spgilbert

i'm sorry, i had to be out of town for a bit, so i couldn't reply. i can't seem to find my installation disk anymore. i'll keep looking for it, but is there anything i can do if i can't find it?

i believe so. if i press F11 as it's booting, i can get to a 'HP Recovery Manager'. is that what you mean?

no problem at all thank you for taking so much time in helping me with this! ListParts by Farbar Version: 30-10-2012 Ran by Steve (administrator) on 15-11-2012 at 09:18:09 Windows 7 (X64) Running From: C:\Users\Steve\Desktop Language: 0409 ************************************************************ ========================= Memory info ====================== Percentage of memory in use: 57% Total physical RAM: 3071.24 MB Available physical RAM: 1302.52 MB Total Pagefile: 6140.63 MB Available Pagefile: 3871.38 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ======================= Partitions ========================= 1 Drive c: (OS) (Fixed) (Total:453.38 GB) (Free:65.05 GB) NTFS 2 Drive d: (HP_RECOVERY) (Fixed) (Total:12.26 GB) (Free:1.49 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 465 GB 0 B Disk 1 Online 465 GB 465 GB Disk 2 No Media 0 B 0 B Disk 3 No Media 0 B 0 B Disk 4 No Media 0 B 0 B Disk 5 No Media 0 B 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 453 GB 101 MB Partition 3 Primary 12 GB 453 GB Partition 4 Primary 10 MB 465 GB ====================================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 SYSTEM NTFS Partition 100 MB Healthy System (partition with boot components) ====================================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C OS NTFS Partition 453 GB Healthy Boot ====================================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 D HP_RECOVERY NTFS Partition 12 GB Healthy ====================================================================================================== Disk: 0 Partition 4 Type : 17 (Suspicious Type) Hidden: Yes Active: Yes There is no volume associated with this partition. ====================================================================================================== Partitions of Disk 1: =============== There are no partitions on this disk to show. ====================================================================================================== Disk: 1 Virtual Disk Service error: The disk is not initialized. ====================================================================================================== ****** End Of Log ******

ok....here it is now: RogueKiller V8.2.3 [11/07/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User : Steve [Admin rights] Mode : Remove -- Date : 11/14/2012 20:55:55 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 21 ¤¤¤ [TASK][sUSP PATH] {3F5FD27A-89FB-4680-B7FC-C677D12F6E78} : C:\Users\Steve\Desktop\tdsskiller.exe -> DELETED [TASK][sUSP PATH] {BAEC61D3-62D0-4221-A431-1AB30D5BC380} : C:\Users\Steve\Desktop\tdsskiller.exe -> DELETED [TASK][sUSP PATH] {C217AFCA-EA9B-44A0-B05E-283A34309D0F} : C:\Users\Steve\Desktop\tdsskiller.exe -> DELETED [TASK][sUSP PATH] {D22ADECE-5B7F-4784-926D-A54EE39BBFF5} : C:\Users\Steve\Desktop\aswMBR.exe -> DELETED [TASK][sUSP PATH] {D5D9B665-2232-4307-AD86-EF24F5DFA621} : C:\Users\Steve\Desktop\tdsskiller.exe -> DELETED [TASK][sUSP PATH] {F955C50D-68E8-4361-A0BE-F1C77003CA25} : C:\Users\Steve\Desktop\tdsskiller.exe -> DELETED [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1) [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : C:\Windows\Installer\{b0265c88-8170-a06a-db95-662ad7af3126}\@ --> REMOVED [ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{b0265c88-8170-a06a-db95-662ad7af3126}\U --> REMOVED [ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{b0265c88-8170-a06a-db95-662ad7af3126}\L --> REMOVED ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HDS721050CLA362 ATA Device +++++ --- User --- [MBR] c00723ecdd4b3411befc880fde02ee55 [bSP] 791924d3721538a0a9dee97eb2e1086d : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 464266 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 951023616 | Size: 12558 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] 993f0f94f60fb13f33b4b9eae723e94a [bSP] 791924d3721538a0a9dee97eb2e1086d : Windows Vista/7/8 MBR Code [possible maxSST in 3!] Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 464266 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 951023616 | Size: 12558 Mo 3 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 976744448 | Size: 10 Mo Finished : << RKreport[3]_D_11142012_02d2055.txt >> RKreport[1]_S_11142012_02d0934.txt ; RKreport[2]_S_11142012_02d2055.txt ; RKreport[3]_D_11142012_02d2055.txt

ugh.....this sounds like it's going to suck. but, i'm still game for trying to clean it. here's the report: RogueKiller V8.2.3 [11/07/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User : Steve [Admin rights] Mode : Scan -- Date : 11/14/2012 09:34:26 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 22 ¤¤¤ [TASK][sUSP PATH] {3F5FD27A-89FB-4680-B7FC-C677D12F6E78} : C:\Users\Steve\Desktop\tdsskiller.exe -> FOUND [TASK][sUSP PATH] {BAEC61D3-62D0-4221-A431-1AB30D5BC380} : C:\Users\Steve\Desktop\tdsskiller.exe -> FOUND [TASK][sUSP PATH] {C217AFCA-EA9B-44A0-B05E-283A34309D0F} : C:\Users\Steve\Desktop\tdsskiller.exe -> FOUND [TASK][sUSP PATH] {D22ADECE-5B7F-4784-926D-A54EE39BBFF5} : C:\Users\Steve\Desktop\aswMBR.exe -> FOUND [TASK][sUSP PATH] {D5D9B665-2232-4307-AD86-EF24F5DFA621} : C:\Users\Steve\Desktop\tdsskiller.exe -> FOUND [TASK][sUSP PATH] {F955C50D-68E8-4361-A0BE-F1C77003CA25} : C:\Users\Steve\Desktop\tdsskiller.exe -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : C:\Windows\Installer\{b0265c88-8170-a06a-db95-662ad7af3126}\@ --> FOUND [ZeroAccess][FOLDER] U : C:\Windows\Installer\{b0265c88-8170-a06a-db95-662ad7af3126}\U --> FOUND [ZeroAccess][FOLDER] L : C:\Windows\Installer\{b0265c88-8170-a06a-db95-662ad7af3126}\L --> FOUND ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HDS721050CLA362 ATA Device +++++ --- User --- [MBR] c00723ecdd4b3411befc880fde02ee55 [bSP] 791924d3721538a0a9dee97eb2e1086d : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 464266 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 951023616 | Size: 12558 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] 993f0f94f60fb13f33b4b9eae723e94a [bSP] 791924d3721538a0a9dee97eb2e1086d : Windows Vista/7/8 MBR Code [possible maxSST in 3!] Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 464266 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 951023616 | Size: 12558 Mo 3 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 976744448 | Size: 10 Mo Finished : << RKreport[1]_S_11142012_02d0934.txt >> RKreport[1]_S_11142012_02d0934.txt

I still don't have an 'extra' log, but i did notice that the 'extra registry' setting is set to 'none'. should that be a different setting?

it doesn't seem to have run an 'extras' one. i had a file on my desktop called 'extras.txt' from earlier though. that may have caused an issue? i'll try running it again and see if it gives me one.

here's the OTL one: OTL logfile created on: 11/13/2012 9:31:23 AM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Steve\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 57.29% Memory free 6.00 Gb Paging File | 4.13 Gb Available in Paging File | 68.82% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 453.38 Gb Total Space | 69.18 Gb Free Space | 15.26% Space Free | Partition Type: NTFS Drive D: | 12.26 Gb Total Space | 1.49 Gb Free Space | 12.14% Space Free | Partition Type: NTFS Computer Name: TARDIS | User Name: Steve | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Steve\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.) PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () ========== Services (SafeList) ========== SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (AffinegyService) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.) SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (CinemaNow Service) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.) SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation) SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation) DRV:64bit: - (WsAudio_DeviceS(5) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys (Wondershare) DRV:64bit: - (WsAudio_DeviceS(4) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys (Wondershare) DRV:64bit: - (WsAudio_DeviceS(3) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys (Wondershare) DRV:64bit: - (WsAudio_DeviceS(2) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys (Wondershare) DRV:64bit: - (WsAudio_DeviceS(1) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys (Wondershare) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (RTCore64) -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ASPI32) -- C:\Windows\SysWow64\drivers\aspi32.sys (Adaptec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {047B44FD-3D11-4F20-ADA0-2F508958A2A9} IE:64bit: - HKLM\..\SearchScopes\{047B44FD-3D11-4F20-ADA0-2F508958A2A9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{9AFC6BC5-7EC2-4A0B-A373-699333B8E8EA}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd IE:64bit: - HKLM\..\SearchScopes\{9C4CC4FE-C282-420E-ACDD-E63AEC58FAC1}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{BC7541EC-CC20-4FC0-813C-FD7F199285F6}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 IE - HKLM\..\SearchScopes,DefaultScope = {047B44FD-3D11-4F20-ADA0-2F508958A2A9} IE - HKLM\..\SearchScopes\{047B44FD-3D11-4F20-ADA0-2F508958A2A9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{9AFC6BC5-7EC2-4A0B-A373-699333B8E8EA}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd IE - HKLM\..\SearchScopes\{9C4CC4FE-C282-420E-ACDD-E63AEC58FAC1}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{BC7541EC-CC20-4FC0-813C-FD7F199285F6}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-429569334-657477215-3927073720-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 IE - HKU\S-1-5-21-429569334-657477215-3927073720-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-429569334-657477215-3927073720-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-429569334-657477215-3927073720-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-429569334-657477215-3927073720-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 IE - HKU\S-1-5-21-429569334-657477215-3927073720-1005\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPDSK/1 IE - HKU\S-1-5-21-429569334-657477215-3927073720-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 14:27:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/31 01:55:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/22 01:34:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/31 01:55:23 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/22 01:34:53 | 000,000,000 | ---D | M] [2011/01/17 23:18:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions [2012/11/06 20:28:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\55z2bnbv.default-1352250023313\extensions [2012/09/22 01:36:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/10/31 01:55:23 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010/10/06 20:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010/10/06 20:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2012/10/31 01:55:19 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/10/31 01:55:19 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2012/11/12 10:22:14 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey File not found O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe (AimerSoft) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [instaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKU\S-1-5-21-429569334-657477215-3927073720-1005..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe (Hewlett-Packard) O4 - HKU\S-1-5-21-429569334-657477215-3927073720-1005..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-429569334-657477215-3927073720-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-21-429569334-657477215-3927073720-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-429569334-657477215-3927073720-1001\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-21-429569334-657477215-3927073720-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-429569334-657477215-3927073720-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-429569334-657477215-3927073720-1005\Software\Policies\Microsoft\Internet Explorer\Recovery present O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-429569334-657477215-3927073720-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-429569334-657477215-3927073720-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-429569334-657477215-3927073720-1001\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-429569334-657477215-3927073720-1001\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab (Java Plug-in 1.5.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.16.0.cab (SysInfo Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95874F3A-0BE7-4B54-A226-1185D7716EB4}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/11/12 23:02:31 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/11/12 22:00:05 | 000,000,000 | ---D | C] -- C:\ComboFix [2012/11/12 21:52:43 | 005,000,679 | R--- | C] (Swearware) -- C:\Users\Steve\Desktop\ComboFix.exe [2012/11/10 17:51:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/11/10 17:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/11/10 17:39:24 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Steve\Desktop\mbam-setup-1.65.1.1000.exe [2012/11/10 17:38:34 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Steve\Desktop\tdsskiller.exe [2012/11/09 22:10:43 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\va - straight outta boone county (bloodshot records) [2012/11/09 12:34:03 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\live at the double door (disk 2) [2012/11/09 12:14:11 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\robbie fulks - 2001 - 13 hillbilly giants [2012/11/09 11:41:55 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\live at the double door (disc 1) [2012/11/09 11:37:05 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\robbie fulks - 2001 - couples in trouble [2012/11/09 11:10:33 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\robbie fulks - country isn't pretty [2012/11/09 11:09:11 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\va - bloodied but unbowed -- the soundtrack (bloodshot records, 2006) [2012/11/09 11:01:40 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\down by the old mainstream [2012/11/09 10:48:48 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\robbie fulks-south mouth-1997 [2012/11/09 10:30:28 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\for a decade of sin_ 11 years of bloodshot records (disc 2) [2012/11/09 10:30:25 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\for a decade of sin -11 years of bloodshot records (disc 1) [2012/11/09 10:30:17 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\v.a. - bloodshot records - the bottle let me down [2012/11/09 10:29:57 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\va - insurgent country vol 1. for a life of sin [2012/11/09 10:29:50 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\va ~ bloodshot records [2012/11/09 10:29:20 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\va- down to the promised land- five years of bloodshot records_(2000) [2012/11/09 10:28:13 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\robbie fulks - happy (plays music of michael jackson) 2010 [2012/11/09 10:26:56 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\robbie fulks - revenge [2012/11/09 10:26:35 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\robbie fulks - the very best of 1999 [2012/11/09 10:25:48 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\robbie fulks - 1998 - let's kill saturday night [2012/11/08 09:31:43 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Steve\Desktop\aswMBR.exe [2012/11/08 09:29:26 | 000,688,901 | R--- | C] (Swearware) -- C:\Users\Steve\Desktop\dds.scr [2012/11/07 10:00:58 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\cYo [2012/11/07 10:00:58 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\cYo [2012/11/06 20:00:30 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\Old Firefox Data [2012/11/06 10:09:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ComicRack [2012/11/06 09:52:46 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\ryan miller - [2012] safety not guaranteed [2012/11/06 09:49:26 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\ray lamontagne - [2010] god willin' & the creek don't rise [2012/11/06 09:49:16 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\one lonesome saddle [2012/11/06 09:48:40 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\gossip in the grain [2012/11/06 09:48:10 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\till the sun turns black [2012/11/06 09:20:19 | 000,000,000 | ---D | C] -- C:\Users\Steve\Adobe Creative Suite 2 [2012/11/06 09:20:08 | 000,000,000 | ---D | C] -- C:\Users\Steve\Adobe Stock Photos [2012/11/06 09:18:25 | 000,000,000 | ---D | C] -- C:\Users\Steve\Adobe Photoshop CS2 [2012/11/06 09:18:10 | 000,000,000 | ---D | C] -- C:\Users\Steve\Adobe Help Center [2012/11/06 09:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe [2012/11/06 09:17:19 | 000,000,000 | ---D | C] -- C:\Users\Steve\Adobe Bridge [2012/11/05 20:41:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/11/05 20:41:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/11/05 20:41:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/11/05 20:36:13 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/11/05 20:34:45 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/11/04 23:47:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client [2012/11/04 23:47:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2012/11/04 21:30:56 | 000,000,000 | ---D | C] -- C:\_OTL [2012/11/04 18:45:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe [2012/11/04 15:18:53 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Macromedia [2012/11/04 14:48:55 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Malwarebytes [2012/11/04 14:48:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/11/04 14:48:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/11/04 14:18:43 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Steve\Desktop\tdsskiller.com [2012/11/04 10:56:44 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA% [2012/11/04 10:49:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012/10/25 23:42:24 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\titus andronicus [us 2012] local business [2012/10/25 22:32:07 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\tenacious d - rize of the fenix (2012) (usa comedy rock acoustic rock hard rock) released - may 2012 [2012/10/25 21:16:42 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\doug stanhope - before turning the gun on himself... [2012] [2012/10/25 21:16:30 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\the prophet [2012/10/25 21:15:32 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\louis ck beacon theatre [2012/10/25 21:12:27 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\failed states [deluxe] 320 [2012/10/24 03:08:13 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\marty robbins - adios amigo (1977) [2012/10/24 03:06:14 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\dance with them that brung me [2012/10/24 02:09:44 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\stacey earle - dancin' with them that brung me [2012/10/24 01:32:57 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\disc 1 [2012/10/24 01:03:19 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\townes van zandt - 1987 - at my window [2012/10/24 01:02:45 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\simple gearle [2012/10/24 00:57:26 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\va - country drinking songs [2012/10/24 00:54:45 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\disc 2 [2012/10/24 00:48:14 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\texas rain(with willie nelson, emmylou harris, doug sahm&freddy fender)(2001) [2012/10/24 00:43:30 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\townes van zandt - 1997 - rear view mirror (live) [2012/10/24 00:37:55 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\in the beginning [2012/10/24 00:33:24 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\various artists - 2012 - scott kelly, steve von till, wino - songs of townes van zandt [2012/10/24 00:31:45 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\townes van zandt, guy clark & robert earl keen - 8-29-90 [2012/10/24 00:31:36 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\1991-& guy clark robert earl keen - 1991-09-15 strawberry festival camp mather ca [2012/10/24 00:28:19 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\stacey earle and mark stuart - dedication 2012 [2012/10/22 22:13:04 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\New Cd [2012/10/17 19:52:20 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\{296CED92-D45F-477A-BC04-A0B8711F26C2} [2012/10/16 09:22:41 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\the executioner's last songs, vol. 3 [2012/10/16 08:59:05 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\the executioner's last songs, vol. 1 [2012/10/16 07:21:25 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\country love songs [2012/10/15 23:15:30 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\journey to the end of the night [2012/10/15 23:13:31 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\the mekons - fear and whiskey [2012/10/15 23:11:26 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\the executioner's last songs, vol. 2 [2012/10/15 23:10:26 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\georgia hard [2012/10/15 23:06:18 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\ace cd 893 - swingbillies - hillbilly and western swing [2012/10/15 23:04:58 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\david allan coe - the mysterious rhinestone cowboy & once upon a rhyme [2012/10/15 22:24:17 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\(1973) live at the old quarter (houston, texas) (2 of 2) [2012/10/15 22:23:31 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\merle travis-folk songs of the hills [2012/10/15 22:22:59 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\guitar rags and a too fast past volume 3 [2012/10/15 22:14:32 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\mojo hand [2012/10/15 22:08:51 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\lightnin' hopkins - mojo hand · the lightnin' hopkins anthology (1993 anthology) [2012/10/15 22:07:50 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\(1973) live at the old quarter (houston, texas) (1 of 2) [2012/10/15 00:46:20 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\[1984] forever young [2012/04/14 18:08:40 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Steve\AppData\Roaming\pcouffin.sys [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== File not found -- C:\Windows\SysNative\ [2012/11/13 09:23:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/11/13 09:01:01 | 000,000,256 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job [2012/11/13 00:48:07 | 000,794,236 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/11/13 00:48:07 | 000,669,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/11/13 00:48:07 | 000,125,764 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/11/12 22:05:53 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/12 22:05:53 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/12 21:52:58 | 005,000,679 | R--- | M] (Swearware) -- C:\Users\Steve\Desktop\ComboFix.exe [2012/11/12 21:50:04 | 000,001,944 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5510 series.lnk [2012/11/12 21:49:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/11/12 21:49:34 | 2415,321,088 | -HS- | M] () -- C:\hiberfil.sys [2012/11/12 10:22:14 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/11/10 17:39:29 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Steve\Desktop\mbam-setup-1.65.1.1000.exe [2012/11/09 10:07:26 | 000,413,248 | ---- | M] () -- C:\Users\Steve\Desktop\screenshot.jpg [2012/11/08 19:28:01 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Steve\Desktop\tdsskiller.exe [2012/11/08 09:31:44 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Steve\Desktop\aswMBR.exe [2012/11/08 09:29:40 | 000,688,901 | R--- | M] (Swearware) -- C:\Users\Steve\Desktop\dds.scr [2012/11/06 21:25:27 | 000,614,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/11/06 20:00:46 | 000,002,046 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012/11/06 10:09:41 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\ComicRack.lnk [2012/11/06 09:36:45 | 011,445,902 | ---- | M] () -- C:\Users\Steve\Desktop\Caesar2012.pdf [2012/11/06 09:33:11 | 011,862,300 | ---- | M] () -- C:\Users\Steve\Desktop\Owlery.pdf [2012/11/06 09:17:51 | 000,001,293 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2012/11/05 00:08:42 | 000,007,609 | ---- | M] () -- C:\Users\Steve\AppData\Local\Resmon.ResmonCfg [2012/11/04 23:48:24 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif [2012/11/04 23:31:13 | 000,134,765 | ---- | M] () -- C:\Users\Steve\Desktop\Owlery 1.jpg [2012/11/04 22:37:28 | 000,023,208 | ---- | M] () -- C:\Users\Steve\Desktop\ray lamontagne sounding thing.mp3.sfk [2012/11/04 22:37:11 | 002,150,298 | ---- | M] () -- C:\Users\Steve\Desktop\ray lamontagne sounding thing.mp3 [2012/11/04 18:45:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe [2012/11/04 15:08:38 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Steve\Desktop\tdsskiller.com [2012/11/04 11:00:51 | 000,000,168 | ---- | M] () -- C:\ProgramData\-TgaFFPAGkWj3twr [2012/11/04 11:00:51 | 000,000,168 | ---- | M] () -- C:\ProgramData\-TgaFFPAGkWj3tw [2012/11/04 11:00:50 | 000,000,679 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Restore.lnk [2012/11/04 11:00:50 | 000,000,655 | ---- | M] () -- C:\Users\Steve\Desktop\File_Restore.lnk [2012/11/04 10:48:39 | 000,032,325 | ---- | M] () -- C:\Users\Steve\Desktop\the-gingerbread-house.zip [2012/10/30 01:01:39 | 000,122,560 | ---- | M] () -- C:\Users\Steve\Desktop\COVER PHOTO.jpg [2012/10/30 00:35:07 | 000,122,461 | ---- | M] () -- C:\Users\Steve\Desktop\LastInLine2.jpg [2012/10/30 00:27:34 | 000,226,624 | ---- | M] () -- C:\Users\Steve\Desktop\LASTINLINE.jpg [2012/10/30 00:23:46 | 000,236,996 | ---- | M] () -- C:\Users\Steve\Desktop\Bleeding Cover copy.jpg [2012/10/30 00:23:17 | 003,233,763 | ---- | M] () -- C:\Users\Steve\Desktop\Bleeding Cover.psd [2012/10/24 08:21:32 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSteve.job [2012/10/17 20:07:25 | 160,954,751 | ---- | M] () -- C:\Users\Steve\Desktop\Talkin Debate Blues.wmv [2012/10/17 19:59:09 | 000,006,656 | ---- | M] () -- C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/10/15 23:09:48 | 002,514,944 | ---- | M] () -- C:\Users\Steve\Desktop\19 - How Come You Do Me Like You Do - The Range Riders.mp3 [2012/10/14 22:33:08 | 009,708,254 | ---- | M] () -- C:\Users\Steve\The Fire.mp3 [2012/10/14 22:33:02 | 007,676,972 | ---- | M] () -- C:\Users\Steve\Settle Down Blues.mp3 [2012/10/14 22:32:58 | 007,993,576 | ---- | M] () -- C:\Users\Steve\Love Song.mp3 [2012/10/14 22:32:52 | 015,058,132 | ---- | M] () -- C:\Users\Steve\John Brown.mp3 [2012/10/14 22:32:44 | 010,346,687 | ---- | M] () -- C:\Users\Steve\I'm A Killer.mp3 [2012/10/14 22:32:38 | 009,238,050 | ---- | M] () -- C:\Users\Steve\Gas City.mp3 [2012/10/14 22:32:34 | 011,772,972 | ---- | M] () -- C:\Users\Steve\Death.mp3 [2012/10/14 22:32:26 | 009,847,225 | ---- | M] () -- C:\Users\Steve\Ashes.mp3 [2012/10/14 22:32:20 | 008,593,348 | ---- | M] () -- C:\Users\Steve\American Radio.mp3 [2012/10/14 22:32:16 | 009,975,748 | ---- | M] () -- C:\Users\Steve\West.mp3 [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== File not found -- C:\Windows\SysNative\ [2012/11/09 10:07:25 | 000,413,248 | ---- | C] () -- C:\Users\Steve\Desktop\screenshot.jpg [2012/11/06 10:09:41 | 000,000,842 | ---- | C] () -- C:\Users\Public\Desktop\ComicRack.lnk [2012/11/06 09:36:40 | 011,445,902 | ---- | C] () -- C:\Users\Steve\Desktop\Caesar2012.pdf [2012/11/06 09:33:09 | 011,862,300 | ---- | C] () -- C:\Users\Steve\Desktop\Owlery.pdf [2012/11/06 09:19:04 | 000,002,011 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk [2012/11/06 09:19:04 | 000,002,008 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk [2012/11/06 09:18:12 | 000,001,979 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk [2012/11/06 09:17:51 | 000,001,293 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2012/11/06 09:17:31 | 000,001,961 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk [2012/11/05 20:41:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/11/05 20:41:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/11/05 20:41:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/11/05 20:41:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/11/05 20:41:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/11/04 23:48:24 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif [2012/11/04 23:48:09 | 000,002,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2012/11/04 23:31:11 | 000,134,765 | ---- | C] () -- C:\Users\Steve\Desktop\Owlery 1.jpg [2012/11/04 22:37:11 | 000,023,208 | ---- | C] () -- C:\Users\Steve\Desktop\ray lamontagne sounding thing.mp3.sfk [2012/11/04 22:37:10 | 002,150,298 | ---- | C] () -- C:\Users\Steve\Desktop\ray lamontagne sounding thing.mp3 [2012/11/04 11:00:51 | 000,000,168 | ---- | C] () -- C:\ProgramData\-TgaFFPAGkWj3twr [2012/11/04 11:00:51 | 000,000,168 | ---- | C] () -- C:\ProgramData\-TgaFFPAGkWj3tw [2012/11/04 11:00:50 | 000,000,679 | ---- | C] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Restore.lnk [2012/11/04 11:00:50 | 000,000,655 | ---- | C] () -- C:\Users\Steve\Desktop\File_Restore.lnk [2012/11/04 10:49:35 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/11/04 10:48:34 | 000,032,325 | ---- | C] () -- C:\Users\Steve\Desktop\the-gingerbread-house.zip [2012/10/30 01:01:38 | 000,122,560 | ---- | C] () -- C:\Users\Steve\Desktop\COVER PHOTO.jpg [2012/10/30 00:33:06 | 000,122,461 | ---- | C] () -- C:\Users\Steve\Desktop\LastInLine2.jpg [2012/10/30 00:27:33 | 000,226,624 | ---- | C] () -- C:\Users\Steve\Desktop\LASTINLINE.jpg [2012/10/30 00:23:45 | 000,236,996 | ---- | C] () -- C:\Users\Steve\Desktop\Bleeding Cover copy.jpg [2012/10/30 00:23:15 | 003,233,763 | ---- | C] () -- C:\Users\Steve\Desktop\Bleeding Cover.psd [2012/10/23 22:22:10 | 000,007,609 | ---- | C] () -- C:\Users\Steve\AppData\Local\Resmon.ResmonCfg [2012/10/18 18:20:05 | 009,847,225 | ---- | C] () -- C:\Users\Steve\Ashes.mp3 [2012/10/18 18:20:05 | 008,593,348 | ---- | C] () -- C:\Users\Steve\American Radio.mp3 [2012/10/18 18:20:04 | 009,975,748 | ---- | C] () -- C:\Users\Steve\West.mp3 [2012/10/18 18:20:03 | 009,708,254 | ---- | C] () -- C:\Users\Steve\The Fire.mp3 [2012/10/18 18:20:03 | 007,676,972 | ---- | C] () -- C:\Users\Steve\Settle Down Blues.mp3 [2012/10/18 18:20:02 | 015,058,132 | ---- | C] () -- C:\Users\Steve\John Brown.mp3 [2012/10/18 18:20:02 | 007,993,576 | ---- | C] () -- C:\Users\Steve\Love Song.mp3 [2012/10/18 18:20:01 | 010,346,687 | ---- | C] () -- C:\Users\Steve\I'm A Killer.mp3 [2012/10/18 18:20:00 | 011,772,972 | ---- | C] () -- C:\Users\Steve\Death.mp3 [2012/10/18 18:20:00 | 009,238,050 | ---- | C] () -- C:\Users\Steve\Gas City.mp3 [2012/10/17 20:04:31 | 160,954,751 | ---- | C] () -- C:\Users\Steve\Desktop\Talkin Debate Blues.wmv [2012/10/15 23:08:45 | 002,514,944 | ---- | C] () -- C:\Users\Steve\Desktop\19 - How Come You Do Me Like You Do - The Range Riders.mp3 [2012/06/30 15:20:11 | 000,000,093 | ---- | C] () -- C:\Users\Steve\AppData\Local\fusioncache.dat [2012/04/14 18:08:40 | 000,007,859 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\pcouffin.cat [2012/04/14 18:08:40 | 000,001,167 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\pcouffin.inf [2012/02/24 20:38:02 | 000,105,866 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\icarus-dxdiag.xml [2012/02/14 21:24:52 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2011/12/23 01:22:05 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2011/12/04 22:01:06 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\WS_ATLMovie.dll [2011/12/01 00:58:38 | 000,006,656 | ---- | C] () -- C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011/08/03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011/04/13 07:26:23 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2011/04/13 07:07:36 | 000,157,696 | ---- | C] () -- C:\Windows\SysWow64\OggEnc.exe [2011/04/13 07:07:36 | 000,145,408 | ---- | C] () -- C:\Windows\SysWow64\Lame.exe [2011/04/13 07:07:36 | 000,076,800 | ---- | C] () -- C:\Windows\SysWow64\Faac.exe [2011/03/19 19:16:38 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2011/02/15 08:13:53 | 006,814,952 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe [2011/02/15 08:13:53 | 000,017,772 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat [2011/02/03 02:08:23 | 000,000,543 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\AutoGK.ini [2011/02/03 02:00:30 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll [2011/01/22 10:49:07 | 000,787,960 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/01/01 11:12:49 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe [2010/12/27 23:16:47 | 000,280,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010/12/27 23:16:45 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2010/12/27 23:16:45 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010/12/08 22:53:47 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2010/12/08 22:53:47 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2010/12/08 22:53:47 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2010/12/08 22:53:47 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2010/12/08 22:53:47 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin ========== ZeroAccess Check ========== [2011/11/17 02:14:10 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{b0265c88-8170-a06a-db95-662ad7af3126}\@ [2011/11/17 02:14:10 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{b0265c88-8170-a06a-db95-662ad7af3126}\L [2012/11/06 21:21:58 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{b0265c88-8170-a06a-db95-662ad7af3126}\U [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011/05/04 20:16:56 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Amazon [2011/03/26 09:13:38 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Atlus [2011/07/06 18:12:05 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\AtomZombieData [2011/07/28 21:02:19 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Audacity [2011/12/26 20:16:40 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Beat Hazard [2012/11/12 09:21:05 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\BitTorrent [2010/12/28 02:02:01 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Broken Rules [2011/02/02 08:27:54 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\calibre [2012/09/30 16:15:49 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\ChaosPro 4.0 [2011/06/06 21:46:28 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Crayon Physics Deluxe [2012/11/07 10:00:58 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\cYo [2012/03/28 22:45:33 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Digiarty [2012/05/08 20:19:30 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Fopeu [2011/04/13 07:26:25 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\FreeAudioPack [2011/11/21 09:35:45 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\HandBrake [2012/01/05 22:00:01 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\ImgBurn [2012/05/10 01:28:53 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\NationRed [2010/12/25 20:22:06 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\PictureMover [2012/07/30 00:54:04 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Polynomial [2011/02/26 01:13:33 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Publish Providers [2011/01/31 08:22:08 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\SanDisk [2012/09/21 20:33:10 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\SoftGrid Client [2011/07/31 23:05:14 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Sony [2011/07/08 23:30:18 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\System [2011/08/23 23:14:24 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\SystemRequirementsLab [2011/01/28 08:41:54 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\TP [2012/06/24 17:32:16 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Ubisoft [2012/11/05 20:02:53 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Udlyny [2012/04/14 18:08:41 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Vso [2010/12/26 00:47:55 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\WildTangent [2010/12/26 10:13:03 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\WinBatch [2011/09/10 16:52:01 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Windows Live Writer [2011/07/09 09:55:46 | 000,000,000 | -HSD | M] -- C:\Users\Steve\AppData\Roaming\wyUpdate AU [2011/07/04 19:41:38 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\ZombieDriver ========== Purity Check ========== ========== Custom Scans ========== < MD5 for: EXPLORER.EXE > [2010/12/08 22:43:16 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe [2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\erdnt\cache86\explorer.exe [2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe [2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2010/12/08 22:45:01 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010/12/08 22:43:16 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe [2010/12/08 22:41:52 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010/12/08 22:45:01 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2010/12/08 22:41:52 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010/12/08 22:45:01 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2010/12/08 22:41:52 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2010/12/08 22:45:01 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2010/12/08 22:43:16 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe [2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2010/12/08 22:41:52 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe [2010/12/08 22:43:16 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe < MD5 for: SVCHOST.EXE > [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe [2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe < MD5 for: USERINIT.EXE > [2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\erdnt\cache86\userinit.exe [2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\erdnt\cache64\userinit.exe [2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WINLOGON.EXE > [2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010/12/08 22:45:01 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2010/12/08 22:45:01 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\erdnt\cache64\winlogon.exe [2010/12/08 22:45:01 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2010/12/08 22:45:01 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < > [2009/07/14 00:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009/07/14 00:08:49 | 000,032,626 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012/02/14 21:37:04 | 000,000,256 | ---- | C] () -- C:\Windows\Tasks\HP Photo Creations Messager.job [2012/03/18 11:23:09 | 000,000,332 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForSteve.job [2012/11/04 10:49:35 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job ========== Alternate Data Streams ========== @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:A1063995 < End of report >

here it is after running the newest version. ComboFix 12-11-12.03 - Steve 11/12/2012 22:06:27.3.2 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3071.1909 [GMT -5:00] Running from: c:\users\Steve\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-10-13 to 2012-11-13 ))))))))))))))))))))))))))))))) . . 2012-11-13 03:42 . 2012-11-13 03:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-11-13 03:42 . 2012-11-13 03:42 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-13 03:02 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BC18FB47-BA93-4257-BEB6-94683C0E55C4}\mpengine.dll 2012-11-11 22:59 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-11-10 22:41 . 2012-11-10 22:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-11-07 15:00 . 2012-11-07 15:00 -------- d-----w- c:\users\Steve\AppData\Roaming\cYo 2012-11-07 15:00 . 2012-11-07 15:00 -------- d-----w- c:\users\Steve\AppData\Local\cYo 2012-11-07 02:31 . 2012-11-07 02:30 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F44A9B0-53FD-4AA0-957C-EF132C76726C}\gapaengine.dll 2012-11-06 14:20 . 2012-11-06 14:20 -------- d-----w- c:\users\Steve\Adobe Creative Suite 2 2012-11-06 14:20 . 2012-11-06 14:20 -------- d-----w- c:\users\Steve\Adobe Stock Photos 2012-11-06 14:18 . 2012-11-06 14:19 -------- d-----w- c:\users\Steve\Adobe Photoshop CS2 2012-11-06 14:18 . 2012-11-06 14:18 -------- d-----w- c:\users\Steve\Adobe Help Center 2012-11-06 14:17 . 2012-11-06 14:20 -------- d-----w- c:\users\Steve\Adobe Bridge 2012-11-05 04:47 . 2012-11-05 04:47 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2012-11-05 04:47 . 2012-11-05 04:48 -------- d-----w- c:\program files\Microsoft Security Client 2012-11-05 04:46 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys 2012-11-05 02:30 . 2012-11-05 02:30 -------- d-----w- C:\_OTL 2012-11-04 20:18 . 2012-11-04 20:18 -------- d-----w- c:\users\Steve\AppData\Local\Macromedia 2012-11-04 19:48 . 2012-11-04 19:48 -------- d-----w- c:\users\Steve\AppData\Roaming\Malwarebytes 2012-11-04 19:48 . 2012-11-04 19:48 -------- d-----w- c:\programdata\Malwarebytes 2012-11-04 19:48 . 2012-11-10 22:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-11-04 16:23 . 2012-11-04 17:23 10220472 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-11-04 15:56 . 2012-11-04 15:56 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-11-04 15:49 . 2012-11-04 17:23 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-11-04 15:49 . 2012-11-04 15:49 -------- d-----w- c:\windows\system32\Macromed 2012-11-02 06:51 . 2012-10-12 07:19 9291768 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4616AB25-DC42-4818-BD4F-1344397CD6C7}\mpengine.dll 2012-10-31 06:55 . 2012-10-31 06:55 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll 2012-10-31 06:55 . 2012-10-31 06:55 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll 2012-10-31 06:55 . 2012-10-31 06:55 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-06 06:02 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe 2012-11-04 17:23 . 2011-11-05 13:56 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-10 07:04 . 2011-01-19 13:22 65309168 ----a-w- c:\windows\system32\MRT.exe 2012-09-21 08:38 . 2011-06-23 03:57 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-09-21 08:37 . 2011-06-23 03:57 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-09-19 09:31 . 2011-06-23 03:57 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-09-14 19:23 . 2012-10-10 02:11 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:30 . 2012-10-10 02:11 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-08-31 18:02 . 2012-10-10 02:11 1656688 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-31 08:29 . 2011-07-28 11:02 4278384 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2012-08-31 08:28 . 2011-07-28 11:01 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2012-08-31 03:03 . 2012-08-31 03:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-08-31 03:03 . 2012-08-31 03:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-08-30 18:11 . 2012-10-10 02:11 5505904 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:18 . 2012-10-10 02:11 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:18 . 2012-10-10 02:11 3902832 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-08-24 18:05 . 2012-10-10 02:11 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-08-24 18:05 . 2012-09-22 10:31 1197568 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 18:05 . 2012-09-22 10:31 1501696 ----a-w- c:\windows\system32\urlmon.dll 2012-08-24 18:05 . 2012-09-22 10:31 134144 ----a-w- c:\windows\system32\url.dll 2012-08-24 18:03 . 2012-09-22 10:31 1026560 ----a-w- c:\windows\system32\mstime.dll 2012-08-24 18:02 . 2012-09-22 10:31 9375744 ----a-w- c:\windows\system32\mshtml.dll 2012-08-24 18:02 . 2012-09-22 10:31 97792 ----a-w- c:\windows\system32\mshtmled.dll 2012-08-24 18:02 . 2012-09-22 10:31 736256 ----a-w- c:\windows\system32\msfeeds.dll 2012-08-24 18:02 . 2012-09-22 10:31 82944 ----a-w- c:\windows\system32\msfeedsbs.dll 2012-08-24 18:02 . 2012-09-22 10:31 57856 ----a-w- c:\windows\system32\licmgr10.dll 2012-08-24 18:02 . 2012-09-22 10:31 64512 ----a-w- c:\windows\system32\jsproxy.dll 2012-08-24 18:01 . 2012-09-22 10:31 247808 ----a-w- c:\windows\system32\ieui.dll 2012-08-24 18:01 . 2012-09-22 10:31 2458624 ----a-w- c:\windows\system32\iertutil.dll 2012-08-24 18:01 . 2012-09-22 10:31 12404736 ----a-w- c:\windows\system32\ieframe.dll 2012-08-24 18:01 . 2012-09-22 10:31 256000 ----a-w- c:\windows\system32\iepeers.dll 2012-08-24 18:01 . 2012-09-22 10:31 445952 ----a-w- c:\windows\system32\iedkcs32.dll 2012-08-24 17:59 . 2012-09-22 10:31 12288 ----a-w- c:\windows\system32\msfeedssync.exe 2012-08-24 17:10 . 2012-10-10 02:11 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-08-24 17:10 . 2012-09-22 10:31 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2012-08-24 17:08 . 2012-09-22 10:31 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll 2012-08-24 16:45 . 2012-09-22 10:31 482816 ----a-w- c:\windows\system32\html.iec 2012-08-24 16:02 . 2012-09-22 10:31 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-24 16:01 . 2012-09-22 10:31 386048 ----a-w- c:\windows\SysWow64\html.iec 2012-08-24 15:27 . 2012-09-22 10:31 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-08-18 15:43 . 2012-10-10 02:11 362496 ----a-w- c:\windows\system32\wow64win.dll 2012-08-18 15:43 . 2012-10-10 02:11 243200 ----a-w- c:\windows\system32\wow64.dll 2012-08-18 15:43 . 2012-10-10 02:11 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2012-08-18 15:42 . 2012-10-10 02:11 215040 ----a-w- c:\windows\system32\winsrv.dll 2012-08-18 15:40 . 2012-10-10 02:11 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2012-08-18 15:37 . 2012-10-10 02:11 425984 ----a-w- c:\windows\system32\KernelBase.dll 2012-08-18 15:37 . 2012-10-10 02:11 1162240 ----a-w- c:\windows\system32\kernel32.dll 2012-08-18 15:34 . 2012-10-10 02:11 338432 ----a-w- c:\windows\system32\conhost.exe 2012-08-18 15:22 . 2012-10-10 02:11 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2012-08-18 11:22 . 2012-10-10 02:11 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2012-08-18 11:19 . 2012-10-10 02:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-08-18 11:19 . 2012-10-10 02:11 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2012-08-18 11:17 . 2012-10-10 02:11 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2012-08-18 11:17 . 2012-10-10 02:11 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll 2012-08-18 11:09 . 2012-10-10 02:11 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 02:11 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-05-27 2015136] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208] "Aimersoft Helper Compact.exe"="c:\program files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe" [2012-02-20 1666560] . c:\users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Monitor Ink Alerts - HP Photosmart 5510 series.lnk - c:\windows\system32\RunDll32.exe [2009-7-13 45568] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "PDF Complete"=c:\program files (x86)\PDF Complete\pdfsty.exe . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560] R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [x] R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-01-07 51584] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896] R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-27 1255736] R4 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-06-13 400368] R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496] S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-01-07 45408] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-12-24 29288] S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-12-24 29288] S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-12-24 29288] S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-12-24 29288] S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-12-24 29288] . . Contents of the 'Scheduled Tasks' folder . 2012-11-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-04 17:23] . 2012-11-13 c:\windows\Tasks\HP Photo Creations Messager.job - c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11] . 2012-10-24 c:\windows\Tasks\HPCeeScheduleForSteve.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-07 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-07 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-07 413208] "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 2328944] "MSC"="c:\program files\Microsoft Security Client\mssecex.exe" [bU] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\55z2bnbv.default-1352250023313\ . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) AddRemove-ChaosPro 4.0 - c:\program files (x86)\ChaosPro 4.0\uninstall.exe AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher] "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-429569334-657477215-3927073720-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-429569334-657477215-3927073720-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_USERS\S-1-5-21-429569334-657477215-3927073720-1001\Software\SecuROM\License information*] "datasecu"=hex:0c,1d,dc,95,38,96,1d,83,0e,21,64,e2,72,1f,e8,e7,cb,29,8e,42,c7, ff,50,9f,51,6e,1d,8b,7a,46,c5,da,1e,5d,7d,0c,41,e7,3c,3d,67,09,cb,4a,0f,94,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-11-12 23:02:00 ComboFix-quarantined-files.txt 2012-11-13 04:01 ComboFix2.txt 2012-11-12 15:41 ComboFix3.txt 2012-11-06 04:50 . Pre-Run: 75,231,473,664 bytes free Post-Run: 74,723,389,440 bytes free . - - End Of File - - 2140B51E62AC8AC7D486565F5A0C73AE

i've tried this a couple of times now, but when i press 'repair your computer', it just goes to a black screen. is it supposed to take a while before it gives me any options?

oh...i didn't see your last post. i'll follow those steps.

ok.....i'm still randomly being redirected also.

ok....here's the new log. my computer seems to be running slower now than before. explorer.exe is now using 270,000 K of memory. it was using around 40 K (if i remember correctly), then around 110 when i first got the virus. I'm going to try re-starting it, but i wanted to post the log first. ComboFix 12-11-12.02 - Steve 11/12/2012 9:43.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3071.1745 [GMT -5:00] Running from: c:\users\Steve\Downloads\ComboFix.exe Command switches used :: c:\users\Steve\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\SysWow64\sho4B32.tmp" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\SysWow64\sho4B32.tmp . . ((((((((((((((((((((((((( Files Created from 2012-10-12 to 2012-11-12 ))))))))))))))))))))))))))))))) . . 2012-11-12 15:21 . 2012-11-12 15:21 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-11-12 15:21 . 2012-11-12 15:21 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-11 22:59 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{58000267-8DCB-4E6D-9198-1C4C860343F8}\mpengine.dll 2012-11-10 22:51 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-11-10 22:41 . 2012-11-10 22:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-11-07 15:00 . 2012-11-07 15:00 -------- d-----w- c:\users\Steve\AppData\Roaming\cYo 2012-11-07 15:00 . 2012-11-07 15:00 -------- d-----w- c:\users\Steve\AppData\Local\cYo 2012-11-07 02:31 . 2012-11-07 02:30 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F44A9B0-53FD-4AA0-957C-EF132C76726C}\gapaengine.dll 2012-11-06 14:20 . 2012-11-06 14:20 -------- d-----w- c:\users\Steve\Adobe Creative Suite 2 2012-11-06 14:20 . 2012-11-06 14:20 -------- d-----w- c:\users\Steve\Adobe Stock Photos 2012-11-06 14:18 . 2012-11-06 14:19 -------- d-----w- c:\users\Steve\Adobe Photoshop CS2 2012-11-06 14:18 . 2012-11-06 14:18 -------- d-----w- c:\users\Steve\Adobe Help Center 2012-11-06 14:17 . 2012-11-06 14:20 -------- d-----w- c:\users\Steve\Adobe Bridge 2012-11-05 04:47 . 2012-11-05 04:47 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2012-11-05 04:47 . 2012-11-05 04:48 -------- d-----w- c:\program files\Microsoft Security Client 2012-11-05 04:46 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys 2012-11-05 02:30 . 2012-11-05 02:30 -------- d-----w- C:\_OTL 2012-11-04 20:18 . 2012-11-04 20:18 -------- d-----w- c:\users\Steve\AppData\Local\Macromedia 2012-11-04 19:48 . 2012-11-04 19:48 -------- d-----w- c:\users\Steve\AppData\Roaming\Malwarebytes 2012-11-04 19:48 . 2012-11-04 19:48 -------- d-----w- c:\programdata\Malwarebytes 2012-11-04 19:48 . 2012-11-10 22:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-11-04 16:23 . 2012-11-04 17:23 10220472 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-11-04 15:56 . 2012-11-04 15:56 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-11-04 15:49 . 2012-11-04 17:23 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-11-04 15:49 . 2012-11-04 15:49 -------- d-----w- c:\windows\system32\Macromed 2012-11-02 06:51 . 2012-10-12 07:19 9291768 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4616AB25-DC42-4818-BD4F-1344397CD6C7}\mpengine.dll 2012-10-31 06:55 . 2012-10-31 06:55 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll 2012-10-31 06:55 . 2012-10-31 06:55 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll 2012-10-31 06:55 . 2012-10-31 06:55 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-06 06:02 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe 2012-11-04 17:23 . 2011-11-05 13:56 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-10 07:04 . 2011-01-19 13:22 65309168 ----a-w- c:\windows\system32\MRT.exe 2012-09-21 08:38 . 2011-06-23 03:57 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-09-21 08:37 . 2011-06-23 03:57 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-09-19 09:31 . 2011-06-23 03:57 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-09-14 19:23 . 2012-10-10 02:11 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:30 . 2012-10-10 02:11 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-08-31 18:02 . 2012-10-10 02:11 1656688 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-31 08:29 . 2011-07-28 11:02 4278384 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2012-08-31 08:28 . 2011-07-28 11:01 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2012-08-31 03:03 . 2012-08-31 03:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-08-31 03:03 . 2012-08-31 03:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-08-30 18:11 . 2012-10-10 02:11 5505904 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:18 . 2012-10-10 02:11 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:18 . 2012-10-10 02:11 3902832 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-08-24 18:05 . 2012-10-10 02:11 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-08-24 18:05 . 2012-09-22 10:31 1197568 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 18:05 . 2012-09-22 10:31 1501696 ----a-w- c:\windows\system32\urlmon.dll 2012-08-24 18:05 . 2012-09-22 10:31 134144 ----a-w- c:\windows\system32\url.dll 2012-08-24 18:03 . 2012-09-22 10:31 1026560 ----a-w- c:\windows\system32\mstime.dll 2012-08-24 18:02 . 2012-09-22 10:31 9375744 ----a-w- c:\windows\system32\mshtml.dll 2012-08-24 18:02 . 2012-09-22 10:31 97792 ----a-w- c:\windows\system32\mshtmled.dll 2012-08-24 18:02 . 2012-09-22 10:31 736256 ----a-w- c:\windows\system32\msfeeds.dll 2012-08-24 18:02 . 2012-09-22 10:31 82944 ----a-w- c:\windows\system32\msfeedsbs.dll 2012-08-24 18:02 . 2012-09-22 10:31 57856 ----a-w- c:\windows\system32\licmgr10.dll 2012-08-24 18:02 . 2012-09-22 10:31 64512 ----a-w- c:\windows\system32\jsproxy.dll 2012-08-24 18:01 . 2012-09-22 10:31 247808 ----a-w- c:\windows\system32\ieui.dll 2012-08-24 18:01 . 2012-09-22 10:31 2458624 ----a-w- c:\windows\system32\iertutil.dll 2012-08-24 18:01 . 2012-09-22 10:31 12404736 ----a-w- c:\windows\system32\ieframe.dll 2012-08-24 18:01 . 2012-09-22 10:31 256000 ----a-w- c:\windows\system32\iepeers.dll 2012-08-24 18:01 . 2012-09-22 10:31 445952 ----a-w- c:\windows\system32\iedkcs32.dll 2012-08-24 17:59 . 2012-09-22 10:31 12288 ----a-w- c:\windows\system32\msfeedssync.exe 2012-08-24 17:10 . 2012-10-10 02:11 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-08-24 17:10 . 2012-09-22 10:31 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2012-08-24 17:08 . 2012-09-22 10:31 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll 2012-08-24 16:45 . 2012-09-22 10:31 482816 ----a-w- c:\windows\system32\html.iec 2012-08-24 16:02 . 2012-09-22 10:31 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-24 16:01 . 2012-09-22 10:31 386048 ----a-w- c:\windows\SysWow64\html.iec 2012-08-24 15:27 . 2012-09-22 10:31 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-08-18 15:43 . 2012-10-10 02:11 362496 ----a-w- c:\windows\system32\wow64win.dll 2012-08-18 15:43 . 2012-10-10 02:11 243200 ----a-w- c:\windows\system32\wow64.dll 2012-08-18 15:43 . 2012-10-10 02:11 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2012-08-18 15:42 . 2012-10-10 02:11 215040 ----a-w- c:\windows\system32\winsrv.dll 2012-08-18 15:40 . 2012-10-10 02:11 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2012-08-18 15:37 . 2012-10-10 02:11 425984 ----a-w- c:\windows\system32\KernelBase.dll 2012-08-18 15:37 . 2012-10-10 02:11 1162240 ----a-w- c:\windows\system32\kernel32.dll 2012-08-18 15:34 . 2012-10-10 02:11 338432 ----a-w- c:\windows\system32\conhost.exe 2012-08-18 15:22 . 2012-10-10 02:11 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2012-08-18 11:22 . 2012-10-10 02:11 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2012-08-18 11:19 . 2012-10-10 02:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-08-18 11:19 . 2012-10-10 02:11 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2012-08-18 11:17 . 2012-10-10 02:11 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2012-08-18 11:17 . 2012-10-10 02:11 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll 2012-08-18 11:09 . 2012-10-10 02:11 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 02:11 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll 2012-08-18 11:09 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-05-27 2015136] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208] "Aimersoft Helper Compact.exe"="c:\program files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe" [2012-02-20 1666560] . c:\users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Monitor Ink Alerts - HP Photosmart 5510 series.lnk - c:\windows\system32\RunDll32.exe [2009-7-13 45568] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "PDF Complete"=c:\program files (x86)\PDF Complete\pdfsty.exe . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560] R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [x] R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-01-07 51584] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896] R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-27 1255736] R4 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-06-13 400368] R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496] S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-01-07 45408] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-12-24 29288] S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-12-24 29288] S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-12-24 29288] S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-12-24 29288] S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-12-24 29288] . . Contents of the 'Scheduled Tasks' folder . 2012-11-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-04 17:23] . 2012-11-12 c:\windows\Tasks\HP Photo Creations Messager.job - c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11] . 2012-10-24 c:\windows\Tasks\HPCeeScheduleForSteve.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-07 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-07 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-07 413208] "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 2328944] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\55z2bnbv.default-1352250023313\ . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) HKLM-Run-MSC - c:\program files\Microsoft Security Client\mssecex.exe AddRemove-ChaosPro 4.0 - c:\program files (x86)\ChaosPro 4.0\uninstall.exe AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher] "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-429569334-657477215-3927073720-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-429569334-657477215-3927073720-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_USERS\S-1-5-21-429569334-657477215-3927073720-1001\Software\SecuROM\License information*] "datasecu"=hex:0c,1d,dc,95,38,96,1d,83,0e,21,64,e2,72,1f,e8,e7,cb,29,8e,42,c7, ff,50,9f,51,6e,1d,8b,7a,46,c5,da,1e,5d,7d,0c,41,e7,3c,3d,67,09,cb,4a,0f,94,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-11-12 10:41:35 ComboFix-quarantined-files.txt 2012-11-12 15:41 ComboFix2.txt 2012-11-06 04:50 . Pre-Run: 75,450,884,096 bytes free Post-Run: 75,355,418,624 bytes free . - - End Of File - - 2A64CD3DA178CE097BAB1F60BA3BB675

ok.....i moved tdsskiller to the chameleon folder, installed the driver, but tdsskiller still won't do anything.

ok....here's the screenshot and yes, i can make a disc on another computer. also, i will be out of town later today and some of tomorrow, so i won't be able to reply to this while i'm gone.