-06-24 23:10 . 2011-12-06 03:16344088----a-w-c:\windows\system32\aticfx64.dll
2012-06-12 19:59 . 2012-04-04 00:26426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-12 19:59 . 2012-01-21 06:1470344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-09 19:49 . 2012-02-05 06:05314392----a-w-c:\windows\system32\EvoDisplayHelper.dll
2012-06-09 19:49 . 2012-02-05 06:05197144----a-w-c:\windows\SysWow64\EvoDisplayHelper.dll
2012-05-29 02:06 . 2012-02-13 04:33466456----a-w-c:\windows\system32\wrap_oal.dll
2012-05-29 02:06 . 2012-02-13 04:33444952----a-w-c:\windows\SysWow64\wrap_oal.dll
2012-05-29 02:06 . 2012-02-13 04:33122904----a-w-c:\windows\system32\OpenAL32.dll
2012-05-29 02:06 . 2012-02-13 04:33109080----a-w-c:\windows\SysWow64\OpenAL32.dll
2012-05-02 04:49 . 2012-05-02 04:492337865----a-w-c:\windows\SysWow64\pbsvc.exe
2012-04-22 21:54 . 2012-04-22 21:54374792----a-w-c:\windows\system32\drivers\UMDF\lgSSQVGA.dll
2012-04-22 21:54 . 2012-04-22 21:54157704----a-w-c:\windows\system32\drivers\UMDF\lgSSBW.dll
2012-04-14 07:38 . 2012-04-04 00:368741536----a-w-c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-06 05:22 . 2012-04-06 05:2211174400----a-w-c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:34 . 2012-04-06 02:34187392----a-w-c:\windows\system32\clinfo.exe
2012-04-06 02:34 . 2012-04-06 02:3474752----a-w-c:\windows\system32\OpenVideo64.dll
2012-04-06 02:34 . 2012-04-06 02:3464512----a-w-c:\windows\SysWow64\OpenVideo.dll
2012-04-06 02:33 . 2012-04-06 02:3363488----a-w-c:\windows\system32\OVDecode64.dll
2012-04-06 02:33 . 2012-04-06 02:3356320----a-w-c:\windows\SysWow64\OVDecode.dll
2012-04-06 02:33 . 2012-04-06 02:3316457216----a-w-c:\windows\system32\amdocl64.dll
2012-04-06 02:32 . 2012-04-06 02:3213007872----a-w-c:\windows\SysWow64\amdocl.dll
2012-04-06 02:22 . 2012-04-06 02:22159744----a-w-c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2011-12-06 03:17909312----a-w-c:\windows\SysWow64\aticfx32_evolve.dll
2012-04-06 02:20 . 2011-12-06 03:161067520----a-w-c:\windows\system32\aticfx64_evolve.dll
2012-04-06 02:16 . 2012-02-15 03:13442368----a-w-c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16503808----a-w-c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16236544----a-w-c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14120320----a-w-c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:1421504----a-w-c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:1459392----a-w-c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:1443520----a-w-c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-04-06 02:136800896----a-w-c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-02-15 03:2126181632----a-w-c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2011-12-06 02:1864000----a-w-c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2011-12-06 02:517479296----a-w-c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:5019753984----a-w-c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:351120768----a-w-c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:341831424----a-w-c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-02-15 02:404731904----a-w-c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-02-15 02:346203392----a-w-c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:3051200----a-w-c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:3046080----a-w-c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:3044544----a-w-c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:3044032----a-w-c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:2916090624----a-w-c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:2513764096----a-w-c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-02-15 02:257431680----a-w-c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-02-15 02:294795904----a-w-c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-02-15 02:14514560----a-w-c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11360448----a-w-c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2011-12-06 02:1217408----a-w-c:\windows\system32\atig6pxx_evolve.dll
2012-04-06 01:11 . 2012-04-06 01:1114848----a-w-c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2011-12-06 02:1214848----a-w-c:\windows\SysWow64\atiglpxx_evolve.dll
2012-04-06 01:11 . 2012-02-15 02:1341984----a-w-c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:1033280----a-w-c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10343040----a-w-c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2011-12-06 02:1154784----a-w-c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-04-06 01:0941984----a-w-c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-02-15 02:1244544----a-w-c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2011-12-06 02:1132256----a-w-c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:0953248----a-w-c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:0654784----a-w-c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:0654784----a-w-c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:0653760----a-w-c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:0653760----a-w-c:\windows\SysWow64\amdpcom32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-03_01.31.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-20 21:52 . 2012-07-04 17:2557968 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-04 17:2528102 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-01-20 23:15 . 2012-07-04 17:2332768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-01-20 23:15 . 2012-07-03 01:1732768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-01-20 23:15 . 2012-07-03 01:1732768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-01-20 23:15 . 2012-07-04 17:2332768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-04 17:2316384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-03 01:1716384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-20 21:22 . 2012-07-04 17:257482 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-297926242-239688007-3628787549-1000_UserData.bin
- 2012-01-20 21:22 . 2012-07-02 17:487482 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-297926242-239688007-3628787549-1000_UserData.bin
+ 2012-07-04 17:44 . 2012-07-04 17:442048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-03 01:31 . 2012-07-03 01:312048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-07-04 17:29271368 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-07-03 01:30273332 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-04 17:43273332 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:36 . 2012-07-04 17:291097520 c:\windows\system32\perfh009.dat
- 2012-02-10 05:00 . 2012-07-03 01:301274720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-02-10 05:00 . 2012-07-04 17:431274720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-02-05 09:20 . 2012-06-30 06:592745036 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-297926242-239688007-3628787549-1000-12288.dat
+ 2012-02-05 09:20 . 2012-07-04 02:222745036 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-297926242-239688007-3628787549-1000-12288.dat
- 2009-07-14 02:34 . 2012-07-02 17:5910485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-07-04 17:3610485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-01-20 21:19 . 2012-07-04 17:4320426639 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-297926242-239688007-3628787549-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:5894208----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:5894208----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:5894208----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvolveClient"="d:\program files\Echobit\Evolve\EvolveClient.exe" [2012-06-24 2466840]
"Steam"="d:\program files (x86)\Steam\steam.exe" [2012-05-04 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-06-14 5309056]
"Razer Mamba Elite Driver"="c:\program files (x86)\Razer\Mamba\RazerMambaSysTray.exe" [2011-11-25 973720]
"QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe" [2010-03-25 888960]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"amd_dc_opt"="d:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
.
c:\users\Spencer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Spencer\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R3 EvoSvc;Evolve Service;d:\program files\Echobit\Evolve\EvoSvc.exe [2012-06-24 1511448]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-12-14 128928]
R3 IDVistaService;Input Director Vista Service;d:\program files (x86)\Input Director\IDVistaService.exe [2009-02-08 13824]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 36720]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-22 1255736]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R4 AdvancedSystemCareService5;Advanced SystemCare Service 5;d:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-30 497496]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-06 361984]
R4 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896]
R4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;d:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
R4 hshld;Hotspot Shield Service;d:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-03-26 542040]
R4 HssWd;Hotspot Shield Monitoring Service;d:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-03-26 329544]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 NETGEARGenieDaemon;NETGEARGenieDaemon;d:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2011-10-24 1370400]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2011-04-11 71800]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 InputDirector;Input Director Service;d:\program files (x86)\Input Director\IDWinService.exe [2010-02-01 36864]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 EvoKbFilter;Evolve Keyboard Filter Driver;c:\windows\system32\Drivers\EvoKbFilter.sys [2012-02-05 27800]
S3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys [2012-02-05 21656]
S3 EvoMouFilter;Evolve Mouse Filter Driver;c:\windows\system32\Drivers\EvoMouFilter.sys [2012-02-05 24216]
S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys [2011-04-11 410184]
S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys [2011-04-11 341832]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-297926242-239688007-3628787549-1000Core.job
- c:\users\Spencer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-22 00:02]
.
2012-07-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-297926242-239688007-3628787549-1000UA.job
- c:\users\Spencer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-22 00:02]
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-297926242-239688007-3628787549-1000Core.job
- c:\users\Spencer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-20 20:25]
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-297926242-239688007-3628787549-1000UA.job
- c:\users\Spencer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-20 20:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:5897792----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:5897792----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:5897792----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:5897792----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]
"McPvTray_exe"="c:\program files\McAfee\MAT\McPvTray.exe" [2011-04-08 436384]
"combofix"="c:\combofix\CF32693.3XE" [2009-07-14 344576]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?AF=110788&tt=290312_bexdll&babsrc=HP_ss&mntrId=da23b6450000000000000000b6bb57a8
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\n580dgpp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3181033&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ViralTube3 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3181033&SearchSource=13
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110788
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - da23b6450000000000000000b6bb57a8
FF - user.js: extensions.BabylonToolbar_i.hardId - da23b6450000000000000000b6bb57a8
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15431
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:01
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
d:\program files (x86)\Input Director\InputDirectorSessionHelper.exe
c:\windows\SysWOW64\rundll32.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe
.
**************************************************************************
.
Completion time: 2012-07-04 13:45:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-04 17:45
ComboFix2.txt 2012-07-02 09:49
.
Pre-Run: 14,540,509,184 bytes free
Post-Run: 14,022,406,144 bytes free
.
- - End Of File - - 97366707453D2B6B2157BC5EB38E98B3
 
Do this before you run the Script in Combofix. I should then be able to see if the fix worked.
Unfortunately, the Babylon Toolbar is heavily installed in Firefox.
Click to expand...

None of the default settings are in Firefox and Firefox is still infested with Babylon Toolbar.
=========================================
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code: 
File::
Extra::
File::
Firefox::
Firefox-: - ProfilePath - c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\n580dgpp.default\
Firefox-: prefs.js - Search.DefaultURL:
Firefox-: prefs.js- Startup.Homepage
 
Clearjavacache::
 
createrestorepoint::
FCopy::
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys | C:\Windows\System32\drivers\afd.sys
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_0f140fa780164fde\tcpip.sys | C:\Windows\System32\Drivers\tcpip.sys
C:\Windows\winsxs\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7600.16385_none_f6092d1fe18dc440\MPSSVC.dll | C:\Windows\System32\mpssvc.dll
C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_d24deecfb43ce339\cryptsvc.dll | C:\Windows\System32\cryptsvc.dll
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
This did not get removed with the script. Please find it in your system- do right click> Properties to check the date> do a right click> Delete on THIS file:
"c:\combofix\CF32693.3XE" [2009-07-14 344576]v\
 
ComboFix 12-07-04.04 - Spencer 07/04/2012 22:29:12.4.6 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8191.6249 [GMT -4:00]
Running from: c:\users\Spencer\Desktop\ComboFix.exe
Command switches used :: c:\users\Spencer\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys --> c:\windows\System32\drivers\afd.sys
c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_0f140fa780164fde\tcpip.sys --> c:\windows\System32\Drivers\tcpip.sys
c:\windows\winsxs\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7600.16385_none_f6092d1fe18dc440\MPSSVC.dll --> c:\windows\System32\mpssvc.dll
c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_d24deecfb43ce339\cryptsvc.dll --> c:\windows\System32\cryptsvc.dll
.
((((((((((((((((((((((((( Files Created from 2012-06-05 to 2012-07-05 )))))))))))))))))))))))))))))))
.
.
2012-07-05 02:32 . 2012-07-05 02:32--------d-----w-c:\users\Default\AppData\Local\temp
2012-07-05 02:29 . 2012-03-30 11:091895280----a-w-c:\windows\SysWow64\drivers\tcpip.sys
2012-07-05 02:29 . 2011-12-28 03:59499200----a-w-c:\windows\SysWow64\drivers\afd.sys
2012-07-05 02:29 . 2009-07-14 01:41824832----a-w-c:\windows\SysWow64\mpssvc.dll
2012-07-04 20:38 . 2012-07-04 20:38--------d-----w-c:\programdata\Nexon
2012-07-03 22:07 . 2012-07-03 22:07--------d-----w-c:\users\Spencer\AppData\Local\Movie_Fone
2012-07-03 01:40 . 2012-07-03 01:40--------d-----w-c:\program files (x86)\ESET
2012-07-02 10:25 . 2012-07-02 10:26--------d-----w-C:\FRST
2012-07-02 09:41 . 2009-07-14 01:39328704----a-w-c:\windows\SysWow64\services.exe
2012-07-02 07:57 . 2012-07-02 07:57--------d-----w-c:\users\Spencer\AppData\Local\Futuremark_Corporation
2012-07-02 07:54 . 2012-07-02 07:54--------d-----w-c:\program files (x86)\Common Files\Futuremark Shared
2012-06-29 22:05 . 2012-06-29 22:05--------d-----w-c:\users\Spencer\AppData\Local\PreEmptive Solutions
2012-06-29 22:01 . 2012-06-29 22:15--------d-----w-c:\users\Spencer\AppData\Local\Gapotchenko
2012-06-29 05:32 . 2012-06-29 05:32--------d-----w-c:\users\Spencer\AppData\Roaming\Awesomium
2012-06-29 01:38 . 2012-06-29 01:38--------d-----w-c:\users\Spencer\AppData\Local\SCE
2012-06-29 01:38 . 2012-06-29 01:38--------d-----w-C:\Crash
2012-06-23 03:57 . 2007-03-20 16:3343520----a-w-c:\windows\SysWow64\libusb0.dll
2012-06-21 21:01 . 2012-06-02 22:192428952----a-w-c:\windows\system32\wuaueng.dll
2012-06-21 21:01 . 2012-06-02 22:1957880----a-w-c:\windows\system32\wuauclt.exe
2012-06-21 21:01 . 2012-06-02 22:1944056----a-w-c:\windows\system32\wups2.dll
2012-06-21 21:01 . 2012-06-02 22:152622464----a-w-c:\windows\system32\wucltux.dll
2012-06-21 21:01 . 2012-06-02 22:1938424----a-w-c:\windows\system32\wups.dll
2012-06-21 21:01 . 2012-06-02 22:19701976----a-w-c:\windows\system32\wuapi.dll
2012-06-21 21:01 . 2012-06-02 22:1599840----a-w-c:\windows\system32\wudriver.dll
2012-06-21 21:01 . 2012-06-02 19:19186752----a-w-c:\windows\system32\wuwebv.dll
2012-06-21 21:01 . 2012-06-02 19:1536864----a-w-c:\windows\system32\wuapp.exe
2012-06-20 05:33 . 2012-06-20 05:33--------d-----w-c:\users\Spencer\AppData\Local\NuGet
2012-06-20 05:32 . 2012-06-20 05:32--------d-----w-c:\users\Spencer\AppData\Roaming\NuGet
2012-06-19 07:51 . 2012-06-19 07:51--------d--h--w-c:\programdata\Common Files
2012-06-19 07:43 . 2012-06-19 07:43--------d-----w-c:\users\Spencer\AppData\Local\Macromedia
2012-06-18 22:44 . 2012-06-18 22:44--------d-----w-c:\users\Spencer\AppData\Local\Funcom
2012-06-18 20:40 . 2012-06-18 20:40275360----a-w-c:\windows\system32\DreamScene.dll
2012-06-18 20:40 . 2012-06-18 20:40--------d-----w-c:\windows\system32\WDSA
2012-06-15 07:55 . 2012-06-15 07:55--------d-----w-c:\programdata\NVIDIA
2012-06-13 22:04 . 2012-04-26 05:3476288----a-w-c:\windows\system32\rdpwsx.dll
2012-06-13 22:04 . 2012-04-26 05:34149504----a-w-c:\windows\system32\rdpcorekmts.dll
2012-06-13 22:04 . 2012-04-26 05:289216----a-w-c:\windows\system32\rdrmemptylst.exe
2012-06-13 22:04 . 2012-05-02 05:32208896----a-w-c:\windows\system32\profsvc.dll
2012-06-13 22:04 . 2012-05-04 10:525505392----a-w-c:\windows\system32\ntoskrnl.exe
2012-06-13 22:04 . 2012-05-04 10:083958128----a-w-c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 22:04 . 2012-05-04 10:083902320----a-w-c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 22:04 . 2012-05-15 01:323144192----a-w-c:\windows\system32\win32k.sys
2012-06-13 22:04 . 2012-04-28 03:50204800----a-w-c:\windows\system32\drivers\rdpwd.sys
2012-06-13 22:03 . 2012-04-07 12:183213824----a-w-c:\windows\system32\msi.dll
2012-06-13 22:03 . 2012-04-07 11:342342400----a-w-c:\windows\SysWow64\msi.dll
2012-06-13 22:03 . 2012-04-24 05:591460224----a-w-c:\windows\system32\crypt32.dll
2012-06-13 22:03 . 2012-04-24 05:59182272----a-w-c:\windows\system32\cryptsvc.dll
2012-06-13 22:03 . 2012-04-24 05:59140288----a-w-c:\windows\system32\cryptnet.dll
2012-06-13 22:03 . 2012-04-24 04:471156608----a-w-c:\windows\SysWow64\crypt32.dll
2012-06-13 22:03 . 2012-04-24 05:59182272----a-w-c:\windows\SysWow64\cryptsvc.dll
2012-06-13 22:03 . 2012-04-24 04:47103936----a-w-c:\windows\SysWow64\cryptnet.dll
2012-06-08 02:03 . 2012-06-08 02:03--------d-----w-c:\users\Spencer\AppData\Local\ESN Sonar
2012-06-06 07:00 . 2012-06-06 07:00--------d-----w-c:\program files (x86)\Common Files\PX Storage Engine
2012-06-06 06:40 . 2011-03-30 20:2698304----a-w-c:\program files (x86)\Windows Media Player\wmp.dll
2012-06-06 06:40 . 2012-06-06 06:40--------d-----w-c:\program files (x86)\Windows Media Player Plus!
2012-06-05 06:27 . 2012-06-05 06:27--------d-----w-c:\programdata\ATI
2012-06-05 06:26 . 2012-06-05 06:26--------d-----w-c:\program files (x86)\AMD AVT
2012-06-05 06:26 . 2012-06-05 06:26--------d-----w-c:\program files (x86)\AMD APP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-29 05:32 . 2012-01-20 22:45283312----a-w-c:\windows\SysWow64\PnkBstrB.xtr
2012-06-29 05:32 . 2012-01-20 22:40283312----a-w-c:\windows\SysWow64\PnkBstrB.exe
2012-06-29 01:40 . 2012-01-20 22:40282512----a-w-c:\windows\SysWow64\PnkBstrB.ex0
2012-06-29 01:39 . 2012-01-20 22:4076888----a-w-c:\windows\SysWow64\PnkBstrA.exe
2012-06-24 23:10 . 2012-04-06 01:11276504----a-w-c:\windows\SysWow64\atiglpxx.dll
2012-06-24 23:10 . 2012-04-06 01:11359960----a-w-c:\windows\system32\atig6pxx.dll
2012-06-24 23:10 . 2012-02-15 03:18197656----a-w-c:\windows\SysWow64\aticfx32.dll
2012-06-24 23:10 . 2011-12-06 03:16344088----a-w-c:\windows\system32\aticfx64.dll
2012-06-12 19:59 . 2012-04-04 00:26426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-12 19:59 . 2012-01-21 06:1470344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-09 19:49 . 2012-02-05 06:05314392----a-w-c:\windows\system32\EvoDisplayHelper.dll
2012-06-09 19:49 . 2012-02-05 06:05197144----a-w-c:\windows\SysWow64\EvoDisplayHelper.dll
2012-05-29 02:06 . 2012-02-13 04:33466456----a-w-c:\windows\system32\wrap_oal.dll
2012-05-29 02:06 . 2012-02-13 04:33444952----a-w-c:\windows\SysWow64\wrap_oal.dll
2012-05-29 02:06 . 2012-02-13 04:33122904----a-w-c:\windows\system32\OpenAL32.dll
2012-05-29 02:06 . 2012-02-13 04:33109080----a-w-c:\windows\SysWow64\OpenAL32.dll
2012-05-02 04:49 . 2012-05-02 04:492337865----a-w-c:\windows\SysWow64\pbsvc.exe
2012-04-22 21:54 . 2012-04-22 21:54374792----a-w-c:\windows\system32\drivers\UMDF\lgSSQVGA.dll
2012-04-22 21:54 . 2012-04-22 21:54157704----a-w-c:\windows\system32\drivers\UMDF\lgSSBW.dll
2012-04-14 07:38 . 2012-04-04 00:368741536----a-w-c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-06 05:22 . 2012-04-06 05:2211174400----a-w-c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:34 . 2012-04-06 02:34187392----a-w-c:\windows\system32\clinfo.exe
2012-04-06 02:34 . 2012-04-06 02:3474752----a-w-c:\windows\system32\OpenVideo64.dll
2012-04-06 02:34 . 2012-04-06 02:3464512----a-w-c:\windows\SysWow64\OpenVideo.dll
2012-04-06 02:33 . 2012-04-06 02:3363488----a-w-c:\windows\system32\OVDecode64.dll
2012-04-06 02:33 . 2012-04-06 02:3356320----a-w-c:\windows\SysWow64\OVDecode.dll
2012-04-06 02:33 . 2012-04-06 02:3316457216----a-w-c:\windows\system32\amdocl64.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-03_01.31.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-20 21:52 . 2012-07-04 17:2557968 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-04 17:4528110 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:30 . 2012-06-09 05:4986016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-07-05 00:4486016 c:\windows\system32\DriverStore\infpub.dat
+ 2012-01-20 23:15 . 2012-07-04 20:2932768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-01-20 23:15 . 2012-07-03 01:1732768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-20 23:15 . 2012-07-04 20:2932768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-01-20 23:15 . 2012-07-03 01:1732768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-03 01:1716384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-04 20:2916384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-20 21:22 . 2012-07-04 17:457498 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-297926242-239688007-3628787549-1000_UserData.bin
- 2012-07-03 01:31 . 2012-07-03 01:312048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-05 02:33 . 2012-07-05 02:332048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-07-04 17:49275554 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:30 . 2012-07-05 00:44143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-06-09 05:49143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:01 . 2012-07-03 01:30273332 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-05 02:32273332 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:36 . 2012-07-04 17:491109902 c:\windows\system32\perfh009.dat
- 2012-02-10 05:00 . 2012-07-03 01:301274720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-02-10 05:00 . 2012-07-04 17:431274720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-02-05 09:20 . 2012-07-05 02:322846880 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-297926242-239688007-3628787549-1000-12288.dat
- 2009-07-14 02:34 . 2012-07-02 17:5910485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-07-04 17:3610485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-01-20 21:19 . 2012-07-05 02:3220426639 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-297926242-239688007-3628787549-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:5894208----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:5894208----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:5894208----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvolveClient"="d:\program files\Echobit\Evolve\EvolveClient.exe" [2012-06-24 2466840]
"Steam"="d:\program files (x86)\Steam\steam.exe" [2012-05-04 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-06-14 5309056]
"Razer Mamba Elite Driver"="c:\program files (x86)\Razer\Mamba\RazerMambaSysTray.exe" [2011-11-25 973720]
"QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe" [2010-03-25 888960]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"amd_dc_opt"="d:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
.
c:\users\Spencer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Spencer\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 EvoSvc;Evolve Service;d:\program files\Echobit\Evolve\EvoSvc.exe [2012-06-24 1511448]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-12-14 128928]
R3 IDVistaService;Input Director Vista Service;d:\program files (x86)\Input Director\IDVistaService.exe [2009-02-08 13824]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 36720]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-22 1255736]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R4 AdvancedSystemCareService5;Advanced SystemCare Service 5;d:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-30 497496]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-06 361984]
R4 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896]
R4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;d:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
R4 hshld;Hotspot Shield Service;d:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-03-26 542040]
R4 HssWd;Hotspot Shield Monitoring Service;d:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-03-26 329544]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 NETGEARGenieDaemon;NETGEARGenieDaemon;d:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2011-10-24 1370400]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2011-04-11 71800]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 InputDirector;Input Director Service;d:\program files (x86)\Input Director\IDWinService.exe [2010-02-01 36864]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 EvoKbFilter;Evolve Keyboard Filter Driver;c:\windows\system32\Drivers\EvoKbFilter.sys [2012-02-05 27800]
S3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys [2012-02-05 21656]
S3 EvoMouFilter;Evolve Mouse Filter Driver;c:\windows\system32\Drivers\EvoMouFilter.sys [2012-02-05 24216]
S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys [2011-04-11 410184]
S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys [2011-04-11 341832]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-297926242-239688007-3628787549-1000Core.job
- c:\users\Spencer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-22 00:02]
.
2012-07-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-297926242-239688007-3628787549-1000UA.job
- c:\users\Spencer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-22 00:02]
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-297926242-239688007-3628787549-1000Core.job
- c:\users\Spencer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-20 20:25]
.
2012-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-297926242-239688007-3628787549-1000UA.job
- c:\users\Spencer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-20 20:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:5897792----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:5897792----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:5897792----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:5897792----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]
"McPvTray_exe"="c:\program files\McAfee\MAT\McPvTray.exe" [2011-04-08 436384]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?AF=110788&tt=290312_bexdll&babsrc=HP_ss&mntrId=da23b6450000000000000000b6bb57a8
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\n580dgpp.default\
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110788
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - da23b6450000000000000000b6bb57a8
FF - user.js: extensions.BabylonToolbar_i.hardId - da23b6450000000000000000b6bb57a8
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15431
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:01
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
d:\program files (x86)\Input Director\InputDirectorSessionHelper.exe
c:\windows\SysWOW64\rundll32.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe
.
**************************************************************************
.
Completion time: 2012-07-04 22:34:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-05 02:34
ComboFix2.txt 2012-07-02 09:49
.
Pre-Run: 12,711,514,112 bytes free
Post-Run: 13,405,831,168 bytes free
.
- - End Of File - - A85AB5BEC3F2B467E1B1335AA9DFF197
I could not find the file
"c:\combofix\CF32693.3XE" [2009-07-14 344576]v\
that you mentioned, or even a combofix directory.
 
Please tell me what you have done in Firefox regarding the Babylon Toolbar.

When your logs come back, whatever I have set up for Firefox hasn't been done.
1. First, I had you try resetting the Preferences to the Default. There were then new entries that were not the default.

2. Second, I tried to reset the default Home page (Start page, Search Page and Browser default search engine. Now Firefox shows no Home/Start page, no Search engine, no browser search engine for this user:> nothing but the /Babylon Toolbar extension:
FF - ProfilePath - c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\n580dgpp.default\
 
I apologize if I did not understand you correctly previously. I simply reset the browser a second time because I thought you had stated that it did not reset the first time. Otherwise, I am not sure what happened exactly.
 
As I mentioned, the Babylon Toolbar is not easily removed. I just needed to know that you tried using the 'Reset Preferences'. If you did and Babylon is still all over Firefox, we will have to try a different way.

But for our purposes now, I'd just like to get the default back for home and start pages

Please see if this will help:
Open Firefox> Tools> Addons> Extensions> Remove any extensions for Babylon Toolabar. Please understand that you can still use the Babylon site and search, but the toolbar is Foistware and should not remain on the system

---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar
 
The Babylon Toolbar does not exist within FireFox. I did manually set my default search provider and home page. I also deleted Babylon Search from my list of search providers. Last thing I did was search my drive for "babylon" and deleted some left over folders which seemed to contain installation files or nothing. Here is part of a new ComboFix Scan.

.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\n580dgpp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110788
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - da23b6450000000000000000b6bb57a8
FF - user.js: extensions.BabylonToolbar_i.hardId - da23b6450000000000000000b6bb57a8
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15431
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:01
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
 
You must log in or register to reply here.

Similar threads

A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
S
  • Locked
Inactive Am I infected?
Replies
8
Views
3K
Broni
Broni
L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni

Latest posts

Back