spgilbert
-
Posts
19 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by spgilbert
-
-
i believe so. if i press F11 as it's booting, i can get to a 'HP Recovery Manager'. is that what you mean?
-
no problem at all
thank you for taking so much time in helping me with this!ListParts by Farbar Version: 30-10-2012
Ran by Steve (administrator) on 15-11-2012 at 09:18:09
Windows 7 (X64)
Running From: C:\Users\Steve\Desktop
Language: 0409
************************************************************
========================= Memory info ======================
Percentage of memory in use: 57%
Total physical RAM: 3071.24 MB
Available physical RAM: 1302.52 MB
Total Pagefile: 6140.63 MB
Available Pagefile: 3871.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
1 Drive c: (OS) (Fixed) (Total:453.38 GB) (Free:65.05 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:12.26 GB) (Free:1.49 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 465 GB 465 GB
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 453 GB 101 MB
Partition 3 Primary 12 GB 453 GB
Partition 4 Primary 10 MB 465 GB
======================================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 SYSTEM NTFS Partition 100 MB Healthy System (partition with boot components)
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 453 GB Healthy Boot
======================================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D HP_RECOVERY NTFS Partition 12 GB Healthy
======================================================================================================
Disk: 0
Partition 4
Type : 17 (Suspicious Type)
Hidden: Yes
Active: Yes
There is no volume associated with this partition.
======================================================================================================
Partitions of Disk 1:
===============
There are no partitions on this disk to show.
======================================================================================================
Disk: 1
Virtual Disk Service error:
The disk is not initialized.
======================================================================================================
****** End Of Log ******
-
ok....here it is now:
RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Steve [Admin rights]
Mode : Remove -- Date : 11/14/2012 20:55:55
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 21 ¤¤¤
[TASK][sUSP PATH] {3F5FD27A-89FB-4680-B7FC-C677D12F6E78} : C:\Users\Steve\Desktop\tdsskiller.exe -> DELETED
[TASK][sUSP PATH] {BAEC61D3-62D0-4221-A431-1AB30D5BC380} : C:\Users\Steve\Desktop\tdsskiller.exe -> DELETED
[TASK][sUSP PATH] {C217AFCA-EA9B-44A0-B05E-283A34309D0F} : C:\Users\Steve\Desktop\tdsskiller.exe -> DELETED
[TASK][sUSP PATH] {D22ADECE-5B7F-4784-926D-A54EE39BBFF5} : C:\Users\Steve\Desktop\aswMBR.exe -> DELETED
[TASK][sUSP PATH] {D5D9B665-2232-4307-AD86-EF24F5DFA621} : C:\Users\Steve\Desktop\tdsskiller.exe -> DELETED
[TASK][sUSP PATH] {F955C50D-68E8-4361-A0BE-F1C77003CA25} : C:\Users\Steve\Desktop\tdsskiller.exe -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\Windows\Installer\{b0265c88-8170-a06a-db95-662ad7af3126}\@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{b0265c88-8170-a06a-db95-662ad7af3126}\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{b0265c88-8170-a06a-db95-662ad7af3126}\L --> REMOVED
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS721050CLA362 ATA Device +++++
--- User ---
[MBR] c00723ecdd4b3411befc880fde02ee55
[bSP] 791924d3721538a0a9dee97eb2e1086d : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 464266 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 951023616 | Size: 12558 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 993f0f94f60fb13f33b4b9eae723e94a
[bSP] 791924d3721538a0a9dee97eb2e1086d : Windows Vista/7/8 MBR Code [possible maxSST in 3!]
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 464266 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 951023616 | Size: 12558 Mo
3 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 976744448 | Size: 10 Mo
Finished : << RKreport[3]_D_11142012_02d2055.txt >>
RKreport[1]_S_11142012_02d0934.txt ; RKreport[2]_S_11142012_02d2055.txt ; RKreport[3]_D_11142012_02d2055.txt
-
ugh.....this sounds like it's going to suck. but, i'm still game for trying to clean it. here's the report:
RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Steve [Admin rights]
Mode : Scan -- Date : 11/14/2012 09:34:26
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 22 ¤¤¤
[TASK][sUSP PATH] {3F5FD27A-89FB-4680-B7FC-C677D12F6E78} : C:\Users\Steve\Desktop\tdsskiller.exe -> FOUND
[TASK][sUSP PATH] {BAEC61D3-62D0-4221-A431-1AB30D5BC380} : C:\Users\Steve\Desktop\tdsskiller.exe -> FOUND
[TASK][sUSP PATH] {C217AFCA-EA9B-44A0-B05E-283A34309D0F} : C:\Users\Steve\Desktop\tdsskiller.exe -> FOUND
[TASK][sUSP PATH] {D22ADECE-5B7F-4784-926D-A54EE39BBFF5} : C:\Users\Steve\Desktop\aswMBR.exe -> FOUND
[TASK][sUSP PATH] {D5D9B665-2232-4307-AD86-EF24F5DFA621} : C:\Users\Steve\Desktop\tdsskiller.exe -> FOUND
[TASK][sUSP PATH] {F955C50D-68E8-4361-A0BE-F1C77003CA25} : C:\Users\Steve\Desktop\tdsskiller.exe -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\Windows\Installer\{b0265c88-8170-a06a-db95-662ad7af3126}\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\Windows\Installer\{b0265c88-8170-a06a-db95-662ad7af3126}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Windows\Installer\{b0265c88-8170-a06a-db95-662ad7af3126}\L --> FOUND
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS721050CLA362 ATA Device +++++
--- User ---
[MBR] c00723ecdd4b3411befc880fde02ee55
[bSP] 791924d3721538a0a9dee97eb2e1086d : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 464266 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 951023616 | Size: 12558 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 993f0f94f60fb13f33b4b9eae723e94a
[bSP] 791924d3721538a0a9dee97eb2e1086d : Windows Vista/7/8 MBR Code [possible maxSST in 3!]
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 464266 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 951023616 | Size: 12558 Mo
3 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 976744448 | Size: 10 Mo
Finished : << RKreport[1]_S_11142012_02d0934.txt >>
RKreport[1]_S_11142012_02d0934.txt
-
I still don't have an 'extra' log, but i did notice that the 'extra registry' setting is set to 'none'. should that be a different setting?
-
it doesn't seem to have run an 'extras' one. i had a file on my desktop called 'extras.txt' from earlier though. that may have caused an issue? i'll try running it again and see if it gives me one.
-
here's the OTL one:
OTL logfile created on: 11/13/2012 9:31:23 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Steve\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 57.29% Memory free
6.00 Gb Paging File | 4.13 Gb Available in Paging File | 68.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.38 Gb Total Space | 69.18 Gb Free Space | 15.26% Space Free | Partition Type: NTFS
Drive D: | 12.26 Gb Total Space | 1.49 Gb Free Space | 12.14% Space Free | Partition Type: NTFS
Computer Name: TARDIS | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Steve\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
========== Services (SafeList) ==========
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AffinegyService) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (CinemaNow Service) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (WsAudio_DeviceS(5) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(4) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(3) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(2) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(1) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys (Wondershare)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (RTCore64) -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASPI32) -- C:\Windows\SysWow64\drivers\aspi32.sys (Adaptec)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {047B44FD-3D11-4F20-ADA0-2F508958A2A9}
IE:64bit: - HKLM\..\SearchScopes\{047B44FD-3D11-4F20-ADA0-2F508958A2A9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{9AFC6BC5-7EC2-4A0B-A373-699333B8E8EA}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{9C4CC4FE-C282-420E-ACDD-E63AEC58FAC1}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{BC7541EC-CC20-4FC0-813C-FD7F199285F6}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\SearchScopes,DefaultScope = {047B44FD-3D11-4F20-ADA0-2F508958A2A9}
IE - HKLM\..\SearchScopes\{047B44FD-3D11-4F20-ADA0-2F508958A2A9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{9AFC6BC5-7EC2-4A0B-A373-699333B8E8EA}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{9C4CC4FE-C282-420E-ACDD-E63AEC58FAC1}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{BC7541EC-CC20-4FC0-813C-FD7F199285F6}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-429569334-657477215-3927073720-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-429569334-657477215-3927073720-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-429569334-657477215-3927073720-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-429569334-657477215-3927073720-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-429569334-657477215-3927073720-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-429569334-657477215-3927073720-1005\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-429569334-657477215-3927073720-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
========== FireFox ==========
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 14:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/31 01:55:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/22 01:34:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/31 01:55:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/22 01:34:53 | 000,000,000 | ---D | M]
[2011/01/17 23:18:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions
[2012/11/06 20:28:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\55z2bnbv.default-1352250023313\extensions
[2012/09/22 01:36:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/31 01:55:23 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/10/06 20:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/06 20:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/10/31 01:55:19 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/31 01:55:19 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/11/12 10:22:14 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe (AimerSoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [instaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-429569334-657477215-3927073720-1005..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe (Hewlett-Packard)
O4 - HKU\S-1-5-21-429569334-657477215-3927073720-1005..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-429569334-657477215-3927073720-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-429569334-657477215-3927073720-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-429569334-657477215-3927073720-1001\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-429569334-657477215-3927073720-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-429569334-657477215-3927073720-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-429569334-657477215-3927073720-1005\Software\Policies\Microsoft\Internet Explorer\Recovery present
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-429569334-657477215-3927073720-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-429569334-657477215-3927073720-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-429569334-657477215-3927073720-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-429569334-657477215-3927073720-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab (Java Plug-in 1.5.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.16.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95874F3A-0BE7-4B54-A226-1185D7716EB4}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/11/12 23:02:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/11/12 22:00:05 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/11/12 21:52:43 | 005,000,679 | R--- | C] (Swearware) -- C:\Users\Steve\Desktop\ComboFix.exe
[2012/11/10 17:51:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/10 17:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/11/10 17:39:24 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Steve\Desktop\mbam-setup-1.65.1.1000.exe
[2012/11/10 17:38:34 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Steve\Desktop\tdsskiller.exe
[2012/11/09 22:10:43 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\va - straight outta boone county (bloodshot records)
[2012/11/09 12:34:03 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\live at the double door (disk 2)
[2012/11/09 12:14:11 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\robbie fulks - 2001 - 13 hillbilly giants
[2012/11/09 11:41:55 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\live at the double door (disc 1)
[2012/11/09 11:37:05 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\robbie fulks - 2001 - couples in trouble
[2012/11/09 11:10:33 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\robbie fulks - country isn't pretty
[2012/11/09 11:09:11 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\va - bloodied but unbowed -- the soundtrack (bloodshot records, 2006)
[2012/11/09 11:01:40 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\down by the old mainstream
[2012/11/09 10:48:48 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\robbie fulks-south mouth-1997
[2012/11/09 10:30:28 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\for a decade of sin_ 11 years of bloodshot records (disc 2)
[2012/11/09 10:30:25 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\for a decade of sin -11 years of bloodshot records (disc 1)
[2012/11/09 10:30:17 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\v.a. - bloodshot records - the bottle let me down
[2012/11/09 10:29:57 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\va - insurgent country vol 1. for a life of sin
[2012/11/09 10:29:50 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\va ~ bloodshot records
[2012/11/09 10:29:20 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\va- down to the promised land- five years of bloodshot records_(2000)
[2012/11/09 10:28:13 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\robbie fulks - happy (plays music of michael jackson) 2010
[2012/11/09 10:26:56 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\robbie fulks - revenge
[2012/11/09 10:26:35 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\robbie fulks - the very best of 1999
[2012/11/09 10:25:48 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\robbie fulks - 1998 - let's kill saturday night
[2012/11/08 09:31:43 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Steve\Desktop\aswMBR.exe
[2012/11/08 09:29:26 | 000,688,901 | R--- | C] (Swearware) -- C:\Users\Steve\Desktop\dds.scr
[2012/11/07 10:00:58 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\cYo
[2012/11/07 10:00:58 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\cYo
[2012/11/06 20:00:30 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\Old Firefox Data
[2012/11/06 10:09:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ComicRack
[2012/11/06 09:52:46 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\ryan miller - [2012] safety not guaranteed
[2012/11/06 09:49:26 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\ray lamontagne - [2010] god willin' & the creek don't rise
[2012/11/06 09:49:16 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\one lonesome saddle
[2012/11/06 09:48:40 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\gossip in the grain
[2012/11/06 09:48:10 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\till the sun turns black
[2012/11/06 09:20:19 | 000,000,000 | ---D | C] -- C:\Users\Steve\Adobe Creative Suite 2
[2012/11/06 09:20:08 | 000,000,000 | ---D | C] -- C:\Users\Steve\Adobe Stock Photos
[2012/11/06 09:18:25 | 000,000,000 | ---D | C] -- C:\Users\Steve\Adobe Photoshop CS2
[2012/11/06 09:18:10 | 000,000,000 | ---D | C] -- C:\Users\Steve\Adobe Help Center
[2012/11/06 09:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2012/11/06 09:17:19 | 000,000,000 | ---D | C] -- C:\Users\Steve\Adobe Bridge
[2012/11/05 20:41:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/05 20:41:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/05 20:41:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/05 20:36:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/05 20:34:45 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/04 23:47:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/11/04 23:47:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/11/04 21:30:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/04 18:45:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2012/11/04 15:18:53 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Macromedia
[2012/11/04 14:48:55 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Malwarebytes
[2012/11/04 14:48:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/04 14:48:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/11/04 14:18:43 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Steve\Desktop\tdsskiller.com
[2012/11/04 10:56:44 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/11/04 10:49:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/10/25 23:42:24 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\titus andronicus [us 2012] local business
[2012/10/25 22:32:07 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\tenacious d - rize of the fenix (2012) (usa comedy rock acoustic rock hard rock) released - may 2012
[2012/10/25 21:16:42 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\doug stanhope - before turning the gun on himself... [2012]
[2012/10/25 21:16:30 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\the prophet
[2012/10/25 21:15:32 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\louis ck beacon theatre
[2012/10/25 21:12:27 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\failed states [deluxe] 320
[2012/10/24 03:08:13 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\marty robbins - adios amigo (1977)
[2012/10/24 03:06:14 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\dance with them that brung me
[2012/10/24 02:09:44 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\stacey earle - dancin' with them that brung me
[2012/10/24 01:32:57 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\disc 1
[2012/10/24 01:03:19 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\townes van zandt - 1987 - at my window
[2012/10/24 01:02:45 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\simple gearle
[2012/10/24 00:57:26 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\va - country drinking songs
[2012/10/24 00:54:45 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\disc 2
[2012/10/24 00:48:14 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\texas rain(with willie nelson, emmylou harris, doug sahm&freddy fender)(2001)
[2012/10/24 00:43:30 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\townes van zandt - 1997 - rear view mirror (live)
[2012/10/24 00:37:55 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\in the beginning
[2012/10/24 00:33:24 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\various artists - 2012 - scott kelly, steve von till, wino - songs of townes van zandt
[2012/10/24 00:31:45 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\townes van zandt, guy clark & robert earl keen - 8-29-90
[2012/10/24 00:31:36 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\1991-& guy clark robert earl keen - 1991-09-15 strawberry festival camp mather ca
[2012/10/24 00:28:19 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\stacey earle and mark stuart - dedication 2012
[2012/10/22 22:13:04 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\New Cd
[2012/10/17 19:52:20 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\{296CED92-D45F-477A-BC04-A0B8711F26C2}
[2012/10/16 09:22:41 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\the executioner's last songs, vol. 3
[2012/10/16 08:59:05 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\the executioner's last songs, vol. 1
[2012/10/16 07:21:25 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\country love songs
[2012/10/15 23:15:30 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\journey to the end of the night
[2012/10/15 23:13:31 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\the mekons - fear and whiskey
[2012/10/15 23:11:26 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\the executioner's last songs, vol. 2
[2012/10/15 23:10:26 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\georgia hard
[2012/10/15 23:06:18 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\ace cd 893 - swingbillies - hillbilly and western swing
[2012/10/15 23:04:58 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\david allan coe - the mysterious rhinestone cowboy & once upon a rhyme
[2012/10/15 22:24:17 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\(1973) live at the old quarter (houston, texas) (2 of 2)
[2012/10/15 22:23:31 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\merle travis-folk songs of the hills
[2012/10/15 22:22:59 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\guitar rags and a too fast past volume 3
[2012/10/15 22:14:32 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\mojo hand
[2012/10/15 22:08:51 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\lightnin' hopkins - mojo hand · the lightnin' hopkins anthology (1993 anthology)
[2012/10/15 22:07:50 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\(1973) live at the old quarter (houston, texas) (1 of 2)
[2012/10/15 00:46:20 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\[1984] forever young
[2012/04/14 18:08:40 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Steve\AppData\Roaming\pcouffin.sys
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
File not found -- C:\Windows\SysNative\
[2012/11/13 09:23:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/13 09:01:01 | 000,000,256 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job
[2012/11/13 00:48:07 | 000,794,236 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/13 00:48:07 | 000,669,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/13 00:48:07 | 000,125,764 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/12 22:05:53 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/12 22:05:53 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/12 21:52:58 | 005,000,679 | R--- | M] (Swearware) -- C:\Users\Steve\Desktop\ComboFix.exe
[2012/11/12 21:50:04 | 000,001,944 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5510 series.lnk
[2012/11/12 21:49:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/12 21:49:34 | 2415,321,088 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/12 10:22:14 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/11/10 17:39:29 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Steve\Desktop\mbam-setup-1.65.1.1000.exe
[2012/11/09 10:07:26 | 000,413,248 | ---- | M] () -- C:\Users\Steve\Desktop\screenshot.jpg
[2012/11/08 19:28:01 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Steve\Desktop\tdsskiller.exe
[2012/11/08 09:31:44 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Steve\Desktop\aswMBR.exe
[2012/11/08 09:29:40 | 000,688,901 | R--- | M] (Swearware) -- C:\Users\Steve\Desktop\dds.scr
[2012/11/06 21:25:27 | 000,614,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/06 20:00:46 | 000,002,046 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/11/06 10:09:41 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\ComicRack.lnk
[2012/11/06 09:36:45 | 011,445,902 | ---- | M] () -- C:\Users\Steve\Desktop\Caesar2012.pdf
[2012/11/06 09:33:11 | 011,862,300 | ---- | M] () -- C:\Users\Steve\Desktop\Owlery.pdf
[2012/11/06 09:17:51 | 000,001,293 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2012/11/05 00:08:42 | 000,007,609 | ---- | M] () -- C:\Users\Steve\AppData\Local\Resmon.ResmonCfg
[2012/11/04 23:48:24 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/11/04 23:31:13 | 000,134,765 | ---- | M] () -- C:\Users\Steve\Desktop\Owlery 1.jpg
[2012/11/04 22:37:28 | 000,023,208 | ---- | M] () -- C:\Users\Steve\Desktop\ray lamontagne sounding thing.mp3.sfk
[2012/11/04 22:37:11 | 002,150,298 | ---- | M] () -- C:\Users\Steve\Desktop\ray lamontagne sounding thing.mp3
[2012/11/04 18:45:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2012/11/04 15:08:38 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Steve\Desktop\tdsskiller.com
[2012/11/04 11:00:51 | 000,000,168 | ---- | M] () -- C:\ProgramData\-TgaFFPAGkWj3twr
[2012/11/04 11:00:51 | 000,000,168 | ---- | M] () -- C:\ProgramData\-TgaFFPAGkWj3tw
[2012/11/04 11:00:50 | 000,000,679 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Restore.lnk
[2012/11/04 11:00:50 | 000,000,655 | ---- | M] () -- C:\Users\Steve\Desktop\File_Restore.lnk
[2012/11/04 10:48:39 | 000,032,325 | ---- | M] () -- C:\Users\Steve\Desktop\the-gingerbread-house.zip
[2012/10/30 01:01:39 | 000,122,560 | ---- | M] () -- C:\Users\Steve\Desktop\COVER PHOTO.jpg
[2012/10/30 00:35:07 | 000,122,461 | ---- | M] () -- C:\Users\Steve\Desktop\LastInLine2.jpg
[2012/10/30 00:27:34 | 000,226,624 | ---- | M] () -- C:\Users\Steve\Desktop\LASTINLINE.jpg
[2012/10/30 00:23:46 | 000,236,996 | ---- | M] () -- C:\Users\Steve\Desktop\Bleeding Cover copy.jpg
[2012/10/30 00:23:17 | 003,233,763 | ---- | M] () -- C:\Users\Steve\Desktop\Bleeding Cover.psd
[2012/10/24 08:21:32 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSteve.job
[2012/10/17 20:07:25 | 160,954,751 | ---- | M] () -- C:\Users\Steve\Desktop\Talkin Debate Blues.wmv
[2012/10/17 19:59:09 | 000,006,656 | ---- | M] () -- C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/15 23:09:48 | 002,514,944 | ---- | M] () -- C:\Users\Steve\Desktop\19 - How Come You Do Me Like You Do - The Range Riders.mp3
[2012/10/14 22:33:08 | 009,708,254 | ---- | M] () -- C:\Users\Steve\The Fire.mp3
[2012/10/14 22:33:02 | 007,676,972 | ---- | M] () -- C:\Users\Steve\Settle Down Blues.mp3
[2012/10/14 22:32:58 | 007,993,576 | ---- | M] () -- C:\Users\Steve\Love Song.mp3
[2012/10/14 22:32:52 | 015,058,132 | ---- | M] () -- C:\Users\Steve\John Brown.mp3
[2012/10/14 22:32:44 | 010,346,687 | ---- | M] () -- C:\Users\Steve\I'm A Killer.mp3
[2012/10/14 22:32:38 | 009,238,050 | ---- | M] () -- C:\Users\Steve\Gas City.mp3
[2012/10/14 22:32:34 | 011,772,972 | ---- | M] () -- C:\Users\Steve\Death.mp3
[2012/10/14 22:32:26 | 009,847,225 | ---- | M] () -- C:\Users\Steve\Ashes.mp3
[2012/10/14 22:32:20 | 008,593,348 | ---- | M] () -- C:\Users\Steve\American Radio.mp3
[2012/10/14 22:32:16 | 009,975,748 | ---- | M] () -- C:\Users\Steve\West.mp3
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files Created - No Company Name ==========
File not found -- C:\Windows\SysNative\
[2012/11/09 10:07:25 | 000,413,248 | ---- | C] () -- C:\Users\Steve\Desktop\screenshot.jpg
[2012/11/06 10:09:41 | 000,000,842 | ---- | C] () -- C:\Users\Public\Desktop\ComicRack.lnk
[2012/11/06 09:36:40 | 011,445,902 | ---- | C] () -- C:\Users\Steve\Desktop\Caesar2012.pdf
[2012/11/06 09:33:09 | 011,862,300 | ---- | C] () -- C:\Users\Steve\Desktop\Owlery.pdf
[2012/11/06 09:19:04 | 000,002,011 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk
[2012/11/06 09:19:04 | 000,002,008 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk
[2012/11/06 09:18:12 | 000,001,979 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
[2012/11/06 09:17:51 | 000,001,293 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2012/11/06 09:17:31 | 000,001,961 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
[2012/11/05 20:41:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/05 20:41:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/05 20:41:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/05 20:41:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/05 20:41:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/04 23:48:24 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/11/04 23:48:09 | 000,002,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/11/04 23:31:11 | 000,134,765 | ---- | C] () -- C:\Users\Steve\Desktop\Owlery 1.jpg
[2012/11/04 22:37:11 | 000,023,208 | ---- | C] () -- C:\Users\Steve\Desktop\ray lamontagne sounding thing.mp3.sfk
[2012/11/04 22:37:10 | 002,150,298 | ---- | C] () -- C:\Users\Steve\Desktop\ray lamontagne sounding thing.mp3
[2012/11/04 11:00:51 | 000,000,168 | ---- | C] () -- C:\ProgramData\-TgaFFPAGkWj3twr
[2012/11/04 11:00:51 | 000,000,168 | ---- | C] () -- C:\ProgramData\-TgaFFPAGkWj3tw
[2012/11/04 11:00:50 | 000,000,679 | ---- | C] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Restore.lnk
[2012/11/04 11:00:50 | 000,000,655 | ---- | C] () -- C:\Users\Steve\Desktop\File_Restore.lnk
[2012/11/04 10:49:35 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/04 10:48:34 | 000,032,325 | ---- | C] () -- C:\Users\Steve\Desktop\the-gingerbread-house.zip
[2012/10/30 01:01:38 | 000,122,560 | ---- | C] () -- C:\Users\Steve\Desktop\COVER PHOTO.jpg
[2012/10/30 00:33:06 | 000,122,461 | ---- | C] () -- C:\Users\Steve\Desktop\LastInLine2.jpg
[2012/10/30 00:27:33 | 000,226,624 | ---- | C] () -- C:\Users\Steve\Desktop\LASTINLINE.jpg
[2012/10/30 00:23:45 | 000,236,996 | ---- | C] () -- C:\Users\Steve\Desktop\Bleeding Cover copy.jpg
[2012/10/30 00:23:15 | 003,233,763 | ---- | C] () -- C:\Users\Steve\Desktop\Bleeding Cover.psd
[2012/10/23 22:22:10 | 000,007,609 | ---- | C] () -- C:\Users\Steve\AppData\Local\Resmon.ResmonCfg
[2012/10/18 18:20:05 | 009,847,225 | ---- | C] () -- C:\Users\Steve\Ashes.mp3
[2012/10/18 18:20:05 | 008,593,348 | ---- | C] () -- C:\Users\Steve\American Radio.mp3
[2012/10/18 18:20:04 | 009,975,748 | ---- | C] () -- C:\Users\Steve\West.mp3
[2012/10/18 18:20:03 | 009,708,254 | ---- | C] () -- C:\Users\Steve\The Fire.mp3
[2012/10/18 18:20:03 | 007,676,972 | ---- | C] () -- C:\Users\Steve\Settle Down Blues.mp3
[2012/10/18 18:20:02 | 015,058,132 | ---- | C] () -- C:\Users\Steve\John Brown.mp3
[2012/10/18 18:20:02 | 007,993,576 | ---- | C] () -- C:\Users\Steve\Love Song.mp3
[2012/10/18 18:20:01 | 010,346,687 | ---- | C] () -- C:\Users\Steve\I'm A Killer.mp3
[2012/10/18 18:20:00 | 011,772,972 | ---- | C] () -- C:\Users\Steve\Death.mp3
[2012/10/18 18:20:00 | 009,238,050 | ---- | C] () -- C:\Users\Steve\Gas City.mp3
[2012/10/17 20:04:31 | 160,954,751 | ---- | C] () -- C:\Users\Steve\Desktop\Talkin Debate Blues.wmv
[2012/10/15 23:08:45 | 002,514,944 | ---- | C] () -- C:\Users\Steve\Desktop\19 - How Come You Do Me Like You Do - The Range Riders.mp3
[2012/06/30 15:20:11 | 000,000,093 | ---- | C] () -- C:\Users\Steve\AppData\Local\fusioncache.dat
[2012/04/14 18:08:40 | 000,007,859 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\pcouffin.cat
[2012/04/14 18:08:40 | 000,001,167 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\pcouffin.inf
[2012/02/24 20:38:02 | 000,105,866 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\icarus-dxdiag.xml
[2012/02/14 21:24:52 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011/12/23 01:22:05 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/12/04 22:01:06 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\WS_ATLMovie.dll
[2011/12/01 00:58:38 | 000,006,656 | ---- | C] () -- C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/08/03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/04/13 07:26:23 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011/04/13 07:07:36 | 000,157,696 | ---- | C] () -- C:\Windows\SysWow64\OggEnc.exe
[2011/04/13 07:07:36 | 000,145,408 | ---- | C] () -- C:\Windows\SysWow64\Lame.exe
[2011/04/13 07:07:36 | 000,076,800 | ---- | C] () -- C:\Windows\SysWow64\Faac.exe
[2011/03/19 19:16:38 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/02/15 08:13:53 | 006,814,952 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011/02/15 08:13:53 | 000,017,772 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2011/02/03 02:08:23 | 000,000,543 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\AutoGK.ini
[2011/02/03 02:00:30 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2011/01/22 10:49:07 | 000,787,960 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/01 11:12:49 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe
[2010/12/27 23:16:47 | 000,280,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/12/27 23:16:45 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/12/27 23:16:45 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/12/08 22:53:47 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/12/08 22:53:47 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/12/08 22:53:47 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/12/08 22:53:47 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/12/08 22:53:47 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
========== ZeroAccess Check ==========
[2011/11/17 02:14:10 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{b0265c88-8170-a06a-db95-662ad7af3126}\@
[2011/11/17 02:14:10 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{b0265c88-8170-a06a-db95-662ad7af3126}\L
[2012/11/06 21:21:58 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{b0265c88-8170-a06a-db95-662ad7af3126}\U
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2011/05/04 20:16:56 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Amazon
[2011/03/26 09:13:38 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Atlus
[2011/07/06 18:12:05 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\AtomZombieData
[2011/07/28 21:02:19 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Audacity
[2011/12/26 20:16:40 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Beat Hazard
[2012/11/12 09:21:05 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\BitTorrent
[2010/12/28 02:02:01 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Broken Rules
[2011/02/02 08:27:54 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\calibre
[2012/09/30 16:15:49 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\ChaosPro 4.0
[2011/06/06 21:46:28 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Crayon Physics Deluxe
[2012/11/07 10:00:58 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\cYo
[2012/03/28 22:45:33 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Digiarty
[2012/05/08 20:19:30 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Fopeu
[2011/04/13 07:26:25 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\FreeAudioPack
[2011/11/21 09:35:45 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\HandBrake
[2012/01/05 22:00:01 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\ImgBurn
[2012/05/10 01:28:53 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\NationRed
[2010/12/25 20:22:06 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\PictureMover
[2012/07/30 00:54:04 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Polynomial
[2011/02/26 01:13:33 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Publish Providers
[2011/01/31 08:22:08 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\SanDisk
[2012/09/21 20:33:10 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\SoftGrid Client
[2011/07/31 23:05:14 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Sony
[2011/07/08 23:30:18 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\System
[2011/08/23 23:14:24 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\SystemRequirementsLab
[2011/01/28 08:41:54 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\TP
[2012/06/24 17:32:16 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Ubisoft
[2012/11/05 20:02:53 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Udlyny
[2012/04/14 18:08:41 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Vso
[2010/12/26 00:47:55 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\WildTangent
[2010/12/26 10:13:03 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\WinBatch
[2011/09/10 16:52:01 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Windows Live Writer
[2011/07/09 09:55:46 | 000,000,000 | -HSD | M] -- C:\Users\Steve\AppData\Roaming\wyUpdate AU
[2011/07/04 19:41:38 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\ZombieDriver
========== Purity Check ==========
========== Custom Scans ==========
< MD5 for: EXPLORER.EXE >
[2010/12/08 22:43:16 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/12/08 22:45:01 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/12/08 22:43:16 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/12/08 22:41:52 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/12/08 22:45:01 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/12/08 22:41:52 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/12/08 22:45:01 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/12/08 22:41:52 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/12/08 22:45:01 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/12/08 22:43:16 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/12/08 22:41:52 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/12/08 22:43:16 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe
< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: USERINIT.EXE >
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\erdnt\cache86\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\erdnt\cache64\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/12/08 22:45:01 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/12/08 22:45:01 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/12/08 22:45:01 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2010/12/08 22:45:01 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< >
[2009/07/14 00:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 00:08:49 | 000,032,626 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/02/14 21:37:04 | 000,000,256 | ---- | C] () -- C:\Windows\Tasks\HP Photo Creations Messager.job
[2012/03/18 11:23:09 | 000,000,332 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForSteve.job
[2012/11/04 10:49:35 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
========== Alternate Data Streams ==========
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:A1063995
< End of report >
-
here it is after running the newest version.
ComboFix 12-11-12.03 - Steve 11/12/2012 22:06:27.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3071.1909 [GMT -5:00]
Running from: c:\users\Steve\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-13 to 2012-11-13 )))))))))))))))))))))))))))))))
.
.
2012-11-13 03:42 . 2012-11-13 03:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-11-13 03:42 . 2012-11-13 03:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-13 03:02 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BC18FB47-BA93-4257-BEB6-94683C0E55C4}\mpengine.dll
2012-11-11 22:59 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-10 22:41 . 2012-11-10 22:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-07 15:00 . 2012-11-07 15:00 -------- d-----w- c:\users\Steve\AppData\Roaming\cYo
2012-11-07 15:00 . 2012-11-07 15:00 -------- d-----w- c:\users\Steve\AppData\Local\cYo
2012-11-07 02:31 . 2012-11-07 02:30 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F44A9B0-53FD-4AA0-957C-EF132C76726C}\gapaengine.dll
2012-11-06 14:20 . 2012-11-06 14:20 -------- d-----w- c:\users\Steve\Adobe Creative Suite 2
2012-11-06 14:20 . 2012-11-06 14:20 -------- d-----w- c:\users\Steve\Adobe Stock Photos
2012-11-06 14:18 . 2012-11-06 14:19 -------- d-----w- c:\users\Steve\Adobe Photoshop CS2
2012-11-06 14:18 . 2012-11-06 14:18 -------- d-----w- c:\users\Steve\Adobe Help Center
2012-11-06 14:17 . 2012-11-06 14:20 -------- d-----w- c:\users\Steve\Adobe Bridge
2012-11-05 04:47 . 2012-11-05 04:47 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-11-05 04:47 . 2012-11-05 04:48 -------- d-----w- c:\program files\Microsoft Security Client
2012-11-05 04:46 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2012-11-05 02:30 . 2012-11-05 02:30 -------- d-----w- C:\_OTL
2012-11-04 20:18 . 2012-11-04 20:18 -------- d-----w- c:\users\Steve\AppData\Local\Macromedia
2012-11-04 19:48 . 2012-11-04 19:48 -------- d-----w- c:\users\Steve\AppData\Roaming\Malwarebytes
2012-11-04 19:48 . 2012-11-04 19:48 -------- d-----w- c:\programdata\Malwarebytes
2012-11-04 19:48 . 2012-11-10 22:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-04 16:23 . 2012-11-04 17:23 10220472 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-11-04 15:56 . 2012-11-04 15:56 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-11-04 15:49 . 2012-11-04 17:23 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-04 15:49 . 2012-11-04 15:49 -------- d-----w- c:\windows\system32\Macromed
2012-11-02 06:51 . 2012-10-12 07:19 9291768 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4616AB25-DC42-4818-BD4F-1344397CD6C7}\mpengine.dll
2012-10-31 06:55 . 2012-10-31 06:55 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-10-31 06:55 . 2012-10-31 06:55 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-10-31 06:55 . 2012-10-31 06:55 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-06 06:02 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
2012-11-04 17:23 . 2011-11-05 13:56 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-10 07:04 . 2011-01-19 13:22 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-21 08:38 . 2011-06-23 03:57 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-09-21 08:37 . 2011-06-23 03:57 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-09-19 09:31 . 2011-06-23 03:57 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-09-14 19:23 . 2012-10-10 02:11 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:30 . 2012-10-10 02:11 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-08-31 18:02 . 2012-10-10 02:11 1656688 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-31 08:29 . 2011-07-28 11:02 4278384 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-08-31 08:28 . 2011-07-28 11:01 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-08-31 03:03 . 2012-08-31 03:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 03:03 . 2012-08-31 03:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-30 18:11 . 2012-10-10 02:11 5505904 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:18 . 2012-10-10 02:11 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:18 . 2012-10-10 02:11 3902832 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05 . 2012-10-10 02:11 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 18:05 . 2012-09-22 10:31 1197568 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 18:05 . 2012-09-22 10:31 1501696 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 18:05 . 2012-09-22 10:31 134144 ----a-w- c:\windows\system32\url.dll
2012-08-24 18:03 . 2012-09-22 10:31 1026560 ----a-w- c:\windows\system32\mstime.dll
2012-08-24 18:02 . 2012-09-22 10:31 9375744 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 18:02 . 2012-09-22 10:31 97792 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 18:02 . 2012-09-22 10:31 736256 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 18:02 . 2012-09-22 10:31 82944 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-08-24 18:02 . 2012-09-22 10:31 57856 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-24 18:02 . 2012-09-22 10:31 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 18:01 . 2012-09-22 10:31 247808 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 18:01 . 2012-09-22 10:31 2458624 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 18:01 . 2012-09-22 10:31 12404736 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 18:01 . 2012-09-22 10:31 256000 ----a-w- c:\windows\system32\iepeers.dll
2012-08-24 18:01 . 2012-09-22 10:31 445952 ----a-w- c:\windows\system32\iedkcs32.dll
2012-08-24 17:59 . 2012-09-22 10:31 12288 ----a-w- c:\windows\system32\msfeedssync.exe
2012-08-24 17:10 . 2012-10-10 02:11 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-24 17:10 . 2012-09-22 10:31 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 17:08 . 2012-09-22 10:31 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-08-24 16:45 . 2012-09-22 10:31 482816 ----a-w- c:\windows\system32\html.iec
2012-08-24 16:02 . 2012-09-22 10:31 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 16:01 . 2012-09-22 10:31 386048 ----a-w- c:\windows\SysWow64\html.iec
2012-08-24 15:27 . 2012-09-22 10:31 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-18 15:43 . 2012-10-10 02:11 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-08-18 15:43 . 2012-10-10 02:11 243200 ----a-w- c:\windows\system32\wow64.dll
2012-08-18 15:43 . 2012-10-10 02:11 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-08-18 15:42 . 2012-10-10 02:11 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-08-18 15:40 . 2012-10-10 02:11 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-08-18 15:37 . 2012-10-10 02:11 425984 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-18 15:37 . 2012-10-10 02:11 1162240 ----a-w- c:\windows\system32\kernel32.dll
2012-08-18 15:34 . 2012-10-10 02:11 338432 ----a-w- c:\windows\system32\conhost.exe
2012-08-18 15:22 . 2012-10-10 02:11 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-18 11:22 . 2012-10-10 02:11 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2012-08-18 11:19 . 2012-10-10 02:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-18 11:19 . 2012-10-10 02:11 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2012-08-18 11:17 . 2012-10-10 02:11 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-08-18 11:17 . 2012-10-10 02:11 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-08-18 11:09 . 2012-10-10 02:11 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-18 11:09 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-18 11:09 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-08-18 11:09 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-08-18 11:09 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-18 11:09 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-18 11:09 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-18 11:09 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-08-18 11:09 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-18 11:09 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-08-18 11:09 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-18 11:09 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-08-18 11:09 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-08-18 11:09 . 2012-10-10 02:11 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-08-18 11:09 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-08-18 11:09 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-18 11:09 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-08-18 11:09 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2012-08-18 11:09 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-05-27 2015136]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"Aimersoft Helper Compact.exe"="c:\program files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe" [2012-02-20 1666560]
.
c:\users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Photosmart 5510 series.lnk - c:\windows\system32\RunDll32.exe [2009-7-13 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"PDF Complete"=c:\program files (x86)\PDF Complete\pdfsty.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-01-07 51584]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-27 1255736]
R4 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-06-13 400368]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-01-07 45408]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-12-24 29288]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-12-24 29288]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-12-24 29288]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-12-24 29288]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-12-24 29288]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-04 17:23]
.
2012-11-13 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
2012-10-24 c:\windows\Tasks\HPCeeScheduleForSteve.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-07 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-07 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-07 413208]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 2328944]
"MSC"="c:\program files\Microsoft Security Client\mssecex.exe" [bU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\55z2bnbv.default-1352250023313\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-ChaosPro 4.0 - c:\program files (x86)\ChaosPro 4.0\uninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-429569334-657477215-3927073720-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-429569334-657477215-3927073720-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-429569334-657477215-3927073720-1001\Software\SecuROM\License information*]
"datasecu"=hex:0c,1d,dc,95,38,96,1d,83,0e,21,64,e2,72,1f,e8,e7,cb,29,8e,42,c7,
ff,50,9f,51,6e,1d,8b,7a,46,c5,da,1e,5d,7d,0c,41,e7,3c,3d,67,09,cb,4a,0f,94,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-12 23:02:00
ComboFix-quarantined-files.txt 2012-11-13 04:01
ComboFix2.txt 2012-11-12 15:41
ComboFix3.txt 2012-11-06 04:50
.
Pre-Run: 75,231,473,664 bytes free
Post-Run: 74,723,389,440 bytes free
.
- - End Of File - - 2140B51E62AC8AC7D486565F5A0C73AE
-
i've tried this a couple of times now, but when i press 'repair your computer', it just goes to a black screen. is it supposed to take a while before it gives me any options?
-
oh...i didn't see your last post. i'll follow those steps.
-
ok.....i'm still randomly being redirected also.
-
ok....here's the new log. my computer seems to be running slower now than before. explorer.exe is now using 270,000 K of memory. it was using around 40 K (if i remember correctly), then around 110 when i first got the virus. I'm going to try re-starting it, but i wanted to post the log first.
ComboFix 12-11-12.02 - Steve 11/12/2012 9:43.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3071.1745 [GMT -5:00]
Running from: c:\users\Steve\Downloads\ComboFix.exe
Command switches used :: c:\users\Steve\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\SysWow64\sho4B32.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\sho4B32.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-10-12 to 2012-11-12 )))))))))))))))))))))))))))))))
.
.
2012-11-12 15:21 . 2012-11-12 15:21 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-11-12 15:21 . 2012-11-12 15:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-11 22:59 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{58000267-8DCB-4E6D-9198-1C4C860343F8}\mpengine.dll
2012-11-10 22:51 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-10 22:41 . 2012-11-10 22:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-07 15:00 . 2012-11-07 15:00 -------- d-----w- c:\users\Steve\AppData\Roaming\cYo
2012-11-07 15:00 . 2012-11-07 15:00 -------- d-----w- c:\users\Steve\AppData\Local\cYo
2012-11-07 02:31 . 2012-11-07 02:30 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F44A9B0-53FD-4AA0-957C-EF132C76726C}\gapaengine.dll
2012-11-06 14:20 . 2012-11-06 14:20 -------- d-----w- c:\users\Steve\Adobe Creative Suite 2
2012-11-06 14:20 . 2012-11-06 14:20 -------- d-----w- c:\users\Steve\Adobe Stock Photos
2012-11-06 14:18 . 2012-11-06 14:19 -------- d-----w- c:\users\Steve\Adobe Photoshop CS2
2012-11-06 14:18 . 2012-11-06 14:18 -------- d-----w- c:\users\Steve\Adobe Help Center
2012-11-06 14:17 . 2012-11-06 14:20 -------- d-----w- c:\users\Steve\Adobe Bridge
2012-11-05 04:47 . 2012-11-05 04:47 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-11-05 04:47 . 2012-11-05 04:48 -------- d-----w- c:\program files\Microsoft Security Client
2012-11-05 04:46 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2012-11-05 02:30 . 2012-11-05 02:30 -------- d-----w- C:\_OTL
2012-11-04 20:18 . 2012-11-04 20:18 -------- d-----w- c:\users\Steve\AppData\Local\Macromedia
2012-11-04 19:48 . 2012-11-04 19:48 -------- d-----w- c:\users\Steve\AppData\Roaming\Malwarebytes
2012-11-04 19:48 . 2012-11-04 19:48 -------- d-----w- c:\programdata\Malwarebytes
2012-11-04 19:48 . 2012-11-10 22:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-04 16:23 . 2012-11-04 17:23 10220472 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-11-04 15:56 . 2012-11-04 15:56 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-11-04 15:49 . 2012-11-04 17:23 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-04 15:49 . 2012-11-04 15:49 -------- d-----w- c:\windows\system32\Macromed
2012-11-02 06:51 . 2012-10-12 07:19 9291768 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4616AB25-DC42-4818-BD4F-1344397CD6C7}\mpengine.dll
2012-10-31 06:55 . 2012-10-31 06:55 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-10-31 06:55 . 2012-10-31 06:55 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-10-31 06:55 . 2012-10-31 06:55 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-06 06:02 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
2012-11-04 17:23 . 2011-11-05 13:56 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-10 07:04 . 2011-01-19 13:22 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-21 08:38 . 2011-06-23 03:57 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-09-21 08:37 . 2011-06-23 03:57 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-09-19 09:31 . 2011-06-23 03:57 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-09-14 19:23 . 2012-10-10 02:11 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:30 . 2012-10-10 02:11 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-08-31 18:02 . 2012-10-10 02:11 1656688 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-31 08:29 . 2011-07-28 11:02 4278384 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-08-31 08:28 . 2011-07-28 11:01 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-08-31 03:03 . 2012-08-31 03:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 03:03 . 2012-08-31 03:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-30 18:11 . 2012-10-10 02:11 5505904 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:18 . 2012-10-10 02:11 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:18 . 2012-10-10 02:11 3902832 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05 . 2012-10-10 02:11 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 18:05 . 2012-09-22 10:31 1197568 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 18:05 . 2012-09-22 10:31 1501696 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 18:05 . 2012-09-22 10:31 134144 ----a-w- c:\windows\system32\url.dll
2012-08-24 18:03 . 2012-09-22 10:31 1026560 ----a-w- c:\windows\system32\mstime.dll
2012-08-24 18:02 . 2012-09-22 10:31 9375744 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 18:02 . 2012-09-22 10:31 97792 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 18:02 . 2012-09-22 10:31 736256 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 18:02 . 2012-09-22 10:31 82944 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-08-24 18:02 . 2012-09-22 10:31 57856 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-24 18:02 . 2012-09-22 10:31 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 18:01 . 2012-09-22 10:31 247808 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 18:01 . 2012-09-22 10:31 2458624 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 18:01 . 2012-09-22 10:31 12404736 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 18:01 . 2012-09-22 10:31 256000 ----a-w- c:\windows\system32\iepeers.dll
2012-08-24 18:01 . 2012-09-22 10:31 445952 ----a-w- c:\windows\system32\iedkcs32.dll
2012-08-24 17:59 . 2012-09-22 10:31 12288 ----a-w- c:\windows\system32\msfeedssync.exe
2012-08-24 17:10 . 2012-10-10 02:11 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-24 17:10 . 2012-09-22 10:31 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 17:08 . 2012-09-22 10:31 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-08-24 16:45 . 2012-09-22 10:31 482816 ----a-w- c:\windows\system32\html.iec
2012-08-24 16:02 . 2012-09-22 10:31 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 16:01 . 2012-09-22 10:31 386048 ----a-w- c:\windows\SysWow64\html.iec
2012-08-24 15:27 . 2012-09-22 10:31 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-18 15:43 . 2012-10-10 02:11 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-08-18 15:43 . 2012-10-10 02:11 243200 ----a-w- c:\windows\system32\wow64.dll
2012-08-18 15:43 . 2012-10-10 02:11 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-08-18 15:42 . 2012-10-10 02:11 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-08-18 15:40 . 2012-10-10 02:11 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-08-18 15:37 . 2012-10-10 02:11 425984 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-18 15:37 . 2012-10-10 02:11 1162240 ----a-w- c:\windows\system32\kernel32.dll
2012-08-18 15:34 . 2012-10-10 02:11 338432 ----a-w- c:\windows\system32\conhost.exe
2012-08-18 15:22 . 2012-10-10 02:11 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-18 15:22 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-18 11:22 . 2012-10-10 02:11 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2012-08-18 11:19 . 2012-10-10 02:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-18 11:19 . 2012-10-10 02:11 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2012-08-18 11:17 . 2012-10-10 02:11 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-08-18 11:17 . 2012-10-10 02:11 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-08-18 11:09 . 2012-10-10 02:11 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-18 11:09 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-18 11:09 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-08-18 11:09 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-08-18 11:09 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-18 11:09 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-18 11:09 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-18 11:09 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-08-18 11:09 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-18 11:09 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-08-18 11:09 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-18 11:09 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-08-18 11:09 . 2012-10-10 02:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-08-18 11:09 . 2012-10-10 02:11 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-08-18 11:09 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-08-18 11:09 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-18 11:09 . 2012-10-10 02:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-08-18 11:09 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2012-08-18 11:09 . 2012-10-10 02:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-05-27 2015136]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"Aimersoft Helper Compact.exe"="c:\program files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe" [2012-02-20 1666560]
.
c:\users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Photosmart 5510 series.lnk - c:\windows\system32\RunDll32.exe [2009-7-13 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"PDF Complete"=c:\program files (x86)\PDF Complete\pdfsty.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-01-07 51584]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-27 1255736]
R4 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-06-13 400368]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-01-07 45408]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-12-24 29288]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-12-24 29288]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-12-24 29288]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-12-24 29288]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-12-24 29288]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-04 17:23]
.
2012-11-12 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
2012-10-24 c:\windows\Tasks\HPCeeScheduleForSteve.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-07 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-07 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-07 413208]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 2328944]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\55z2bnbv.default-1352250023313\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-MSC - c:\program files\Microsoft Security Client\mssecex.exe
AddRemove-ChaosPro 4.0 - c:\program files (x86)\ChaosPro 4.0\uninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-429569334-657477215-3927073720-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-429569334-657477215-3927073720-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-429569334-657477215-3927073720-1001\Software\SecuROM\License information*]
"datasecu"=hex:0c,1d,dc,95,38,96,1d,83,0e,21,64,e2,72,1f,e8,e7,cb,29,8e,42,c7,
ff,50,9f,51,6e,1d,8b,7a,46,c5,da,1e,5d,7d,0c,41,e7,3c,3d,67,09,cb,4a,0f,94,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-12 10:41:35
ComboFix-quarantined-files.txt 2012-11-12 15:41
ComboFix2.txt 2012-11-06 04:50
.
Pre-Run: 75,450,884,096 bytes free
Post-Run: 75,355,418,624 bytes free
.
- - End Of File - - 2A64CD3DA178CE097BAB1F60BA3BB675
-
ok.....i moved tdsskiller to the chameleon folder, installed the driver, but tdsskiller still won't do anything.
-
ok....here's the screenshot and yes, i can make a disc on another computer.
also, i will be out of town later today and some of tomorrow, so i won't be able to reply to this while i'm gone.
-
yeah....i found out how powerful combofix is when i was looking for fixes for this thing and it deleted a bunch of programs from my computer.
I tried TDSSKiller and it won't open either. it just gives me the 'loading' circle for a second, then it doesn't actually do anything.
(thank you for your help, by the way! i've been tearing my hair out trying to fix this.)
-
here it is:
ComboFix 12-11-05.03 - Steve 11/05/2012 20:50:07.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3071.1488 [GMT -5:00]
Running from: c:\users\Steve\Downloads\ComboFix.exe
AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\Adobe\Photoshop.exe
c:\program files (x86)\Adobe\SHFOLDER.dll
c:\programdata\TgaFFPAGkWj3tw
c:\users\Steve\AppData\Roaming\Daon
c:\users\Steve\AppData\Roaming\Daon\hyki.rux
c:\users\Steve\AppData\Roaming\inst.exe
c:\users\Steve\AppData\Roaming\vso_ts_preview.xml
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-06 to 2012-11-06 )))))))))))))))))))))))))))))))
.
.
2012-11-06 02:31 . 2012-11-06 02:31 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-11-06 02:31 . 2012-11-06 02:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-06 01:13 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6277D9CC-2F7B-4EF1-AA71-7AE41727F73F}\mpengine.dll
2012-11-06 01:05 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-05 04:47 . 2012-11-05 04:47 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-11-05 04:47 . 2012-11-05 04:48 -------- d-----w- c:\program files\Microsoft Security Client
2012-11-05 04:46 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2012-11-05 02:30 . 2012-11-05 02:30 -------- d-----w- C:\_OTL
2012-11-04 20:18 . 2012-11-04 20:18 -------- d-----w- c:\users\Steve\AppData\Local\Macromedia
2012-11-04 19:48 . 2012-11-04 19:48 -------- d-----w- c:\users\Steve\AppData\Roaming\Malwarebytes
2012-11-04 19:48 . 2012-11-04 19:48 -------- d-----w- c:\programdata\Malwarebytes
2012-11-04 19:48 . 2012-11-04 19:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-04 16:23 . 2012-11-04 17:23 10220472 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-11-04 15:56 . 2012-11-04 15:56 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-11-04 15:49 . 2012-11-04 17:23 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-04 15:49 . 2012-11-04 15:49 -------- d-----w- c:\windows\system32\Macromed
2012-11-02 06:51 . 2012-10-12 07:19 9291768 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4616AB25-DC42-4818-BD4F-1344397CD6C7}\mpengine.dll
2012-10-31 06:55 . 2012-10-31 06:55 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-10-31 06:55 . 2012-10-31 06:55 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-10-31 06:55 . 2012-10-31 06:55 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-10-10 02:10 . 2012-06-02 05:25 1462784 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 02:10 . 2012-06-02 05:25 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 02:10 . 2012-06-02 05:25 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 02:10 . 2012-06-02 04:45 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 02:10 . 2012-06-02 04:45 1157632 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 02:10 . 2012-06-02 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-04 17:23 . 2011-11-05 13:56 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-10 07:04 . 2011-01-19 13:22 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-21 08:38 . 2011-06-23 03:57 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-09-21 08:37 . 2011-06-23 03:57 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-09-19 09:31 . 2011-06-23 03:57 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-08-31 08:29 . 2011-07-28 11:02 4278384 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-08-31 08:28 . 2011-07-28 11:01 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-08-31 03:03 . 2012-08-31 03:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 03:03 . 2012-08-31 03:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-24 18:05 . 2012-09-22 10:31 1197568 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 18:05 . 2012-09-22 10:31 1501696 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 18:05 . 2012-09-22 10:31 134144 ----a-w- c:\windows\system32\url.dll
2012-08-24 18:03 . 2012-09-22 10:31 1026560 ----a-w- c:\windows\system32\mstime.dll
2012-08-24 18:02 . 2012-09-22 10:31 9375744 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 18:02 . 2012-09-22 10:31 97792 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 18:02 . 2012-09-22 10:31 736256 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 18:02 . 2012-09-22 10:31 82944 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-08-24 18:02 . 2012-09-22 10:31 57856 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-24 18:02 . 2012-09-22 10:31 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 18:01 . 2012-09-22 10:31 247808 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 18:01 . 2012-09-22 10:31 2458624 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 18:01 . 2012-09-22 10:31 12404736 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 18:01 . 2012-09-22 10:31 256000 ----a-w- c:\windows\system32\iepeers.dll
2012-08-24 18:01 . 2012-09-22 10:31 445952 ----a-w- c:\windows\system32\iedkcs32.dll
2012-08-24 17:59 . 2012-09-22 10:31 12288 ----a-w- c:\windows\system32\msfeedssync.exe
2012-08-24 17:10 . 2012-09-22 10:31 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 17:08 . 2012-09-22 10:31 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-08-24 16:45 . 2012-09-22 10:31 482816 ----a-w- c:\windows\system32\html.iec
2012-08-24 16:02 . 2012-09-22 10:31 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 16:01 . 2012-09-22 10:31 386048 ----a-w- c:\windows\SysWow64\html.iec
2012-08-24 15:27 . 2012-09-22 10:31 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-18 11:19 . 2012-10-10 02:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-15 07:24 . 2012-08-15 07:24 0 ----a-w- c:\windows\SysWow64\sho4B32.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2010-12-15 22:07 736400 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2010-12-15 22:07 736400 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2010-12-15 22:07 736400 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Microsoft Security Client"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2010-12-15 917648]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-05-27 2015136]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"Aimersoft Helper Compact.exe"="c:\program files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe" [2012-02-20 1666560]
.
c:\users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Photosmart 5510 series.lnk - c:\windows\system32\RunDll32.exe [2009-7-13 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-01-07 51584]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-27 1255736]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-06-13 400368]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe [2010-05-23 126904]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-01-07 45408]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-12-24 29288]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-12-24 29288]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-12-24 29288]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-12-24 29288]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-12-24 29288]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-04 17:23]
.
2012-11-06 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
2012-10-24 c:\windows\Tasks\HPCeeScheduleForSteve.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2010-12-15 21:52 1119888 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2010-12-15 21:52 1119888 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2010-12-15 21:52 1119888 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-07 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-07 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-07 413208]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 2328944]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://news.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\v51hvgy6.default\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{1036AD63-AEAC-460B-9060-C96005D4DC86} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-ChaosPro 4.0 - c:\program files (x86)\ChaosPro 4.0\uninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
AddRemove-1718044736.www1.movie-promo.com - c:\program files (x86)\Microsoft Silverlight\4.0.60531.0\Silverlight.Configuration.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.0.0.128\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-429569334-657477215-3927073720-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-429569334-657477215-3927073720-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-429569334-657477215-3927073720-1001\Software\SecuROM\License information*]
"datasecu"=hex:0c,1d,dc,95,38,96,1d,83,0e,21,64,e2,72,1f,e8,e7,cb,29,8e,42,c7,
ff,50,9f,51,6e,1d,8b,7a,46,c5,da,1e,5d,7d,0c,41,e7,3c,3d,67,09,cb,4a,0f,94,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
c:\program files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\18.0.0.128\InstStub.exe
.
**************************************************************************
.
Completion time: 2012-11-05 23:50:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-06 04:50
.
Pre-Run: 75,107,622,912 bytes free
Post-Run: 74,642,358,272 bytes free
.
- - End Of File - - 2D6E2E44AC9E0136381740FCE189EA72
-
The DDS log is below. When I try to click on aswMBR from my desktop, it doesn't actually open.
DDS (Ver_2012-11-07.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.17115 BrowserJavaVersion: 1.6.0_26
Run by Steve at 9:41:26 on 2012-11-08
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3071.1901 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\18.0.0.128\InstStub.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\Explorer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\ComicRack\ComicRack.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRunOnce: [Microsoft Security Client] C:\Program Files\Microsoft Security Client\msseces.exe /UpdateAndQuickScan /OpenWebPageOnClose
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
StartupFolder: C:\Users\Steve\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.16.0.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{95874F3A-0BE7-4B54-A226-1185D7716EB4} : DHCPNameServer = 192.168.2.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\55z2bnbv.default-1352250023313\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-12-8 346144]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [2011-12-4 29288]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys [2011-12-4 29288]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys [2011-12-4 29288]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys [2011-12-4 29288]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys [2011-12-4 29288]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-12-8 158976]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
S3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-26 14648]
SUnknown gnqmcoet;gnqmcoet; [x]
.
=============== Created Last 30 ================
.
2012-11-08 02:36:50 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{37983D34-5279-43D0-8463-ED8790E8932F}\mpengine.dll
2012-11-07 15:00:58 -------- d-----w- C:\Users\Steve\AppData\Roaming\cYo
2012-11-07 15:00:58 -------- d-----w- C:\Users\Steve\AppData\Local\cYo
2012-11-07 02:32:00 -------- d-sh--w- C:\$RECYCLE.BIN
2012-11-07 02:31:36 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8F44A9B0-53FD-4AA0-957C-EF132C76726C}\gapaengine.dll
2012-11-07 02:30:56 9291768 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-06 14:20:19 -------- d-----w- C:\Users\Steve\Adobe Creative Suite 2
2012-11-06 14:20:08 -------- d-----w- C:\Users\Steve\Adobe Stock Photos
2012-11-06 14:18:25 -------- d-----w- C:\Users\Steve\Adobe Photoshop CS2
2012-11-06 14:18:10 -------- d-----w- C:\Users\Steve\Adobe Help Center
2012-11-06 14:17:19 -------- d-----w- C:\Users\Steve\Adobe Bridge
2012-11-06 01:41:09 98816 ----a-w- C:\Windows\sed.exe
2012-11-06 01:41:09 256000 ----a-w- C:\Windows\PEV.exe
2012-11-06 01:41:09 208896 ----a-w- C:\Windows\MBR.exe
2012-11-06 01:40:03 -------- d-----w- C:\ComboFix
2012-11-05 04:47:36 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-11-05 04:47:22 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-11-05 04:46:53 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-11-05 02:30:56 -------- d-----w- C:\_OTL
2012-11-04 20:18:53 -------- d-----w- C:\Users\Steve\AppData\Local\Macromedia
2012-11-04 19:48:55 -------- d-----w- C:\Users\Steve\AppData\Roaming\Malwarebytes
2012-11-04 19:48:42 -------- d-----w- C:\ProgramData\Malwarebytes
2012-11-04 19:48:40 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-04 16:23:15 10220472 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-11-04 15:56:44 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-11-04 15:49:33 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-02 06:51:20 9291768 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4616AB25-DC42-4818-BD4F-1344397CD6C7}\mpengine.dll
2012-10-31 06:55:23 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-10-31 06:55:21 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-10-31 06:55:21 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-10-18 00:52:20 -------- d-----w- C:\Users\Steve\AppData\Local\{296CED92-D45F-477A-BC04-A0B8711F26C2}
2012-10-10 02:10:59 1462784 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-10 02:10:58 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-10 02:10:58 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-10 02:10:58 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-10 02:10:58 1157632 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-10 02:10:58 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
==================== Find3M ====================
.
2012-11-06 06:02:06 328704 ----a-w- C:\Windows\System32\services.exe
2012-11-04 17:23:33 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-14 19:23:40 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:30:38 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-31 18:02:20 1656688 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-31 03:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-31 03:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-30 18:11:29 5505904 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:18:33 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:18:33 3902832 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:28 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 18:05:27 1197568 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 18:02:20 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2012-08-24 17:10:47 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 17:10:47 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 17:08:47 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2012-08-24 16:45:23 482816 ----a-w- C:\Windows\System32\html.iec
2012-08-24 16:02:45 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 16:01:45 386048 ----a-w- C:\Windows\SysWow64\html.iec
2012-08-24 15:27:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-18 15:43:05 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-18 15:43:05 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-18 15:43:05 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-18 15:42:31 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-18 15:40:26 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-18 15:37:49 425984 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-18 15:34:13 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-18 11:22:55 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-18 11:19:45 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-18 11:19:22 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-18 11:17:56 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-18 11:17:56 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-18 09:12:09 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-18 09:12:09 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-18 09:07:02 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-18 09:07:02 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-18 09:07:02 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-18 09:07:02 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-15 07:24:18 0 ----a-w- C:\Windows\SysWow64\sho4B32.tmp
2012-08-11 00:53:01 714752 ----a-w- C:\Windows\System32\kerberos.dll
2012-08-10 23:54:04 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
.
============= FINISH: 9:46:27.89 ===============
-
So, I appear to have been infected with the bt.scour virus. I've tried a bunch of different options to get rid of it, but nothing is working so far. Can someone try to help me? I have no idea what information you might need, but I'll gladly post whatever you need me to. Thank you!
thank you for taking so much time in helping me with this!
bt.scour is redirecting me
in Resolved Malware Removal Logs
Posted
i'm sorry, i had to be out of town for a bit, so i couldn't reply. i can't seem to find my installation disk anymore. i'll keep looking for it, but is there anything i can do if i can't find it?