seabeetodd
-
Posts
60 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by seabeetodd
-
-
I had some infections on my computer. I was getting pop ups to speed up my PC. I ran an ESET on line scan and it got rid of several infections. The chrome home page is still "https://www.yahoo.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}CHR Profile: C:\Users\Todd\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Bible) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\adplcelpohamiijahbaanmoimmnoaiaf [2013-10-15]CHR Extension: (Google Docs) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-15]CHR Extension: (Google Drive) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-15]CHR Extension: (BeFunky Photo Editor) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfkepiiddolifkgjmfdgpnipgnfejab [2013-10-15]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-09]CHR Extension: (YouTube) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-15]CHR Extension: (Spotify - Music for every moment) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2013-10-15]CHR Extension: (Google Search) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-15]CHR Extension: (Netflix) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2013-12-16]CHR Extension: (Google+) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2013-10-15]CHR Extension: (Google Calendar) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-10-15]CHR Extension: (Pandora) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2013-10-15]CHR Extension: (No Name) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjfiaeaopgmgbenipljajjipecobmbni [2015-03-03]CHR Extension: (AdBlock) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-10-15]CHR Extension: (Dictionary by Dictionary.com) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gikhgcaliglmioibbockkmjknfnepbdh [2013-10-15]CHR Extension: (Flixster) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgbpjlnkjhllfgfdmieompodgaefjcfh [2013-10-15]CHR Extension: (Crackle) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2013-10-15]CHR Extension: (Google Play Music) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2013-10-15]CHR Extension: (Counter Strike) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilcogonmhbkicdbmkopaihjfkdpbmclk [2013-10-15]CHR Extension: (Google Play) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2013-10-15]CHR Extension: (Webcam Toy) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2013-10-15]CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-04]CHR Extension: (Google Maps) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-10-15]CHR Extension: (Dictionary.com Spanish!) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjeoplfnbghcdcjmegbolhgikciockpo [2013-10-15]CHR Extension: (Fantasy on Yahoo! Sports) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nchojkpkbofjpjiahnabhbofpeaipjpo [2013-10-15]CHR Extension: (Google Wallet) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-15]CHR Extension: (Scientific Calculator) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\npoipmeppdioagbkigdlnpmjphnolaog [2013-10-15]CHR Extension: (Weather Underground) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej [2013-10-15]CHR Extension: (Gmail) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-15]CHR Extension: (Canvas Rider) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2013-10-15]CHR HKU\S-1-5-21-1413658493-208379941-2510509854-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Todd\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-03]CHR HKU\S-1-5-21-1413658493-208379941-2510509854-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bdhffggcfjnkigeciffmipblemhphbjl] - C:\Users\Todd\AppData\Local\CRE\bdhffggcfjnkigeciffmipblemhphbjl.crx [Not Found]CHR HKU\S-1-5-21-1413658493-208379941-2510509854-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [bdhffggcfjnkigeciffmipblemhphbjl] - C:\Users\Todd\AppData\Local\CRE\bdhffggcfjnkigeciffmipblemhphbjl.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\WhiteSmokeTranslator [Not Found]==================== Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation)R2 f8794fcc; c:\Program Files (x86)\Optimizer Pro 3.52\OptProMon.dll [2018856 2015-03-03] ()R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]S2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X]==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)R3 hcw85cir; C:\Windows\System32\drivers\hcw85cir3.sys [33792 2013-04-10] (Hauppauge Computer Works, Inc.)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2011-10-04] (MCCI Corporation)S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2010-01-21] (LG Electronics Inc.)S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27648 2010-01-21] (LG Electronics Inc.)S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33280 2010-01-21] (LG Electronics Inc.)S3 ViaUsbModemDriver; C:\Windows\System32\DRIVERS\VIA_USB_MODEM.sys [28160 2011-10-04] ()S3 VIA_USB_ETS; C:\Windows\System32\DRIVERS\VIA_USB_ETS.sys [21760 2011-10-04] (Via Telecom, Inc.)S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]S3 motmodem; system32\DRIVERS\motmodem.sys [X]S3 motport; system32\DRIVERS\motport.sys [X]==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2015-03-04 02:29 - 2015-03-04 02:30 - 00000000 ____D () C:\FRST2015-03-04 02:03 - 2015-03-04 02:04 - 00039936 ___SH () C:\Users\Todd\Documents\Thumbs.db2015-03-04 01:54 - 2015-03-04 01:54 - 00010395 _____ () C:\Users\Todd\Desktop\esat.txt2015-03-03 12:47 - 2015-03-03 12:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller2015-03-03 12:47 - 2015-03-03 12:47 - 00000000 ____D () C:\Program Files\RogueKiller2015-03-03 12:36 - 2015-03-03 12:36 - 17308648 _____ (Adlice Software ) C:\Users\Todd\Downloads\setup (3).exe2015-03-03 12:34 - 2015-03-03 12:38 - 32167704 _____ (VideoLan ) C:\Users\Todd\Downloads\Unconfirmed 325446.crdownload2015-03-03 12:33 - 2015-03-03 12:34 - 32167704 _____ (VideoLan ) C:\Users\Todd\Downloads\Unconfirmed 361550.crdownload2015-03-03 11:55 - 2015-03-03 11:55 - 00021976 _____ () C:\Windows\system32\Drivers\SPPD.sys2015-03-03 11:23 - 2015-03-03 17:42 - 00003248 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule2015-03-03 11:23 - 2015-03-03 11:23 - 00000000 ____D () C:\Users\Todd\Documents\Optimizer Pro2015-03-03 11:23 - 2015-03-03 11:23 - 00000000 ____D () C:\Users\Todd\AppData\Roaming\Optimizer Pro2015-03-03 11:22 - 2015-03-04 01:34 - 00000000 ____D () C:\ProgramData\{ae184d41-ab4e-a92a-ae18-84d41ab43506}2015-03-03 11:22 - 2015-03-04 01:34 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.522015-03-03 11:22 - 2015-03-03 11:25 - 00000000 ____D () C:\Users\Todd\AppData\Local\5767C1E2-0B84-8449-95A7-9B339FFF32C82015-03-03 11:22 - 2015-03-03 11:22 - 00001061 _____ () C:\Users\Todd\Desktop\Optimizer Pro.lnk2015-03-03 11:22 - 2015-03-03 11:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.22015-03-03 11:19 - 2015-03-03 11:19 - 00000000 ____D () C:\ZombieInvasion2015-03-03 11:15 - 2015-03-03 11:15 - 00000000 ____D () C:\Users\Todd\AppData\Roaming\Yahoo!2015-03-03 11:12 - 2015-03-03 11:12 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E72015-03-03 10:51 - 2015-03-04 01:34 - 00000000 ____D () C:\Program Files (x86)\69de1081-6b06-4427-9b8d-71274ac913452015-03-03 10:51 - 2015-03-03 11:55 - 00000000 ____D () C:\ProgramData\VWiPEnfX2015-03-03 10:50 - 2015-03-03 11:49 - 00000000 ____D () C:\Program Files (x86)\globalUpdate2015-03-03 10:50 - 2015-03-03 10:50 - 00000000 ____D () C:\Users\Todd\AppData\Local\globalUpdate2015-03-03 10:45 - 2015-03-03 11:22 - 00000000 ___HD () C:\Users\Public\Temp2015-03-03 10:45 - 2015-03-03 11:05 - 00000000 ____D () C:\ProgramData\Yahoo!2015-03-03 10:45 - 2015-03-03 10:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger2015-03-03 10:43 - 2015-03-03 10:43 - 00004010 _____ () C:\Windows\System32\Tasks\LaunchSignup2015-03-03 10:43 - 2015-03-03 10:43 - 00003192 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Start2015-03-03 10:43 - 2015-03-03 10:43 - 00001931 _____ () C:\Users\Todd\Desktop\Sync Folder.lnk2015-03-03 10:43 - 2015-03-03 10:43 - 00000000 ____D () C:\Users\Todd\Documents\ProPCCleaner2015-03-03 10:43 - 2015-03-03 10:43 - 00000000 ____D () C:\Users\Todd\AppData\Local\Pro_PC_Cleaner2015-03-03 10:42 - 2015-03-03 10:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip2015-03-02 19:18 - 2015-03-02 19:18 - 00582815 _____ () C:\Users\Todd\Downloads\Better Sprinting Mod Installer 1.7.10.zip2015-03-01 19:56 - 2015-03-01 19:59 - 00000000 ____D () C:\Users\Todd\AppData\Roaming\.technic2015-03-01 12:47 - 2015-03-01 12:47 - 09539377 _____ () C:\Users\Todd\Downloads\Metro 3.3.zip2015-03-01 11:58 - 2015-03-01 11:58 - 31848645 _____ () C:\Users\Todd\Downloads\1.5k Pack #1.zip2015-03-01 11:58 - 2015-03-01 11:58 - 26003532 _____ () C:\Users\Todd\Downloads\1.5k Pack #2.zip2015-02-24 21:03 - 2015-02-24 21:03 - 00000020 _____ () C:\Users\Todd\Desktop\0 5.rar2015-02-16 21:02 - 2015-03-03 11:10 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForTodd.job2015-02-16 21:02 - 2015-03-02 19:03 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForTodd2015-02-16 15:11 - 2015-02-16 15:11 - 00000000 ____D () C:\Users\Todd\Documents\Adobe2015-02-16 15:10 - 2015-02-16 15:10 - 00000000 ____D () C:\Users\Todd\AppData\Roaming\PDAppFlex2015-02-16 15:09 - 2015-02-16 15:09 - 00001120 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC 2014.lnk2015-02-16 15:06 - 2015-02-16 15:06 - 02692066 _____ () C:\Users\Todd\Downloads\amtlib.framework_CC_2014.zip2015-02-16 15:05 - 2015-02-16 15:05 - 00003498 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Todd-PC-Todd2015-02-16 14:52 - 2015-02-16 14:52 - 00001224 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CC 2014.lnk2015-02-16 14:48 - 2015-02-16 15:09 - 00000000 ____D () C:\Program Files\Adobe2015-02-16 14:48 - 2015-02-16 15:08 - 00000000 ____D () C:\Program Files\Common Files\Adobe2015-02-16 14:40 - 2015-02-16 14:40 - 00000000 ___RD () C:\Users\Todd\Creative Cloud Files2015-02-16 14:39 - 2015-02-16 14:39 - 00001271 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk2015-02-16 14:34 - 2015-02-16 14:34 - 00672944 _____ (Adobe Systems Incorporated) C:\Users\Todd\Downloads\CreativeCloudSet-Up (1).exe2015-02-15 20:54 - 2015-02-15 20:54 - 22044402 _____ () C:\Users\Todd\Downloads\Intro Template V.1 by CarrierGraphics (1).rar2015-02-14 17:14 - 2015-02-16 15:19 - 00180224 ___SH () C:\Users\Todd\Desktop\Thumbs.db2015-02-14 12:13 - 2015-02-16 15:05 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe2015-02-14 12:10 - 2015-02-14 12:10 - 00000959 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk2015-02-14 11:54 - 2015-02-14 12:01 - 1046848182 _____ () C:\Users\Todd\Downloads\Adobe After Effects CS6.rar2015-02-14 11:35 - 2015-02-14 11:35 - 22044402 _____ () C:\Users\Todd\Downloads\Intro Template V.1 by CarrierGraphics.rar2015-02-14 11:20 - 2015-02-14 11:22 - 347568958 _____ () C:\Users\Todd\Downloads\C4D R15 64Bit (1).zip2015-02-14 10:52 - 2015-02-14 10:55 - 347568958 _____ () C:\Users\Todd\Downloads\C4D R15 64Bit.zip2015-02-13 19:14 - 2015-02-14 11:27 - 00000000 ____D () C:\Users\Todd\AppData\Roaming\MAXON2015-02-13 18:38 - 2015-02-13 18:39 - 106555276 _____ () C:\Users\Todd\Downloads\Cinema 4D R14 FREE - iMrSmithz.rar2015-02-13 18:34 - 2015-02-13 18:35 - 205889423 _____ () C:\Users\Todd\Downloads\~crowed template v.1.zip2015-02-13 18:28 - 2015-02-13 18:28 - 00245075 _____ () C:\Users\Todd\Downloads\Intro Template #1 by Nasse.zip2015-02-06 07:39 - 2015-02-06 07:39 - 00031744 _____ () C:\Users\Todd\Downloads\2015_St_James_Boys_Bracket.xls2015-02-05 14:16 - 2007-12-19 15:25 - 08523776 _____ (Ubisoft) C:\Users\Todd\Desktop\SH4Autorun.exe2015-02-04 15:01 - 2015-02-04 15:01 - 00000000 ____D () C:\Users\Todd\Documents\SH42015-02-04 14:54 - 2015-03-03 11:55 - 00000000 ____D () C:\Windows\Downloaded Installations2015-02-04 14:42 - 2015-02-04 14:42 - 00000000 ____D () C:\Program Files (x86)\Ubisoft2015-02-04 14:41 - 2015-02-04 14:41 - 00000000 ____D () C:\Users\Todd\AppData\Roaming\InstallShield==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2015-03-04 02:30 - 2012-05-31 08:42 - 00000000 ____D () C:\Users\Todd\Desktop\Security2015-03-04 02:22 - 2012-02-28 00:07 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1413658493-208379941-2510509854-1001UA.job2015-03-04 02:20 - 2009-07-13 22:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-03-04 02:20 - 2009-07-13 22:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-03-04 02:16 - 2009-12-07 13:28 - 01524899 _____ () C:\Windows\WindowsUpdate.log2015-03-04 02:13 - 2013-02-08 09:31 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-03-04 02:13 - 2010-09-03 06:48 - 00000000 ____D () C:\Temp2015-03-04 02:12 - 2014-07-05 12:04 - 00085618 _____ () C:\Windows\setupact.log2015-03-04 02:12 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2015-03-04 02:04 - 2013-12-09 13:16 - 00000336 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job2015-03-04 02:02 - 2012-05-30 10:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2015-03-04 02:00 - 2010-03-08 09:42 - 00000000 ____D () C:\Users\Todd\AppData\Local\Adobe2015-03-04 01:45 - 2013-02-08 09:31 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-03-04 01:34 - 2013-06-12 14:53 - 00000000 ____D () C:\Users\Todd\AppData\Roaming\PDF Writer Packages2015-03-04 01:34 - 2013-06-12 14:52 - 00000000 ____D () C:\Program Files (x86)\PDFCreator2015-03-03 22:04 - 2012-05-05 09:46 - 00000000 ____D () C:\Users\Todd\AppData\Roaming\Skype2015-03-03 18:04 - 2012-05-05 09:46 - 00000000 ____D () C:\ProgramData\Skype2015-03-03 18:03 - 2012-05-05 09:46 - 00000000 ___RD () C:\Program Files (x86)\Skype2015-03-03 17:48 - 2012-02-28 00:07 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1413658493-208379941-2510509854-1001Core.job2015-03-03 12:51 - 2013-09-27 11:07 - 00000000 ____D () C:\Users\Todd\Desktop\RK_Quarantine2015-03-03 12:48 - 2014-08-02 07:32 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-03-03 12:41 - 2014-07-13 08:02 - 00394092 _____ () C:\Windows\PFRO.log2015-03-03 11:49 - 2010-03-27 10:35 - 00000000 ____D () C:\Users\Todd\AppData\Local\CrashDumps2015-03-03 11:16 - 2009-07-13 23:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI2015-03-03 11:05 - 2013-05-17 11:29 - 00000000 ____D () C:\Program Files (x86)\Yahoo!2015-03-03 10:50 - 2013-10-15 10:52 - 00001042 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2015-03-03 07:17 - 2010-03-01 13:15 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2015-03-02 19:34 - 2013-08-31 18:16 - 00000000 ____D () C:\Users\Todd\AppData\Roaming\.minecraft2015-03-02 19:20 - 2013-01-10 20:59 - 00000000 ____D () C:\Users\Todd\Desktop\Brendon2015-03-02 19:03 - 2010-03-18 15:17 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log2015-03-02 19:02 - 2010-03-18 15:15 - 00000000 ____D () C:\Users\Todd\AppData\Roaming\HpUpdate2015-03-02 19:02 - 2010-03-18 15:15 - 00000000 ____D () C:\Users\Todd\AppData\Roaming\HP Support Assistant2015-03-02 16:58 - 2013-10-29 20:00 - 00000000 ____D () C:\Users\Todd\Desktop\Rebecca2015-03-01 19:56 - 2014-04-29 18:55 - 04630296 _____ () C:\Users\Todd\Downloads\TechnicLauncher.exe2015-02-25 18:33 - 2010-03-01 13:00 - 00000000 ____D () C:\Users\Todd2015-02-24 10:17 - 2013-04-06 08:06 - 00000000 ____D () C:\Program Files\Microsoft Office 152015-02-23 21:35 - 2014-02-27 18:33 - 00000000 ____D () C:\Users\Todd\AppData\Local\Paint.NET2015-02-23 07:35 - 2013-02-08 09:32 - 00000000 ___RD () C:\Users\Todd\Google Drive2015-02-17 16:32 - 2009-07-13 22:45 - 05155400 _____ () C:\Windows\system32\FNTCACHE.DAT2015-02-16 15:09 - 2014-04-14 15:50 - 00000000 ____D () C:\Users\Todd\AppData\Roaming\Sony2015-02-16 15:05 - 2010-03-01 13:08 - 00000000 ____D () C:\Users\Todd\AppData\Roaming\Adobe2015-02-16 15:04 - 2010-03-01 13:06 - 00126192 _____ () C:\Users\Todd\AppData\Local\GDIPFONTCACHEV1.DAT2015-02-16 14:58 - 2010-03-08 09:44 - 00000000 ____D () C:\Program Files (x86)\Adobe2015-02-16 14:48 - 2010-03-08 09:43 - 00000000 ____D () C:\ProgramData\Adobe2015-02-16 14:38 - 2013-10-13 11:13 - 00000000 ____D () C:\ProgramData\Package Cache2015-02-10 15:47 - 2011-11-01 07:35 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt2015-02-07 14:15 - 2014-08-16 08:16 - 00000000 ____D () C:\Users\Todd\Desktop\Humbolt Transportation folder2015-02-05 14:17 - 2012-02-28 00:07 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1413658493-208379941-2510509854-1001UA2015-02-05 14:17 - 2012-02-28 00:07 - 00003476 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1413658493-208379941-2510509854-1001Core2015-02-05 05:59 - 2012-05-30 10:08 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-02-05 05:59 - 2012-05-30 10:08 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2015-02-05 05:59 - 2011-05-27 09:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-02-04 14:54 - 2014-10-05 07:16 - 00271331 _____ () C:\Windows\DirectX.log2015-02-04 14:42 - 2009-11-24 01:53 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information2015-02-04 14:40 - 2013-02-08 09:31 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2015-02-04 14:40 - 2013-02-08 09:31 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore==================== Files in the root of some directories =======2011-07-18 17:02 - 2011-09-05 10:38 - 0001854 _____ () C:\Users\Todd\AppData\Roaming\GhostObjGAFix.xml2013-08-24 09:08 - 2013-10-20 08:43 - 0101376 _____ () C:\Users\Todd\AppData\Roaming\RZR_0060bd324d2a887044aa181c7e0e.db2013-06-24 08:13 - 2013-09-07 13:47 - 0703117 _____ () C:\Users\Todd\AppData\Roaming\technic-launcher.jar2012-07-17 13:20 - 2012-07-17 13:20 - 0006155 _____ () C:\Users\Todd\AppData\Roaming\TODD-PC - 528.txt2012-07-17 13:21 - 2012-07-17 13:21 - 0006155 _____ () C:\Users\Todd\AppData\Roaming\TODD-PC - 542.txt2012-07-17 13:21 - 2012-07-17 13:21 - 0006155 _____ () C:\Users\Todd\AppData\Roaming\TODD-PC - 775.txt2012-07-17 13:21 - 2012-07-17 13:21 - 0006155 _____ () C:\Users\Todd\AppData\Roaming\TODD-PC - 886.txt2012-07-17 13:21 - 2012-07-17 13:21 - 0006155 _____ () C:\Users\Todd\AppData\Roaming\TODD-PC - 997.txt2013-07-27 14:34 - 2014-12-21 07:53 - 0000166 _____ () C:\Users\Todd\AppData\Roaming\WB.CFG2013-06-16 02:00 - 2013-12-16 06:13 - 0000006 _____ () C:\Users\Todd\AppData\Roaming\WBPU-TTL.DAT2010-03-09 09:08 - 2013-07-31 10:25 - 0002920 _____ () C:\Users\Todd\AppData\Roaming\wklnhst.dat2015-01-25 10:12 - 2015-01-25 10:12 - 0001248 _____ () C:\Users\Todd\AppData\Roaming\WNDNK2012-08-14 11:57 - 2012-08-14 11:57 - 0027520 _____ () C:\Users\Todd\AppData\Local\dt.dat2010-04-23 21:21 - 2010-10-15 20:02 - 0000000 _____ () C:\Users\Todd\AppData\Local\prvlcl.dat2014-06-08 14:36 - 2014-06-08 14:36 - 0004510 _____ () C:\Users\Todd\AppData\Local\recently-used.xbel2013-01-10 20:27 - 2013-01-10 20:27 - 0007605 _____ () C:\Users\Todd\AppData\Local\Resmon.ResmonCfg2010-09-23 18:33 - 2010-09-23 18:33 - 2772410 _____ () C:\Users\Todd\AppData\Local\tmp011.JPG2011-02-02 20:46 - 2011-02-02 20:46 - 0290614 _____ () C:\Users\Todd\AppData\Local\tmp0804092050A.JPG2010-08-08 09:46 - 2010-08-08 09:46 - 0010622 _____ () C:\Users\Todd\AppData\Local\tmp40852_144283825591378_100000292843907_341063_2517918_S.02010-08-08 09:46 - 2010-08-08 09:46 - 0009555 _____ () C:\Users\Todd\AppData\Local\tmp40852_144283825591378_100000292843907_341063_2517918_S.JPG2013-05-04 12:54 - 2013-05-04 13:02 - 0654113 _____ () C:\Users\Todd\AppData\Local\tmpSCAN0001.02013-05-04 12:54 - 2013-05-04 13:02 - 0215275 _____ () C:\Users\Todd\AppData\Local\tmpSCAN0001.12013-05-04 13:02 - 2013-05-04 13:02 - 0212002 _____ () C:\Users\Todd\AppData\Local\tmpSCAN0001.22013-05-04 13:02 - 2013-05-04 13:02 - 0211403 _____ () C:\Users\Todd\AppData\Local\tmpSCAN0001.32013-05-04 13:02 - 2013-05-04 13:02 - 0218417 _____ () C:\Users\Todd\AppData\Local\tmpSCAN0001.JPG2012-04-27 07:34 - 2012-04-27 07:34 - 0438649 _____ () C:\Users\Todd\AppData\Local\tmpSPRING2012B.02012-04-27 07:34 - 2012-04-27 07:34 - 0167754 _____ () C:\Users\Todd\AppData\Local\tmpSPRING2012B.12012-04-27 07:34 - 2012-04-27 07:34 - 0172135 _____ () C:\Users\Todd\AppData\Local\tmpSPRING2012B.JPG2011-01-15 16:50 - 2014-03-30 17:30 - 0010199 _____ () C:\ProgramData\hpzinstall.log2010-03-27 10:36 - 2010-03-27 10:36 - 0000040 _____ () C:\ProgramData\ra3.iniSome content of TEMP:====================C:\Users\Todd\AppData\Local\Temp\63FF415C-83A3-01D8-A5EA-A978E42A64D1.dllC:\Users\Todd\AppData\Local\Temp\BSI.exeC:\Users\Todd\AppData\Local\Temp\ConsumerInputSetup.exeC:\Users\Todd\AppData\Local\Temp\jna4968507904991659701.dllC:\Users\Todd\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exeC:\Users\Todd\AppData\Local\Temp\MotorolaDeviceManager_2.0405.exeC:\Users\Todd\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dllC:\Users\Todd\AppData\Local\Temp\_is442C.exe==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2015-02-13 15:47==================== End Of Log ============================ -
I completed all of the steps and I downloaded WinPatrol. Everything seems to be working. Thank you for your time.
-
C:\FRST\Quarantine\rpeulaaql.exe a variant of Win32/Injector.AFVU trojan
-
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.05.04.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Todd :: TODD-PC [administrator]
5/4/2013 2:25:33 PM
mbam-log-2013-05-04 (14-25-33).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 230036
Time elapsed: 3 minute(s), 21 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:36:41 PM, on 5/4/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCF4865F-23B7-4460-81D4-294C88685033}: NameServer = 216.176.95.129,216.176.95.161
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - Unknown owner - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (file missing)
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12224 bytes
-
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02)
Adobe Shockwave Player 11.5
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Software Update
ARMA 2
ARMA 2: Operation Arrowhead
ARMA 2: Operation Arrowhead Beta
BufferChm
C410
CameraHelperMsi
Civilization IV Complete
Command & Conquer™ Red Alert™ 3
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
D3DX10
DC Universe Online
Destinations
DeviceDiscovery
DirectX for Managed Code Update (Summer 2004)
DocProc
DVD Menu Pack for HP MediaSmart Video
erLT
ESET Online Scanner v3
Fax
Garry's Mod
Global Agenda
Google Chrome
Google Drive
Google Talk Plugin
Google Update Helper
GPBaseService2
Hewlett-Packard ACLM.NET v1.2.1.1
HiJackThis
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP Photo Creations
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP Update
HPAppStudio
HPPhotoGadget
HPProductAssistant
HPSSupply
Hulu Desktop
Intel® Rapid Storage Technology
Internet TV for Windows Media Center
iSEEK AnswerWorks English Runtime
Junk Mail filter update
LabelPrint
League of Legends
LG USB Modem driver
LightScribe System Software
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 4.0
MotoHelper 2.0.45 Driver 5.0.0
MotoHelper MergeModules
Movie Theme Pack for HP MediaSmart Video
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Manager
MyHeritage Family Tree Builder
Netflix in Windows Media Center
NVIDIA PhysX
OF Dragon Rising
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Localization Component
OpenOffice.org 3.2
Origin
PictureMover
Power2Go
PowerDirector
PS_AIO_07_C410_SW_Min
Quicken 2010
Quicken 2013
QuickTransfer
Realtek High Definition Audio Driver
Recovery Manager
Revo Uninstaller 1.94
RLPrintPlugin
ROBLOX Player for Todd
Scan
Search Protect by conduit
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Sid Meier's Civilization 4 - Beyond The Sword
Sid Meier's Civilization 4 - Colonization
Sid Meier's Civilization 4 - Warlords
Sid Meier's Civilization 4 Complete
SimCity 4 Deluxe
Six Updater
Skype Click to Call
Skype™ 6.3
SmartWebPrinting
SolutionCenter
SpeechRedist
Status
Steam
Terraria
The Sims Medieval
The Sims™ 3
The Sims™ 3 Pets
The Sims™ 3 Seasons
The Sims™ 3 Supernatural
Toolbox
TrayApp
Unreal Tournament 3
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update Installer for WildTangent Games App
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
WebReg
WildTangent Games App (HP Games)
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 beta 2 (32-bit)
WolfQuest
Zoo Tycoon 2 - Ultimate CollectionI hope this is the right one.
-
ComboFix 13-05-04.01 - Todd 05/04/2013 8:39.8.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8119.6670 [GMT -5:00]
Running from: c:\users\Todd\Desktop\Security\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Todd\AppData\Local\Temp\_MEI37082\_ctypes.pyd
c:\users\Todd\AppData\Local\Temp\_MEI37082\_elementtree.pyd
c:\users\Todd\AppData\Local\Temp\_MEI37082\_hashlib.pyd
c:\users\Todd\AppData\Local\Temp\_MEI37082\_multiprocessing.pyd
c:\users\Todd\AppData\Local\Temp\_MEI37082\_socket.pyd
c:\users\Todd\AppData\Local\Temp\_MEI37082\_ssl.pyd
c:\users\Todd\AppData\Local\Temp\_MEI37082\pyexpat.pyd
c:\users\Todd\AppData\Local\Temp\_MEI37082\pysqlite2._sqlite.pyd
c:\users\Todd\AppData\Local\Temp\_MEI37082\python27.dll
c:\users\Todd\AppData\Local\Temp\_MEI37082\pythoncom27.dll
c:\users\Todd\AppData\Local\Temp\_MEI37082\PyWinTypes27.dll
c:\users\Todd\AppData\Local\Temp\_MEI37082\select.pyd
c:\users\Todd\AppData\Local\Temp\_MEI37082\unicodedata.pyd
c:\users\Todd\AppData\Local\Temp\_MEI37082\win32api.pyd
c:\users\Todd\AppData\Local\Temp\_MEI37082\win32com.shell.shell.pyd
c:\users\Todd\AppData\Local\Temp\_MEI37082\win32crypt.pyd
c:\users\Todd\AppData\Local\Temp\_MEI37082\win32event.pyd
c:\users\Todd\AppData\Local\Temp\_MEI37082\win32file.pyd
c:\users\Todd\AppData\Local\Temp\_MEI37082\win32inet.pyd
c:\users\Todd\AppData\Local\Temp\_MEI37082\win32pdh.pyd
c:\users\Todd\AppData\Local\Temp\_MEI37082\win32process.pyd
c:\users\Todd\AppData\Local\Temp\_MEI37082\win32profile.pyd
c:\users\Todd\AppData\Local\Temp\_MEI37082\win32security.pyd
c:\users\Todd\AppData\Local\Temp\_MEI37082\win32ts.pyd
c:\users\Todd\AppData\Local\Temp\_MEI37082\windows._cacheinvalidation.pyd
c:\users\Todd\AppData\Local\Temp\_MEI37082\wx._controls_.pyd
c:\users\Todd\AppData\Local\Temp\_MEI37082\wx._core_.pyd
c:\users\Todd\AppData\Local\Temp\_MEI37082\wx._gdi_.pyd
c:\users\Todd\AppData\Local\Temp\_MEI37082\wx._html2.pyd
c:\users\Todd\AppData\Local\Temp\_MEI37082\wx._misc_.pyd
c:\users\Todd\AppData\Local\Temp\_MEI37082\wx._windows_.pyd
c:\users\Todd\AppData\Local\Temp\_MEI37082\wx._wizard.pyd
c:\users\Todd\AppData\Local\Temp\_MEI37082\wxbase294u_net_vc90.dll
c:\users\Todd\AppData\Local\Temp\_MEI37082\wxbase294u_vc90.dll
c:\users\Todd\AppData\Local\Temp\_MEI37082\wxmsw294u_adv_vc90.dll
c:\users\Todd\AppData\Local\Temp\_MEI37082\wxmsw294u_core_vc90.dll
c:\users\Todd\AppData\Local\Temp\_MEI37082\wxmsw294u_html_vc90.dll
c:\users\Todd\AppData\Local\Temp\_MEI37082\wxmsw294u_webview_vc90.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-04-04 to 2013-05-04 )))))))))))))))))))))))))))))))
.
.
2013-05-04 13:44 . 2013-05-04 13:44 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-05-04 13:44 . 2013-05-04 13:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-04 13:44 . 2013-05-04 13:44 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-05-04 05:52 . 2013-05-04 05:52 -------- d-----w- c:\users\Todd\AppData\Roaming\HPAppData
2013-05-04 05:18 . 2013-05-04 05:18 -------- d-----w- C:\_OTL
2013-05-03 17:37 . 2013-05-03 17:37 905296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EDE9A563-CB98-4ED9-9CFB-C15EC5FEE74B}\gapaengine.dll
2013-05-03 17:37 . 2013-04-10 01:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{293FAEAB-7BC4-4844-9109-6EDE463BFD43}\mpengine.dll
2013-05-03 17:35 . 2013-05-03 17:35 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-05-03 17:35 . 2013-05-03 17:36 -------- d-----w- c:\program files\Microsoft Security Client
2013-05-02 16:48 . 2013-05-02 16:48 -------- d-----w- C:\FRST
2013-04-24 14:03 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-19 14:23 . 2013-04-19 14:27 -------- d-----w- c:\program files (x86)\Quicken
2013-04-15 20:32 . 2013-04-15 20:32 6128760 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-04-13 20:13 . 2013-04-13 20:13 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-04-11 21:44 . 2013-04-11 21:44 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-04-11 21:44 . 2013-04-11 21:44 -------- d-----w- c:\program files\iTunes
2013-04-11 21:44 . 2013-04-11 21:44 -------- d-----w- c:\program files\iPod
2013-04-11 00:32 . 2013-04-11 00:32 33792 ----a-w- c:\windows\system32\drivers\hcw85cir3.sys
2013-04-11 00:32 . 2013-04-11 00:32 1907440 ----a-w- c:\windows\system32\drivers\HCW85BDA.sys
2013-04-11 00:32 . 2013-04-11 00:32 139776 ----a-w- c:\windows\system32\hcw85enc.ax
2013-04-11 00:32 . 2013-04-11 00:32 110592 ----a-w- c:\windows\system32\hcw85prop.ax
2013-04-10 14:29 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 14:29 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-04-10 14:29 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-10 14:29 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-04-10 14:29 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-04-10 14:29 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-04-06 14:14 . 2013-04-06 14:11 563328 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-04-06 14:11 . 2013-04-06 14:22 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2013-04-06 14:06 . 2013-04-06 14:07 -------- d-----w- c:\program files\Microsoft Office 15
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-02 15:29 . 2010-03-01 19:15 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-25 14:41 . 2012-05-30 16:08 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-25 14:41 . 2011-05-27 15:58 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-11 14:22 . 2013-03-27 01:57 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2013-04-11 14:22 . 2011-06-11 06:58 770384 ----a-w- c:\windows\SysWow64\msvcr100.dll
2013-04-11 08:01 . 2010-03-04 14:09 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-04 19:50 . 2011-03-24 01:03 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-01 00:00 . 2012-06-05 18:11 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-01 00:00 . 2010-04-23 11:00 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-02-12 05:45 . 2013-03-14 00:35 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-14 00:35 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-14 00:35 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 05:45 . 2013-03-14 00:35 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 04:48 . 2013-03-14 00:35 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-14 00:35 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-25 23:32 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-06 12:42 . 2013-02-06 12:42 102936 ----a-w- c:\windows\system32\drivers\ssudbus.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-04-06 14:15 1722488 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-04-06 14:15 1722488 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-04-06 14:15 1722488 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-04-16 19662744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
.
c:\users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-02-06 102936]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-12-15 351392]
R3 LVUVC64;Logitech HD Pro Webcam C920(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-12-15 4862368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-05 1255736]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-01-27 226624]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-03-15 1871032]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-04-15 3289208]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-12-15 450848]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2013-04-11 1907440]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-21 239616]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-04 05:53 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-30 14:41]
.
2013-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-08 15:31]
.
2013-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-08 15:31]
.
2013-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1413658493-208379941-2510509854-1001Core.job
- c:\users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-28 06:07]
.
2013-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1413658493-208379941-2510509854-1001UA.job
- c:\users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-28 06:07]
.
2013-04-30 c:\windows\Tasks\HPCeeScheduleForTodd.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-04-06 14:15 2324600 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-04-06 14:15 2324600 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-04-06 14:15 2324600 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 21:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 21:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 21:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 21:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-29 16335464]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-15 610360]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uStart Page =
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 97.64.168.12 97.64.183.165
TCP: Interfaces\{BCF4865F-23B7-4460-81D4-294C88685033}: NameServer = 216.176.95.129,216.176.95.161
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-SearchProtect - c:\program files (x86)\SearchProtect\bin\uninstall.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001\Software\SecuROM\License information*]
"datasecu"=hex:c3,2d,cd,b8,e7,d5,9c,24,0a,19,1b,21,57,3b,f8,22,fc,74,ef,ed,e0,
c9,07,90,88,e5,3e,9b,15,32,b9,a4,fa,05,26,03,f2,10,43,b3,26,94,97,cb,fe,5c,\
"rkeysecu"=hex:6c,33,7b,3b,e2,25,e6,76,ff,a4,29,b1,81,c5,11,57
.
[HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001_Classes\CLSID\{A67BFBD3-7281-1A40-A20E-655A310E9BEF}]
@Denied: (A 4) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\windows\SysWOW64\schtasks.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2013-05-04 08:51:04 - machine was rebooted
ComboFix-quarantined-files.txt 2013-05-04 13:51
ComboFix2.txt 2013-05-03 15:20
ComboFix3.txt 2013-04-30 17:52
ComboFix4.txt 2013-04-28 02:56
ComboFix5.txt 2013-05-04 13:38
.
Pre-Run: 742,175,211,520 bytes free
Post-Run: 742,219,124,736 bytes free
.
- - End Of File - - 5C163895FB398583258F894A85AFE2F2
-
That seems to have taken care of it
-
When I start Chrome, I get an extra tab with the Conduit search.
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\osf\ deleted successfully.
File Protocol\Handler\osf - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
Process cltmng.exe killed successfully!
No active process named Program Files was found!
No active process named Program Files was found!
Service CltMngSvc stopped successfully!
Service CltMngSvc deleted successfully!
C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe moved successfully.
HKU\S-1-5-21-1413658493-208379941-2510509854-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001\Software\Microsoft\Internet Explorer\SearchScopes\{946CE4D3-15D1-4BAC-8962-8D80D6D40199}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{946CE4D3-15D1-4BAC-8962-8D80D6D40199}\ not found.
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\wcapturex@deskperience.com deleted successfully.
File C:\Program Files (x86)\WhiteSmokeTranslator\WCaptureMoz not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\OtShot deleted successfully.
C:\Program Files (x86)\OtShot\otshot.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtectAll deleted successfully.
C:\Program Files (x86)\SearchProtect\bin\cltmng.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect deleted successfully.
C:\Users\Todd\AppData\Roaming\SearchProtect\bin\cltmng.exe moved successfully.
C:\Program Files (x86)\Conduit\Community Alerts folder moved successfully.
C:\Program Files (x86)\Conduit folder moved successfully.
C:\Users\Todd\AppData\Local\Conduit folder moved successfully.
C:\Program Files (x86)\SearchProtect\ffprotect folder moved successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images folder moved successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd folder moved successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images folder moved successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd folder moved successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\lib folder moved successfully.
C:\Program Files (x86)\SearchProtect\Dialogs folder moved successfully.
C:\Program Files (x86)\SearchProtect\bin folder moved successfully.
C:\Program Files (x86)\SearchProtect folder moved successfully.
C:\Users\Todd\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository folder moved successfully.
C:\Users\Todd\AppData\Roaming\SearchProtect\ffprotect folder moved successfully.
C:\Users\Todd\AppData\Roaming\SearchProtect\Dialogs\spsd\images folder moved successfully.
C:\Users\Todd\AppData\Roaming\SearchProtect\Dialogs\spsd folder moved successfully.
C:\Users\Todd\AppData\Roaming\SearchProtect\Dialogs\spbd\images folder moved successfully.
C:\Users\Todd\AppData\Roaming\SearchProtect\Dialogs\spbd folder moved successfully.
C:\Users\Todd\AppData\Roaming\SearchProtect\Dialogs\lib folder moved successfully.
C:\Users\Todd\AppData\Roaming\SearchProtect\Dialogs folder moved successfully.
C:\Users\Todd\AppData\Roaming\SearchProtect\bin folder moved successfully.
C:\Users\Todd\AppData\Roaming\SearchProtect folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OtShot folder moved successfully.
C:\Program Files (x86)\OtShot\signed folder moved successfully.
Folder move failed. C:\Program Files (x86)\OtShot scheduled to be moved on reboot.
C:\$RECYCLE.BIN\S-1-5-21-1413658493-208379941-2510509854-1001 folder moved successfully.
C:\$RECYCLE.BIN folder moved successfully.
C:\Users\Todd\AppData\Roaming\Mining folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Todd\Desktop\Security\cmd.bat deleted successfully.
C:\Users\Todd\Desktop\Security\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYJAVA]
User: Administrator
User: All Users
User: Default
User: Default User
User: Public
User: Todd
->Java cache emptied: 0 bytes
Total Java Files Cleaned = 0.00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Public
User: Todd
->Flash cache emptied: 1966 bytes
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 05042013_001831
Files\Folders moved on Reboot...
C:\Program Files (x86)\OtShot folder moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
-
OTL logfile created on: 5/3/2013 1:59:52 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Todd\Desktop\Security
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.93 Gb Total Physical Memory | 6.80 Gb Available Physical Memory | 85.76% Memory free
15.86 Gb Paging File | 13.56 Gb Available in Paging File | 85.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.43 Gb Total Space | 689.98 Gb Free Space | 74.96% Space Free | Partition Type: NTFS
Drive D: | 10.98 Gb Total Space | 1.58 Gb Free Space | 14.44% Space Free | Partition Type: NTFS
Drive E: | 3.90 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: TODD-PC | User Name: Todd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Todd\Desktop\Security\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Users\Todd\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit)
PRC - C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe (Conduit)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\OtShot\otshot.exe ()
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()
PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe ()
PRC - C:\Windows\SysWOW64\schtasks.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\pysqlite2._sqlite.pyd ()
MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\_elementtree.pyd ()
MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\win32api.pyd ()
MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\_socket.pyd ()
MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\win32ts.pyd ()
MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\windows._cacheinvalidation.pyd ()
MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\wx._gdi_.pyd ()
MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\wx._misc_.pyd ()
MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\pythoncom27.dll ()
MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\win32com.shell.shell.pyd ()
MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\PyWinTypes27.dll ()
MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\win32security.pyd ()
MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\_ctypes.pyd ()
MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\wx._html2.pyd ()
MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\_multiprocessing.pyd ()
MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\win32profile.pyd ()
MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\win32crypt.pyd ()
MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\wx._core_.pyd ()
MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\_ssl.pyd ()
MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\wx._windows_.pyd ()
MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\_hashlib.pyd ()
MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\wx._wizard.pyd ()
MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\win32file.pyd ()
MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\win32inet.pyd ()
MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\win32process.pyd ()
MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\win32pdh.pyd ()
MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\wx._controls_.pyd ()
MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\win32event.pyd ()
MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\unicodedata.pyd ()
MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\pyexpat.pyd ()
MOD - C:\Users\Todd\AppData\Local\Temp\_MEI36322\select.pyd ()
MOD - C:\Program Files (x86)\OtShot\otshot.exe ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (OfficeSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (CltMngSvc) -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe (Conduit)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (MotoHelper) -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()
SRV - (HPSLPSVC) -- C:\Program Files (x86)\hp\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (HCW85BDA) -- C:\Windows\SysNative\drivers\HCW85BDA.sys (Hauppauge Computer Works)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir3.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{6CE0C255-91F6-4FF7-8851-52067A45FB92}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\SearchScopes,DefaultScope = {946CE4D3-15D1-4BAC-8962-8D80D6D40199}
IE - HKLM\..\SearchScopes\{6CE0C255-91F6-4FF7-8851-52067A45FB92}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3286042&octid=CT3286042&SearchSource=61&CUI=UN95127956827181587&UM=2&UP=SP7163F834-DE9D-4FD8-9903-34960DEDC0A6
IE - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\..\SearchScopes,DefaultScope = {946CE4D3-15D1-4BAC-8962-8D80D6D40199}
IE - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\..\SearchScopes\{6CE0C255-91F6-4FF7-8851-52067A45FB92}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\..\SearchScopes\{946CE4D3-15D1-4BAC-8962-8D80D6D40199}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3286042&CUI=UN95127956827181587&UM=2
IE - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Todd\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Todd\AppData\Local\Roblox\Versions\version-18d29ad623804580\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Todd\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Todd\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Todd\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Todd\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Todd\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/16 18:18:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/16 18:18:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\wcapturex@deskperience.com: C:\Program Files (x86)\WhiteSmokeTranslator\WCaptureMoz
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{182812ed-1c22-4e1f-9a8d-990282d594da}: C:\ProgramData\PC Performer Manager\2.5.945.13\{fc772784-ef6f-4718-83f3-3d6f8a22fa66}\FirefoxExtension
[2012/09/06 10:44:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/04/24 20:52:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/01/19 17:47:28 | 000,085,184 | ---- | M] (Renaissance Learning Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npRLPrint.dll
[2010/12/09 05:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
========== Chrome ==========
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://search.conduit.com/?ctid=CT3286042&SearchSource=48&CUI=UN29634257901781914&UM=2
CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.8_0\
CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm\1.0.1.424_0\
CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.33_0\
CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdklpjiiiehhjfjgicmefnefednelhed\1_0\
CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmggblpgblcoomebaelghgmdgdeknmhg\1.0.7_0\
CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0\
CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\
CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\
CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnpakemckpkcpilpphdmcfehofhefmoa\1.1_0\
CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnhlckbnnjkfnlakipclhedkhggpddeo\0.0.2_0\
CHR - Extension: No name found = C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk\0.7_0\
O1 HOSTS File: ([2013/05/03 10:15:41 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [OtShot] C:\Program Files (x86)\OtShot\otshot.exe ()
O4 - HKLM..\Run: [searchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKU\S-1-5-21-1413658493-208379941-2510509854-1001..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-1413658493-208379941-2510509854-1001..\Run: [searchProtect] C:\Users\Todd\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit)
O4 - Startup: C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1413658493-208379941-2510509854-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.168.12 97.64.183.165
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCF4865F-23B7-4460-81D4-294C88685033}: NameServer = 216.176.95.129,216.176.95.161
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F57E66B0-60C0-49C0-B8B6-44854D1F37EA}: DhcpNameServer = 97.64.168.12 97.64.183.165
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/09/28 08:30:38 | 000,055,176 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2012/09/28 04:48:28 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/05/03 13:58:31 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Roaming\HPAppData
[2013/05/03 12:35:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/05/03 12:35:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/05/03 12:32:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/05/03 12:32:34 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\Conduit
[2013/05/03 12:32:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/05/03 12:32:24 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Roaming\SearchProtect
[2013/05/03 12:32:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OtShot
[2013/05/03 12:32:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OtShot
[2013/05/03 10:15:43 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/05/02 16:24:50 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Roaming\Mining
[2013/05/02 11:48:18 | 000,000,000 | ---D | C] -- C:\FRST
[2013/04/27 21:46:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/04/27 16:16:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/04/27 16:16:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/04/27 16:13:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/04/27 15:19:36 | 000,000,000 | ---D | C] -- C:\Users\Todd\Desktop\RK_Quarantine
[2013/04/25 09:58:07 | 000,000,000 | ---D | C] -- C:\Users\Todd\Desktop\2013-04 (Apr)
[2013/04/19 09:23:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2013
[2013/04/19 09:23:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Quicken
[2013/04/19 09:13:57 | 100,659,880 | ---- | C] (Intuit Inc. ) -- C:\Users\Todd\Desktop\QW13DLX.exe
[2013/04/19 09:13:57 | 000,000,000 | ---D | C] -- C:\Users\Todd\Documents\Amazon Downloader Logs
[2013/04/13 15:13:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/04/11 16:44:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/04/11 16:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/04/11 16:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/04/11 16:44:21 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/04/10 19:32:06 | 001,907,440 | ---- | C] (Hauppauge Computer Works) -- C:\Windows\SysNative\drivers\HCW85BDA.sys
[2013/04/10 19:32:06 | 000,139,776 | ---- | C] (Hauppauge Computer Works) -- C:\Windows\SysNative\hcw85enc.ax
[2013/04/10 19:32:06 | 000,110,592 | ---- | C] (Hauppauge Computer Works) -- C:\Windows\SysNative\hcw85prop.ax
[2013/04/10 19:32:06 | 000,033,792 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysNative\drivers\hcw85cir3.sys
[2013/04/10 09:29:08 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/04/10 09:29:08 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/04/10 09:29:07 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/04/10 09:29:07 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/04/10 09:29:07 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/04/10 09:29:07 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/04/10 09:28:41 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/04/10 09:28:37 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/04/10 09:28:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/04/10 09:28:37 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/04/10 09:28:37 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/04/10 09:28:36 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/04/10 09:28:36 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/04/10 09:28:29 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/04/10 09:28:29 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/04/10 09:28:28 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/04/10 09:28:28 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/04/10 09:28:28 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/04/10 09:28:27 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/04/06 16:37:44 | 000,000,000 | ---D | C] -- C:\Users\Todd\Documents\Custom Office Templates
[2013/04/06 09:22:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013/04/06 09:11:38 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft
[2013/04/06 09:08:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2013/04/06 09:06:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Todd\*.tmp files -> C:\Users\Todd\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/05/03 13:58:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/03 13:50:14 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/03 13:06:33 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/03 13:06:33 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/03 13:05:04 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1413658493-208379941-2510509854-1001UA.job
[2013/05/03 13:04:09 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/03 13:04:09 | 000,660,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/03 13:04:09 | 000,121,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/03 13:02:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/03 12:58:49 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/03 12:58:24 | 2090,135,551 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/03 12:36:05 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/05/03 12:32:50 | 000,000,000 | ---- | M] () -- C:\END
[2013/05/03 10:15:41 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/05/02 18:05:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1413658493-208379941-2510509854-1001Core.job
[2013/04/30 12:46:06 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTodd.job
[2013/04/28 09:50:49 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/04/27 12:34:13 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/25 09:41:02 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/04/25 09:41:02 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/04/19 09:23:45 | 000,001,768 | ---- | M] () -- C:\Users\Public\Desktop\Quicken Deluxe 2013.lnk
[2013/04/19 09:23:44 | 000,000,171 | ---- | M] () -- C:\Windows\QUICKEN.INI
[2013/04/19 09:14:40 | 100,659,880 | ---- | M] (Intuit Inc. ) -- C:\Users\Todd\Desktop\QW13DLX.exe
[2013/04/17 18:35:58 | 000,001,088 | ---- | M] () -- C:\Users\Todd\Desktop\.minecraft - Shortcut.lnk
[2013/04/11 16:44:53 | 000,001,745 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/04/11 09:22:56 | 000,770,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr100.dll
[2013/04/11 09:22:56 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp100.dll
[2013/04/11 03:22:40 | 000,462,584 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/10 19:32:06 | 001,907,440 | ---- | M] (Hauppauge Computer Works) -- C:\Windows\SysNative\drivers\HCW85BDA.sys
[2013/04/10 19:32:06 | 000,139,776 | ---- | M] (Hauppauge Computer Works) -- C:\Windows\SysNative\hcw85enc.ax
[2013/04/10 19:32:06 | 000,110,592 | ---- | M] (Hauppauge Computer Works) -- C:\Windows\SysNative\hcw85prop.ax
[2013/04/10 19:32:06 | 000,033,792 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysNative\drivers\hcw85cir3.sys
[2013/04/06 09:13:35 | 000,066,696 | ---- | M] () -- C:\Windows\VIVALDII.tt2
[2013/04/06 09:13:33 | 014,381,616 | ---- | M] () -- C:\Windows\MSYHBD.tt2
[2013/04/06 09:13:33 | 000,055,400 | ---- | M] () -- C:\Windows\OCRAEXT.tt2
[2013/04/06 09:13:28 | 021,543,568 | ---- | M] () -- C:\Windows\MSYH.tt2
[2013/04/06 09:13:27 | 000,222,632 | ---- | M] () -- C:\Windows\MSUIGHUR.tt2
[2013/04/06 09:13:17 | 014,343,024 | ---- | M] () -- C:\Windows\MSJHBD.tt2
[2013/04/06 09:13:13 | 021,302,624 | ---- | M] () -- C:\Windows\MSJH.tt2
[2013/04/06 09:13:03 | 000,094,064 | ---- | M] () -- C:\Windows\LEELAWAD.tt2
[2013/04/06 09:13:03 | 000,093,836 | ---- | M] () -- C:\Windows\LEELAWDB.tt2
[2013/04/06 09:13:01 | 000,132,516 | ---- | M] () -- C:\Windows\FRAMDCN.tt2
[2013/04/06 09:12:55 | 000,179,368 | ---- | M] () -- C:\Windows\ARIALNI.tt2
[2013/04/06 09:12:46 | 000,178,864 | ---- | M] () -- C:\Windows\ARIALNB.tt2
[2013/04/06 09:12:46 | 000,178,316 | ---- | M] () -- C:\Windows\ARIALNBI.tt2
[2013/04/06 09:12:46 | 000,173,936 | ---- | M] () -- C:\Windows\ARIALN.tt2
[2013/04/06 09:12:45 | 000,007,656 | ---- | M] () -- C:\Windows\MTEXTRA.tt2
[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Todd\*.tmp files -> C:\Users\Todd\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/05/03 12:36:01 | 000,002,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/05/03 12:32:12 | 000,000,953 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OtShot.lnk
[2013/05/03 12:32:12 | 000,000,000 | ---- | C] () -- C:\END
[2013/04/28 09:50:49 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/04/28 09:50:49 | 000,001,981 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/04/27 16:16:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/04/27 16:16:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/04/27 16:16:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/04/27 16:16:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/04/27 16:16:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/04/27 09:48:32 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/19 09:23:45 | 000,001,768 | ---- | C] () -- C:\Users\Public\Desktop\Quicken Deluxe 2013.lnk
[2013/04/17 18:35:58 | 000,001,088 | ---- | C] () -- C:\Users\Todd\Desktop\.minecraft - Shortcut.lnk
[2013/04/11 16:44:53 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/04/06 09:13:41 | 000,066,696 | ---- | C] () -- C:\Windows\VIVALDII.tt2
[2013/04/06 09:13:40 | 021,543,568 | ---- | C] () -- C:\Windows\MSYH.tt2
[2013/04/06 09:13:40 | 014,381,616 | ---- | C] () -- C:\Windows\MSYHBD.tt2
[2013/04/06 09:13:40 | 000,055,400 | ---- | C] () -- C:\Windows\OCRAEXT.tt2
[2013/04/06 09:13:39 | 021,302,624 | ---- | C] () -- C:\Windows\MSJH.tt2
[2013/04/06 09:13:39 | 014,343,024 | ---- | C] () -- C:\Windows\MSJHBD.tt2
[2013/04/06 09:13:39 | 000,222,632 | ---- | C] () -- C:\Windows\MSUIGHUR.tt2
[2013/04/06 09:13:38 | 000,132,516 | ---- | C] () -- C:\Windows\FRAMDCN.tt2
[2013/04/06 09:13:38 | 000,094,064 | ---- | C] () -- C:\Windows\LEELAWAD.tt2
[2013/04/06 09:13:38 | 000,093,836 | ---- | C] () -- C:\Windows\LEELAWDB.tt2
[2013/04/06 09:13:35 | 000,179,368 | ---- | C] () -- C:\Windows\ARIALNI.tt2
[2013/04/06 09:13:35 | 000,178,864 | ---- | C] () -- C:\Windows\ARIALNB.tt2
[2013/04/06 09:13:35 | 000,178,316 | ---- | C] () -- C:\Windows\ARIALNBI.tt2
[2013/04/06 09:13:35 | 000,173,936 | ---- | C] () -- C:\Windows\ARIALN.tt2
[2013/04/06 09:13:35 | 000,007,656 | ---- | C] () -- C:\Windows\MTEXTRA.tt2
[2013/03/14 09:22:45 | 000,000,532 | ---- | C] () -- C:\Windows\eReg.dat
[2013/01/10 21:27:31 | 000,007,605 | ---- | C] () -- C:\Users\Todd\AppData\Local\Resmon.ResmonCfg
[2012/11/08 21:03:18 | 000,010,945 | ---- | C] () -- C:\Users\Todd\lakers.jpg
[2012/08/14 12:57:44 | 000,027,520 | ---- | C] () -- C:\Users\Todd\AppData\Local\dt.dat
[2012/08/09 09:34:37 | 000,001,075 | ---- | C] () -- C:\Users\Todd\Documents - Shortcut.lnk
[2012/06/19 09:44:19 | 000,000,397 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2012/06/19 09:42:20 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll
[2012/04/27 08:34:39 | 000,167,754 | ---- | C] () -- C:\Users\Todd\AppData\Local\tmpSPRING2012B.1
[2012/04/27 08:34:36 | 000,438,649 | ---- | C] () -- C:\Users\Todd\AppData\Local\tmpSPRING2012B.0
[2012/04/27 08:34:36 | 000,172,135 | ---- | C] () -- C:\Users\Todd\AppData\Local\tmpSPRING2012B.JPG
[2011/12/15 06:23:04 | 010,920,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/12/15 06:23:04 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011/12/15 06:23:04 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/07/18 18:02:31 | 000,001,854 | ---- | C] () -- C:\Users\Todd\AppData\Roaming\GhostObjGAFix.xml
[2011/02/02 21:46:18 | 000,290,614 | ---- | C] () -- C:\Users\Todd\AppData\Local\tmp0804092050A.JPG
[2011/01/09 22:06:58 | 000,644,496 | ---- | C] () -- C:\Users\Todd\EBOOT.BIN
[2010/09/23 19:33:59 | 002,772,410 | ---- | C] () -- C:\Users\Todd\AppData\Local\tmp011.JPG
[2010/08/08 10:46:55 | 000,010,622 | ---- | C] () -- C:\Users\Todd\AppData\Local\tmp40852_144283825591378_100000292843907_341063_2517918_S.0
[2010/08/08 10:46:55 | 000,009,555 | ---- | C] () -- C:\Users\Todd\AppData\Local\tmp40852_144283825591378_100000292843907_341063_2517918_S.JPG
[2010/04/23 22:21:06 | 000,000,000 | ---- | C] () -- C:\Users\Todd\AppData\Local\prvlcl.dat
[2010/03/27 11:36:33 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2010/03/09 10:08:34 | 000,002,868 | ---- | C] () -- C:\Users\Todd\AppData\Roaming\wklnhst.dat
========== ZeroAccess Check ==========
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report >
-
Well, I just screwed up. When trying to download MSE, I clicked on the first link which was a bunch of malware like an idiot. I got OT shot, 24x7 help, PC fix speed, Solid savings, Wajam, and Keybar. I tried to delete them with REVO. On the plus side, it seems like MSE is working now after I reinstalled fromn the correct link. Is MSE even any good? I used to use AVG, but a friend told me that it slowed down the computer too much.
-
still having the same issue with the MS security client. Couldn't disable it for combofix.
ComboFix 13-05-01.03 - Todd 05/03/2013 10:07:59.7.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8119.6440 [GMT -5:00]
Running from: c:\users\Todd\Desktop\Security\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Todd\AppData\Local\Temp\_MEI13402\_ctypes.pyd
c:\users\Todd\AppData\Local\Temp\_MEI13402\_elementtree.pyd
c:\users\Todd\AppData\Local\Temp\_MEI13402\_hashlib.pyd
c:\users\Todd\AppData\Local\Temp\_MEI13402\_multiprocessing.pyd
c:\users\Todd\AppData\Local\Temp\_MEI13402\_socket.pyd
c:\users\Todd\AppData\Local\Temp\_MEI13402\_ssl.pyd
c:\users\Todd\AppData\Local\Temp\_MEI13402\pyexpat.pyd
c:\users\Todd\AppData\Local\Temp\_MEI13402\pysqlite2._sqlite.pyd
c:\users\Todd\AppData\Local\Temp\_MEI13402\python27.dll
c:\users\Todd\AppData\Local\Temp\_MEI13402\pythoncom27.dll
c:\users\Todd\AppData\Local\Temp\_MEI13402\PyWinTypes27.dll
c:\users\Todd\AppData\Local\Temp\_MEI13402\select.pyd
c:\users\Todd\AppData\Local\Temp\_MEI13402\unicodedata.pyd
c:\users\Todd\AppData\Local\Temp\_MEI13402\win32api.pyd
c:\users\Todd\AppData\Local\Temp\_MEI13402\win32com.shell.shell.pyd
c:\users\Todd\AppData\Local\Temp\_MEI13402\win32crypt.pyd
c:\users\Todd\AppData\Local\Temp\_MEI13402\win32event.pyd
c:\users\Todd\AppData\Local\Temp\_MEI13402\win32file.pyd
c:\users\Todd\AppData\Local\Temp\_MEI13402\win32inet.pyd
c:\users\Todd\AppData\Local\Temp\_MEI13402\win32pdh.pyd
c:\users\Todd\AppData\Local\Temp\_MEI13402\win32process.pyd
c:\users\Todd\AppData\Local\Temp\_MEI13402\win32profile.pyd
c:\users\Todd\AppData\Local\Temp\_MEI13402\win32security.pyd
c:\users\Todd\AppData\Local\Temp\_MEI13402\win32ts.pyd
c:\users\Todd\AppData\Local\Temp\_MEI13402\windows._cacheinvalidation.pyd
c:\users\Todd\AppData\Local\Temp\_MEI13402\wx._controls_.pyd
c:\users\Todd\AppData\Local\Temp\_MEI13402\wx._core_.pyd
c:\users\Todd\AppData\Local\Temp\_MEI13402\wx._gdi_.pyd
c:\users\Todd\AppData\Local\Temp\_MEI13402\wx._html2.pyd
c:\users\Todd\AppData\Local\Temp\_MEI13402\wx._misc_.pyd
c:\users\Todd\AppData\Local\Temp\_MEI13402\wx._windows_.pyd
c:\users\Todd\AppData\Local\Temp\_MEI13402\wx._wizard.pyd
c:\users\Todd\AppData\Local\Temp\_MEI13402\wxbase294u_net_vc90.dll
c:\users\Todd\AppData\Local\Temp\_MEI13402\wxbase294u_vc90.dll
c:\users\Todd\AppData\Local\Temp\_MEI13402\wxmsw294u_adv_vc90.dll
c:\users\Todd\AppData\Local\Temp\_MEI13402\wxmsw294u_core_vc90.dll
c:\users\Todd\AppData\Local\Temp\_MEI13402\wxmsw294u_html_vc90.dll
c:\users\Todd\AppData\Local\Temp\_MEI13402\wxmsw294u_webview_vc90.dll
c:\users\Todd\AppData\Local\Temp\tmp8lj2ym\googledrivesync.exe
c:\windows\SysWow64\frapsvid.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-04-03 to 2013-05-03 )))))))))))))))))))))))))))))))
.
.
2013-05-03 15:14 . 2013-05-03 15:14 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-05-03 15:14 . 2013-05-03 15:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-03 15:14 . 2013-05-03 15:14 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-05-03 15:05 . 2013-05-03 15:05 -------- d-----w- c:\users\Todd\AppData\Roaming\HPAppData
2013-05-02 21:24 . 2013-05-02 21:24 -------- d-----w- c:\users\Todd\AppData\Roaming\Mining
2013-05-02 16:48 . 2013-05-02 16:48 -------- d-----w- C:\FRST
2013-04-26 14:19 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4B9AF2ED-B91A-48C9-9A05-F01FCF5186AD}\mpengine.dll
2013-04-24 23:54 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-24 14:03 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-23 17:05 . 2013-04-23 17:05 905296 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{831F2B9E-59ED-4BC1-8E22-6C1CE8BB95AA}\gapaengine.dll
2013-04-19 14:23 . 2013-04-19 14:27 -------- d-----w- c:\program files (x86)\Quicken
2013-04-15 20:32 . 2013-04-15 20:32 6128760 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-04-13 20:13 . 2013-04-13 20:13 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-04-11 21:44 . 2013-04-11 21:44 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-04-11 21:44 . 2013-04-11 21:44 -------- d-----w- c:\program files\iTunes
2013-04-11 21:44 . 2013-04-11 21:44 -------- d-----w- c:\program files\iPod
2013-04-11 00:32 . 2013-04-11 00:32 33792 ----a-w- c:\windows\system32\drivers\hcw85cir3.sys
2013-04-11 00:32 . 2013-04-11 00:32 1907440 ----a-w- c:\windows\system32\drivers\HCW85BDA.sys
2013-04-11 00:32 . 2013-04-11 00:32 139776 ----a-w- c:\windows\system32\hcw85enc.ax
2013-04-11 00:32 . 2013-04-11 00:32 110592 ----a-w- c:\windows\system32\hcw85prop.ax
2013-04-10 14:29 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 14:29 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-04-10 14:29 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-10 14:29 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-04-10 14:29 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-04-10 14:29 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-04-06 14:14 . 2013-04-06 14:11 563328 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-04-06 14:11 . 2013-04-06 14:22 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2013-04-06 14:06 . 2013-04-06 14:07 -------- d-----w- c:\program files\Microsoft Office 15
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-25 14:41 . 2012-05-30 16:08 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-25 14:41 . 2011-05-27 15:58 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-11 08:01 . 2010-03-04 14:09 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-04 19:50 . 2011-03-24 01:03 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-02 10:34 . 2010-03-01 19:15 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-03-27 01:57 . 2013-03-27 01:57 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2013-03-01 00:00 . 2012-06-05 18:11 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-01 00:00 . 2010-04-23 11:00 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-02-12 05:45 . 2013-03-14 00:35 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-14 00:35 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-14 00:35 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 05:45 . 2013-03-14 00:35 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 04:48 . 2013-03-14 00:35 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-14 00:35 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-25 23:32 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-06 12:42 . 2013-02-06 12:42 102936 ----a-w- c:\windows\system32\drivers\ssudbus.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-04-06 14:15 1722488 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-04-06 14:15 1722488 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-04-06 14:15 1722488 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-04-16 19662744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
.
c:\users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-02-06 102936]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-12-15 351392]
R3 LVUVC64;Logitech HD Pro Webcam C920(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-12-15 4862368]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-05 1255736]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-01-27 226624]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-03-15 1871032]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-04-15 3289208]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-12-15 450848]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2013-04-11 1907440]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-21 239616]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-30 14:41]
.
2013-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-08 15:31]
.
2013-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-08 15:31]
.
2013-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1413658493-208379941-2510509854-1001Core.job
- c:\users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-28 06:07]
.
2013-05-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1413658493-208379941-2510509854-1001UA.job
- c:\users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-28 06:07]
.
2013-04-30 c:\windows\Tasks\HPCeeScheduleForTodd.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-04-06 14:15 2324600 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-04-06 14:15 2324600 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-04-06 14:15 2324600 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 21:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 21:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 21:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 21:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-29 16335464]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-15 610360]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 97.64.168.12 97.64.183.165
TCP: Interfaces\{BCF4865F-23B7-4460-81D4-294C88685033}: NameServer = 216.176.95.129,216.176.95.161
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001\Software\SecuROM\License information*]
"datasecu"=hex:c3,2d,cd,b8,e7,d5,9c,24,0a,19,1b,21,57,3b,f8,22,fc,74,ef,ed,e0,
c9,07,90,88,e5,3e,9b,15,32,b9,a4,fa,05,26,03,f2,10,43,b3,26,94,97,cb,fe,5c,\
"rkeysecu"=hex:6c,33,7b,3b,e2,25,e6,76,ff,a4,29,b1,81,c5,11,57
.
[HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001_Classes\CLSID\{A67BFBD3-7281-1A40-A20E-655A310E9BEF}]
@Denied: (A 4) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\windows\SysWOW64\schtasks.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2013-05-03 10:20:07 - machine was rebooted
ComboFix-quarantined-files.txt 2013-05-03 15:20
ComboFix2.txt 2013-04-30 17:52
ComboFix3.txt 2013-04-28 02:56
ComboFix4.txt 2013-04-27 21:30
.
Pre-Run: 740,690,583,552 bytes free
Post-Run: 740,560,596,992 bytes free
.
- - End Of File - - 0905392F48C13CAE8DC5911528CD8A44
-
I still get a pop up box upon restart that says microsoft security client failed upon initialization. Chrome seems to work ok, though.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-05-2013
Ran by SYSTEM at 2013-05-03 09:12:06 Run:1
Running from H:\
Boot Mode: Recovery
==============================================
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbam.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamgui.exe => Key not found.
C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rpeulaaql.exe => Moved successfully.
txkomqu => Service deleted successfully.
xgctr => Service deleted successfully.
xotflx => Service deleted successfully.
bwbptv => Service deleted successfully.
C:\Windows\SysWOW64\Drivers\szdtz.sys => Moved successfully.
C:\Windows\SysWOW64\pqbjv.txt => Moved successfully.
C:\Windows\SysWOW64\Drivers\vndyk.sys => Moved successfully.
C:\qgsdool.txt => Moved successfully.
C:\cleanup.exe => Moved successfully.
C:\Windows\SysWOW64\Drivers\naedkp.sys => Moved successfully.
C:\piiov.txt => Moved successfully.
C:\avenger.txt => Moved successfully.
C:\Windows\SysWOW64\Drivers\xufhby.sys => Moved successfully.
C:\Program Files (x86)\acxpyr.txt => Moved successfully.
==== End of Fixlog ====
-
My Microsoft security essentials and Chrome were still not working prior to this last step. Should I try to uninstall and reinstall them or just wait?
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-05-2013
Ran by SYSTEM on 02-05-2013 08:48:34
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST could be run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16335464 2009-09-29] (NVIDIA Corporation)
HKLM\...\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [610360 2009-09-14] ()
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1685048 2009-09-29] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1685048 2009-09-29] (Hewlett-Packard)
HKU\Todd\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [19357112 2013-03-07] (Google)
IMEO\mbam.exe: [Debugger] tx_.exe
IMEO\mbamgui.exe: [Debugger] bz_.exe
Startup: C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rpeulaaql.exe (Minecraft Skillz)
==================== Services (Whitelisted) =================
S2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [226624 2011-01-27] ()
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1871032 2013-03-14] (Microsoft Corporation)
S2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [x]
S2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [x]
==================== Drivers (Whitelisted) ====================
S3 hcw85cir; C:\Windows\System32\drivers\hcw85cir3.sys [33792 2013-04-10] (Hauppauge Computer Works, Inc.)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2010-01-20] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27648 2010-01-20] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33280 2010-01-20] (LG Electronics Inc.)
S0 bwbptv; system32\drivers\szdtz.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S0 txkomqu; system32\drivers\vndyk.sys [x]
S0 xgctr; system32\drivers\naedkp.sys [x]
S0 xotflx; system32\drivers\xufhby.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-05-02 08:48 - 2013-05-02 08:48 - 00000000 ____D C:\FRST
2013-05-01 05:50 - 2013-05-01 05:50 - 00061440 ____A C:\Windows\SysWOW64\Drivers\szdtz.sys
2013-05-01 05:50 - 2013-05-01 05:50 - 00000246 ____A C:\Windows\SysWOW64\pqbjv.txt
2013-05-01 05:46 - 2013-05-01 05:46 - 00061440 ____A C:\Windows\SysWOW64\Drivers\vndyk.sys
2013-05-01 05:46 - 2013-05-01 05:46 - 00000246 ____A C:\qgsdool.txt
2013-04-30 21:37 - 2013-05-01 05:50 - 00019286 ____A C:\cleanup.exe
2013-04-30 21:37 - 2013-04-30 21:37 - 00061440 ____A C:\Windows\SysWOW64\Drivers\naedkp.sys
2013-04-30 21:37 - 2013-04-30 21:37 - 00000242 ____A C:\piiov.txt
2013-04-30 21:36 - 2013-04-30 21:36 - 00000712 ____A C:\avenger.txt
2013-04-30 21:24 - 2013-04-30 21:24 - 00061440 ____A C:\Windows\SysWOW64\Drivers\xufhby.sys
2013-04-30 21:24 - 2013-04-30 21:24 - 00000242 ____A C:\Program Files (x86)\acxpyr.txt
2013-04-30 09:52 - 2013-04-30 09:52 - 00026187 ____A C:\ComboFix.txt
2013-04-28 06:50 - 2013-04-28 06:50 - 00001981 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-04-27 18:46 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-04-27 13:16 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2013-04-27 13:16 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2013-04-27 13:16 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-04-27 13:16 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-04-27 13:16 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2013-04-27 13:16 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2013-04-27 13:16 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2013-04-27 13:13 - 2013-04-30 09:52 - 00000000 ____D C:\Qoobox
2013-04-27 12:19 - 2013-04-27 12:21 - 00000000 ____D C:\Users\Todd\Desktop\RK_Quarantine
2013-04-27 12:14 - 2013-04-27 12:14 - 00002486 ____A C:\AdwCleaner[s3].txt
2013-04-27 06:48 - 2013-04-27 09:34 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-04-26 16:29 - 2013-04-26 16:29 - 00001548 ____A C:\AdwCleaner[R4].txt
2013-04-26 14:47 - 2013-04-26 14:47 - 05561287 ____A C:\Users\Todd\Downloads\minecraft.jar
2013-04-26 14:45 - 2013-04-26 14:45 - 05071043 ____A C:\Users\Todd\Downloads\WiZARDHAX.com-Nodus+Optifine.zip
2013-04-26 14:38 - 2013-04-26 14:38 - 04688194 ____A C:\Users\Todd\Downloads\WiZARDHAX.com-Nodus (1).zip
2013-04-25 15:22 - 2013-04-25 15:22 - 04944266 ____A C:\Users\Todd\Downloads\WiZARDHAX.com-Nodus.zip
2013-04-25 06:58 - 2013-04-25 06:58 - 00000000 ____D C:\Users\Todd\Desktop\2013-04 (Apr)
2013-04-24 06:03 - 2013-04-12 06:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-19 06:23 - 2013-04-19 06:27 - 00000000 ____D C:\Program Files (x86)\Quicken
2013-04-19 06:23 - 2013-04-19 06:23 - 00001768 ____A C:\Users\Public\Desktop\Quicken Deluxe 2013.lnk
2013-04-19 06:13 - 2013-04-19 06:14 - 100659880 ____A (Intuit Inc. ) C:\Users\Todd\Desktop\QW13DLX.exe
2013-04-19 06:13 - 2013-04-19 06:13 - 00941568 ____A (Amazon Services LLC) C:\Users\Todd\Downloads\Quicken_Deluxe_2013_Downloader.exe
2013-04-19 05:56 - 2013-04-19 05:56 - 00006780 ____A C:\Users\Todd\Downloads\Export (99).QFX
2013-04-17 15:35 - 2013-04-17 15:35 - 00001088 ____A C:\Users\Todd\Desktop\.minecraft - Shortcut.lnk
2013-04-17 15:20 - 2013-04-17 15:20 - 00199838 ____A C:\Users\Todd\Downloads\ModLoader (1).zip
2013-04-17 15:08 - 2013-04-17 15:08 - 00061676 ____A C:\Users\Todd\Downloads\Minaptics__1_2_4_r13 (2).zip
2013-04-17 15:01 - 2013-04-17 15:01 - 00199838 ____A C:\Users\Todd\Downloads\ModLoader.zip
2013-04-17 15:00 - 2013-04-17 15:00 - 00061676 ____A C:\Users\Todd\Downloads\Minaptics__1_2_4_r13 (1).zip
2013-04-17 12:42 - 2013-04-17 12:42 - 00028229 ____A C:\Users\Todd\Downloads\SPMods.cfg
2013-04-17 12:40 - 2013-04-17 12:40 - 00080097 ____A C:\Users\Todd\Downloads\MPMods.cfg
2013-04-16 13:40 - 2013-04-16 13:40 - 01494679 ____A C:\Users\Todd\Downloads\W@W CFG ALL YOU NEED.rar
2013-04-16 13:29 - 2013-04-16 13:29 - 00080097 ____A C:\Users\Todd\Downloads\SourDiesel_admin-x_build.cfg.17
2013-04-16 13:09 - 2013-04-16 13:09 - 00006738 ____A C:\Users\Todd\Downloads\flashinglightsv1.rar
2013-04-16 12:42 - 2013-04-16 12:42 - 01469992 ____A C:\Users\Todd\Downloads\COD5 Game Save Editor PS3.rar
2013-04-15 15:13 - 2013-04-15 15:13 - 02042239 ____A C:\Users\Todd\Downloads\CFGs.zip
2013-04-15 15:13 - 2013-04-15 15:13 - 01990196 ____A C:\Users\Todd\Downloads\COD5 Game Save Editor PS3.rar (1).zip
2013-04-15 15:00 - 2013-04-15 15:00 - 02337686 ____A C:\Users\Todd\Downloads\WAW PRE-MADE MENU! 4 U.zip
2013-04-15 13:51 - 2013-04-15 13:51 - 00048156 ____A C:\Users\Todd\Downloads\FirstMenu.cfg
2013-04-15 13:41 - 2013-04-15 13:41 - 01990196 ____A C:\Users\Todd\Downloads\COD5 Game Save Editor PS3.rar.zip
2013-04-11 13:44 - 2013-04-11 13:44 - 00001745 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-04-11 13:44 - 2013-04-11 13:44 - 00000000 ____D C:ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-04-11 13:44 - 2013-04-11 13:44 - 00000000 ____D C:\Program Files\iTunes
2013-04-11 13:44 - 2013-04-11 13:44 - 00000000 ____D C:\Program Files\iPod
2013-04-11 13:37 - 2013-04-11 13:38 - 90130256 ____A (Apple Inc.) C:\Users\Todd\Downloads\iTunes64Setup (2).exe
2013-04-10 16:32 - 2013-04-10 16:32 - 01907440 ____A (Hauppauge Computer Works) C:\Windows\System32\Drivers\HCW85BDA.sys
2013-04-10 16:32 - 2013-04-10 16:32 - 00139776 ____A (Hauppauge Computer Works) C:\Windows\System32\hcw85enc.ax
2013-04-10 16:32 - 2013-04-10 16:32 - 00110592 ____A (Hauppauge Computer Works) C:\Windows\System32\hcw85prop.ax
2013-04-10 16:32 - 2013-04-10 16:32 - 00033792 ____A (Hauppauge Computer Works, Inc.) C:\Windows\System32\Drivers\hcw85cir3.sys
2013-04-10 13:32 - 2013-04-10 13:32 - 01331819 ____A C:\Users\Todd\Downloads\Essentials.zip
2013-04-10 08:55 - 2013-04-10 08:55 - 00003533 ____A C:\Users\Todd\Downloads\Export (98).QFX
2013-04-10 06:29 - 2013-02-14 22:08 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-04-10 06:29 - 2013-02-14 22:06 - 03717632 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-04-10 06:29 - 2013-02-14 22:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-04-10 06:29 - 2013-02-14 20:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-04-10 06:29 - 2013-02-14 20:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-04-10 06:29 - 2013-02-14 19:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-04-10 06:28 - 2013-03-18 22:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-04-10 06:28 - 2013-03-18 21:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-04-10 06:28 - 2013-03-18 21:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-04-10 06:28 - 2013-03-18 21:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-04-10 06:28 - 2013-03-18 20:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-04-10 06:28 - 2013-03-18 19:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-04-10 06:28 - 2013-03-01 21:56 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-10 06:28 - 2013-03-01 21:55 - 01492992 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-10 06:28 - 2013-03-01 21:55 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-04-10 06:28 - 2013-03-01 21:50 - 09059328 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-10 06:28 - 2013-03-01 21:50 - 00735232 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-10 06:28 - 2013-03-01 21:50 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-04-10 06:28 - 2013-03-01 21:49 - 12294656 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-10 06:28 - 2013-03-01 21:49 - 02458112 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-10 06:28 - 2013-03-01 21:49 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-04-10 06:28 - 2013-03-01 21:49 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-10 06:28 - 2013-03-01 20:58 - 01231872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-04-10 06:28 - 2013-03-01 20:58 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-04-10 06:28 - 2013-03-01 20:58 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-04-10 06:28 - 2013-03-01 20:54 - 06032384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-04-10 06:28 - 2013-03-01 20:54 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-04-10 06:28 - 2013-03-01 20:54 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-04-10 06:28 - 2013-03-01 20:53 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-04-10 06:28 - 2013-03-01 20:52 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-04-10 06:28 - 2013-03-01 20:52 - 02078208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-04-10 06:28 - 2013-03-01 20:52 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-04-10 06:28 - 2013-03-01 19:57 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-04-10 06:28 - 2013-03-01 19:22 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-04-10 06:28 - 2013-02-28 19:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-04-10 06:28 - 2013-01-23 22:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-04-09 12:47 - 2013-04-09 12:47 - 00482549 ____A C:\Users\Todd\Downloads\FTB_Launcher.jar
2013-04-07 07:06 - 2013-04-07 07:06 - 24178176 ____A (SAMSUNG Electronics Co., Ltd.) C:\Users\Todd\Downloads\Samsung_USB_Driver_for_Mobile_Phones_v1.5.14.0 (2).exe
2013-04-07 06:55 - 2013-04-07 06:55 - 24178176 ____A (SAMSUNG Electronics Co., Ltd.) C:\Users\Todd\Downloads\Samsung_USB_Driver_for_Mobile_Phones_v1.5.14.0 (1).exe
2013-04-07 06:17 - 2013-04-07 06:17 - 00002304 ____A C:\Users\Todd\Downloads\Export (97).QFX
2013-04-07 06:14 - 2013-04-07 06:14 - 00004154 ____A C:\Users\Todd\Downloads\Export (96).QFX
2013-04-06 06:13 - 2013-04-06 06:13 - 21543568 ____A C:\Windows\MSYH.tt2
2013-04-06 06:13 - 2013-04-06 06:13 - 21302624 ____A C:\Windows\MSJH.tt2
2013-04-06 06:13 - 2013-04-06 06:13 - 14381616 ____A C:\Windows\MSYHBD.tt2
2013-04-06 06:13 - 2013-04-06 06:13 - 14343024 ____A C:\Windows\MSJHBD.tt2
2013-04-06 06:13 - 2013-04-06 06:13 - 00222632 ____A C:\Windows\MSUIGHUR.tt2
2013-04-06 06:13 - 2013-04-06 06:13 - 00132516 ____A C:\Windows\FRAMDCN.tt2
2013-04-06 06:13 - 2013-04-06 06:13 - 00094064 ____A C:\Windows\LEELAWAD.tt2
2013-04-06 06:13 - 2013-04-06 06:13 - 00093836 ____A C:\Windows\LEELAWDB.tt2
2013-04-06 06:13 - 2013-04-06 06:13 - 00066696 ____A C:\Windows\VIVALDII.tt2
2013-04-06 06:13 - 2013-04-06 06:13 - 00055400 ____A C:\Windows\OCRAEXT.tt2
2013-04-06 06:13 - 2013-04-06 06:12 - 00179368 ____A C:\Windows\ARIALNI.tt2
2013-04-06 06:13 - 2013-04-06 06:12 - 00178864 ____A C:\Windows\ARIALNB.tt2
2013-04-06 06:13 - 2013-04-06 06:12 - 00178316 ____A C:\Windows\ARIALNBI.tt2
2013-04-06 06:13 - 2013-04-06 06:12 - 00173936 ____A C:\Windows\ARIALN.tt2
2013-04-06 06:13 - 2013-04-06 06:12 - 00007656 ____A C:\Windows\MTEXTRA.tt2
2013-04-06 06:11 - 2013-04-06 06:22 - 00000000 ____D C:ProgramData\regid.1991-06.com.microsoft
2013-04-06 06:06 - 2013-04-06 06:07 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-04-06 06:06 - 2013-04-06 06:06 - 00560296 ____A (Microsoft Corporation) C:\Users\Todd\Downloads\Setup.x86.en-US_ProPlusRetail_GW3BT-N64V6-M686C-TCXB6-8TWQD_TX_PR_act_1_.exe
2013-04-04 15:26 - 2013-04-04 15:26 - 00006633 ____A C:\Users\Todd\Downloads\mccapes_1_5_1_20130321_2322 (1).zip
2013-04-04 15:17 - 2013-04-04 15:17 - 00006633 ____A C:\Users\Todd\Downloads\mccapes_1_5_1_20130321_2322.zip
2013-04-03 06:15 - 2013-04-03 06:15 - 00004613 ____A C:\Users\Todd\Downloads\Export (95).QFX
2013-04-03 06:13 - 2013-04-03 06:13 - 00003627 ____A C:\Users\Todd\Downloads\Export (3).OFX
2013-04-02 11:08 - 2012-05-29 12:53 - 00027456 ____A (Windows ® Codename Longhorn DDK provider) C:\Windows\System32\Drivers\cpqdfw.sys
2013-04-02 11:07 - 2013-04-02 11:07 - 00002147 ____A C:\Users\Public\Desktop\HP Support Assistant.lnk
2013-04-02 11:05 - 2013-04-02 11:05 - 00000000 ____D C:ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
==================== One Month Modified Files and Folders =======
2013-05-02 08:48 - 2013-05-02 08:48 - 00000000 ____D C:\FRST
2013-05-02 05:44 - 2009-12-07 11:28 - 01548171 ____A C:\Windows\WindowsUpdate.log
2013-05-02 05:41 - 2009-07-13 21:13 - 00779266 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-02 05:41 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-02 05:41 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-02 05:38 - 2013-02-08 07:32 - 00000000 ___SD C:\Users\Todd\Google Drive
2013-05-02 05:38 - 2013-02-08 07:31 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-02 05:36 - 2013-02-08 07:31 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-02 05:34 - 2013-03-06 13:05 - 00024128 ____A C:\Windows\setupact.log
2013-05-02 05:34 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-01 07:05 - 2012-02-27 22:07 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1413658493-208379941-2510509854-1001UA.job
2013-05-01 07:02 - 2012-05-30 08:08 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-01 05:50 - 2013-05-01 05:50 - 00061440 ____A C:\Windows\SysWOW64\Drivers\szdtz.sys
2013-05-01 05:50 - 2013-05-01 05:50 - 00000246 ____A C:\Windows\SysWOW64\pqbjv.txt
2013-05-01 05:50 - 2013-04-30 21:37 - 00019286 ____A C:\cleanup.exe
2013-05-01 05:46 - 2013-05-01 05:46 - 00061440 ____A C:\Windows\SysWOW64\Drivers\vndyk.sys
2013-05-01 05:46 - 2013-05-01 05:46 - 00000246 ____A C:\qgsdool.txt
2013-04-30 21:37 - 2013-04-30 21:37 - 00061440 ____A C:\Windows\SysWOW64\Drivers\naedkp.sys
2013-04-30 21:37 - 2013-04-30 21:37 - 00000242 ____A C:\piiov.txt
2013-04-30 21:36 - 2013-04-30 21:36 - 00000712 ____A C:\avenger.txt
2013-04-30 21:24 - 2013-04-30 21:24 - 00061440 ____A C:\Windows\SysWOW64\Drivers\xufhby.sys
2013-04-30 21:24 - 2013-04-30 21:24 - 00000242 ____A C:\Program Files (x86)\acxpyr.txt
2013-04-30 21:22 - 2012-05-31 06:42 - 00000000 ____D C:\Users\Todd\Desktop\Security
2013-04-30 16:11 - 2010-03-27 08:35 - 00000000 ____D C:\Users\Todd\AppData\Local\CrashDumps
2013-04-30 09:52 - 2013-04-30 09:52 - 00026187 ____A C:\ComboFix.txt
2013-04-30 09:52 - 2013-04-27 13:13 - 00000000 ____D C:\Qoobox
2013-04-30 09:46 - 2013-01-07 18:13 - 00000328 ____A C:\Windows\Tasks\HPCeeScheduleForTodd.job
2013-04-30 09:46 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2013-04-30 09:45 - 2013-03-07 04:30 - 00011464 ____A C:\Windows\PFRO.log
2013-04-30 05:40 - 2011-11-01 05:35 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-04-30 05:40 - 2010-03-18 13:17 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2013-04-30 05:34 - 2012-12-27 22:51 - 00000000 ____D C:\JRT
2013-04-28 18:05 - 2012-02-27 22:07 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1413658493-208379941-2510509854-1001Core.job
2013-04-28 12:59 - 2013-03-28 19:44 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1
2013-04-28 06:51 - 2010-03-08 07:43 - 00000000 ____D C:ProgramData\Adobe
2013-04-28 06:50 - 2013-04-28 06:50 - 00001981 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-04-28 06:50 - 2010-03-08 07:44 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-04-28 06:40 - 2012-12-23 11:28 - 00000000 ____D C:\Program Files\Elgato
2013-04-28 06:31 - 2012-12-27 10:03 - 00000000 ____D C:\Users\Todd\AppData\Local\DayZCommander
2013-04-28 06:27 - 2009-07-13 19:20 - 00000000 ___SD C:ProgramData\Microsoft
2013-04-28 06:25 - 2011-05-18 15:11 - 00000000 ____D C:\Users\Todd\AppData\Roaming\Unified Remote
2013-04-28 06:21 - 2013-02-28 16:00 - 00000000 ____D C:\Program Files (x86)\Java
2013-04-27 13:24 - 2012-05-31 21:17 - 00000000 ____D C:\Windows\ERDNT
2013-04-27 12:21 - 2013-04-27 12:19 - 00000000 ____D C:\Users\Todd\Desktop\RK_Quarantine
2013-04-27 12:14 - 2013-04-27 12:14 - 00002486 ____A C:\AdwCleaner[s3].txt
2013-04-27 09:51 - 2011-05-06 15:07 - 00461312 __ASH C:\Users\Todd\Desktop\Thumbs.db
2013-04-27 09:34 - 2013-04-27 06:48 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-04-27 09:34 - 2011-03-23 17:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-26 17:22 - 2012-10-25 05:54 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-04-26 16:29 - 2013-04-26 16:29 - 00001548 ____A C:\AdwCleaner[R4].txt
2013-04-26 15:11 - 2012-05-05 07:46 - 00000000 ____D C:\Users\Todd\AppData\Roaming\Skype
2013-04-26 15:08 - 2013-03-02 09:49 - 00000000 ____D C:\Users\Todd\AppData\Roaming\.minecraft
2013-04-26 14:47 - 2013-04-26 14:47 - 05561287 ____A C:\Users\Todd\Downloads\minecraft.jar
2013-04-26 14:47 - 2013-01-10 18:59 - 00000000 ____D C:\Users\Todd\Desktop\Brendon
2013-04-26 14:45 - 2013-04-26 14:45 - 05071043 ____A C:\Users\Todd\Downloads\WiZARDHAX.com-Nodus+Optifine.zip
2013-04-26 14:38 - 2013-04-26 14:38 - 04688194 ____A C:\Users\Todd\Downloads\WiZARDHAX.com-Nodus (1).zip
2013-04-25 15:22 - 2013-04-25 15:22 - 04944266 ____A C:\Users\Todd\Downloads\WiZARDHAX.com-Nodus.zip
2013-04-25 06:58 - 2013-04-25 06:58 - 00000000 ____D C:\Users\Todd\Desktop\2013-04 (Apr)
2013-04-25 06:41 - 2012-05-30 08:08 - 00691592 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-04-25 06:41 - 2011-05-27 07:58 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-04-24 17:52 - 2012-05-05 07:46 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-04-24 17:52 - 2012-05-05 07:46 - 00000000 ____D C:ProgramData\Skype
2013-04-22 17:16 - 2010-03-18 13:15 - 00000000 ____D C:\Users\Todd\AppData\Roaming\HpUpdate
2013-04-22 17:16 - 2010-03-18 13:15 - 00000000 ____D C:\Users\Todd\AppData\Roaming\HP Support Assistant
2013-04-22 13:33 - 2012-06-28 12:02 - 00000000 ____D C:\Program Files (x86)\Steam
2013-04-21 12:05 - 2010-03-01 11:10 - 00000000 ____D C:\Users\Todd\AppData\Roaming\Mozilla
2013-04-20 10:22 - 2013-03-28 19:44 - 00000000 ____D C:\Users\Todd\Documents\Bandicam
2013-04-19 06:28 - 2010-03-08 11:32 - 00000000 ____D C:\Users\Todd\Documents\Quicken
2013-04-19 06:27 - 2013-04-19 06:23 - 00000000 ____D C:\Program Files (x86)\Quicken
2013-04-19 06:23 - 2013-04-19 06:23 - 00001768 ____A C:\Users\Public\Desktop\Quicken Deluxe 2013.lnk
2013-04-19 06:23 - 2010-03-08 11:14 - 00000171 ____A C:\Windows\QUICKEN.INI
2013-04-19 06:14 - 2013-04-19 06:13 - 100659880 ____A (Intuit Inc. ) C:\Users\Todd\Desktop\QW13DLX.exe
2013-04-19 06:13 - 2013-04-19 06:13 - 00941568 ____A (Amazon Services LLC) C:\Users\Todd\Downloads\Quicken_Deluxe_2013_Downloader.exe
2013-04-19 05:56 - 2013-04-19 05:56 - 00006780 ____A C:\Users\Todd\Downloads\Export (99).QFX
2013-04-17 15:35 - 2013-04-17 15:35 - 00001088 ____A C:\Users\Todd\Desktop\.minecraft - Shortcut.lnk
2013-04-17 15:20 - 2013-04-17 15:20 - 00199838 ____A C:\Users\Todd\Downloads\ModLoader (1).zip
2013-04-17 15:08 - 2013-04-17 15:08 - 00061676 ____A C:\Users\Todd\Downloads\Minaptics__1_2_4_r13 (2).zip
2013-04-17 15:01 - 2013-04-17 15:01 - 00199838 ____A C:\Users\Todd\Downloads\ModLoader.zip
2013-04-17 15:00 - 2013-04-17 15:00 - 00061676 ____A C:\Users\Todd\Downloads\Minaptics__1_2_4_r13 (1).zip
2013-04-17 12:42 - 2013-04-17 12:42 - 00028229 ____A C:\Users\Todd\Downloads\SPMods.cfg
2013-04-17 12:40 - 2013-04-17 12:40 - 00080097 ____A C:\Users\Todd\Downloads\MPMods.cfg
2013-04-17 08:53 - 2012-12-25 13:17 - 00009632 ____A C:\Windows\System32\lvcoinst.log
2013-04-16 13:40 - 2013-04-16 13:40 - 01494679 ____A C:\Users\Todd\Downloads\W@W CFG ALL YOU NEED.rar
2013-04-16 13:29 - 2013-04-16 13:29 - 00080097 ____A C:\Users\Todd\Downloads\SourDiesel_admin-x_build.cfg.17
2013-04-16 13:09 - 2013-04-16 13:09 - 00006738 ____A C:\Users\Todd\Downloads\flashinglightsv1.rar
2013-04-16 12:42 - 2013-04-16 12:42 - 01469992 ____A C:\Users\Todd\Downloads\COD5 Game Save Editor PS3.rar
2013-04-15 15:13 - 2013-04-15 15:13 - 02042239 ____A C:\Users\Todd\Downloads\CFGs.zip
2013-04-15 15:13 - 2013-04-15 15:13 - 01990196 ____A C:\Users\Todd\Downloads\COD5 Game Save Editor PS3.rar (1).zip
2013-04-15 15:00 - 2013-04-15 15:00 - 02337686 ____A C:\Users\Todd\Downloads\WAW PRE-MADE MENU! 4 U.zip
2013-04-15 13:51 - 2013-04-15 13:51 - 00048156 ____A C:\Users\Todd\Downloads\FirstMenu.cfg
2013-04-15 13:41 - 2013-04-15 13:41 - 01990196 ____A C:\Users\Todd\Downloads\COD5 Game Save Editor PS3.rar.zip
2013-04-12 06:45 - 2013-04-24 06:03 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-12 06:25 - 2013-03-14 06:28 - 00000000 ____D C:\Users\Todd\Documents\SimCity 4
2013-04-11 13:44 - 2013-04-11 13:44 - 00001745 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-04-11 13:44 - 2013-04-11 13:44 - 00000000 ____D C:ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-04-11 13:44 - 2013-04-11 13:44 - 00000000 ____D C:\Program Files\iTunes
2013-04-11 13:44 - 2013-04-11 13:44 - 00000000 ____D C:\Program Files\iPod
2013-04-11 13:44 - 2012-10-06 08:22 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-04-11 13:38 - 2013-04-11 13:37 - 90130256 ____A (Apple Inc.) C:\Users\Todd\Downloads\iTunes64Setup (2).exe
2013-04-11 00:22 - 2009-07-13 20:45 - 00462584 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-11 00:01 - 2010-03-04 06:09 - 72702784 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-04-10 16:32 - 2013-04-10 16:32 - 01907440 ____A (Hauppauge Computer Works) C:\Windows\System32\Drivers\HCW85BDA.sys
2013-04-10 16:32 - 2013-04-10 16:32 - 00139776 ____A (Hauppauge Computer Works) C:\Windows\System32\hcw85enc.ax
2013-04-10 16:32 - 2013-04-10 16:32 - 00110592 ____A (Hauppauge Computer Works) C:\Windows\System32\hcw85prop.ax
2013-04-10 16:32 - 2013-04-10 16:32 - 00033792 ____A (Hauppauge Computer Works, Inc.) C:\Windows\System32\Drivers\hcw85cir3.sys
2013-04-10 13:32 - 2013-04-10 13:32 - 01331819 ____A C:\Users\Todd\Downloads\Essentials.zip
2013-04-10 08:55 - 2013-04-10 08:55 - 00003533 ____A C:\Users\Todd\Downloads\Export (98).QFX
2013-04-09 12:47 - 2013-04-09 12:47 - 00482549 ____A C:\Users\Todd\Downloads\FTB_Launcher.jar
2013-04-09 12:47 - 2013-03-29 08:49 - 00000000 ____D C:\Users\Todd\AppData\Roaming\ftblauncher
2013-04-07 07:06 - 2013-04-07 07:06 - 24178176 ____A (SAMSUNG Electronics Co., Ltd.) C:\Users\Todd\Downloads\Samsung_USB_Driver_for_Mobile_Phones_v1.5.14.0 (2).exe
2013-04-07 06:55 - 2013-04-07 06:55 - 24178176 ____A (SAMSUNG Electronics Co., Ltd.) C:\Users\Todd\Downloads\Samsung_USB_Driver_for_Mobile_Phones_v1.5.14.0 (1).exe
2013-04-07 06:17 - 2013-04-07 06:17 - 00002304 ____A C:\Users\Todd\Downloads\Export (97).QFX
2013-04-07 06:14 - 2013-04-07 06:14 - 00004154 ____A C:\Users\Todd\Downloads\Export (96).QFX
2013-04-07 06:12 - 2010-03-01 11:06 - 00124200 ____A C:\Users\Todd\AppData\Local\GDIPFONTCACHEV1.DAT
2013-04-06 06:22 - 2013-04-06 06:11 - 00000000 ____D C:ProgramData\regid.1991-06.com.microsoft
2013-04-06 06:13 - 2013-04-06 06:13 - 21543568 ____A C:\Windows\MSYH.tt2
2013-04-06 06:13 - 2013-04-06 06:13 - 21302624 ____A C:\Windows\MSJH.tt2
2013-04-06 06:13 - 2013-04-06 06:13 - 14381616 ____A C:\Windows\MSYHBD.tt2
2013-04-06 06:13 - 2013-04-06 06:13 - 14343024 ____A C:\Windows\MSJHBD.tt2
2013-04-06 06:13 - 2013-04-06 06:13 - 00222632 ____A C:\Windows\MSUIGHUR.tt2
2013-04-06 06:13 - 2013-04-06 06:13 - 00132516 ____A C:\Windows\FRAMDCN.tt2
2013-04-06 06:13 - 2013-04-06 06:13 - 00094064 ____A C:\Windows\LEELAWAD.tt2
2013-04-06 06:13 - 2013-04-06 06:13 - 00093836 ____A C:\Windows\LEELAWDB.tt2
2013-04-06 06:13 - 2013-04-06 06:13 - 00066696 ____A C:\Windows\VIVALDII.tt2
2013-04-06 06:13 - 2013-04-06 06:13 - 00055400 ____A C:\Windows\OCRAEXT.tt2
2013-04-06 06:12 - 2013-04-06 06:13 - 00179368 ____A C:\Windows\ARIALNI.tt2
2013-04-06 06:12 - 2013-04-06 06:13 - 00178864 ____A C:\Windows\ARIALNB.tt2
2013-04-06 06:12 - 2013-04-06 06:13 - 00178316 ____A C:\Windows\ARIALNBI.tt2
2013-04-06 06:12 - 2013-04-06 06:13 - 00173936 ____A C:\Windows\ARIALN.tt2
2013-04-06 06:12 - 2013-04-06 06:13 - 00007656 ____A C:\Windows\MTEXTRA.tt2
2013-04-06 06:11 - 2009-11-24 00:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-04-06 06:11 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-04-06 06:07 - 2013-04-06 06:06 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-04-06 06:06 - 2013-04-06 06:06 - 00560296 ____A (Microsoft Corporation) C:\Users\Todd\Downloads\Setup.x86.en-US_ProPlusRetail_GW3BT-N64V6-M686C-TCXB6-8TWQD_TX_PR_act_1_.exe
2013-04-04 15:26 - 2013-04-04 15:26 - 00006633 ____A C:\Users\Todd\Downloads\mccapes_1_5_1_20130321_2322 (1).zip
2013-04-04 15:17 - 2013-04-04 15:17 - 00006633 ____A C:\Users\Todd\Downloads\mccapes_1_5_1_20130321_2322.zip
2013-04-04 11:50 - 2011-03-23 17:03 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-04-03 06:15 - 2013-04-03 06:15 - 00004613 ____A C:\Users\Todd\Downloads\Export (95).QFX
2013-04-03 06:13 - 2013-04-03 06:13 - 00003627 ____A C:\Users\Todd\Downloads\Export (3).OFX
2013-04-02 11:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help
2013-04-02 11:08 - 2009-11-23 23:53 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-04-02 11:07 - 2013-04-02 11:07 - 00002147 ____A C:\Users\Public\Desktop\HP Support Assistant.lnk
2013-04-02 11:07 - 2009-11-23 23:52 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2013-04-02 11:06 - 2010-03-25 14:08 - 00000000 ____D C:\Users\Todd\AppData\Roaming\hpqLog
2013-04-02 11:05 - 2013-04-02 11:05 - 00000000 ____D C:ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2013-04-02 11:04 - 2010-12-26 16:40 - 00000000 ___AD C:\swsetup
2013-04-02 02:34 - 2010-03-01 11:15 - 00282744 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-04-27 06:05:50
Restore point made on: 2013-04-28 06:10:13
Restore point made on: 2013-04-28 06:14:54
Restore point made on: 2013-04-28 06:18:07
Restore point made on: 2013-04-28 06:18:23
Restore point made on: 2013-04-28 06:22:02
Restore point made on: 2013-04-28 06:23:42
Restore point made on: 2013-04-28 06:24:04
Restore point made on: 2013-04-28 06:25:06
Restore point made on: 2013-04-28 06:27:06
Restore point made on: 2013-04-28 06:29:31
Restore point made on: 2013-04-28 06:29:48
Restore point made on: 2013-04-28 06:31:08
Restore point made on: 2013-04-28 06:31:26
Restore point made on: 2013-04-28 06:31:59
Restore point made on: 2013-04-28 06:33:42
Restore point made on: 2013-04-28 06:36:28
Restore point made on: 2013-04-28 06:36:45
Restore point made on: 2013-04-28 06:40:33
Restore point made on: 2013-04-28 06:43:14
Restore point made on: 2013-04-28 06:45:57
Restore point made on: 2013-04-28 13:27:56
Restore point made on: 2013-04-28 14:11:10
Restore point made on: 2013-04-29 06:44:40
Restore point made on: 2013-04-29 07:02:16
Restore point made on: 2013-04-29 07:24:28
==================== Memory info ===========================
Percentage of memory in use: 11%
Total physical RAM: 8119.08 MB
Available physical RAM: 7153.86 MB
Total Pagefile: 8117.23 MB
Available Pagefile: 7138.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
==================== Drives ================================
Drive c: (HP) (Fixed) (Total:920.43 GB) (Free:690.15 GB) NTFS (Disk=0 Partition=2)
Drive e: (FACTORY_IMAGE) (Fixed) (Total:10.98 GB) (Free:1.58 GB) NTFS (Disk=0 Partition=3) ==>[system with boot components (obtained from reading drive)]
Drive f: (Sims3EP08) (CDROM) (Total:3.9 GB) (Free:0 GB) UDF
Drive h: (UDISK) (Removable) (Total:3.81 GB) (Free:3.77 GB) FAT32 (Disk=2 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.08 GB) (Free:0.07 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS (Disk=0 Partition=1) ==>[system with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 3915 MB 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 No Media 0 B 0 B
Partitions of Disk 0:
===============
Disk ID: 1549F232
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 920 GB 101 MB
Partition 3 Primary 10 GB 920 GB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C HP NTFS Partition 920 GB Healthy
=========================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E FACTORY_IMA NTFS Partition 10 GB Healthy
=========================================================
Partitions of Disk 2:
===============
Disk ID: 04030201
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3913 MB 1380 KB
==================================================================================
Disk: 2
Partition 1
Type : 0C
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H UDISK FAT32 Removable 3913 MB Healthy
=========================================================
============================== MBR & Partition Table ==================
====================================================================
Disk: 0 (Size: 932 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=920 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=07 NTFS)
====================================================================
Disk: 2 (Size: 4 GB) (Disk ID: 04030201)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0C)
Last Boot: 2013-04-25 07:27
==================== End Of Log ============================
Farbar Recovery Scan Tool (x64) Version: 01-05-2013
Ran by SYSTEM at 2013-05-02 08:50:41
Running from H:\
Boot Mode: Recovery
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\ERDNT\cache64\services.exe
[2012-05-31 21:27] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
====== End Of Search ======
-
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows NT 6.1 (build 7601, Service Pack 1)
Wed May 01 00:36:45 2013
00:36:45: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!
//////////////////////////////////////////
It seems to be showing the exact log file that it did last night. I tried it twice.
-
I hope you can read that. I don't know what happened with the font.
-
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows NT 6.1 (build 7601, Service Pack 1)
Wed May 01 00:36:45 2013
00:36:45: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!
//////////////////////////////////////////
I ran avenger and rebooted and it did not come up with a log file. I even did a search for it. I tried to run it again and did not get the first line copied at first and it gave me an error, so I re did it and when it rebooted, I only got this:
-
Once again, I could not access my AV program to disable it while running combofix
ComboFix 13-04-29.01 - Todd 04/30/2013 12:39:18.6.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8119.6436 [GMT -5:00]
Running from: c:\users\Todd\Desktop\Security\ComboFix.exe
Command switches used :: c:\users\Todd\Desktop\Security\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rpeulaaql.exe"
"c:\users\Todd\AppData\Roaming\Mining\coin-miner.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Todd\AppData\Local\Temp\_MEI39522\_ctypes.pyd
c:\users\Todd\AppData\Local\Temp\_MEI39522\_elementtree.pyd
c:\users\Todd\AppData\Local\Temp\_MEI39522\_hashlib.pyd
c:\users\Todd\AppData\Local\Temp\_MEI39522\_socket.pyd
c:\users\Todd\AppData\Local\Temp\_MEI39522\_ssl.pyd
c:\users\Todd\AppData\Local\Temp\_MEI39522\pyexpat.pyd
c:\users\Todd\AppData\Local\Temp\_MEI39522\pysqlite2._sqlite.pyd
c:\users\Todd\AppData\Local\Temp\_MEI39522\python27.dll
c:\users\Todd\AppData\Local\Temp\_MEI39522\pythoncom27.dll
c:\users\Todd\AppData\Local\Temp\_MEI39522\PyWinTypes27.dll
c:\users\Todd\AppData\Local\Temp\_MEI39522\select.pyd
c:\users\Todd\AppData\Local\Temp\_MEI39522\unicodedata.pyd
c:\users\Todd\AppData\Local\Temp\_MEI39522\win32api.pyd
c:\users\Todd\AppData\Local\Temp\_MEI39522\win32com.shell.shell.pyd
c:\users\Todd\AppData\Local\Temp\_MEI39522\win32crypt.pyd
c:\users\Todd\AppData\Local\Temp\_MEI39522\win32event.pyd
c:\users\Todd\AppData\Local\Temp\_MEI39522\win32file.pyd
c:\users\Todd\AppData\Local\Temp\_MEI39522\win32inet.pyd
c:\users\Todd\AppData\Local\Temp\_MEI39522\win32pdh.pyd
c:\users\Todd\AppData\Local\Temp\_MEI39522\win32process.pyd
c:\users\Todd\AppData\Local\Temp\_MEI39522\win32profile.pyd
c:\users\Todd\AppData\Local\Temp\_MEI39522\win32security.pyd
c:\users\Todd\AppData\Local\Temp\_MEI39522\win32ts.pyd
c:\users\Todd\AppData\Local\Temp\_MEI39522\windows._cacheinvalidation.pyd
c:\users\Todd\AppData\Local\Temp\_MEI39522\wx._controls_.pyd
c:\users\Todd\AppData\Local\Temp\_MEI39522\wx._core_.pyd
c:\users\Todd\AppData\Local\Temp\_MEI39522\wx._gdi_.pyd
c:\users\Todd\AppData\Local\Temp\_MEI39522\wx._html2.pyd
c:\users\Todd\AppData\Local\Temp\_MEI39522\wx._misc_.pyd
c:\users\Todd\AppData\Local\Temp\_MEI39522\wx._windows_.pyd
c:\users\Todd\AppData\Local\Temp\_MEI39522\wx._wizard.pyd
c:\users\Todd\AppData\Local\Temp\_MEI39522\wxbase294u_net_vc90.dll
c:\users\Todd\AppData\Local\Temp\_MEI39522\wxbase294u_vc90.dll
c:\users\Todd\AppData\Local\Temp\_MEI39522\wxmsw294u_adv_vc90.dll
c:\users\Todd\AppData\Local\Temp\_MEI39522\wxmsw294u_core_vc90.dll
c:\users\Todd\AppData\Local\Temp\_MEI39522\wxmsw294u_html_vc90.dll
c:\users\Todd\AppData\Local\Temp\_MEI39522\wxmsw294u_webview_vc90.dll
c:\users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rpeulaaql.exe
c:\users\Todd\AppData\Roaming\Mining
c:\users\Todd\AppData\Roaming\Mining\coin-miner.exe
c:\users\Todd\AppData\Roaming\Mining\mineamillion.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-03-28 to 2013-04-30 )))))))))))))))))))))))))))))))
.
.
2013-04-30 17:44 . 2013-04-30 17:44 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-04-30 17:44 . 2013-04-30 17:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-30 17:44 . 2013-04-30 17:44 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-04-30 13:55 . 2013-04-30 13:55 -------- d-----w- c:\users\Todd\AppData\Roaming\HPAppData
2013-04-26 23:08 . 2013-04-30 17:46 598016 ---ha-r- c:\users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rpeulaaql.exe
2013-04-26 14:19 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4B9AF2ED-B91A-48C9-9A05-F01FCF5186AD}\mpengine.dll
2013-04-24 23:54 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-24 14:03 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-23 17:05 . 2013-04-23 17:05 905296 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{831F2B9E-59ED-4BC1-8E22-6C1CE8BB95AA}\gapaengine.dll
2013-04-19 14:23 . 2013-04-19 14:27 -------- d-----w- c:\program files (x86)\Quicken
2013-04-15 20:32 . 2013-04-15 20:32 6128760 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-04-13 20:13 . 2013-04-13 20:13 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-04-11 21:44 . 2013-04-11 21:44 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-04-11 21:44 . 2013-04-11 21:44 -------- d-----w- c:\program files\iTunes
2013-04-11 21:44 . 2013-04-11 21:44 -------- d-----w- c:\program files\iPod
2013-04-11 00:32 . 2013-04-11 00:32 33792 ----a-w- c:\windows\system32\drivers\hcw85cir3.sys
2013-04-11 00:32 . 2013-04-11 00:32 1907440 ----a-w- c:\windows\system32\drivers\HCW85BDA.sys
2013-04-11 00:32 . 2013-04-11 00:32 139776 ----a-w- c:\windows\system32\hcw85enc.ax
2013-04-11 00:32 . 2013-04-11 00:32 110592 ----a-w- c:\windows\system32\hcw85prop.ax
2013-04-10 14:29 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 14:29 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-04-10 14:29 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-10 14:29 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-04-10 14:29 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-04-10 14:29 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-04-06 14:14 . 2013-04-06 14:11 563328 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-04-06 14:11 . 2013-04-06 14:22 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2013-04-06 14:06 . 2013-04-06 14:07 -------- d-----w- c:\program files\Microsoft Office 15
2013-04-02 19:08 . 2012-05-29 20:53 27456 ----a-w- c:\windows\system32\drivers\cpqdfw.sys
2013-04-02 19:05 . 2013-04-02 19:05 -------- d-----w- c:\programdata\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-25 14:41 . 2012-05-30 16:08 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-25 14:41 . 2011-05-27 15:58 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-11 08:01 . 2010-03-04 14:09 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-04 19:50 . 2011-03-24 01:03 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-02 10:34 . 2010-03-01 19:15 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-03-27 01:57 . 2013-03-27 01:57 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2013-03-01 00:00 . 2012-06-05 18:11 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-01 00:00 . 2010-04-23 11:00 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-02-12 05:45 . 2013-03-14 00:35 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-14 00:35 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-14 00:35 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 05:45 . 2013-03-14 00:35 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 04:48 . 2013-03-14 00:35 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-14 00:35 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-25 23:32 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-06 12:42 . 2013-02-06 12:42 102936 ----a-w- c:\windows\system32\drivers\ssudbus.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-04-06 14:15 1722488 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-04-06 14:15 1722488 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-04-06 14:15 1722488 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-03-07 19357112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
c:\users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
rpeulaaql.exe [2013-4-30 598016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-02-06 102936]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-12-15 351392]
R3 LVUVC64;Logitech HD Pro Webcam C920(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-12-15 4862368]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-05 1255736]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-01-27 226624]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-03-15 1871032]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-04-15 3289208]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-12-15 450848]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2013-04-11 1907440]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-21 239616]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-30 14:41]
.
2013-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-08 15:31]
.
2013-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-08 15:31]
.
2013-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1413658493-208379941-2510509854-1001Core.job
- c:\users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-28 06:07]
.
2013-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1413658493-208379941-2510509854-1001UA.job
- c:\users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-28 06:07]
.
2013-04-30 c:\windows\Tasks\HPCeeScheduleForTodd.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-04-06 14:15 2324600 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-04-06 14:15 2324600 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-04-06 14:15 2324600 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-03-07 21:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-03-07 21:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-03-07 21:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-03-07 21:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-29 16335464]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-15 610360]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 97.64.168.12 97.64.183.165
TCP: Interfaces\{BCF4865F-23B7-4460-81D4-294C88685033}: NameServer = 216.176.95.129,216.176.95.161
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-86462709.sys
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001\Software\SecuROM\License information*]
"datasecu"=hex:c3,2d,cd,b8,e7,d5,9c,24,0a,19,1b,21,57,3b,f8,22,fc,74,ef,ed,e0,
c9,07,90,88,e5,3e,9b,15,32,b9,a4,fa,05,26,03,f2,10,43,b3,26,94,97,cb,fe,5c,\
"rkeysecu"=hex:6c,33,7b,3b,e2,25,e6,76,ff,a4,29,b1,81,c5,11,57
.
[HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001_Classes\CLSID\{A67BFBD3-7281-1A40-A20E-655A310E9BEF}]
@Denied: (A 4) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\windows\SysWOW64\schtasks.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2013-04-30 12:52:28 - machine was rebooted
ComboFix-quarantined-files.txt 2013-04-30 17:52
ComboFix2.txt 2013-04-28 02:56
ComboFix3.txt 2013-04-27 21:30
.
Pre-Run: 741,227,134,976 bytes free
Post-Run: 741,176,778,752 bytes free
.
- - End Of File - - D689CB8848F4071FD8544522CF772046
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
After I had already started the first scan, I remebered that I had killed the bit miner processes in task manager. I hope that didn't mess anything up.
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.3 (04.29.2013:2)
OS: Windows 7 Home Premium x64
Ran by Todd on Tue 04/30/2013 at 8:35:16.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Todd\appdata\local\wondershare"
Successfully deleted: [Folder] "C:\Program Files (x86)\wondershare"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\Wondershare"
Successfully deleted: [Empty Folder] C:\Users\Todd\appdata\local\{0F1B5F66-2547-466E-B68D-6ACB47A64D74}
Successfully deleted: [Empty Folder] C:\Users\Todd\appdata\local\{1E19EDE9-F7AD-45F4-865C-1DE28658AA8F}
Successfully deleted: [Empty Folder] C:\Users\Todd\appdata\local\{54D7C181-AE74-4DEC-9CD2-95683A7C7985}
Successfully deleted: [Empty Folder] C:\Users\Todd\appdata\local\{6BE50F3A-E25F-468D-BB0C-1639F5E87A55}
Successfully deleted: [Empty Folder] C:\Users\Todd\appdata\local\{7AFBEEB6-74CC-4D9F-97EC-252CB49894B7}
Successfully deleted: [Empty Folder] C:\Users\Todd\appdata\local\{AD92AF63-6D29-4D36-BE5D-E310716F6860}
Successfully deleted: [Empty Folder] C:\Users\Todd\appdata\local\{F18283AF-78C4-4F78-BEDD-92FA38E926DA}
Successfully deleted: [Empty Folder] C:\Users\Todd\appdata\local\{F4EA0823-DC7B-49A1-8D7D-9B08C5D7D9E8}
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 04/30/2013 at 8:49:29.85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-04-30 08:57:12
-----------------------------
08:57:12.957 OS Version: Windows x64 6.1.7601 Service Pack 1
08:57:12.957 Number of processors: 4 586 0x2502
08:57:12.957 ComputerName: TODD-PC UserName: Todd
08:57:14.861 Initialize success
08:58:06.445 AVAST engine defs: 13043000
08:58:10.657 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:58:10.657 Disk 0 Vendor: Hitachi_ ST6O Size: 953869MB BusType: 8
08:58:10.719 Disk 0 MBR read successfully
08:58:10.719 Disk 0 MBR scan
08:58:10.735 Disk 0 unknown MBR code
08:58:10.735 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
08:58:10.750 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 942525 MB offset 206848
08:58:10.797 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11242 MB offset 1930498048
08:58:10.844 Disk 0 scanning C:\Windows\system32\drivers
08:58:23.512 Service scanning
08:58:50.204 Modules scanning
08:58:50.204 Disk 0 trace - called modules:
08:58:50.219 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
08:58:50.235 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007adc060]
08:58:50.235 3 CLASSPNP.SYS[fffff88001ba343f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80077dc050]
08:58:52.091 AVAST engine scan C:\Windows
08:58:55.492 AVAST engine scan C:\Windows\system32
09:01:33.554 AVAST engine scan C:\Windows\system32\drivers
09:01:46.236 AVAST engine scan C:\Users\Todd
09:05:58.135 File: C:\Users\Todd\AppData\Roaming\Mining\coin-miner.exe **INFECTED** Win32:Malware-gen
09:12:25.579 File: C:\Users\Todd\Downloads\dds (1).com **INFECTED** Win32:Malware-gen
09:14:47.259 AVAST engine scan C:\ProgramData
09:16:20.563 Scan finished successfully
09:22:08.911 Disk 0 MBR has been saved successfully to "C:\Users\Todd\Desktop\Security\MBR.dat"
09:22:08.911 The log file has been saved successfully to "C:\Users\Todd\Desktop\Security\aswMBR.txt"
-
I've ran MBAR five times and restarted and it keeps finding one or two instances of the bitminer trojan. I don't know where the logfile for it is. Should I keep trying. I'm attaching the TDS logfile.
-
Malwarebytes Anti-Malware 1.75.0.1300
Database version: v2013.04.27.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Todd :: TODD-PC [administrator]
4/28/2013 9:52:16 AM
MBAM-log-2013-04-28 (09-56-18).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229748
Time elapsed: 3 minute(s), 5 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbam.exe (Security.Hijack) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamgui.exe (Security.Hijack) -> No action taken.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:19:22 PM, on 4/28/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\hp\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: rpeulaaql.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCF4865F-23B7-4460-81D4-294C88685033}: NameServer = 216.176.95.129,216.176.95.161
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - Unknown owner - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (file missing)
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12507 bytes
Chrome seems to be hanging up and I still can't access my AV program.
-
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.6)
Adobe Shockwave Player 11.5
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Software Update
ARMA 2
ARMA 2: Operation Arrowhead
ARMA 2: Operation Arrowhead Beta
Bandisoft MPEG-1 Decoder
BattlEye for OA Uninstall
Bing Bar
BufferChm
C410
CameraHelperMsi
Civilization IV Complete
Command & Conquer™ Red Alert™ 3
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
D3DX10
DayZ Commander
DC Universe Online
Destinations
DeviceDiscovery
DirectX for Managed Code Update (Summer 2004)
DocProc
DVD Menu Pack for HP MediaSmart Video
erLT
ESET Online Scanner v3
Fax
ffdshow [rev 2527] [2008-12-19]
Fraps
Game Capture HD v2.3.3.38
Garry's Mod
Global Agenda
Google Chrome
Google Drive
Google Talk Plugin
Google Update Helper
GPBaseService2
Hewlett-Packard ACLM.NET v1.2.1.1
HiJackThis
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP Photo Creations
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP Update
HPAppStudio
HPPhotoGadget
HPProductAssistant
HPSSupply
Hulu Desktop
Intel® Rapid Storage Technology
Internet TV for Windows Media Center
iSEEK AnswerWorks English Runtime
Java 7 Update 15
Java Auto Updater
Junk Mail filter update
LabelPrint
League of Legends
LG USB Modem driver
LightScribe System Software
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft Expression Encoder 4
Microsoft Expression Encoder 4 Screen Capture Codec
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 4.0
Microsoft® Winter Fun Pack 2004 for Windows® XP
MotoHelper 2.0.45 Driver 5.0.0
MotoHelper MergeModules
Movie Theme Pack for HP MediaSmart Video
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Manager
MyHeritage Family Tree Builder
Netflix in Windows Media Center
NVIDIA PhysX
OF Dragon Rising
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Localization Component
OpenOffice.org 3.2
Origin
PictureMover
Power2Go
PowerDirector
PS_AIO_07_C410_SW_Min
Quicken 2010
Quicken 2013
QuickTransfer
Realtek High Definition Audio Driver
Recovery Manager
Revo Uninstaller 1.94
RLPrintPlugin
ROBLOX Player for Todd
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Sid Meier's Civilization 4 - Beyond The Sword
Sid Meier's Civilization 4 - Colonization
Sid Meier's Civilization 4 - Warlords
Sid Meier's Civilization 4 Complete
SimCity 4 Deluxe
Six Updater
Skype Click to Call
Skype™ 6.3
SmartWebPrinting
SolutionCenter
SpeechRedist
Status
Steam
Terraria
The Sims Medieval
The Sims™ 3
The Sims™ 3 Pets
The Sims™ 3 Seasons
The Sims™ 3 Supernatural
Toolbox
TrayApp
Unified Remote
Unreal Tournament 3
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update Installer for WildTangent Games App
Verizon V CAST Media Manager
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
WebReg
WildTangent Games App (HP Games)
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 beta 2 (32-bit)
WolfQuest
XSplit
Zoo Tycoon 2 - Ultimate Collection
-
windows came up and said I had 2 corrupt files in my documents. Don't know if that was related.
ComboFix 13-04-27.04 - Todd 04/27/2013 21:48:00.5.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8119.6456 [GMT -5:00]
Running from: c:\users\Todd\Desktop\Security\ComboFix.exe
Command switches used :: c:\users\Todd\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rpeulaaql.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rpeulaaql.exe
c:\users\Todd\AppData\Roaming\Mining\coin-miner.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-03-28 to 2013-04-28 )))))))))))))))))))))))))))))))
.
.
2013-04-28 02:54 . 2013-04-28 02:54 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-04-28 02:54 . 2013-04-28 02:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-28 02:54 . 2013-04-28 02:54 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-04-28 02:45 . 2013-04-28 02:45 -------- d-----w- c:\users\Todd\AppData\Roaming\HPAppData
2013-04-27 14:11 . 2013-04-27 14:11 8794192 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2013-04-26 23:08 . 2013-04-28 02:54 -------- d-----w- c:\users\Todd\AppData\Roaming\Mining
2013-04-26 23:08 . 2013-04-28 02:54 598016 ---ha-r- c:\users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rpeulaaql.exe
2013-04-26 14:19 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4B9AF2ED-B91A-48C9-9A05-F01FCF5186AD}\mpengine.dll
2013-04-24 23:54 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-24 14:03 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-23 17:05 . 2013-04-23 17:05 905296 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{831F2B9E-59ED-4BC1-8E22-6C1CE8BB95AA}\gapaengine.dll
2013-04-19 14:23 . 2013-04-19 14:27 -------- d-----w- c:\program files (x86)\Quicken
2013-04-15 20:32 . 2013-04-15 20:32 6128760 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-04-13 20:13 . 2013-04-13 20:13 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-04-11 21:44 . 2013-04-11 21:44 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-04-11 21:44 . 2013-04-11 21:44 -------- d-----w- c:\program files\iTunes
2013-04-11 21:44 . 2013-04-11 21:44 -------- d-----w- c:\program files\iPod
2013-04-11 00:32 . 2013-04-11 00:32 33792 ----a-w- c:\windows\system32\drivers\hcw85cir3.sys
2013-04-11 00:32 . 2013-04-11 00:32 1907440 ----a-w- c:\windows\system32\drivers\HCW85BDA.sys
2013-04-11 00:32 . 2013-04-11 00:32 139776 ----a-w- c:\windows\system32\hcw85enc.ax
2013-04-11 00:32 . 2013-04-11 00:32 110592 ----a-w- c:\windows\system32\hcw85prop.ax
2013-04-10 14:29 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 14:29 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-04-10 14:29 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-10 14:29 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-04-10 14:29 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-04-10 14:29 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-04-06 14:14 . 2013-04-06 14:11 563328 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-04-06 14:11 . 2013-04-06 14:22 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2013-04-06 14:06 . 2013-04-06 14:07 -------- d-----w- c:\program files\Microsoft Office 15
2013-04-02 19:08 . 2012-05-29 20:53 27456 ----a-w- c:\windows\system32\drivers\cpqdfw.sys
2013-04-02 19:05 . 2013-04-02 19:05 -------- d-----w- c:\programdata\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2013-03-29 16:49 . 2013-04-09 20:47 -------- d-----w- c:\users\Todd\AppData\Roaming\ftblauncher
2013-03-29 03:44 . 2013-03-29 03:44 -------- d-----w- c:\users\Todd\AppData\Roaming\BANDISOFT
2013-03-29 03:44 . 2013-03-29 03:44 -------- d-----w- c:\program files (x86)\BandiMPEG1
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-25 14:41 . 2012-05-30 16:08 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-25 14:41 . 2011-05-27 15:58 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-11 08:01 . 2010-03-04 14:09 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-04 19:50 . 2011-03-24 01:03 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-02 10:34 . 2010-03-01 19:15 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-03-27 01:57 . 2013-03-27 01:57 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2013-03-01 00:00 . 2013-03-01 00:00 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-01 00:00 . 2012-06-05 18:11 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-01 00:00 . 2010-04-23 11:00 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-02-12 05:45 . 2013-03-14 00:35 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-14 00:35 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-14 00:35 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 05:45 . 2013-03-14 00:35 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 04:48 . 2013-03-14 00:35 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-14 00:35 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-25 23:32 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-06 12:42 . 2013-02-06 12:42 102936 ----a-w- c:\windows\system32\drivers\ssudbus.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-04-06 14:15 1722488 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-04-06 14:15 1722488 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-04-06 14:15 1722488 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-03-07 19357112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
c:\users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
rpeulaaql.exe [2013-4-27 598016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-04-15 3289208]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-02-06 102936]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-12-15 351392]
R3 LVUVC64;Logitech HD Pro Webcam C920(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-12-15 4862368]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-05 1255736]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-01-27 226624]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-03-15 1871032]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-12-15 450848]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2013-04-11 1907440]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-21 239616]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-30 14:41]
.
2013-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-08 15:31]
.
2013-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-08 15:31]
.
2013-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1413658493-208379941-2510509854-1001Core.job
- c:\users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-28 06:07]
.
2013-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1413658493-208379941-2510509854-1001UA.job
- c:\users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-28 06:07]
.
2013-04-25 c:\windows\Tasks\HPCeeScheduleForTodd.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-04-06 14:15 2324600 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-04-06 14:15 2324600 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-04-06 14:15 2324600 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-03-07 21:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-03-07 21:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-03-07 21:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-03-07 21:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-29 16335464]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-15 610360]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 97.64.168.12 97.64.183.165
TCP: Interfaces\{BCF4865F-23B7-4460-81D4-294C88685033}: NameServer = 216.176.95.129,216.176.95.161
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001\Software\SecuROM\License information*]
"datasecu"=hex:c3,2d,cd,b8,e7,d5,9c,24,0a,19,1b,21,57,3b,f8,22,fc,74,ef,ed,e0,
c9,07,90,88,e5,3e,9b,15,32,b9,a4,fa,05,26,03,f2,10,43,b3,26,94,97,cb,fe,5c,\
"rkeysecu"=hex:6c,33,7b,3b,e2,25,e6,76,ff,a4,29,b1,81,c5,11,57
.
[HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001_Classes\CLSID\{A67BFBD3-7281-1A40-A20E-655A310E9BEF}]
@Denied: (A 4) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-27 21:56:14
ComboFix-quarantined-files.txt 2013-04-28 02:56
ComboFix2.txt 2013-04-27 21:30
.
Pre-Run: 741,837,987,840 bytes free
Post-Run: 741,771,657,216 bytes free
.
- - End Of File - - 413F3C618579B53F06EBB94CF3996509
-
as a matter of fact, I seem to get the aforementioned registry error message when I try to run anything on my other computer.
-
couldn't disable my antivirus because I can't seem to access it. Hope that didn't mess up combofix. Also, I'm posting this from my laptop because the desktop won't let me on the internet at all now. When I try to start Chrome or IE, it says illegal operation attempted on a registry key that's marked for deletion.
ComboFix 13-04-27.04 - Todd 04/27/2013 16:17:35.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8119.6520 [GMT -5:00]
Running from: c:\users\Todd\Desktop\Security\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Todd\AppData\Local\Temp\_MEI35682\_ctypes.pyd
c:\users\Todd\AppData\Local\Temp\_MEI35682\_elementtree.pyd
c:\users\Todd\AppData\Local\Temp\_MEI35682\_hashlib.pyd
c:\users\Todd\AppData\Local\Temp\_MEI35682\_socket.pyd
c:\users\Todd\AppData\Local\Temp\_MEI35682\_ssl.pyd
c:\users\Todd\AppData\Local\Temp\_MEI35682\pyexpat.pyd
c:\users\Todd\AppData\Local\Temp\_MEI35682\pysqlite2._sqlite.pyd
c:\users\Todd\AppData\Local\Temp\_MEI35682\python27.dll
c:\users\Todd\AppData\Local\Temp\_MEI35682\pythoncom27.dll
c:\users\Todd\AppData\Local\Temp\_MEI35682\PyWinTypes27.dll
c:\users\Todd\AppData\Local\Temp\_MEI35682\select.pyd
c:\users\Todd\AppData\Local\Temp\_MEI35682\unicodedata.pyd
c:\users\Todd\AppData\Local\Temp\_MEI35682\win32api.pyd
c:\users\Todd\AppData\Local\Temp\_MEI35682\win32com.shell.shell.pyd
c:\users\Todd\AppData\Local\Temp\_MEI35682\win32crypt.pyd
c:\users\Todd\AppData\Local\Temp\_MEI35682\win32event.pyd
c:\users\Todd\AppData\Local\Temp\_MEI35682\win32file.pyd
c:\users\Todd\AppData\Local\Temp\_MEI35682\win32inet.pyd
c:\users\Todd\AppData\Local\Temp\_MEI35682\win32pdh.pyd
c:\users\Todd\AppData\Local\Temp\_MEI35682\win32process.pyd
c:\users\Todd\AppData\Local\Temp\_MEI35682\win32profile.pyd
c:\users\Todd\AppData\Local\Temp\_MEI35682\win32security.pyd
c:\users\Todd\AppData\Local\Temp\_MEI35682\win32ts.pyd
c:\users\Todd\AppData\Local\Temp\_MEI35682\windows._cacheinvalidation.pyd
c:\users\Todd\AppData\Local\Temp\_MEI35682\wx._controls_.pyd
c:\users\Todd\AppData\Local\Temp\_MEI35682\wx._core_.pyd
c:\users\Todd\AppData\Local\Temp\_MEI35682\wx._gdi_.pyd
c:\users\Todd\AppData\Local\Temp\_MEI35682\wx._html2.pyd
c:\users\Todd\AppData\Local\Temp\_MEI35682\wx._misc_.pyd
c:\users\Todd\AppData\Local\Temp\_MEI35682\wx._windows_.pyd
c:\users\Todd\AppData\Local\Temp\_MEI35682\wx._wizard.pyd
c:\users\Todd\AppData\Local\Temp\_MEI35682\wxbase294u_net_vc90.dll
c:\users\Todd\AppData\Local\Temp\_MEI35682\wxbase294u_vc90.dll
c:\users\Todd\AppData\Local\Temp\_MEI35682\wxmsw294u_adv_vc90.dll
c:\users\Todd\AppData\Local\Temp\_MEI35682\wxmsw294u_core_vc90.dll
c:\users\Todd\AppData\Local\Temp\_MEI35682\wxmsw294u_html_vc90.dll
c:\users\Todd\AppData\Local\Temp\_MEI35682\wxmsw294u_webview_vc90.dll
c:\users\Todd\AppData\Roaming\technic-launcher.jar
.
.
((((((((((((((((((((((((( Files Created from 2013-03-27 to 2013-04-27 )))))))))))))))))))))))))))))))
.
.
2013-04-27 20:29 . 2013-04-27 20:29 -------- d-----w- c:\users\Todd\AppData\Roaming\HPAppData
2013-04-27 14:11 . 2013-04-27 14:11 8794192 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2013-04-26 23:08 . 2013-04-27 15:42 -------- d-----w- c:\users\Todd\AppData\Roaming\Mining
2013-04-26 23:08 . 2013-04-26 23:08 598016 ----a-r- c:\users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rpeulaaql.exe
2013-04-26 14:19 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4B9AF2ED-B91A-48C9-9A05-F01FCF5186AD}\mpengine.dll
2013-04-24 23:54 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-24 14:03 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-23 17:05 . 2013-04-23 17:05 905296 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{831F2B9E-59ED-4BC1-8E22-6C1CE8BB95AA}\gapaengine.dll
2013-04-19 14:23 . 2013-04-19 14:27 -------- d-----w- c:\program files (x86)\Quicken
2013-04-15 20:32 . 2013-04-15 20:32 6128760 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-04-13 20:13 . 2013-04-13 20:13 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-04-11 21:44 . 2013-04-11 21:44 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-04-11 21:44 . 2013-04-11 21:44 -------- d-----w- c:\program files\iTunes
2013-04-11 21:44 . 2013-04-11 21:44 -------- d-----w- c:\program files\iPod
2013-04-11 00:32 . 2013-04-11 00:32 33792 ----a-w- c:\windows\system32\drivers\hcw85cir3.sys
2013-04-11 00:32 . 2013-04-11 00:32 1907440 ----a-w- c:\windows\system32\drivers\HCW85BDA.sys
2013-04-11 00:32 . 2013-04-11 00:32 139776 ----a-w- c:\windows\system32\hcw85enc.ax
2013-04-11 00:32 . 2013-04-11 00:32 110592 ----a-w- c:\windows\system32\hcw85prop.ax
2013-04-10 14:29 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 14:29 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-04-10 14:29 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-10 14:29 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-04-10 14:29 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-04-10 14:29 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-04-06 14:14 . 2013-04-06 14:11 563328 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-04-06 14:11 . 2013-04-06 14:22 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2013-04-06 14:06 . 2013-04-06 14:07 -------- d-----w- c:\program files\Microsoft Office 15
2013-04-02 19:08 . 2012-05-29 20:53 27456 ----a-w- c:\windows\system32\drivers\cpqdfw.sys
2013-04-02 19:05 . 2013-04-02 19:05 -------- d-----w- c:\programdata\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2013-03-29 16:49 . 2013-04-09 20:47 -------- d-----w- c:\users\Todd\AppData\Roaming\ftblauncher
2013-03-29 03:44 . 2013-03-29 03:44 -------- d-----w- c:\users\Todd\AppData\Roaming\BANDISOFT
2013-03-29 03:44 . 2013-03-29 03:44 -------- d-----w- c:\program files (x86)\BandiMPEG1
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-25 14:41 . 2012-05-30 16:08 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-25 14:41 . 2011-05-27 15:58 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-11 08:01 . 2010-03-04 14:09 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-04 19:50 . 2011-03-24 01:03 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-02 10:34 . 2010-03-01 19:15 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-03-27 01:57 . 2013-03-27 01:57 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2013-03-01 00:00 . 2013-03-01 00:00 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-01 00:00 . 2012-06-05 18:11 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-01 00:00 . 2010-04-23 11:00 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-02-12 05:45 . 2013-03-14 00:35 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-14 00:35 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-14 00:35 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 05:45 . 2013-03-14 00:35 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 04:48 . 2013-03-14 00:35 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-14 00:35 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-25 23:32 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-06 12:42 . 2013-02-06 12:42 102936 ----a-w- c:\windows\system32\drivers\ssudbus.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-04-06 14:15 1722488 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-04-06 14:15 1722488 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-04-06 14:15 1722488 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-03-07 19357112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
c:\users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
rpeulaaql.exe [2013-4-26 598016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-02-06 102936]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-12-15 351392]
R3 LVUVC64;Logitech HD Pro Webcam C920(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-12-15 4862368]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-05 1255736]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-01-27 226624]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-03-15 1871032]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-04-15 3289208]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-12-15 450848]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2013-04-11 1907440]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-21 239616]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-30 14:41]
.
2013-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-08 15:31]
.
2013-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-08 15:31]
.
2013-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1413658493-208379941-2510509854-1001Core.job
- c:\users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-28 06:07]
.
2013-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1413658493-208379941-2510509854-1001UA.job
- c:\users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-28 06:07]
.
2013-04-25 c:\windows\Tasks\HPCeeScheduleForTodd.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-04-06 14:15 2324600 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-04-06 14:15 2324600 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-04-06 14:15 2324600 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-03-07 21:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-03-07 21:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-03-07 21:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-03-07 21:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-29 16335464]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-15 610360]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 97.64.168.12 97.64.183.165
TCP: Interfaces\{BCF4865F-23B7-4460-81D4-294C88685033}: NameServer = 216.176.95.129,216.176.95.161
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001\Software\SecuROM\License information*]
"datasecu"=hex:c3,2d,cd,b8,e7,d5,9c,24,0a,19,1b,21,57,3b,f8,22,fc,74,ef,ed,e0,
c9,07,90,88,e5,3e,9b,15,32,b9,a4,fa,05,26,03,f2,10,43,b3,26,94,97,cb,fe,5c,\
"rkeysecu"=hex:6c,33,7b,3b,e2,25,e6,76,ff,a4,29,b1,81,c5,11,57
.
[HKEY_USERS\S-1-5-21-1413658493-208379941-2510509854-1001_Classes\CLSID\{A67BFBD3-7281-1A40-A20E-655A310E9BEF}]
@Denied: (A 4) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\windows\SysWOW64\schtasks.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2013-04-27 16:30:32 - machine was rebooted
ComboFix-quarantined-files.txt 2013-04-27 21:30
.
Pre-Run: 741,339,500,544 bytes free
Post-Run: 741,764,173,824 bytes free
.
- - End Of File - - 125210081163C3D93088E74F0759363D
chrome home page hijacked
in Resolved Malware Removal Logs
Posted
I think I solved the problem. Couldn't find away to delete my previous post.