Jump to content

AlanBuck

Members
 View Profile  See their activity

  • Posts

    11

  • Joined

  • Last visited

Reputation

0 Neutral
  1. AlanBuck
    My computer n00b friend had his desktop so infected that I had to wipe the hard drive and reinstall Windows. This laptop was on his home network and I want to make sure it isn't infected too. I would have him do this but he is totally lost when it comes to using computers. That is why his desktop got so infected. Here are the logs. DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 7.0.6001.18444 Run by evmerch at 23:23:12 on 2007-03-07 Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.501.148 [GMT -8:00] . AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\SLsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Windows Media Player\wmpnetwk.exe c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe C:\Windows\system32\wbem\wmiprvse.exe C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\RacAgent.exe C:\Windows\system32\WUDFHost.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\Taskmgr.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k HPService C:\Windows\System32\svchost.exe -k secsvcs . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=PRESARIO&pf=laptop mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=PRESARIO&pf=laptop BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_bho.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_bho.dll uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background uRun: [search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe" mRun: [QlbCtrl] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0\bin\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRunOnce: [Launcher] c:\windows\sminst\launcher.exe StartupFolder: c:\users\evmerch\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\3572475\program\Compaq Connections.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/luxr/default/mjolauncher.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab TCP: NameServer = 192.168.1.1 184.16.33.54 TCP: Interfaces\{7EB02A15-56DD-435C-87B6-87575E95DC4A} : DHCPNameServer = 168.94.0.14 168.94.0.15 TCP: Interfaces\{F041F171-3B0D-4CB6-B41A-B9AF4C543219} : DHCPNameServer = 192.168.1.1 184.16.33.54 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: igfxcui - igfxdev.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296] R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-1-20 100328] . =============== Created Last 30 ================ . 2013-01-20 23:59:04 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-01-20 23:59:04 100328 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2011-12-16 01:55:19 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{cc7a83d6-5710-45ec-8a7f-c606224634dd}\mpengine.dll 2011-10-05 11:52:30 756048 ----a-w- c:\program files\common files\microsoft shared\office12\MSPTLS.DLL 2011-07-27 13:20:36 17373056 ----a-w- c:\program files\common files\microsoft shared\office12\MSO.DLL 2011-07-22 19:32:36 11693904 ----a-w- c:\program files\common files\microsoft shared\office11\MSO.DLL 2011-07-08 20:25:41 -------- d-----w- c:\users\evmerch\appdata\local\Yahoo 2011-05-17 18:30:52 1103784 ----a-w- c:\program files\common files\microsoft shared\office11\RICHED20.DLL 2011-03-20 12:40:44 1079144 ----a-w- c:\program files\common files\microsoft shared\office12\RICHED20.DLL 2010-07-22 15:58:54 119160 ----a-w- c:\program files\common files\microsoft shared\textconv\MSCONV97.DLL 2010-05-26 01:15:51 156672 ----a-w- c:\windows\system32\t2embed.dll 2010-05-26 01:15:50 72704 ----a-w- c:\windows\system32\fontsub.dll 2010-05-26 01:15:22 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-05-26 01:15:22 301568 ----a-w- c:\windows\system32\drivers\srv.sys 2010-05-26 01:14:55 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2010-05-26 01:14:55 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-05-26 01:14:55 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-05-26 01:14:41 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat 2010-05-26 01:14:31 10926592 ----a-w- c:\program files\movie maker\MOVIEMK.dll 2010-05-26 01:14:29 195072 ----a-w- c:\program files\movie maker\WMM2AE.dll 2010-05-26 01:14:28 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe 2010-05-26 01:14:25 430080 ----a-w- c:\windows\system32\vbscript.dll 2010-05-26 01:13:57 62464 ----a-w- c:\windows\system32\l3codeca.acm 2010-05-26 01:13:57 220672 ----a-w- c:\windows\system32\l3codecp.acm 2010-05-26 01:11:33 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-05-26 01:11:32 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-05-26 01:11:15 2048 ----a-w- c:\windows\system32\tzres.dll 2010-05-26 01:09:33 190464 ----a-w- c:\windows\system32\iphlpsvc.dll 2010-05-26 01:09:31 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys 2010-05-26 01:09:30 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS 2010-05-26 00:35:39 171520 ----a-w- c:\windows\system32\wintrust.dll 2010-05-26 00:35:01 98304 ----a-w- c:\windows\system32\cabview.dll 2010-05-25 23:10:34 89600 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL 2010-04-17 08:04:40 306032 ----a-w- c:\windows\WLXPGSS.SCR 2010-04-17 06:12:18 48464 ----a-w- c:\windows\system32\sirenacm.dll 2010-04-16 16:49:08 503296 ----a-w- c:\program files\common files\microsoft shared\office11\USP10.DLL 2010-02-22 20:00:36 1430360 ----a-w- c:\program files\common files\system\msmapi\1033\MSMAPI32.DLL 2009-12-14 15:31:18 97800 ----a-w- c:\windows\system32\infocardapi.dll 2009-12-14 15:31:16 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2009-12-14 15:31:14 622080 ----a-w- c:\windows\system32\icardagt.exe 2009-12-14 15:31:14 37384 ----a-w- c:\windows\system32\infocardcpl.cpl 2009-12-14 15:31:13 11264 ----a-w- c:\windows\system32\icardres.dll 2009-12-14 15:31:08 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2009-12-14 15:31:03 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll 2009-12-14 15:30:52 326160 ----a-w- c:\windows\system32\PresentationHost.exe 2009-12-14 14:57:54 96760 ----a-w- c:\windows\system32\dfshim.dll 2009-12-14 14:57:50 41984 ----a-w- c:\windows\system32\netfxperf.dll 2009-12-14 14:57:50 282112 ----a-w- c:\windows\system32\mscoree.dll 2009-12-14 14:57:33 158720 ----a-w- c:\windows\system32\mscorier.dll 2009-12-14 14:57:27 83968 ----a-w- c:\windows\system32\mscories.dll 2009-12-11 22:11:57 378368 ----a-w- c:\windows\system32\winhttp.dll 2009-12-11 22:11:28 1399296 ----a-w- c:\windows\system32\msxml6.dll 2009-12-11 22:11:27 1257472 ----a-w- c:\windows\system32\msxml3.dll 2009-12-11 22:09:19 411136 ----a-w- c:\windows\system32\drivers\http.sys 2009-12-11 22:09:18 31232 ----a-w- c:\windows\system32\httpapi.dll 2009-12-11 22:09:18 24064 ----a-w- c:\windows\system32\nshhttp.dll 2009-12-11 22:08:20 714240 ----a-w- c:\windows\system32\timedate.cpl 2009-12-11 22:07:50 281600 ----a-w- c:\windows\system32\raschap.dll 2009-12-11 22:07:50 244224 ----a-w- c:\windows\system32\rastls.dll 2009-12-11 21:38:39 222080 ------w- c:\windows\system32\MpSigStub.exe 2009-12-11 15:08:40 2421760 ----a-w- c:\windows\system32\wucltux.dll 2009-12-11 15:08:07 87552 ----a-w- c:\windows\system32\wudriver.dll 2009-12-11 15:07:49 33792 ----a-w- c:\windows\system32\wuapp.exe 2009-12-11 15:07:49 171608 ----a-w- c:\windows\system32\wuwebv.dll 2009-12-11 04:14:31 499712 ----a-w- c:\windows\system32\kerberos.dll 2009-12-11 04:14:29 270848 ----a-w- c:\windows\system32\schannel.dll 2009-11-12 07:16:06 213504 ----a-w- c:\windows\system32\msv1_0.dll 2009-11-12 07:16:05 175104 ----a-w- c:\windows\system32\wdigest.dll 2009-11-12 07:16:05 1256448 ----a-w- c:\windows\system32\lsasrv.dll 2009-11-12 07:16:02 9728 ----a-w- c:\windows\system32\lsass.exe 2009-11-12 07:16:02 72704 ----a-w- c:\windows\system32\secur32.dll 2009-11-12 07:16:02 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-11-12 07:13:38 2035712 ----a-w- c:\windows\system32\win32k.sys 2009-11-12 07:12:25 61440 ----a-w- c:\windows\system32\msasn1.dll 2009-11-12 07:11:56 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2009-11-12 07:11:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL 2009-11-12 07:11:27 351232 ----a-w- c:\windows\system32\WSDApi.dll 2009-11-12 07:10:45 310784 ----a-w- c:\windows\system32\unregmp2.exe 2009-11-12 07:10:45 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe 2009-11-12 07:10:42 168960 ----a-w- c:\program files\windows media player\wmplayer.exe 2009-11-12 07:10:41 7680 ----a-w- c:\windows\system32\spwmp.dll 2009-11-12 07:10:41 107520 ----a-w- c:\program files\windows media player\wmpshare.exe 2009-11-12 07:10:41 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe 2009-11-12 07:10:39 4096 ----a-w- c:\windows\system32\msdxm.ocx 2009-11-12 07:10:39 4096 ----a-w- c:\windows\system32\dxmasf.dll 2009-11-12 07:10:37 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-11-12 05:30:07 -------- d-----w- c:\program files\common files\Windows Live 2009-11-12 03:05:18 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-11-12 03:05:17 53248 ----a-w- c:\windows\system32\tsgqec.dll 2009-11-12 03:05:17 136192 ----a-w- c:\windows\system32\aaclient.dll 2009-11-12 03:03:25 -------- d-----w- c:\programdata\PCSettings 2009-11-12 03:02:01 -------- d-----w- c:\programdata\NortonInstaller 2009-11-12 03:00:04 104960 ----a-w- c:\windows\system32\netiohlp.dll 2009-11-12 02:59:59 17920 ----a-w- c:\windows\system32\netevent.dll 2009-11-12 02:59:47 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2009-11-12 02:59:45 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2009-11-12 02:59:43 19968 ----a-w- c:\windows\system32\ARP.EXE 2009-11-12 02:59:42 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2009-11-12 02:59:40 10240 ----a-w- c:\windows\system32\finger.exe 2009-11-12 02:59:39 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2009-11-12 02:59:38 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2009-11-12 02:56:40 -------- d-----w- c:\programdata\Norton 2009-11-12 02:48:34 513024 ----a-w- c:\windows\system32\wlansvc.dll 2009-11-12 02:48:33 302592 ----a-w- c:\windows\system32\wlansec.dll 2009-11-12 02:48:29 64512 ----a-w- c:\windows\system32\wlanapi.dll 2009-11-12 02:48:29 293376 ----a-w- c:\windows\system32\wlanmsm.dll 2009-11-12 02:48:24 68096 ----a-w- c:\windows\system32\wlanhlp.dll 2009-11-12 02:48:19 127488 ----a-w- c:\windows\system32\L2SecHC.dll 2009-11-12 02:48:01 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs 2009-11-12 01:56:36 289792 ----a-w- c:\windows\system32\atmfd.dll 2009-11-12 01:56:34 23552 ----a-w- c:\windows\system32\lpk.dll 2009-11-12 01:56:33 10240 ----a-w- c:\windows\system32\dciman32.dll 2009-11-12 01:55:54 2868224 ----a-w- c:\windows\system32\mf.dll 2009-11-12 01:55:22 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-11-12 01:55:21 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-11-12 01:54:58 160256 ----a-w- c:\windows\system32\wkssvc.dll 2009-11-12 01:54:49 71680 ----a-w- c:\windows\system32\atl.dll 2009-11-12 01:51:11 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2009-11-12 01:50:38 43520 ----a-w- c:\windows\system32\msdxm.tlb 2009-11-12 01:50:38 18432 ----a-w- c:\windows\system32\amcompat.tlb 2009-11-12 01:10:11 5492032 ----a-w- c:\programdata\microsoft\windows defender\definition updates\updates\mpengine.dll 2009-10-22 23:44:54 732488 ----a-w- c:\program files\common files\system\msmapi\1033\MSPST32.DLL 2009-10-10 06:10:46 2594632 ----a-w- c:\program files\common files\microsoft shared\vba\vba6\VBE6.DLL 2009-09-17 22:03:34 1754968 ----a-r- c:\program files\common files\microsoft shared\works shared\gdiplus.dll 2009-08-18 07:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL 2009-08-14 19:37:46 98304 ----a-w- c:\windows\system32\hpzjsn01.dll 2009-07-21 08:05:40 1348432 ----a-w- c:\windows\system32\msxml4.dll 2009-07-11 16:56:25 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2009-07-11 16:56:24 94720 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2009-07-11 16:56:24 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2009-07-11 16:56:03 296960 ----a-w- c:\windows\system32\gdi32.dll 2009-07-11 16:55:54 562176 ----a-w- c:\windows\system32\msdtcprx.dll 2009-07-11 16:55:54 38912 ----a-w- c:\windows\system32\xolehlp.dll 2009-07-11 16:54:40 636928 ----a-w- c:\windows\system32\localspl.dll 2009-07-11 16:54:07 2927104 ----a-w- c:\windows\explorer.exe 2009-07-11 16:54:03 443392 ----a-w- c:\windows\system32\win32spl.dll 2009-07-11 16:54:02 37888 ----a-w- c:\windows\system32\printcom.dll 2009-07-11 16:52:58 24064 ----a-w- c:\windows\system32\amxread.dll 2009-07-11 16:52:58 13824 ----a-w- c:\windows\system32\apilogen.dll 2009-07-11 16:52:28 996352 ----a-w- c:\windows\system32\WMNetMgr.dll 2009-07-11 16:52:27 98816 ----a-w- c:\windows\system32\mfps.dll 2009-07-11 16:52:27 94720 ----a-w- c:\windows\system32\logagent.exe 2009-07-11 16:52:27 53248 ----a-w- c:\windows\system32\rrinstaller.exe 2009-07-11 16:52:26 24576 ----a-w- c:\windows\system32\mfpmp.exe 2009-07-11 16:52:12 1645568 ----a-w- c:\windows\system32\connect.dll 2009-07-11 16:47:41 129536 ----a-w- c:\program files\internet explorer\sqmapi.dll 2009-07-11 16:47:24 72704 ----a-w- c:\windows\system32\admparse.dll 2009-07-11 16:46:42 784896 ----a-w- c:\windows\system32\rpcrt4.dll 2009-06-13 09:15:00 1661792 ----a-w- c:\program files\common files\microsoft shared\office12\OGL.DLL 2009-05-18 08:46:44 31048 ----a-w- c:\program files\common files\system\msmapi\1033\DUMPSTER.DLL 2009-05-14 13:22:38 1645320 ----a-w- c:\windows\system32\gdiplus.dll 2009-04-22 05:40:22 118616 ----a-w- c:\program files\common files\system\msmapi\1033\CONTAB32.DLL 2009-04-04 02:46:26 97640 ----a-w- c:\program files\common files\microsoft shared\office12\EXP_PDF.DLL 2009-04-04 01:59:44 79728 ----a-w- c:\program files\common files\microsoft shared\office12\1033\xlsrvintl.dll 2009-04-02 21:07:44 186240 ----a-w- c:\program files\common files\microsoft shared\office12\office setup controller\office.en-us\OSETUPUI.DLL 2009-04-02 21:07:10 6540120 ----a-w- c:\program files\common files\microsoft shared\office12\office setup controller\OSETUP.DLL 2009-04-02 21:06:52 439160 ----a-w- c:\program files\common files\microsoft shared\office12\office setup controller\SETUP.EXE 2009-04-02 21:06:42 231848 ----a-w- c:\program files\common files\microsoft shared\office12\office setup controller\ODEPLOY.EXE 2009-04-02 20:02:04 10339712 ----a-w- c:\program files\common files\microsoft shared\office12\1033\MSOINTL.DLL 2009-04-02 20:02:02 45968 ----a-w- c:\program files\common files\microsoft shared\office12\office setup controller\OSETUPPS.DLL 2009-04-02 20:02:02 14720 ----a-w- c:\program files\common files\microsoft shared\smart tag\SmartTagInstall.exe 2009-04-02 20:02:00 15760 ----a-w- c:\program files\common files\microsoft shared\office12\OPTINPS.DLL 2009-04-02 20:02:00 12616 ----a-w- c:\program files\common files\microsoft shared\office12\OFFREL.DLL 2009-04-02 20:01:58 6637936 ----a-w- c:\program files\common files\microsoft shared\office12\MSORES.DLL 2009-04-02 20:01:58 42864 ----a-w- c:\program files\common files\microsoft shared\office12\MSSH.DLL 2009-04-02 20:01:46 18816 ----a-w- c:\program files\common files\microsoft shared\office12\MSMH.DLL 2009-04-02 20:01:44 56680 ----a-w- c:\program files\common files\microsoft shared\office12\EXP_XPS.DLL 2009-04-02 20:01:44 177520 ----a-w- c:\program files\common files\microsoft shared\smart tag\IETAG.DLL 2009-03-25 01:47:14 8058192 ----a-w- c:\program files\common files\microsoft shared\web components\11\OWC11.DLL 2009-03-13 03:04:30 709976 ----a-w- c:\program files\common files\system\msmapi\1033\EMSMDB32.DLL 2009-03-06 10:47:58 575416 ----a-w- c:\program files\common files\microsoft shared\office12\ACEDAO.DLL 2009-03-06 10:47:58 47008 ----a-w- c:\program files\common files\microsoft shared\office12\ACEERR.DLL 2009-03-06 10:47:58 190400 ----a-w- c:\program files\common files\microsoft shared\office12\ACEES.DLL 2009-03-06 10:47:56 1759136 ----a-w- c:\program files\common files\microsoft shared\office12\ACECORE.DLL 2009-02-16 07:25:30 135000 ----a-w- c:\program files\common files\system\msmapi\1033\EMSUI32.DLL 2009-02-16 07:25:22 657232 ----a-w- c:\program files\common files\system\msmapi\1033\OUTEX.DLL 2009-02-16 07:25:20 282968 ----a-w- c:\program files\common files\system\msmapi\1033\PSTPRX32.DLL 2009-02-16 07:25:18 265544 ----a-w- c:\program files\common files\system\msmapi\1033\EMSABP32.DLL 2009-02-16 07:25:18 240984 ----a-w- c:\program files\common files\system\msmapi\1033\SCNPST64.DLL 2009-02-16 07:25:14 232280 ----a-w- c:\program files\common files\system\msmapi\1033\SCNPST32.DLL 2009-02-05 19:37:00 1117568 ----a-w- c:\program files\common files\microsoft shared\filters\offfiltx.dll 2009-01-22 23:47:02 117648 ----a-w- c:\program files\common files\microsoft shared\windows live\WLLoginProxy.exe 2009-01-22 23:41:30 408448 ----a-w- c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll 2009-01-22 23:40:02 95128 ----a-w- c:\program files\common files\microsoft shared\windows live\LogicalDevice.dll 2009-01-22 23:40:02 236952 ----a-w- c:\program files\common files\microsoft shared\windows live\HWDeviceLogin.dll 2009-01-22 23:40:02 1141656 ----a-w- c:\program files\common files\microsoft shared\windows live\msidcrl40.dll 2008-12-04 13:00:58 969552 ----a-r- c:\program files\common files\microsoft shared\textconv\wkcvqd01.dll 2008-12-04 13:00:58 279904 ----a-r- c:\program files\common files\microsoft shared\textconv\wkls31.dll 2008-12-04 13:00:58 162640 ----a-r- c:\program files\common files\microsoft shared\textconv\wkcvqr01.dll 2008-12-04 03:05:50 20480 ----a-w- c:\windows\system32\hpzisn12.dll 2008-12-04 03:05:46 29696 ----a-w- c:\windows\system32\hpzipt12.dll 2008-12-04 03:05:44 33792 ----a-w- c:\windows\system32\HPZipr12.dll 2008-12-04 03:05:42 53760 ----a-w- c:\windows\system32\HPZipm12.dll 2008-12-04 03:05:36 49152 ----a-w- c:\windows\system32\HPZidr12.dll 2008-12-04 03:05:32 44544 ----a-w- c:\windows\system32\HPZinw12.dll 2008-11-25 06:17:18 983944 ----a-w- c:\program files\common files\microsoft shared\web server extensions\12\bin\FPWEC.DLL 2008-11-21 08:02:30 988040 ----a-w- c:\program files\common files\microsoft shared\office12\msoshext.dll 2008-11-10 19:38:42 27000 ----a-w- c:\program files\common files\microsoft shared\euro\MSOEURO.DLL 2008-11-10 10:27:52 31592 ----a-w- c:\program files\common files\microsoft shared\filters\msgfilt.dll 2008-11-04 11:09:04 77200 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\TWSTRUCT.DLL 2008-11-04 11:09:04 532872 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\XPAGE3C.DLL 2008-11-04 11:09:04 19840 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\TWRECS.DLL 2008-11-04 11:09:04 1196944 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\XIMAGE3B.DLL 2008-11-04 11:09:02 58224 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\TWLAY32.DLL 2008-11-04 11:09:02 51576 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\TWRECE.DLL 2008-11-04 11:09:02 33656 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\TWRECC.DLL 2008-11-04 11:09:02 27520 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\TWORIENT.DLL 2008-11-04 11:09:00 87928 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\TWCUTLIN.DLL 2008-11-04 11:09:00 127360 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\TWCUTCHR.DLL 2008-11-04 11:08:58 77208 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\PSOM.DLL 2008-11-04 11:08:58 76152 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\FORM.DLL 2008-11-04 11:08:58 30032 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\THOCRAPI.DLL 2008-11-04 11:08:58 20360 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\BINDER.DLL 2008-11-04 11:08:58 19840 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\REVERSE.DLL 2008-11-04 09:44:24 814464 ----a-w- c:\program files\common files\microsoft shared\dw\DW20.EXE 2008-11-04 09:44:24 435096 ----a-w- c:\program files\common files\microsoft shared\dw\DWTRIG20.EXE 2008-11-04 09:06:30 2872688 ----a-w- c:\program files\common files\microsoft shared\office12\OFFDIAG.EXE 2008-11-04 09:06:28 441712 ----a-w- c:\program files\common files\microsoft shared\office12\ODSERV.EXE 2008-11-04 07:39:44 179128 ----a-w- c:\program files\common files\microsoft shared\office12\1033\ACEINTL.DLL 2008-10-26 13:42:18 16216 ----a-w- c:\program files\common files\microsoft shared\portal\1033\PortalConnect.dll 2008-10-26 13:42:16 482656 ----a-w- c:\program files\common files\microsoft shared\portal\PortalConnectCore.dll 2008-10-25 17:27:54 44408 ----a-w- c:\program files\common files\microsoft shared\office12\MSOXMLMF.DLL 2008-10-25 14:38:38 145224 ----a-w- c:\program files\common files\microsoft shared\office12\1033\ALRTINTL.DLL 2008-10-25 14:18:52 89464 ----a-w- c:\program files\common files\microsoft shared\smart tag\METCONV.DLL 2008-10-25 13:31:28 15224 ----a-w- c:\program files\common files\microsoft shared\office12\ACEODTXT.DLL 2008-10-25 13:31:28 15224 ----a-w- c:\program files\common files\microsoft shared\office12\ACEODPDX.DLL 2008-10-25 13:31:28 15224 ----a-w- c:\program files\common files\microsoft shared\office12\ACEODEXL.DLL 2008-10-25 13:31:28 15224 ----a-w- c:\program files\common files\microsoft shared\office12\ACEODDBS.DLL 2008-10-25 11:38:36 1682800 ----a-w- c:\program files\common files\microsoft shared\web server extensions\12\bin\FPSRVUTL.DLL 2008-10-25 06:50:52 436584 ----a-w- c:\program files\common files\microsoft shared\msorun\MSORUN.DLL 2008-10-25 06:21:26 505192 ----a-w- c:\program files\common files\microsoft shared\office12\MSSOAP30.DLL 2008-09-22 01:27:08 1541120 ----a-w- c:\windows\system32\onex.dll 2008-09-22 01:27:06 2623488 ----a-w- c:\windows\system32\SLsvc.exe 2008-09-22 01:27:03 2730536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\default\MpEngine.dll 2008-09-22 01:25:55 889344 ----a-w- c:\windows\system32\RacEngn.dll 2008-09-22 01:24:59 393216 ----a-w- c:\windows\system32\MPSSVC.dll 2008-09-22 01:23:59 80384 ----a-w- c:\windows\system32\thumbcache.dll 2008-09-22 01:22:58 172032 ----a-w- c:\windows\system32\scrrun.dll 2008-09-22 01:21:59 320512 ----a-w- c:\windows\system32\imapi2.dll 2008-09-22 01:20:59 215040 ----a-w- c:\windows\system32\oleacc.dll 2008-09-22 01:19:59 179200 ----a-w- c:\windows\system32\els.dll 2008-09-22 01:18:59 57344 ----a-w- c:\windows\system32\samlib.dll 2008-09-22 01:17:56 23552 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2008-09-22 01:16:59 95232 ----a-w- c:\windows\system32\migisol.dll 2008-09-22 01:15:59 47616 ----a-w- c:\windows\system32\drivers\ipfltdrv.sys 2008-09-22 01:14:58 25088 ----a-w- c:\windows\system32\drivers\vga.sys 2008-09-22 01:12:48 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll 2008-09-22 01:12:48 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll 2008-09-22 01:12:48 263168 ----a-w- c:\windows\system32\wbem\esscli.dll 2008-09-22 01:12:48 191488 ----a-w- c:\windows\system32\wbem\mofd.dll 2008-09-22 01:12:48 102400 ----a-w- c:\windows\system32\wbem\mofinstall.dll 2008-09-22 01:12:47 742912 ----a-w- c:\windows\system32\wbem\wbemcore.dll 2008-09-22 01:12:47 357888 ----a-w- c:\windows\system32\wbemcomn.dll 2008-09-22 01:12:46 264704 ----a-w- c:\windows\system32\wbem\repdrvfs.dll 2008-09-22 01:12:37 704512 ----a-w- c:\windows\system32\SmiEngine.dll 2008-09-22 01:12:37 139264 ----a-w- c:\windows\system32\SmiInstaller.dll 2008-09-22 01:12:28 218624 ----a-w- c:\windows\system32\wdscore.dll 2008-09-22 01:12:28 130560 ----a-w- c:\windows\system32\PkgMgr.exe 2008-09-22 01:11:40 246784 ----a-w- c:\windows\system32\drvstore.dll 2008-09-22 01:11:36 258560 ----a-w- c:\windows\system32\dpx.dll 2008-09-22 01:11:34 35328 ----a-w- c:\windows\system32\mspatcha.dll 2008-09-22 01:11:31 305152 ----a-w- c:\windows\system32\msdelta.dll 2008-09-17 23:29:12 20040 ----a-w- c:\programdata\microsoft\identitycrl\production\ppcrlconfig.dll 2008-09-10 06:50:12 303616 ----a-w- c:\windows\system32\wmpeffects.dll 2008-09-02 10:27:15 454656 ----a-w- c:\program files\common files\system\msadc\msadce.dll 2008-09-02 05:53:52 269312 ----a-w- c:\windows\system32\es.dll 2008-09-02 05:50:25 738304 ----a-w- c:\windows\system32\inetcomm.dll 2008-09-01 07:21:59 2599936 ----a-w- c:\windows\system32\NlsData0001.dll 2008-09-01 07:21:57 4495360 ----a-w- c:\windows\system32\NlsData0816.dll 2008-09-01 07:21:57 4495360 ----a-w- c:\windows\system32\NlsData001d.dll 2008-09-01 07:21:56 4495360 ----a-w- c:\windows\system32\NlsData0414.dll 2008-09-01 07:21:55 4497408 ----a-w- c:\windows\system32\NlsData0019.dll 2008-09-01 07:21:55 4495360 ----a-w- c:\windows\system32\NlsData0416.dll 2008-09-01 07:21:55 4495360 ----a-w- c:\windows\system32\NlsData0010.dll 2008-09-01 07:21:54 1523712 ----a-w- c:\windows\system32\NlsData0000.dll 2008-09-01 07:14:41 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL 2008-09-01 07:14:41 272896 ----a-w- c:\windows\system32\polstore.dll 2008-09-01 07:14:40 61440 ----a-w- c:\windows\system32\winipsec.dll 2008-09-01 07:14:40 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll 2008-09-01 06:22:33 20040 ----a-w- c:\users\evmerch\appdata\roaming\microsoft\identitycrl\production\ppcrlconfig.dll 2008-09-01 04:39:34 1425912 ----a-w- c:\program files\common files\microsoft shared\office11\MSXML5.DLL 2008-08-26 06:50:22 155648 ----a-w- c:\program files\common files\microsoft shared\vba\vba6\1033\VBE6INTL.DLL 2008-06-16 16:55:51 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys 2008-06-16 16:55:50 14848 ----a-w- c:\windows\system32\wshrm.dll 2008-06-16 04:23:23 1695744 ----a-w- c:\windows\system32\gameux.dll 2008-06-07 18:57:06 6656 ----a-w- c:\windows\system32\kbd106n.dll 2008-06-07 18:57:05 988216 ----a-w- c:\windows\system32\winload.exe 2008-06-07 18:57:05 927288 ----a-w- c:\windows\system32\winresume.exe 2008-06-07 18:57:05 40960 ----a-w- c:\windows\system32\srclient.dll 2008-06-07 18:57:05 318464 ----a-w- c:\windows\system32\rstrui.exe 2008-06-07 18:57:04 378368 ----a-w- c:\windows\system32\srcore.dll 2008-06-07 18:57:04 19000 ----a-w- c:\windows\system32\kd1394.dll 2008-06-07 18:57:04 14848 ----a-w- c:\windows\system32\srdelayed.exe 2008-06-07 18:57:03 615992 ----a-w- c:\windows\system32\ci.dll 2008-06-07 18:57:03 46592 ----a-w- c:\windows\system32\setbcdlocale.dll 2008-05-26 22:28:47 -------- d-----w- c:\users\evmerch\appdata\local\Microsoft Help 2008-04-04 22:55:13 21064 ----a-w- c:\users\evmerch\appdata\roaming\microsoft\identitycrl\prod\ppcrlconfig.dll 2008-03-05 04:45:04 7680 ----a-w- c:\windows\system32\hpboidps.dll 2008-03-05 04:45:00 25600 ----a-w- c:\windows\system32\hpboid.dll 2008-03-05 04:44:58 39936 ----a-w- c:\windows\system32\hpbpro.dll 2008-03-05 04:44:52 24576 ----a-w- c:\windows\system32\hpbmiapi.dll 2008-03-05 04:44:50 7680 ----a-w- c:\windows\system32\hpbprops.dll 2008-02-08 23:28:01 8704 ----a-w- c:\windows\system32\hccoin.dll 2008-02-08 23:28:01 15872 ----a-w- c:\windows\system32\hcrstco.dll 2007-11-20 03:42:20 54280 ----a-w- c:\program files\common files\system\msmapi\1033\SCANOST.EXE 2007-11-20 03:38:20 109064 ----a-w- c:\program files\common files\system\msmapi\1033\EMABLT32.DLL 2007-11-06 00:18:52 781312 ----a-w- c:\program files\common files\system\msmapi\1033\MAPIR.DLL 2007-09-20 00:26:19 -------- d-sh--w- C:\found.000 2007-08-23 08:07:20 6040432 ----a-w- c:\program files\common files\system\ole db\msmgdsrv.dll 2007-08-23 08:07:20 4298096 ----a-w- c:\program files\common files\system\ole db\msolap90.dll 2007-08-23 08:07:20 276336 ----a-w- c:\program files\common files\system\ole db\msolui90.dll 2007-08-23 08:07:20 15926640 ----a-w- c:\program files\common files\system\ole db\msmdlocal.dll 2007-06-27 23:01:35 70144 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNBPP3.DLL 2007-06-18 18:17:19 -------- d-----w- c:\users\evmerch\appdata\local\Microsoft Games 2007-06-14 22:43:14 14728 ----a-w- c:\program files\common files\microsoft shared\modi\11.0\1033\MSPFLTRS.DLL 2007-05-31 20:50:10 1168736 ----a-w- c:\program files\common files\microsoft shared\web server extensions\60\bin\FPSRVUTL.DLL 2007-05-11 22:16:01 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2007-05-04 18:02:10 -------- d-----w- c:\users\evmerch\appdata\local\WindowsUpdate 2007-05-03 15:14:50 -------- d-----w- c:\windows\BBSTORE 2007-05-03 15:13:06 212480 ----a-w- c:\windows\system32\PCDLIB32.DLL 2007-05-03 15:12:46 -------- d-----w- C:\FTW 2007-05-02 03:53:21 90112 ----a-w- c:\windows\system32\lfjbg13n.dll 2007-05-02 03:53:21 73728 ----a-w- c:\windows\system32\lffax13n.dll 2007-05-02 03:53:21 1693696 ----a-w- c:\windows\system32\ltclr13n.dll 2007-05-02 03:53:21 142848 ----a-w- c:\windows\system32\lftif13n.dll 2007-05-02 03:53:20 453120 ----a-w- c:\windows\system32\ltkrn13n.dll 2007-05-02 03:53:20 445440 ----a-w- c:\windows\system32\ltimg13n.dll 2007-05-02 03:53:20 388608 ----a-w- c:\windows\system32\lfcmp13n.dll 2007-05-02 03:53:20 265216 ----a-w- c:\windows\system32\ltdis13n.dll 2007-05-02 03:53:20 246272 ----a-w- c:\windows\system32\lfj2k13n.dll 2007-05-02 03:53:20 206848 ----a-w- c:\windows\system32\ltefx13n.dll 2007-05-02 03:53:20 189976 ----a-w- c:\windows\system32\mfimgvwr.ocx 2007-05-02 03:53:20 154112 ----a-w- c:\windows\system32\ltfil13n.dll 2007-05-02 03:52:45 -------- d-----w- c:\program files\MFInstall 2007-04-30 22:11:38 89440 ----a-w- c:\program files\common files\microsoft shared\web server extensions\60\bin\FPENCODE.DLL 2007-04-24 17:33:00 114688 ----a-w- c:\windows\system32\hplbdchn.dll 2007-04-22 22:53:23 28552 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll 2007-04-22 22:53:22 28040 ----a-w- c:\windows\system32\mdimon.dll 2007-04-22 22:48:38 -------- d-----w- c:\program files\Microsoft ActiveSync 2007-04-21 16:11:11 -------- d-----w- c:\users\evmerch\appdata\roaming\MSNInstaller 2007-04-20 21:53:07 -------- d-----w- c:\program files\Skype 2007-04-20 14:07:36 -------- d-----w- c:\users\evmerch\appdata\local\Adobe 2007-04-19 21:55:16 148312 ----a-w- c:\program files\common files\microsoft shared\web components\11\ATP.DLL 2007-04-19 21:16:14 807256 ----a-w- c:\program files\common files\microsoft shared\web server extensions\60\bin\FPWEC.DLL 2007-04-19 21:10:34 126304 ----a-w- c:\program files\common files\microsoft shared\msinfo\OINFOP11.EXE 2007-04-19 21:01:52 238424 ----a-w- c:\program files\common files\microsoft shared\msclientdatamgr\MSCDM.DLL 2007-04-19 20:57:40 46432 ----a-w- c:\program files\common files\microsoft shared\office11\MSOXMLMF.DLL 2007-04-19 20:55:16 53088 ----a-w- c:\program files\common files\microsoft shared\web components\11\DFUICOM.EXE 2007-04-10 10:07:58 -------- d-----w- c:\program files\MSXML 4.0 2007-04-10 10:07:55 -------- d-----w- C:\968966e2433c6ecf66c1a216ee4751 2007-04-09 23:06:54 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll 2007-04-09 21:26:16 -------- d-----w- C:\TASBS 2007-04-09 20:24:06 1025416 ----a-w- c:\program files\common files\microsoft shared\modi\11.0\MSPCORE.DLL 2007-04-09 20:24:04 758664 ----a-w- c:\program files\common files\microsoft shared\modi\11.0\drivers\MDIGRAPH.DLL 2007-04-09 20:24:04 453512 ----a-w- c:\program files\common files\microsoft shared\modi\11.0\MDIVWCTL.DLL 2007-04-09 20:24:00 367496 ----a-w- c:\program files\common files\microsoft shared\modi\11.0\MSPVIEW.EXE 2007-04-09 20:23:58 46472 ----a-w- c:\program files\common files\microsoft shared\modi\11.0\drivers\MDIUI.DLL 2007-04-09 20:23:58 231816 ----a-w- c:\program files\common files\microsoft shared\modi\11.0\MDIINK.DLL 2007-04-09 20:23:54 28552 ----a-w- c:\program files\common files\microsoft shared\modi\11.0\drivers\MDIPPR.DLL 2007-04-09 20:23:54 28040 ----a-w- c:\program files\common files\microsoft shared\modi\11.0\drivers\MDIMON.DLL 2007-04-09 20:23:52 25992 ----a-w- c:\program files\common files\microsoft shared\modi\11.0\MSPGIMME.DLL 2007-03-25 20:47:06 -------- d-----w- c:\users\evmerch\appdata\local\Hewlett-Packard 2007-03-25 20:45:43 -------- d-----w- c:\users\evmerch\appdata\local\QuickPlay 2007-03-25 20:42:02 -------- d-----w- c:\users\evmerch\appdata\local\VirtualStore 2007-03-23 02:31:06 151904 ----a-w- c:\program files\common files\microsoft shared\office11\1033\ALRTINTL.DLL 2007-03-23 02:29:32 44888 ----a-w- c:\program files\common files\microsoft shared\office11\MSSH.DLL 2007-03-23 02:29:28 43360 ----a-w- c:\program files\common files\microsoft shared\dw\DWDCW20.DLL 2007-03-23 02:29:16 20824 ----a-w- c:\program files\common files\microsoft shared\office11\MSMH.DLL 2007-03-23 02:29:14 1753952 ----a-w- c:\program files\common files\microsoft shared\office11\1033\MSOINTL.DLL 2007-03-23 02:25:54 124248 ----a-w- c:\program files\common files\microsoft shared\office11\UCS20.DLL 2007-03-23 02:23:30 19296 ----a-w- c:\program files\common files\microsoft shared\msinfo\OINFOS11.DLL 2007-03-23 02:16:52 542048 ----a-w- c:\program files\common files\microsoft shared\web components\11\1033\OWCI11.DLL 2007-03-23 02:13:38 58720 ----a-w- c:\program files\common files\microsoft shared\office11\MSOXMLED.EXE 2007-03-23 02:13:38 45408 ----a-w- c:\program files\common files\microsoft shared\office11\MSOXEV.DLL 2007-03-23 02:08:14 149856 ----a-w- c:\program files\common files\system\msmapi\1033\CNFNOT32.EXE 2007-03-23 02:07:14 45920 ----a-w- c:\program files\common files\system\msmapi\1033\SCANPST.EXE 2007-03-23 02:06:34 15712 ----a-w- c:\program files\common files\system\msmapi\1033\BJABLR32.DLL 2007-03-23 02:05:32 60256 ----a-w- c:\program files\common files\microsoft shared\office11\1033\LCCWIZ.DLL 2007-03-07 06:16:58 -------- d-----w- c:\users\evmerch\appdata\roaming\Printer Info Cache 2007-03-07 04:27:46 60872 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{54c1bdb4-cd1d-47bc-a102-44c47b1d0c2a}\offreg.dll 2007-03-07 04:02:45 740840 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll 2007-03-07 04:02:29 740840 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e3511d41-be12-4218-a0ca-1ce94f1e8e31}\gapaengine.dll 2007-03-07 03:43:51 6954968 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{54c1bdb4-cd1d-47bc-a102-44c47b1d0c2a}\mpengine.dll 2007-03-07 03:18:02 -------- d-----w- c:\program files\Microsoft Security Client 2007-03-07 03:17:22 98184 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2007-03-07 03:17:22 902024 ----a-w- c:\windows\system32\drivers\tcpip.sys 2007-03-07 03:17:22 595456 ----a-w- c:\windows\system32\FWPUCLNT.DLL 2007-03-07 03:17:22 438272 ----a-w- c:\windows\system32\IKEEXT.DLL 2007-03-07 03:17:22 220040 ----a-w- c:\windows\system32\drivers\netio.sys 2007-03-07 03:17:21 328704 ----a-w- c:\windows\system32\BFE.DLL 2007-03-05 16:47:16 243200 ----a-w- c:\program files\common files\microsoft shared\modi\11.0\1033\MSPLCRES.DLL 2007-02-14 05:47:51 -------- d-----w- c:\users\evmerch\appdata\roaming\Malwarebytes 2007-02-14 05:47:43 -------- d-----w- c:\programdata\Malwarebytes . ==================== Find3M ==================== . 2010-03-09 16:28:40 833024 ----a-w- c:\windows\system32\wininet.dll 2010-03-09 16:25:21 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-03-09 14:31:52 389632 ----a-w- c:\windows\system32\html.iec 2010-03-09 14:01:47 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2010-03-09 14:01:01 1383424 ----a-w- c:\windows\system32\mshtml.tlb 2010-01-25 12:48:34 472576 ----a-w- c:\windows\system32\secproc_isv.dll 2010-01-25 12:48:34 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2010-01-25 12:48:34 151040 ----a-w- c:\windows\system32\secproc_ssp.dll 2010-01-25 12:48:06 472064 ----a-w- c:\windows\system32\secproc.dll 2010-01-25 12:45:56 329216 ----a-w- c:\windows\system32\msdrm.dll 2010-01-25 08:35:01 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2010-01-25 08:35:00 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe 2010-01-25 08:34:56 511488 ----a-w- c:\windows\system32\RMActivate.exe 2010-01-25 08:34:56 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2009-12-28 12:35:50 11776 ----a-w- c:\windows\system32\tsbyuv.dll 2009-12-28 12:35:00 1314816 ----a-w- c:\windows\system32\quartz.dll 2009-12-28 12:32:34 22528 ----a-w- c:\windows\system32\msyuv.dll 2009-12-28 12:32:32 31744 ----a-w- c:\windows\system32\msvidc32.dll 2009-12-28 12:32:32 123904 ----a-w- c:\windows\system32\msvfw32.dll 2009-12-28 12:32:25 13312 ----a-w- c:\windows\system32\msrle32.dll 2009-12-28 12:31:22 82944 ----a-w- c:\windows\system32\mciavi32.dll 2009-12-28 12:31:01 50176 ----a-w- c:\windows\system32\iyuv_32.dll 2009-12-28 12:28:43 91136 ----a-w- c:\windows\system32\avifil32.dll 2009-12-28 12:28:43 65024 ----a-w- c:\windows\system32\avicap32.dll 2009-11-03 22:18:45 36864 ----a-w- c:\windows\system32\drivers\en-us\http.sys.mui 2009-08-28 12:39:00 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll 2009-08-28 12:38:58 541696 ----a-w- c:\windows\apppatch\AcLayers.dll 2009-08-28 12:38:58 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2009-08-28 12:38:58 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll 2009-06-09 08:43:14 122880 ----a-w- c:\windows\system32\hpf3l092.dll 2009-06-09 08:43:12 316928 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpfpp092.dll 2009-05-26 17:32:37 716288 ----a-w- c:\windows\system32\hpwwiax9.dll 2009-05-26 17:32:37 593920 ----a-w- c:\windows\system32\hpwtscl5.dll 2009-05-26 17:32:37 315392 ----a-w- c:\windows\system32\hpwvst01.dll 2009-05-18 21:49:50 372736 ----a-w- c:\windows\system32\hppldcoi.dll 2009-03-17 03:38:46 40960 ----a-w- c:\windows\apppatch\apihex86.dll 2009-03-03 04:40:16 499200 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll 2009-03-03 04:40:16 129024 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll 2009-03-03 04:39:36 183296 ----a-w- c:\windows\system32\sdohlp.dll 2009-03-03 04:39:32 551424 ----a-w- c:\windows\system32\rpcss.dll 2009-03-03 04:39:22 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll 2009-03-03 04:37:11 98304 ----a-w- c:\windows\system32\iasrecst.dll 2009-03-03 04:37:11 54784 ----a-w- c:\windows\system32\iasads.dll 2009-03-03 04:37:11 44032 ----a-w- c:\windows\system32\iasdatastore.dll 2009-03-03 04:36:24 615424 ----a-w- c:\windows\system32\wbem\fastprox.dll 2009-03-03 03:04:59 666624 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe 2009-03-03 02:38:13 17408 ----a-w- c:\windows\system32\iashost.exe 2009-03-03 02:16:04 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe 2008-11-10 19:41:34 32656 ----a-w- c:\windows\system32\msonpmon.dll 2008-11-01 03:44:36 52736 ----a-w- c:\windows\apppatch\iebrshim.dll 2008-08-28 03:40:09 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2008-08-28 03:37:46 712704 ----a-w- c:\windows\system32\WindowsCodecs.dll 2008-08-28 03:37:46 347648 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2008-06-26 03:29:06 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll 2008-06-26 01:45:55 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll 2008-06-26 01:45:43 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll 2008-06-16 04:23:41 2560 ----a-w- c:\windows\apppatch\AcRes.dll 2008-01-30 23:36:06 90112 ----a-w- c:\windows\unvise32.exe 2008-01-19 07:44:42 20480 ----a-w- c:\windows\system32\drivers\en-us\mpio.sys.mui 2008-01-19 07:43:40 1081912 ----a-w- c:\windows\system32\drivers\ntfs.sys 2008-01-19 07:43:31 529464 ----a-w- c:\windows\system32\drivers\ndis.sys 2008-01-19 07:43:27 503864 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2008-01-19 07:43:14 376376 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll 2008-01-19 07:43:13 127544 ----a-w- c:\windows\system32\drivers\Classpnp.sys 2008-01-19 07:43:12 123960 ----a-w- c:\windows\system32\drivers\Storport.sys 2008-01-19 07:43:06 110136 ----a-w- c:\windows\system32\drivers\ataport.sys 2008-01-19 07:43:03 294456 ----a-w- c:\windows\system32\drivers\volmgrx.sys 2008-01-19 07:43:03 266808 ----a-w- c:\windows\system32\drivers\acpi.sys 2008-01-19 07:41:59 35896 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2008-01-19 07:40:25 16896 ----a-w- c:\windows\system32\drivers\en-us\E1G60I32.sys.mui 2008-01-19 07:38:45 103936 ----a-w- c:\windows\system32\NAPHLPR.DLL 2008-01-19 07:38:44 46080 ----a-w- c:\windows\system32\NAPCRYPT.DLL 2008-01-19 07:38:14 1203792 ----a-w- c:\windows\system32\ntdll.dll 2008-01-19 07:38:11 4595712 ----a-w- c:\windows\system32\AuthFWSnapin.dll 2008-01-19 07:38:03 242744 ----a-w- c:\windows\system32\rsaenh.dll 2008-01-19 07:38:02 155704 ----a-w- c:\windows\system32\dssenh.dll 2008-01-19 07:38:02 131640 ----a-w- c:\windows\system32\basecsp.dll 2008-01-19 07:36:59 161792 ----a-w- c:\windows\system32\wbem\WMIsvc.dll 2008-01-19 07:35:59 296960 ----a-w- c:\windows\system32\ntshrui.dll 2008-01-19 07:34:58 344064 ----a-w- c:\windows\system32\msexcl40.dll 2008-01-19 07:33:59 593408 ----a-w- c:\windows\system32\comuid.dll 2008-01-19 07:32:59 704512 ----a-w- c:\windows\system32\PhotoScreensaver.scr 2008-01-19 07:31:43 7680 ----a-w- c:\windows\system32\spwizres.dll 2008-01-19 07:31:30 57856 ----a-w- c:\windows\system32\nlsbres.dll 2008-01-19 07:31:18 118272 ----a-w- c:\windows\system32\RDPENCDD.dll 2008-01-19 07:30:20 5120 ----a-w- c:\windows\system32\drivers\en-us\b57nd60x.sys.mui 2008-01-19 07:30:05 6656 ----a-w- c:\windows\system32\drivers\en-us\luafv.sys.mui 2008-01-19 07:29:57 58880 ----a-w- c:\windows\system32\msobjs.dll 2008-01-19 07:29:25 125952 ----a-w- c:\windows\system32\tintlgnt.ime 2008-01-19 07:29:24 89088 ----a-w- c:\windows\system32\pintlgnt.ime 2008-01-19 07:29:24 124928 ----a-w- c:\windows\system32\quick.ime 2008-01-19 07:29:24 124928 ----a-w- c:\windows\system32\qintlgnt.ime 2008-01-19 07:29:24 124928 ----a-w- c:\windows\system32\phon.ime 2008-01-19 07:29:23 413184 ----a-w- c:\windows\system32\imkr80.ime 2008-01-19 07:29:21 882176 ----a-w- c:\windows\system32\IMJP10.IME 2008-01-19 07:29:21 124928 ----a-w- c:\windows\system32\cintlgnt.ime 2008-01-19 07:29:19 124928 ----a-w- c:\windows\system32\chajei.ime 2008-01-19 07:29:08 705536 ----a-w- c:\windows\system32\imagesp1.dll . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Home Basic Boot Device: \Device\HarddiskVolume1 Install Date: 3/25/2007 9:19:48 PM System Uptime: 3/7/2007 10:58:40 PM (1 hours ago) . Motherboard: Hewlett-Packard | | 30C6 Processor: Intel® Celeron® M CPU 430 @ 1.73GHz | U1 | 1729/mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 69 GiB total, 43.933 GiB free. D: is FIXED (NTFS) - 6 GiB total, 1.047 GiB free. E: is CDROM () F: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 32 Bit HP CIO Components Installer 4500_G510nz_Help 4500G510nz 4500G510nz_Software_Min Activation Assistant for the 2007 Microsoft Office suites Adobe Flash Player ActiveX Adobe Reader 8.1.0 ASL_HS_Installer32 AutoUpdate BufferChm Compaq Connections (remove only) Conexant HD Audio D5100 D5100_Help Destinations DeviceDiscovery DeviceManagementQFolder DivX DocMgr DocProc Fax GPBaseService2 HDAUDIO Soft Data Fax Modem with SmartCP Hewlett-Packard Active Check for Health Check Hewlett-Packard Asset Agent for Health Check Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Active Support Library HP Customer Experience Enhancements HP Customer Participation Program 13.0 HP Deskjet & Photosmart Printer Driver Software 8.0.A HP Document Manager 2.0 HP DVD Play 3.0 HP Easy Setup - Core HP Easy Setup - Frontend HP Help and Support HP Imaging Device Functions 13.0 HP Officejet 4500 G510n-z HP Photosmart Essential HP Quick Launch Buttons 6.10 B9 HP Smart Web Printing 4.5 HP Solution Center 13.0 HP Total Care Advisor HP Update HP User Guide 0039 HP Wireless Assistant HPNetworkAssistant HPProductAssistant HPSSupply Intel® Graphics Media Accelerator Driver Java SE Runtime Environment 6 Junk Mail filter update MarketResearch Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Standard Edition 2003 Microsoft Office Word MUI (English) 2007 Microsoft Search Enhancement Pack Microsoft Security Client Microsoft Security Essentials Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Works MSN MSVCRT MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) muvee autoProducer 5.0 Network Nolo eForm Will OCR Software by I.R.I.S. 13.0 Roxio Creator Audio Roxio Creator Basic v9 Roxio Creator Copy Roxio Creator Data Roxio Creator EasyArchive Roxio Creator Tools Roxio Express Labeler 3 Roxio MyDVD Basic v9 Scan Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB2553089) Security Update for 2007 Microsoft Office System (KB2553090) Security Update for 2007 Microsoft Office System (KB2584063) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for CAPICOM (KB931906) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) SF_CDA_ProductContext SF_CDA_Software Shop for HP Supplies Skype 3.1 Skype Plugin Manager SmartWebPrinting SolutionCenter Sonic Activation Module Status Synaptics Pointing Device Driver Toolbox TrayApp UnloadSupport Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 System (KB2539530) Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) WebReg Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live OneCare safety scanner Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Toolbar Windows Live Upload Tool . ==== Event Viewer Messages From Past Week ======== . 11/12/2009 9:55:49 AM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/12/2009 9:55:48 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect. 11/12/2009 8:23:51 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 11/12/2009 10:02:05 AM, Error: EventLog [6008] - The previous system shutdown at 9:59:13 AM on 11/12/2009 was unexpected. 11/11/2009 9:16:21 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 11/11/2009 9:12:46 PM, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting. . ==== End Of File =========================== 2008-01-19 07:28:15 7168 ----a-w- c:\windows\system32\f3ahvoas.dll 2008-01-19 07:26:52 36864 ----a-w- c:\windows\system32\cdd.dll . ============= FINISH: 23:26:06.39 ===============
  2. AlanBuck
    Thank you very much. I have sent you a $50.00 donation. Let me know when you get it if it's not too much trouble. For all your help I want to make sure you receive the donation. I may look into taking the training. Alan
  3. AlanBuck
    I'm no longer getting that obnoxious toolbar in any of the browsers (IE, Chrome and Firefox). When I got Avira finding the crypt.XPACK.gen7 trojan I got worried because this is my main computer for doing everything including my online banking. I sure didn't want some bad guys getting my passwords with a keylogger. So if it looks good to you then I'm satisfied. If I may ask, How did you learn to do this type of volunteer work? Alan
  4. AlanBuck
    Here is the AdwCleaner log followed by the SecurityCheck log: # AdwCleaner v2.113 - Logfile created 03/02/2013 at 05:44:21 # Updated 23/02/2013 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (64 bits) # User : Alan - Windows-7-Pro # Boot Mode : Normal # Running from : C:\Users\Alan\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\END File Deleted : C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage File Deleted : C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Users\Alan\AppData\Local\Conduit Folder Deleted : C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kheelobnibmchifldedamogdmhemfjio Folder Deleted : C:\Users\Alan\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Alan\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Alan\AppData\Roaming\OpenCandy ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\AskBarDis Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\AskBarDis Key Deleted : HKCU\Software\Google\Chrome\Extensions\kheelobnibmchifldedamogdmhemfjio Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2998365 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kheelobnibmchifldedamogdmhemfjio Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3041D03E-FD4B-44E0-B742-2D9B88305F98}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Mozilla Firefox v19.0 (en-US) File : C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\3lc5p8po.default\prefs.js [OK] File is clean. -\\ Google Chrome v25.0.1364.97 File : C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [2499 octets] - [01/03/2013 19:53:53] AdwCleaner[s1].txt - [321 octets] - [02/03/2013 05:40:26] AdwCleaner[s2].txt - [2535 octets] - [02/03/2013 05:44:21] ########## EOF - C:\AdwCleaner[s2].txt - [2595 octets] ########## Results of screen317's Security Check version 0.99.60 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Out of date HijackThis installed! Malwarebytes Anti-Malware version 1.70.0.1100 HijackThis 2.0.2 Java 7 Update 15 Adobe Flash Player 11.6.602.171 Mozilla Firefox (19.0) Google Chrome 24.0.1312.57 Google Chrome 25.0.1364.97 Google Chrome plugins... ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````
  5. AlanBuck
    It must have been in the clipboard. Here is the log: # AdwCleaner v2.113 - Logfile created 03/01/2013 at 19:53:53 # Updated 23/02/2013 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (64 bits) # User : Alan - Windows-7-Pro # Boot Mode : Normal # Running from : C:\Users\Alan\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\END File Found : C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage File Found : C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal Folder Found : C:\Program Files (x86)\Conduit Folder Found : C:\Users\Alan\AppData\Local\Conduit Folder Found : C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kheelobnibmchifldedamogdmhemfjio Folder Found : C:\Users\Alan\AppData\LocalLow\Conduit Folder Found : C:\Users\Alan\AppData\LocalLow\PriceGong Folder Found : C:\Users\Alan\AppData\Roaming\OpenCandy ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\AskBarDis Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Found : HKCU\Software\AppDataLow\Software\PriceGong Key Found : HKCU\Software\AppDataLow\Software\SmartBar Key Found : HKCU\Software\AskBarDis Key Found : HKCU\Software\Google\Chrome\Extensions\kheelobnibmchifldedamogdmhemfjio Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2998365 Key Found : HKLM\Software\Conduit Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179} Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kheelobnibmchifldedamogdmhemfjio Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3041D03E-FD4B-44E0-B742-2D9B88305F98}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Mozilla Firefox v19.0 (en-US) File : C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\3lc5p8po.default\prefs.js [OK] File is clean. -\\ Google Chrome v25.0.1364.97 File : C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [2370 octets] - [01/03/2013 19:53:53] ########## EOF - C:\AdwCleaner[R1].txt - [2430 octets] ##########
  6. AlanBuck
    Here is the AdwCleaner log: ComboFix 13-03-01.01 - Alan 03/01/2013 16:39:09.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.7934.5503 [GMT -8:00] Running from: c:\users\Alan\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Autorun.inf c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk c:\users\Alan\AppData\Local\assembly\tmp c:\users\Alan\g2mdlhlpx.exe c:\windows\SysWow64\html c:\windows\SysWow64\html\calendar.html c:\windows\SysWow64\html\calendarbottom.html c:\windows\SysWow64\html\calendartop.html c:\windows\SysWow64\html\crystalexportdialog.htm c:\windows\SysWow64\html\crystalprinthost.html c:\windows\SysWow64\images c:\windows\SysWow64\images\toolbar\calendar.gif c:\windows\SysWow64\images\toolbar\crlogo.gif c:\windows\SysWow64\images\toolbar\export.gif c:\windows\SysWow64\images\toolbar\export_over.gif c:\windows\SysWow64\images\toolbar\exportd.gif c:\windows\SysWow64\images\toolbar\First.gif c:\windows\SysWow64\images\toolbar\first_over.gif c:\windows\SysWow64\images\toolbar\Firstd.gif c:\windows\SysWow64\images\toolbar\gotopage.gif c:\windows\SysWow64\images\toolbar\gotopage_over.gif c:\windows\SysWow64\images\toolbar\gotopaged.gif c:\windows\SysWow64\images\toolbar\grouptree.gif c:\windows\SysWow64\images\toolbar\grouptree_over.gif c:\windows\SysWow64\images\toolbar\grouptreed.gif c:\windows\SysWow64\images\toolbar\grouptreepressed.gif c:\windows\SysWow64\images\toolbar\Last.gif c:\windows\SysWow64\images\toolbar\last_over.gif c:\windows\SysWow64\images\toolbar\Lastd.gif c:\windows\SysWow64\images\toolbar\Next.gif c:\windows\SysWow64\images\toolbar\next_over.gif c:\windows\SysWow64\images\toolbar\Nextd.gif c:\windows\SysWow64\images\toolbar\Prev.gif c:\windows\SysWow64\images\toolbar\prev_over.gif c:\windows\SysWow64\images\toolbar\Prevd.gif c:\windows\SysWow64\images\toolbar\print.gif c:\windows\SysWow64\images\toolbar\print_over.gif c:\windows\SysWow64\images\toolbar\printd.gif c:\windows\SysWow64\images\toolbar\Refresh.gif c:\windows\SysWow64\images\toolbar\refresh_over.gif c:\windows\SysWow64\images\toolbar\refreshd.gif c:\windows\SysWow64\images\toolbar\Search.gif c:\windows\SysWow64\images\toolbar\search_over.gif c:\windows\SysWow64\images\toolbar\searchd.gif c:\windows\SysWow64\images\toolbar\up.gif c:\windows\SysWow64\images\toolbar\up_over.gif c:\windows\SysWow64\images\toolbar\upd.gif c:\windows\SysWow64\images\tree\begindots.gif c:\windows\SysWow64\images\tree\beginminus.gif c:\windows\SysWow64\images\tree\beginplus.gif c:\windows\SysWow64\images\tree\blank.gif c:\windows\SysWow64\images\tree\blankdots.gif c:\windows\SysWow64\images\tree\dots.gif c:\windows\SysWow64\images\tree\lastdots.gif c:\windows\SysWow64\images\tree\lastminus.gif c:\windows\SysWow64\images\tree\lastplus.gif c:\windows\SysWow64\images\tree\Magnify.gif c:\windows\SysWow64\images\tree\minus.gif c:\windows\SysWow64\images\tree\minusbox.gif c:\windows\SysWow64\images\tree\plus.gif c:\windows\SysWow64\images\tree\plusbox.gif c:\windows\SysWow64\images\tree\singleminus.gif c:\windows\SysWow64\images\tree\singleplus.gif . ----- File Replicators ----- . c:\msysgit\msysgit\bin\git-receive-pack.exe c:\msysgit\msysgit\bin\git-upload-archive.exe c:\msysgit\msysgit\bin\git.exe c:\msysgit\msysgit\git\git-add.exe c:\msysgit\msysgit\git\git-annotate.exe c:\msysgit\msysgit\git\git-apply.exe c:\msysgit\msysgit\git\git-archive.exe c:\msysgit\msysgit\git\git-bisect--helper.exe c:\msysgit\msysgit\git\git-blame.exe c:\msysgit\msysgit\git\git-branch.exe c:\msysgit\msysgit\git\git-bundle.exe c:\msysgit\msysgit\git\git-cat-file.exe c:\msysgit\msysgit\git\git-check-attr.exe c:\msysgit\msysgit\git\git-check-ref-format.exe c:\msysgit\msysgit\git\git-checkout-index.exe c:\msysgit\msysgit\git\git-checkout.exe c:\msysgit\msysgit\git\git-cherry-pick.exe c:\msysgit\msysgit\git\git-cherry.exe c:\msysgit\msysgit\git\git-clean.exe c:\msysgit\msysgit\git\git-clone.exe c:\msysgit\msysgit\git\git-column.exe c:\msysgit\msysgit\git\git-commit-tree.exe c:\msysgit\msysgit\git\git-commit.exe c:\msysgit\msysgit\git\git-config.exe c:\msysgit\msysgit\git\git-count-objects.exe c:\msysgit\msysgit\git\git-credential.exe c:\msysgit\msysgit\git\git-describe.exe c:\msysgit\msysgit\git\git-diff-files.exe c:\msysgit\msysgit\git\git-diff-index.exe c:\msysgit\msysgit\git\git-diff-tree.exe c:\msysgit\msysgit\git\git-diff.exe c:\msysgit\msysgit\git\git-fast-export.exe c:\msysgit\msysgit\git\git-fetch-pack.exe c:\msysgit\msysgit\git\git-fetch.exe c:\msysgit\msysgit\git\git-fmt-merge-msg.exe c:\msysgit\msysgit\git\git-for-each-ref.exe c:\msysgit\msysgit\git\git-format-patch.exe c:\msysgit\msysgit\git\git-fsck-objects.exe c:\msysgit\msysgit\git\git-fsck.exe c:\msysgit\msysgit\git\git-gc.exe c:\msysgit\msysgit\git\git-get-tar-commit-id.exe c:\msysgit\msysgit\git\git-grep.exe c:\msysgit\msysgit\git\git-hash-object.exe c:\msysgit\msysgit\git\git-help.exe c:\msysgit\msysgit\git\git-index-pack.exe c:\msysgit\msysgit\git\git-init-db.exe c:\msysgit\msysgit\git\git-init.exe c:\msysgit\msysgit\git\git-log.exe c:\msysgit\msysgit\git\git-ls-files.exe c:\msysgit\msysgit\git\git-ls-remote.exe c:\msysgit\msysgit\git\git-ls-tree.exe c:\msysgit\msysgit\git\git-mailinfo.exe c:\msysgit\msysgit\git\git-mailsplit.exe c:\msysgit\msysgit\git\git-merge-base.exe c:\msysgit\msysgit\git\git-merge-file.exe c:\msysgit\msysgit\git\git-merge-index.exe c:\msysgit\msysgit\git\git-merge-ours.exe c:\msysgit\msysgit\git\git-merge-recursive.exe c:\msysgit\msysgit\git\git-merge-subtree.exe c:\msysgit\msysgit\git\git-merge-tree.exe c:\msysgit\msysgit\git\git-merge.exe c:\msysgit\msysgit\git\git-mktag.exe c:\msysgit\msysgit\git\git-mktree.exe c:\msysgit\msysgit\git\git-mv.exe c:\msysgit\msysgit\git\git-name-rev.exe c:\msysgit\msysgit\git\git-notes.exe c:\msysgit\msysgit\git\git-pack-objects.exe c:\msysgit\msysgit\git\git-pack-redundant.exe c:\msysgit\msysgit\git\git-pack-refs.exe c:\msysgit\msysgit\git\git-patch-id.exe c:\msysgit\msysgit\git\git-peek-remote.exe c:\msysgit\msysgit\git\git-prune-packed.exe c:\msysgit\msysgit\git\git-prune.exe c:\msysgit\msysgit\git\git-push.exe c:\msysgit\msysgit\git\git-read-tree.exe c:\msysgit\msysgit\git\git-receive-pack.exe c:\msysgit\msysgit\git\git-reflog.exe c:\msysgit\msysgit\git\git-remote-ext.exe c:\msysgit\msysgit\git\git-remote-fd.exe c:\msysgit\msysgit\git\git-remote.exe c:\msysgit\msysgit\git\git-replace.exe c:\msysgit\msysgit\git\git-repo-config.exe c:\msysgit\msysgit\git\git-rerere.exe c:\msysgit\msysgit\git\git-reset.exe c:\msysgit\msysgit\git\git-rev-list.exe c:\msysgit\msysgit\git\git-rev-parse.exe c:\msysgit\msysgit\git\git-revert.exe c:\msysgit\msysgit\git\git-rm.exe c:\msysgit\msysgit\git\git-send-pack.exe c:\msysgit\msysgit\git\git-shortlog.exe c:\msysgit\msysgit\git\git-show-branch.exe c:\msysgit\msysgit\git\git-show-ref.exe c:\msysgit\msysgit\git\git-show.exe c:\msysgit\msysgit\git\git-stage.exe c:\msysgit\msysgit\git\git-status.exe c:\msysgit\msysgit\git\git-stripspace.exe c:\msysgit\msysgit\git\git-symbolic-ref.exe c:\msysgit\msysgit\git\git-tag.exe c:\msysgit\msysgit\git\git-tar-tree.exe c:\msysgit\msysgit\git\git-unpack-file.exe c:\msysgit\msysgit\git\git-unpack-objects.exe c:\msysgit\msysgit\git\git-update-index.exe c:\msysgit\msysgit\git\git-update-ref.exe c:\msysgit\msysgit\git\git-update-server-info.exe c:\msysgit\msysgit\git\git-upload-archive.exe c:\msysgit\msysgit\git\git-var.exe c:\msysgit\msysgit\git\git-verify-pack.exe c:\msysgit\msysgit\git\git-verify-tag.exe c:\msysgit\msysgit\git\git-whatchanged.exe c:\msysgit\msysgit\git\git-write-tree.exe c:\msysgit\msysgit\git\git.exe c:\msysgit\msysgit\libexec\git-core\git-add.exe c:\msysgit\msysgit\libexec\git-core\git-annotate.exe c:\msysgit\msysgit\libexec\git-core\git-apply.exe c:\msysgit\msysgit\libexec\git-core\git-archive.exe c:\msysgit\msysgit\libexec\git-core\git-bisect--helper.exe c:\msysgit\msysgit\libexec\git-core\git-blame.exe c:\msysgit\msysgit\libexec\git-core\git-branch.exe c:\msysgit\msysgit\libexec\git-core\git-bundle.exe c:\msysgit\msysgit\libexec\git-core\git-cat-file.exe c:\msysgit\msysgit\libexec\git-core\git-check-attr.exe c:\msysgit\msysgit\libexec\git-core\git-check-ref-format.exe c:\msysgit\msysgit\libexec\git-core\git-checkout-index.exe c:\msysgit\msysgit\libexec\git-core\git-checkout.exe c:\msysgit\msysgit\libexec\git-core\git-cherry-pick.exe c:\msysgit\msysgit\libexec\git-core\git-cherry.exe c:\msysgit\msysgit\libexec\git-core\git-clean.exe c:\msysgit\msysgit\libexec\git-core\git-clone.exe c:\msysgit\msysgit\libexec\git-core\git-column.exe c:\msysgit\msysgit\libexec\git-core\git-commit-tree.exe c:\msysgit\msysgit\libexec\git-core\git-commit.exe c:\msysgit\msysgit\libexec\git-core\git-config.exe c:\msysgit\msysgit\libexec\git-core\git-count-objects.exe c:\msysgit\msysgit\libexec\git-core\git-credential.exe c:\msysgit\msysgit\libexec\git-core\git-describe.exe c:\msysgit\msysgit\libexec\git-core\git-diff-files.exe c:\msysgit\msysgit\libexec\git-core\git-diff-index.exe c:\msysgit\msysgit\libexec\git-core\git-diff-tree.exe c:\msysgit\msysgit\libexec\git-core\git-diff.exe c:\msysgit\msysgit\libexec\git-core\git-fast-export.exe c:\msysgit\msysgit\libexec\git-core\git-fetch-pack.exe c:\msysgit\msysgit\libexec\git-core\git-fetch.exe c:\msysgit\msysgit\libexec\git-core\git-fmt-merge-msg.exe c:\msysgit\msysgit\libexec\git-core\git-for-each-ref.exe c:\msysgit\msysgit\libexec\git-core\git-format-patch.exe c:\msysgit\msysgit\libexec\git-core\git-fsck-objects.exe c:\msysgit\msysgit\libexec\git-core\git-fsck.exe c:\msysgit\msysgit\libexec\git-core\git-gc.exe c:\msysgit\msysgit\libexec\git-core\git-get-tar-commit-id.exe c:\msysgit\msysgit\libexec\git-core\git-grep.exe c:\msysgit\msysgit\libexec\git-core\git-hash-object.exe c:\msysgit\msysgit\libexec\git-core\git-help.exe c:\msysgit\msysgit\libexec\git-core\git-index-pack.exe c:\msysgit\msysgit\libexec\git-core\git-init-db.exe c:\msysgit\msysgit\libexec\git-core\git-init.exe c:\msysgit\msysgit\libexec\git-core\git-log.exe c:\msysgit\msysgit\libexec\git-core\git-ls-files.exe c:\msysgit\msysgit\libexec\git-core\git-ls-remote.exe c:\msysgit\msysgit\libexec\git-core\git-ls-tree.exe c:\msysgit\msysgit\libexec\git-core\git-mailinfo.exe c:\msysgit\msysgit\libexec\git-core\git-mailsplit.exe c:\msysgit\msysgit\libexec\git-core\git-merge-base.exe c:\msysgit\msysgit\libexec\git-core\git-merge-file.exe c:\msysgit\msysgit\libexec\git-core\git-merge-index.exe c:\msysgit\msysgit\libexec\git-core\git-merge-ours.exe c:\msysgit\msysgit\libexec\git-core\git-merge-recursive.exe c:\msysgit\msysgit\libexec\git-core\git-merge-subtree.exe c:\msysgit\msysgit\libexec\git-core\git-merge-tree.exe c:\msysgit\msysgit\libexec\git-core\git-merge.exe c:\msysgit\msysgit\libexec\git-core\git-mktag.exe c:\msysgit\msysgit\libexec\git-core\git-mktree.exe c:\msysgit\msysgit\libexec\git-core\git-mv.exe c:\msysgit\msysgit\libexec\git-core\git-name-rev.exe c:\msysgit\msysgit\libexec\git-core\git-notes.exe c:\msysgit\msysgit\libexec\git-core\git-pack-objects.exe c:\msysgit\msysgit\libexec\git-core\git-pack-redundant.exe c:\msysgit\msysgit\libexec\git-core\git-pack-refs.exe c:\msysgit\msysgit\libexec\git-core\git-patch-id.exe c:\msysgit\msysgit\libexec\git-core\git-peek-remote.exe c:\msysgit\msysgit\libexec\git-core\git-prune-packed.exe c:\msysgit\msysgit\libexec\git-core\git-prune.exe c:\msysgit\msysgit\libexec\git-core\git-push.exe c:\msysgit\msysgit\libexec\git-core\git-read-tree.exe c:\msysgit\msysgit\libexec\git-core\git-receive-pack.exe c:\msysgit\msysgit\libexec\git-core\git-reflog.exe c:\msysgit\msysgit\libexec\git-core\git-remote-ext.exe c:\msysgit\msysgit\libexec\git-core\git-remote-fd.exe c:\msysgit\msysgit\libexec\git-core\git-remote.exe c:\msysgit\msysgit\libexec\git-core\git-replace.exe c:\msysgit\msysgit\libexec\git-core\git-repo-config.exe c:\msysgit\msysgit\libexec\git-core\git-rerere.exe c:\msysgit\msysgit\libexec\git-core\git-reset.exe c:\msysgit\msysgit\libexec\git-core\git-rev-list.exe c:\msysgit\msysgit\libexec\git-core\git-rev-parse.exe c:\msysgit\msysgit\libexec\git-core\git-revert.exe c:\msysgit\msysgit\libexec\git-core\git-rm.exe c:\msysgit\msysgit\libexec\git-core\git-send-pack.exe c:\msysgit\msysgit\libexec\git-core\git-shortlog.exe c:\msysgit\msysgit\libexec\git-core\git-show-branch.exe c:\msysgit\msysgit\libexec\git-core\git-show-ref.exe c:\msysgit\msysgit\libexec\git-core\git-show.exe c:\msysgit\msysgit\libexec\git-core\git-stage.exe c:\msysgit\msysgit\libexec\git-core\git-status.exe c:\msysgit\msysgit\libexec\git-core\git-stripspace.exe c:\msysgit\msysgit\libexec\git-core\git-symbolic-ref.exe c:\msysgit\msysgit\libexec\git-core\git-tag.exe c:\msysgit\msysgit\libexec\git-core\git-tar-tree.exe c:\msysgit\msysgit\libexec\git-core\git-unpack-file.exe c:\msysgit\msysgit\libexec\git-core\git-unpack-objects.exe c:\msysgit\msysgit\libexec\git-core\git-update-index.exe c:\msysgit\msysgit\libexec\git-core\git-update-ref.exe c:\msysgit\msysgit\libexec\git-core\git-update-server-info.exe c:\msysgit\msysgit\libexec\git-core\git-upload-archive.exe c:\msysgit\msysgit\libexec\git-core\git-var.exe c:\msysgit\msysgit\libexec\git-core\git-verify-pack.exe c:\msysgit\msysgit\libexec\git-core\git-verify-tag.exe c:\msysgit\msysgit\libexec\git-core\git-whatchanged.exe c:\msysgit\msysgit\libexec\git-core\git-write-tree.exe c:\msysgit\msysgit\libexec\git-core\git.exe c:\program files (x86)\Git\bin\git.exe c:\program files (x86)\Git\libexec\git-core\git-add.exe c:\program files (x86)\Git\libexec\git-core\git-annotate.exe c:\program files (x86)\Git\libexec\git-core\git-apply.exe c:\program files (x86)\Git\libexec\git-core\git-archive.exe c:\program files (x86)\Git\libexec\git-core\git-bisect--helper.exe c:\program files (x86)\Git\libexec\git-core\git-blame.exe c:\program files (x86)\Git\libexec\git-core\git-branch.exe c:\program files (x86)\Git\libexec\git-core\git-bundle.exe c:\program files (x86)\Git\libexec\git-core\git-cat-file.exe c:\program files (x86)\Git\libexec\git-core\git-check-attr.exe c:\program files (x86)\Git\libexec\git-core\git-check-ref-format.exe c:\program files (x86)\Git\libexec\git-core\git-checkout-index.exe c:\program files (x86)\Git\libexec\git-core\git-checkout.exe c:\program files (x86)\Git\libexec\git-core\git-cherry-pick.exe c:\program files (x86)\Git\libexec\git-core\git-cherry.exe c:\program files (x86)\Git\libexec\git-core\git-clean.exe c:\program files (x86)\Git\libexec\git-core\git-clone.exe c:\program files (x86)\Git\libexec\git-core\git-column.exe c:\program files (x86)\Git\libexec\git-core\git-commit-tree.exe c:\program files (x86)\Git\libexec\git-core\git-commit.exe c:\program files (x86)\Git\libexec\git-core\git-config.exe c:\program files (x86)\Git\libexec\git-core\git-count-objects.exe c:\program files (x86)\Git\libexec\git-core\git-credential.exe c:\program files (x86)\Git\libexec\git-core\git-describe.exe c:\program files (x86)\Git\libexec\git-core\git-diff-files.exe c:\program files (x86)\Git\libexec\git-core\git-diff-index.exe c:\program files (x86)\Git\libexec\git-core\git-diff-tree.exe c:\program files (x86)\Git\libexec\git-core\git-diff.exe c:\program files (x86)\Git\libexec\git-core\git-fast-export.exe c:\program files (x86)\Git\libexec\git-core\git-fetch-pack.exe c:\program files (x86)\Git\libexec\git-core\git-fetch.exe c:\program files (x86)\Git\libexec\git-core\git-fmt-merge-msg.exe c:\program files (x86)\Git\libexec\git-core\git-for-each-ref.exe c:\program files (x86)\Git\libexec\git-core\git-format-patch.exe c:\program files (x86)\Git\libexec\git-core\git-fsck-objects.exe c:\program files (x86)\Git\libexec\git-core\git-fsck.exe c:\program files (x86)\Git\libexec\git-core\git-gc.exe c:\program files (x86)\Git\libexec\git-core\git-get-tar-commit-id.exe c:\program files (x86)\Git\libexec\git-core\git-grep.exe c:\program files (x86)\Git\libexec\git-core\git-hash-object.exe c:\program files (x86)\Git\libexec\git-core\git-help.exe c:\program files (x86)\Git\libexec\git-core\git-index-pack.exe c:\program files (x86)\Git\libexec\git-core\git-init-db.exe c:\program files (x86)\Git\libexec\git-core\git-init.exe c:\program files (x86)\Git\libexec\git-core\git-log.exe c:\program files (x86)\Git\libexec\git-core\git-ls-files.exe c:\program files (x86)\Git\libexec\git-core\git-ls-remote.exe c:\program files (x86)\Git\libexec\git-core\git-ls-tree.exe c:\program files (x86)\Git\libexec\git-core\git-mailinfo.exe c:\program files (x86)\Git\libexec\git-core\git-mailsplit.exe c:\program files (x86)\Git\libexec\git-core\git-merge-base.exe c:\program files (x86)\Git\libexec\git-core\git-merge-file.exe c:\program files (x86)\Git\libexec\git-core\git-merge-index.exe c:\program files (x86)\Git\libexec\git-core\git-merge-ours.exe c:\program files (x86)\Git\libexec\git-core\git-merge-recursive.exe c:\program files (x86)\Git\libexec\git-core\git-merge-subtree.exe c:\program files (x86)\Git\libexec\git-core\git-merge-tree.exe c:\program files (x86)\Git\libexec\git-core\git-merge.exe c:\program files (x86)\Git\libexec\git-core\git-mktag.exe c:\program files (x86)\Git\libexec\git-core\git-mktree.exe c:\program files (x86)\Git\libexec\git-core\git-mv.exe c:\program files (x86)\Git\libexec\git-core\git-name-rev.exe c:\program files (x86)\Git\libexec\git-core\git-notes.exe c:\program files (x86)\Git\libexec\git-core\git-pack-objects.exe c:\program files (x86)\Git\libexec\git-core\git-pack-redundant.exe c:\program files (x86)\Git\libexec\git-core\git-pack-refs.exe c:\program files (x86)\Git\libexec\git-core\git-patch-id.exe c:\program files (x86)\Git\libexec\git-core\git-peek-remote.exe c:\program files (x86)\Git\libexec\git-core\git-prune-packed.exe c:\program files (x86)\Git\libexec\git-core\git-prune.exe c:\program files (x86)\Git\libexec\git-core\git-push.exe c:\program files (x86)\Git\libexec\git-core\git-read-tree.exe c:\program files (x86)\Git\libexec\git-core\git-receive-pack.exe c:\program files (x86)\Git\libexec\git-core\git-reflog.exe c:\program files (x86)\Git\libexec\git-core\git-remote-ext.exe c:\program files (x86)\Git\libexec\git-core\git-remote-fd.exe c:\program files (x86)\Git\libexec\git-core\git-remote.exe c:\program files (x86)\Git\libexec\git-core\git-replace.exe c:\program files (x86)\Git\libexec\git-core\git-repo-config.exe c:\program files (x86)\Git\libexec\git-core\git-rerere.exe c:\program files (x86)\Git\libexec\git-core\git-reset.exe c:\program files (x86)\Git\libexec\git-core\git-rev-list.exe c:\program files (x86)\Git\libexec\git-core\git-rev-parse.exe c:\program files (x86)\Git\libexec\git-core\git-revert.exe c:\program files (x86)\Git\libexec\git-core\git-rm.exe c:\program files (x86)\Git\libexec\git-core\git-send-pack.exe c:\program files (x86)\Git\libexec\git-core\git-shortlog.exe c:\program files (x86)\Git\libexec\git-core\git-show-branch.exe c:\program files (x86)\Git\libexec\git-core\git-show-ref.exe c:\program files (x86)\Git\libexec\git-core\git-show.exe c:\program files (x86)\Git\libexec\git-core\git-stage.exe c:\program files (x86)\Git\libexec\git-core\git-status.exe c:\program files (x86)\Git\libexec\git-core\git-stripspace.exe c:\program files (x86)\Git\libexec\git-core\git-symbolic-ref.exe c:\program files (x86)\Git\libexec\git-core\git-tag.exe c:\program files (x86)\Git\libexec\git-core\git-tar-tree.exe c:\program files (x86)\Git\libexec\git-core\git-unpack-file.exe c:\program files (x86)\Git\libexec\git-core\git-unpack-objects.exe c:\program files (x86)\Git\libexec\git-core\git-update-index.exe c:\program files (x86)\Git\libexec\git-core\git-update-ref.exe c:\program files (x86)\Git\libexec\git-core\git-update-server-info.exe c:\program files (x86)\Git\libexec\git-core\git-upload-archive.exe c:\program files (x86)\Git\libexec\git-core\git-var.exe c:\program files (x86)\Git\libexec\git-core\git-verify-pack.exe c:\program files (x86)\Git\libexec\git-core\git-verify-tag.exe c:\program files (x86)\Git\libexec\git-core\git-whatchanged.exe c:\program files (x86)\Git\libexec\git-core\git-write-tree.exe . . ((((((((((((((((((((((((( Files Created from 2013-02-02 to 2013-03-02 ))))))))))))))))))))))))))))))) . . 2013-03-02 00:50 . 2013-03-02 00:50 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-02 00:50 . 2013-03-02 00:50 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp 2013-02-28 01:21 . 2013-02-28 01:21 -------- d-----w- C:\Kaseya 2013-02-27 23:23 . 2013-02-27 23:23 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2013-02-24 00:37 . 2013-02-24 00:37 -------- d-----w- c:\program files (x86)\Conduit 2013-02-24 00:37 . 2013-02-25 00:04 -------- d-----w- c:\users\Alan\AppData\Local\Conduit 2013-02-24 00:36 . 2013-02-24 00:36 -------- d-----w- c:\users\Alan\AppData\Local\CRE 2013-02-24 00:36 . 2013-02-24 16:16 -------- d-----w- c:\programdata\Freemake 2013-02-24 00:35 . 2013-02-24 00:35 -------- d-----w- c:\users\Alan\AppData\Roaming\OpenCandy 2013-02-24 00:04 . 2013-02-24 00:04 -------- d-----w- c:\program files\Handbrake 2013-02-23 23:44 . 2013-02-23 23:44 -------- d-----w- c:\users\Alan\AppData\Roaming\Digiarty 2013-02-23 23:29 . 2013-02-23 23:29 -------- d-----w- c:\program files (x86)\VideoLAN 2013-02-19 22:40 . 2013-02-19 22:40 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-02-19 22:39 . 2013-02-19 22:39 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-02-19 22:39 . 2013-02-19 22:39 -------- d-----w- c:\program files (x86)\Java 2013-02-18 17:02 . 2013-02-18 17:02 -------- d-----w- c:\program files (x86)\Common Files\Skype 2013-02-18 17:02 . 2013-02-18 17:02 -------- d-----r- c:\program files (x86)\Skype . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-01 22:58 . 2009-09-19 00:59 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin 2013-02-27 23:42 . 2012-04-04 00:35 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-02-27 23:42 . 2011-09-05 19:23 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-19 22:39 . 2012-09-15 14:21 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2013-02-19 22:39 . 2010-04-25 18:50 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-01-10 00:52 . 2011-04-03 02:46 2394464 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll 2012-12-17 01:31 . 2009-10-27 22:14 67599240 ----a-w- c:\windows\system32\MRT.exe 2012-12-16 17:11 . 2013-01-09 23:48 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:45 . 2013-01-09 23:48 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2013-01-09 23:48 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:13 . 2013-01-09 23:48 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-15 00:49 . 2009-09-18 04:15 24176 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-10 348664] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] "Aimersoft Helper Compact.exe"="c:\program files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe" [2012-02-20 1666560] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Alan\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272] MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-4-25 576000] OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux9"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 Kaseya MessageSys Admin Service;Kaseya MessageSys Admin Service;c:\kaseya\MessageSys\KaseyaMessageSysAdmin.exe [x] R2 Kaseya MessageSys Service;Kaseya MessageSys Service;c:\kaseya\MessageSys\KaseyaMessageSys.exe [x] R2 Kserver.exe;Kaseya Service;c:\kaseya\KServer\Kserver.exe [x] R2 KWebExec;Kaseya Web Exec;c:\kaseya\KServer\KWebExec.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-07 161384] R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-06-16 35840] R3 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-02-04 63304] R3 NWUSBCDFIL64;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil64.sys [2010-07-08 25600] R3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\DRIVERS\nwusbmdm_000.sys [2010-07-08 217728] R3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser_000.sys [2010-07-08 217728] R3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser2_000.sys [2010-07-08 217728] R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;c:\progra~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-05-25 43032] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [2009-07-14 10752] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 61976] R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-23 311144] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2012-08-24 440784] S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-12-01 72240] S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-12-01 15920] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 27760] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 203264] S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-15 86224] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-15 398184] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-15 682344] S2 NWVZHelper;Novatel Wireless Verizon Device Helper;c:\program files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-06-14 270848] S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-09-23 2084712] S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-15 24176] S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2011-12-14 29288] S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2011-12-14 29288] S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2011-12-14 29288] S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2011-12-14 29288] S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2011-12-14 29288] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 12925308 *NewlyCreated* - 50966379 *Deregistered* - 12925308 *Deregistered* - 50966379 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . Contents of the 'Scheduled Tasks' folder . 2013-03-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 23:42] . 2013-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2081442477-3313633879-3110854110-1000Core.job - c:\users\Alan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-03 19:22] . 2013-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2081442477-3313633879-3110854110-1000UA.job - c:\users\Alan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-03 19:22] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-02-23 500208] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 Trusted Zone: rph.com\vpn TCP: DhcpNameServer = 192.168.15.1 DPF: {1CBF1F26-C9D6-4573-884A-3EC702A7333E} - hxxps://saas4.kaseya.net/klc/resources/cab/LiveConnectX.cab DPF: {42C384CA-2518-4150-97B8-461E11308305} - hxxps://saas4.kaseya.net/klc/resources/cab/LiveConnectX.cab DPF: {538793D5-659C-4639-A56C-A179AD87ED44} - hxxps://vpn.rph.com/CACHE/stc/1/binaries/vpnweb.cab DPF: {62FA83F7-20EC-4D62-AC86-BAB705EE1CCD} - hxxp://saas4.kaseya.net/klc/resources/cab/LiveConnectX.cab DPF: {9210FB3F-586D-45A6-9668-D28EB62669DA} - hxxp://saas4.kaseya.net/klc/resources/cab/LiveConnectX.cab DPF: {BC9E8CBE-1226-4A6D-9D3C-F46F0971BF88} - hxxps://saas4.kaseya.net/klc/resources/cab/LiveConnectX.cab DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} - hxxps://vpn.rph.com/CACHE/stc/1/binaries/vpnweb.cab FF - ProfilePath - c:\users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\3lc5p8po.default\ . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-Yugma - c:\users\Alan\Yugma\4.1\LaunchExtractor.exe Wow6432Node-HKCU-Run-LightScribe Control Panel - c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe SafeBoot-50966379.sys WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file) AddRemove-Adobe SVG Viewer - c:\windows\System32\Adobe\SVG Viewer\Uninst.isu . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsDepSvc] "ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}] @Denied: (A) (Everyone) "Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0] "Key"="ActionsPane" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-03-01 16:53:41 ComboFix-quarantined-files.txt 2013-03-02 00:53 . Pre-Run: 199,226,228,736 bytes free Post-Run: 204,879,028,224 bytes free . - - End Of File - - 802ABCDC214BD02154057D5B733F7749
  7. AlanBuck
    Here is the ComboFix.txt file: ComboFix 13-03-01.01 - Alan 03/01/2013 16:39:09.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.7934.5503 [GMT -8:00] Running from: c:\users\Alan\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Autorun.inf c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk c:\users\Alan\AppData\Local\assembly\tmp c:\users\Alan\g2mdlhlpx.exe c:\windows\SysWow64\html c:\windows\SysWow64\html\calendar.html c:\windows\SysWow64\html\calendarbottom.html c:\windows\SysWow64\html\calendartop.html c:\windows\SysWow64\html\crystalexportdialog.htm c:\windows\SysWow64\html\crystalprinthost.html c:\windows\SysWow64\images c:\windows\SysWow64\images\toolbar\calendar.gif c:\windows\SysWow64\images\toolbar\crlogo.gif c:\windows\SysWow64\images\toolbar\export.gif c:\windows\SysWow64\images\toolbar\export_over.gif c:\windows\SysWow64\images\toolbar\exportd.gif c:\windows\SysWow64\images\toolbar\First.gif c:\windows\SysWow64\images\toolbar\first_over.gif c:\windows\SysWow64\images\toolbar\Firstd.gif c:\windows\SysWow64\images\toolbar\gotopage.gif c:\windows\SysWow64\images\toolbar\gotopage_over.gif c:\windows\SysWow64\images\toolbar\gotopaged.gif c:\windows\SysWow64\images\toolbar\grouptree.gif c:\windows\SysWow64\images\toolbar\grouptree_over.gif c:\windows\SysWow64\images\toolbar\grouptreed.gif c:\windows\SysWow64\images\toolbar\grouptreepressed.gif c:\windows\SysWow64\images\toolbar\Last.gif c:\windows\SysWow64\images\toolbar\last_over.gif c:\windows\SysWow64\images\toolbar\Lastd.gif c:\windows\SysWow64\images\toolbar\Next.gif c:\windows\SysWow64\images\toolbar\next_over.gif c:\windows\SysWow64\images\toolbar\Nextd.gif c:\windows\SysWow64\images\toolbar\Prev.gif c:\windows\SysWow64\images\toolbar\prev_over.gif c:\windows\SysWow64\images\toolbar\Prevd.gif c:\windows\SysWow64\images\toolbar\print.gif c:\windows\SysWow64\images\toolbar\print_over.gif c:\windows\SysWow64\images\toolbar\printd.gif c:\windows\SysWow64\images\toolbar\Refresh.gif c:\windows\SysWow64\images\toolbar\refresh_over.gif c:\windows\SysWow64\images\toolbar\refreshd.gif c:\windows\SysWow64\images\toolbar\Search.gif c:\windows\SysWow64\images\toolbar\search_over.gif c:\windows\SysWow64\images\toolbar\searchd.gif c:\windows\SysWow64\images\toolbar\up.gif c:\windows\SysWow64\images\toolbar\up_over.gif c:\windows\SysWow64\images\toolbar\upd.gif c:\windows\SysWow64\images\tree\begindots.gif c:\windows\SysWow64\images\tree\beginminus.gif c:\windows\SysWow64\images\tree\beginplus.gif c:\windows\SysWow64\images\tree\blank.gif c:\windows\SysWow64\images\tree\blankdots.gif c:\windows\SysWow64\images\tree\dots.gif c:\windows\SysWow64\images\tree\lastdots.gif c:\windows\SysWow64\images\tree\lastminus.gif c:\windows\SysWow64\images\tree\lastplus.gif c:\windows\SysWow64\images\tree\Magnify.gif c:\windows\SysWow64\images\tree\minus.gif c:\windows\SysWow64\images\tree\minusbox.gif c:\windows\SysWow64\images\tree\plus.gif c:\windows\SysWow64\images\tree\plusbox.gif c:\windows\SysWow64\images\tree\singleminus.gif c:\windows\SysWow64\images\tree\singleplus.gif . ----- File Replicators ----- . c:\msysgit\msysgit\bin\git-receive-pack.exe c:\msysgit\msysgit\bin\git-upload-archive.exe c:\msysgit\msysgit\bin\git.exe c:\msysgit\msysgit\git\git-add.exe c:\msysgit\msysgit\git\git-annotate.exe c:\msysgit\msysgit\git\git-apply.exe c:\msysgit\msysgit\git\git-archive.exe c:\msysgit\msysgit\git\git-bisect--helper.exe c:\msysgit\msysgit\git\git-blame.exe c:\msysgit\msysgit\git\git-branch.exe c:\msysgit\msysgit\git\git-bundle.exe c:\msysgit\msysgit\git\git-cat-file.exe c:\msysgit\msysgit\git\git-check-attr.exe c:\msysgit\msysgit\git\git-check-ref-format.exe c:\msysgit\msysgit\git\git-checkout-index.exe c:\msysgit\msysgit\git\git-checkout.exe c:\msysgit\msysgit\git\git-cherry-pick.exe c:\msysgit\msysgit\git\git-cherry.exe c:\msysgit\msysgit\git\git-clean.exe c:\msysgit\msysgit\git\git-clone.exe c:\msysgit\msysgit\git\git-column.exe c:\msysgit\msysgit\git\git-commit-tree.exe c:\msysgit\msysgit\git\git-commit.exe c:\msysgit\msysgit\git\git-config.exe c:\msysgit\msysgit\git\git-count-objects.exe c:\msysgit\msysgit\git\git-credential.exe c:\msysgit\msysgit\git\git-describe.exe c:\msysgit\msysgit\git\git-diff-files.exe c:\msysgit\msysgit\git\git-diff-index.exe c:\msysgit\msysgit\git\git-diff-tree.exe c:\msysgit\msysgit\git\git-diff.exe c:\msysgit\msysgit\git\git-fast-export.exe c:\msysgit\msysgit\git\git-fetch-pack.exe c:\msysgit\msysgit\git\git-fetch.exe c:\msysgit\msysgit\git\git-fmt-merge-msg.exe c:\msysgit\msysgit\git\git-for-each-ref.exe c:\msysgit\msysgit\git\git-format-patch.exe c:\msysgit\msysgit\git\git-fsck-objects.exe c:\msysgit\msysgit\git\git-fsck.exe c:\msysgit\msysgit\git\git-gc.exe c:\msysgit\msysgit\git\git-get-tar-commit-id.exe c:\msysgit\msysgit\git\git-grep.exe c:\msysgit\msysgit\git\git-hash-object.exe c:\msysgit\msysgit\git\git-help.exe c:\msysgit\msysgit\git\git-index-pack.exe c:\msysgit\msysgit\git\git-init-db.exe c:\msysgit\msysgit\git\git-init.exe c:\msysgit\msysgit\git\git-log.exe c:\msysgit\msysgit\git\git-ls-files.exe c:\msysgit\msysgit\git\git-ls-remote.exe c:\msysgit\msysgit\git\git-ls-tree.exe c:\msysgit\msysgit\git\git-mailinfo.exe c:\msysgit\msysgit\git\git-mailsplit.exe c:\msysgit\msysgit\git\git-merge-base.exe c:\msysgit\msysgit\git\git-merge-file.exe c:\msysgit\msysgit\git\git-merge-index.exe c:\msysgit\msysgit\git\git-merge-ours.exe c:\msysgit\msysgit\git\git-merge-recursive.exe c:\msysgit\msysgit\git\git-merge-subtree.exe c:\msysgit\msysgit\git\git-merge-tree.exe c:\msysgit\msysgit\git\git-merge.exe c:\msysgit\msysgit\git\git-mktag.exe c:\msysgit\msysgit\git\git-mktree.exe c:\msysgit\msysgit\git\git-mv.exe c:\msysgit\msysgit\git\git-name-rev.exe c:\msysgit\msysgit\git\git-notes.exe c:\msysgit\msysgit\git\git-pack-objects.exe c:\msysgit\msysgit\git\git-pack-redundant.exe c:\msysgit\msysgit\git\git-pack-refs.exe c:\msysgit\msysgit\git\git-patch-id.exe c:\msysgit\msysgit\git\git-peek-remote.exe c:\msysgit\msysgit\git\git-prune-packed.exe c:\msysgit\msysgit\git\git-prune.exe c:\msysgit\msysgit\git\git-push.exe c:\msysgit\msysgit\git\git-read-tree.exe c:\msysgit\msysgit\git\git-receive-pack.exe c:\msysgit\msysgit\git\git-reflog.exe c:\msysgit\msysgit\git\git-remote-ext.exe c:\msysgit\msysgit\git\git-remote-fd.exe c:\msysgit\msysgit\git\git-remote.exe c:\msysgit\msysgit\git\git-replace.exe c:\msysgit\msysgit\git\git-repo-config.exe c:\msysgit\msysgit\git\git-rerere.exe c:\msysgit\msysgit\git\git-reset.exe c:\msysgit\msysgit\git\git-rev-list.exe c:\msysgit\msysgit\git\git-rev-parse.exe c:\msysgit\msysgit\git\git-revert.exe c:\msysgit\msysgit\git\git-rm.exe c:\msysgit\msysgit\git\git-send-pack.exe c:\msysgit\msysgit\git\git-shortlog.exe c:\msysgit\msysgit\git\git-show-branch.exe c:\msysgit\msysgit\git\git-show-ref.exe c:\msysgit\msysgit\git\git-show.exe c:\msysgit\msysgit\git\git-stage.exe c:\msysgit\msysgit\git\git-status.exe c:\msysgit\msysgit\git\git-stripspace.exe c:\msysgit\msysgit\git\git-symbolic-ref.exe c:\msysgit\msysgit\git\git-tag.exe c:\msysgit\msysgit\git\git-tar-tree.exe c:\msysgit\msysgit\git\git-unpack-file.exe c:\msysgit\msysgit\git\git-unpack-objects.exe c:\msysgit\msysgit\git\git-update-index.exe c:\msysgit\msysgit\git\git-update-ref.exe c:\msysgit\msysgit\git\git-update-server-info.exe c:\msysgit\msysgit\git\git-upload-archive.exe c:\msysgit\msysgit\git\git-var.exe c:\msysgit\msysgit\git\git-verify-pack.exe c:\msysgit\msysgit\git\git-verify-tag.exe c:\msysgit\msysgit\git\git-whatchanged.exe c:\msysgit\msysgit\git\git-write-tree.exe c:\msysgit\msysgit\git\git.exe c:\msysgit\msysgit\libexec\git-core\git-add.exe c:\msysgit\msysgit\libexec\git-core\git-annotate.exe c:\msysgit\msysgit\libexec\git-core\git-apply.exe c:\msysgit\msysgit\libexec\git-core\git-archive.exe c:\msysgit\msysgit\libexec\git-core\git-bisect--helper.exe c:\msysgit\msysgit\libexec\git-core\git-blame.exe c:\msysgit\msysgit\libexec\git-core\git-branch.exe c:\msysgit\msysgit\libexec\git-core\git-bundle.exe c:\msysgit\msysgit\libexec\git-core\git-cat-file.exe c:\msysgit\msysgit\libexec\git-core\git-check-attr.exe c:\msysgit\msysgit\libexec\git-core\git-check-ref-format.exe c:\msysgit\msysgit\libexec\git-core\git-checkout-index.exe c:\msysgit\msysgit\libexec\git-core\git-checkout.exe c:\msysgit\msysgit\libexec\git-core\git-cherry-pick.exe c:\msysgit\msysgit\libexec\git-core\git-cherry.exe c:\msysgit\msysgit\libexec\git-core\git-clean.exe c:\msysgit\msysgit\libexec\git-core\git-clone.exe c:\msysgit\msysgit\libexec\git-core\git-column.exe c:\msysgit\msysgit\libexec\git-core\git-commit-tree.exe c:\msysgit\msysgit\libexec\git-core\git-commit.exe c:\msysgit\msysgit\libexec\git-core\git-config.exe c:\msysgit\msysgit\libexec\git-core\git-count-objects.exe c:\msysgit\msysgit\libexec\git-core\git-credential.exe c:\msysgit\msysgit\libexec\git-core\git-describe.exe c:\msysgit\msysgit\libexec\git-core\git-diff-files.exe c:\msysgit\msysgit\libexec\git-core\git-diff-index.exe c:\msysgit\msysgit\libexec\git-core\git-diff-tree.exe c:\msysgit\msysgit\libexec\git-core\git-diff.exe c:\msysgit\msysgit\libexec\git-core\git-fast-export.exe c:\msysgit\msysgit\libexec\git-core\git-fetch-pack.exe c:\msysgit\msysgit\libexec\git-core\git-fetch.exe c:\msysgit\msysgit\libexec\git-core\git-fmt-merge-msg.exe c:\msysgit\msysgit\libexec\git-core\git-for-each-ref.exe c:\msysgit\msysgit\libexec\git-core\git-format-patch.exe c:\msysgit\msysgit\libexec\git-core\git-fsck-objects.exe c:\msysgit\msysgit\libexec\git-core\git-fsck.exe c:\msysgit\msysgit\libexec\git-core\git-gc.exe c:\msysgit\msysgit\libexec\git-core\git-get-tar-commit-id.exe c:\msysgit\msysgit\libexec\git-core\git-grep.exe c:\msysgit\msysgit\libexec\git-core\git-hash-object.exe c:\msysgit\msysgit\libexec\git-core\git-help.exe c:\msysgit\msysgit\libexec\git-core\git-index-pack.exe c:\msysgit\msysgit\libexec\git-core\git-init-db.exe c:\msysgit\msysgit\libexec\git-core\git-init.exe c:\msysgit\msysgit\libexec\git-core\git-log.exe c:\msysgit\msysgit\libexec\git-core\git-ls-files.exe c:\msysgit\msysgit\libexec\git-core\git-ls-remote.exe c:\msysgit\msysgit\libexec\git-core\git-ls-tree.exe c:\msysgit\msysgit\libexec\git-core\git-mailinfo.exe c:\msysgit\msysgit\libexec\git-core\git-mailsplit.exe c:\msysgit\msysgit\libexec\git-core\git-merge-base.exe c:\msysgit\msysgit\libexec\git-core\git-merge-file.exe c:\msysgit\msysgit\libexec\git-core\git-merge-index.exe c:\msysgit\msysgit\libexec\git-core\git-merge-ours.exe c:\msysgit\msysgit\libexec\git-core\git-merge-recursive.exe c:\msysgit\msysgit\libexec\git-core\git-merge-subtree.exe c:\msysgit\msysgit\libexec\git-core\git-merge-tree.exe c:\msysgit\msysgit\libexec\git-core\git-merge.exe c:\msysgit\msysgit\libexec\git-core\git-mktag.exe c:\msysgit\msysgit\libexec\git-core\git-mktree.exe c:\msysgit\msysgit\libexec\git-core\git-mv.exe c:\msysgit\msysgit\libexec\git-core\git-name-rev.exe c:\msysgit\msysgit\libexec\git-core\git-notes.exe c:\msysgit\msysgit\libexec\git-core\git-pack-objects.exe c:\msysgit\msysgit\libexec\git-core\git-pack-redundant.exe c:\msysgit\msysgit\libexec\git-core\git-pack-refs.exe c:\msysgit\msysgit\libexec\git-core\git-patch-id.exe c:\msysgit\msysgit\libexec\git-core\git-peek-remote.exe c:\msysgit\msysgit\libexec\git-core\git-prune-packed.exe c:\msysgit\msysgit\libexec\git-core\git-prune.exe c:\msysgit\msysgit\libexec\git-core\git-push.exe c:\msysgit\msysgit\libexec\git-core\git-read-tree.exe c:\msysgit\msysgit\libexec\git-core\git-receive-pack.exe c:\msysgit\msysgit\libexec\git-core\git-reflog.exe c:\msysgit\msysgit\libexec\git-core\git-remote-ext.exe c:\msysgit\msysgit\libexec\git-core\git-remote-fd.exe c:\msysgit\msysgit\libexec\git-core\git-remote.exe c:\msysgit\msysgit\libexec\git-core\git-replace.exe c:\msysgit\msysgit\libexec\git-core\git-repo-config.exe c:\msysgit\msysgit\libexec\git-core\git-rerere.exe c:\msysgit\msysgit\libexec\git-core\git-reset.exe c:\msysgit\msysgit\libexec\git-core\git-rev-list.exe c:\msysgit\msysgit\libexec\git-core\git-rev-parse.exe c:\msysgit\msysgit\libexec\git-core\git-revert.exe c:\msysgit\msysgit\libexec\git-core\git-rm.exe c:\msysgit\msysgit\libexec\git-core\git-send-pack.exe c:\msysgit\msysgit\libexec\git-core\git-shortlog.exe c:\msysgit\msysgit\libexec\git-core\git-show-branch.exe c:\msysgit\msysgit\libexec\git-core\git-show-ref.exe c:\msysgit\msysgit\libexec\git-core\git-show.exe c:\msysgit\msysgit\libexec\git-core\git-stage.exe c:\msysgit\msysgit\libexec\git-core\git-status.exe c:\msysgit\msysgit\libexec\git-core\git-stripspace.exe c:\msysgit\msysgit\libexec\git-core\git-symbolic-ref.exe c:\msysgit\msysgit\libexec\git-core\git-tag.exe c:\msysgit\msysgit\libexec\git-core\git-tar-tree.exe c:\msysgit\msysgit\libexec\git-core\git-unpack-file.exe c:\msysgit\msysgit\libexec\git-core\git-unpack-objects.exe c:\msysgit\msysgit\libexec\git-core\git-update-index.exe c:\msysgit\msysgit\libexec\git-core\git-update-ref.exe c:\msysgit\msysgit\libexec\git-core\git-update-server-info.exe c:\msysgit\msysgit\libexec\git-core\git-upload-archive.exe c:\msysgit\msysgit\libexec\git-core\git-var.exe c:\msysgit\msysgit\libexec\git-core\git-verify-pack.exe c:\msysgit\msysgit\libexec\git-core\git-verify-tag.exe c:\msysgit\msysgit\libexec\git-core\git-whatchanged.exe c:\msysgit\msysgit\libexec\git-core\git-write-tree.exe c:\msysgit\msysgit\libexec\git-core\git.exe c:\program files (x86)\Git\bin\git.exe c:\program files (x86)\Git\libexec\git-core\git-add.exe c:\program files (x86)\Git\libexec\git-core\git-annotate.exe c:\program files (x86)\Git\libexec\git-core\git-apply.exe c:\program files (x86)\Git\libexec\git-core\git-archive.exe c:\program files (x86)\Git\libexec\git-core\git-bisect--helper.exe c:\program files (x86)\Git\libexec\git-core\git-blame.exe c:\program files (x86)\Git\libexec\git-core\git-branch.exe c:\program files (x86)\Git\libexec\git-core\git-bundle.exe c:\program files (x86)\Git\libexec\git-core\git-cat-file.exe c:\program files (x86)\Git\libexec\git-core\git-check-attr.exe c:\program files (x86)\Git\libexec\git-core\git-check-ref-format.exe c:\program files (x86)\Git\libexec\git-core\git-checkout-index.exe c:\program files (x86)\Git\libexec\git-core\git-checkout.exe c:\program files (x86)\Git\libexec\git-core\git-cherry-pick.exe c:\program files (x86)\Git\libexec\git-core\git-cherry.exe c:\program files (x86)\Git\libexec\git-core\git-clean.exe c:\program files (x86)\Git\libexec\git-core\git-clone.exe c:\program files (x86)\Git\libexec\git-core\git-column.exe c:\program files (x86)\Git\libexec\git-core\git-commit-tree.exe c:\program files (x86)\Git\libexec\git-core\git-commit.exe c:\program files (x86)\Git\libexec\git-core\git-config.exe c:\program files (x86)\Git\libexec\git-core\git-count-objects.exe c:\program files (x86)\Git\libexec\git-core\git-credential.exe c:\program files (x86)\Git\libexec\git-core\git-describe.exe c:\program files (x86)\Git\libexec\git-core\git-diff-files.exe c:\program files (x86)\Git\libexec\git-core\git-diff-index.exe c:\program files (x86)\Git\libexec\git-core\git-diff-tree.exe c:\program files (x86)\Git\libexec\git-core\git-diff.exe c:\program files (x86)\Git\libexec\git-core\git-fast-export.exe c:\program files (x86)\Git\libexec\git-core\git-fetch-pack.exe c:\program files (x86)\Git\libexec\git-core\git-fetch.exe c:\program files (x86)\Git\libexec\git-core\git-fmt-merge-msg.exe c:\program files (x86)\Git\libexec\git-core\git-for-each-ref.exe c:\program files (x86)\Git\libexec\git-core\git-format-patch.exe c:\program files (x86)\Git\libexec\git-core\git-fsck-objects.exe c:\program files (x86)\Git\libexec\git-core\git-fsck.exe c:\program files (x86)\Git\libexec\git-core\git-gc.exe c:\program files (x86)\Git\libexec\git-core\git-get-tar-commit-id.exe c:\program files (x86)\Git\libexec\git-core\git-grep.exe c:\program files (x86)\Git\libexec\git-core\git-hash-object.exe c:\program files (x86)\Git\libexec\git-core\git-help.exe c:\program files (x86)\Git\libexec\git-core\git-index-pack.exe c:\program files (x86)\Git\libexec\git-core\git-init-db.exe c:\program files (x86)\Git\libexec\git-core\git-init.exe c:\program files (x86)\Git\libexec\git-core\git-log.exe c:\program files (x86)\Git\libexec\git-core\git-ls-files.exe c:\program files (x86)\Git\libexec\git-core\git-ls-remote.exe c:\program files (x86)\Git\libexec\git-core\git-ls-tree.exe c:\program files (x86)\Git\libexec\git-core\git-mailinfo.exe c:\program files (x86)\Git\libexec\git-core\git-mailsplit.exe c:\program files (x86)\Git\libexec\git-core\git-merge-base.exe c:\program files (x86)\Git\libexec\git-core\git-merge-file.exe c:\program files (x86)\Git\libexec\git-core\git-merge-index.exe c:\program files (x86)\Git\libexec\git-core\git-merge-ours.exe c:\program files (x86)\Git\libexec\git-core\git-merge-recursive.exe c:\program files (x86)\Git\libexec\git-core\git-merge-subtree.exe c:\program files (x86)\Git\libexec\git-core\git-merge-tree.exe c:\program files (x86)\Git\libexec\git-core\git-merge.exe c:\program files (x86)\Git\libexec\git-core\git-mktag.exe c:\program files (x86)\Git\libexec\git-core\git-mktree.exe c:\program files (x86)\Git\libexec\git-core\git-mv.exe c:\program files (x86)\Git\libexec\git-core\git-name-rev.exe c:\program files (x86)\Git\libexec\git-core\git-notes.exe c:\program files (x86)\Git\libexec\git-core\git-pack-objects.exe c:\program files (x86)\Git\libexec\git-core\git-pack-redundant.exe c:\program files (x86)\Git\libexec\git-core\git-pack-refs.exe c:\program files (x86)\Git\libexec\git-core\git-patch-id.exe c:\program files (x86)\Git\libexec\git-core\git-peek-remote.exe c:\program files (x86)\Git\libexec\git-core\git-prune-packed.exe c:\program files (x86)\Git\libexec\git-core\git-prune.exe c:\program files (x86)\Git\libexec\git-core\git-push.exe c:\program files (x86)\Git\libexec\git-core\git-read-tree.exe c:\program files (x86)\Git\libexec\git-core\git-receive-pack.exe c:\program files (x86)\Git\libexec\git-core\git-reflog.exe c:\program files (x86)\Git\libexec\git-core\git-remote-ext.exe c:\program files (x86)\Git\libexec\git-core\git-remote-fd.exe c:\program files (x86)\Git\libexec\git-core\git-remote.exe c:\program files (x86)\Git\libexec\git-core\git-replace.exe c:\program files (x86)\Git\libexec\git-core\git-repo-config.exe c:\program files (x86)\Git\libexec\git-core\git-rerere.exe c:\program files (x86)\Git\libexec\git-core\git-reset.exe c:\program files (x86)\Git\libexec\git-core\git-rev-list.exe c:\program files (x86)\Git\libexec\git-core\git-rev-parse.exe c:\program files (x86)\Git\libexec\git-core\git-revert.exe c:\program files (x86)\Git\libexec\git-core\git-rm.exe c:\program files (x86)\Git\libexec\git-core\git-send-pack.exe c:\program files (x86)\Git\libexec\git-core\git-shortlog.exe c:\program files (x86)\Git\libexec\git-core\git-show-branch.exe c:\program files (x86)\Git\libexec\git-core\git-show-ref.exe c:\program files (x86)\Git\libexec\git-core\git-show.exe c:\program files (x86)\Git\libexec\git-core\git-stage.exe c:\program files (x86)\Git\libexec\git-core\git-status.exe c:\program files (x86)\Git\libexec\git-core\git-stripspace.exe c:\program files (x86)\Git\libexec\git-core\git-symbolic-ref.exe c:\program files (x86)\Git\libexec\git-core\git-tag.exe c:\program files (x86)\Git\libexec\git-core\git-tar-tree.exe c:\program files (x86)\Git\libexec\git-core\git-unpack-file.exe c:\program files (x86)\Git\libexec\git-core\git-unpack-objects.exe c:\program files (x86)\Git\libexec\git-core\git-update-index.exe c:\program files (x86)\Git\libexec\git-core\git-update-ref.exe c:\program files (x86)\Git\libexec\git-core\git-update-server-info.exe c:\program files (x86)\Git\libexec\git-core\git-upload-archive.exe c:\program files (x86)\Git\libexec\git-core\git-var.exe c:\program files (x86)\Git\libexec\git-core\git-verify-pack.exe c:\program files (x86)\Git\libexec\git-core\git-verify-tag.exe c:\program files (x86)\Git\libexec\git-core\git-whatchanged.exe c:\program files (x86)\Git\libexec\git-core\git-write-tree.exe . . ((((((((((((((((((((((((( Files Created from 2013-02-02 to 2013-03-02 ))))))))))))))))))))))))))))))) . . 2013-03-02 00:50 . 2013-03-02 00:50 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-02 00:50 . 2013-03-02 00:50 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp 2013-02-28 01:21 . 2013-02-28 01:21 -------- d-----w- C:\Kaseya 2013-02-27 23:23 . 2013-02-27 23:23 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2013-02-24 00:37 . 2013-02-24 00:37 -------- d-----w- c:\program files (x86)\Conduit 2013-02-24 00:37 . 2013-02-25 00:04 -------- d-----w- c:\users\Alan\AppData\Local\Conduit 2013-02-24 00:36 . 2013-02-24 00:36 -------- d-----w- c:\users\Alan\AppData\Local\CRE 2013-02-24 00:36 . 2013-02-24 16:16 -------- d-----w- c:\programdata\Freemake 2013-02-24 00:35 . 2013-02-24 00:35 -------- d-----w- c:\users\Alan\AppData\Roaming\OpenCandy 2013-02-24 00:04 . 2013-02-24 00:04 -------- d-----w- c:\program files\Handbrake 2013-02-23 23:44 . 2013-02-23 23:44 -------- d-----w- c:\users\Alan\AppData\Roaming\Digiarty 2013-02-23 23:29 . 2013-02-23 23:29 -------- d-----w- c:\program files (x86)\VideoLAN 2013-02-19 22:40 . 2013-02-19 22:40 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-02-19 22:39 . 2013-02-19 22:39 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-02-19 22:39 . 2013-02-19 22:39 -------- d-----w- c:\program files (x86)\Java 2013-02-18 17:02 . 2013-02-18 17:02 -------- d-----w- c:\program files (x86)\Common Files\Skype 2013-02-18 17:02 . 2013-02-18 17:02 -------- d-----r- c:\program files (x86)\Skype . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-01 22:58 . 2009-09-19 00:59 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin 2013-02-27 23:42 . 2012-04-04 00:35 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-02-27 23:42 . 2011-09-05 19:23 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-19 22:39 . 2012-09-15 14:21 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2013-02-19 22:39 . 2010-04-25 18:50 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-01-10 00:52 . 2011-04-03 02:46 2394464 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll 2012-12-17 01:31 . 2009-10-27 22:14 67599240 ----a-w- c:\windows\system32\MRT.exe 2012-12-16 17:11 . 2013-01-09 23:48 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:45 . 2013-01-09 23:48 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2013-01-09 23:48 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:13 . 2013-01-09 23:48 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-15 00:49 . 2009-09-18 04:15 24176 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-10 348664] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] "Aimersoft Helper Compact.exe"="c:\program files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe" [2012-02-20 1666560] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Alan\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272] MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-4-25 576000] OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux9"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 Kaseya MessageSys Admin Service;Kaseya MessageSys Admin Service;c:\kaseya\MessageSys\KaseyaMessageSysAdmin.exe [x] R2 Kaseya MessageSys Service;Kaseya MessageSys Service;c:\kaseya\MessageSys\KaseyaMessageSys.exe [x] R2 Kserver.exe;Kaseya Service;c:\kaseya\KServer\Kserver.exe [x] R2 KWebExec;Kaseya Web Exec;c:\kaseya\KServer\KWebExec.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-07 161384] R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-06-16 35840] R3 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-02-04 63304] R3 NWUSBCDFIL64;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil64.sys [2010-07-08 25600] R3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\DRIVERS\nwusbmdm_000.sys [2010-07-08 217728] R3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser_000.sys [2010-07-08 217728] R3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser2_000.sys [2010-07-08 217728] R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;c:\progra~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-05-25 43032] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [2009-07-14 10752] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 61976] R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-23 311144] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2012-08-24 440784] S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-12-01 72240] S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-12-01 15920] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 27760] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 203264] S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-15 86224] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-15 398184] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-15 682344] S2 NWVZHelper;Novatel Wireless Verizon Device Helper;c:\program files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-06-14 270848] S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-09-23 2084712] S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-15 24176] S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2011-12-14 29288] S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2011-12-14 29288] S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2011-12-14 29288] S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2011-12-14 29288] S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2011-12-14 29288] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 12925308 *NewlyCreated* - 50966379 *Deregistered* - 12925308 *Deregistered* - 50966379 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . Contents of the 'Scheduled Tasks' folder . 2013-03-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 23:42] . 2013-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2081442477-3313633879-3110854110-1000Core.job - c:\users\Alan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-03 19:22] . 2013-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2081442477-3313633879-3110854110-1000UA.job - c:\users\Alan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-03 19:22] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-02-23 500208] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 Trusted Zone: rph.com\vpn TCP: DhcpNameServer = 192.168.15.1 DPF: {1CBF1F26-C9D6-4573-884A-3EC702A7333E} - hxxps://saas4.kaseya.net/klc/resources/cab/LiveConnectX.cab DPF: {42C384CA-2518-4150-97B8-461E11308305} - hxxps://saas4.kaseya.net/klc/resources/cab/LiveConnectX.cab DPF: {538793D5-659C-4639-A56C-A179AD87ED44} - hxxps://vpn.rph.com/CACHE/stc/1/binaries/vpnweb.cab DPF: {62FA83F7-20EC-4D62-AC86-BAB705EE1CCD} - hxxp://saas4.kaseya.net/klc/resources/cab/LiveConnectX.cab DPF: {9210FB3F-586D-45A6-9668-D28EB62669DA} - hxxp://saas4.kaseya.net/klc/resources/cab/LiveConnectX.cab DPF: {BC9E8CBE-1226-4A6D-9D3C-F46F0971BF88} - hxxps://saas4.kaseya.net/klc/resources/cab/LiveConnectX.cab DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} - hxxps://vpn.rph.com/CACHE/stc/1/binaries/vpnweb.cab FF - ProfilePath - c:\users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\3lc5p8po.default\ . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-Yugma - c:\users\Alan\Yugma\4.1\LaunchExtractor.exe Wow6432Node-HKCU-Run-LightScribe Control Panel - c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe SafeBoot-50966379.sys WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file) AddRemove-Adobe SVG Viewer - c:\windows\System32\Adobe\SVG Viewer\Uninst.isu . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsDepSvc] "ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}] @Denied: (A) (Everyone) "Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0] "Key"="ActionsPane" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-03-01 16:53:41 ComboFix-quarantined-files.txt 2013-03-02 00:53 . Pre-Run: 199,226,228,736 bytes free Post-Run: 204,879,028,224 bytes free . - - End Of File - - 802ABCDC214BD02154057D5B733F7749
  8. AlanBuck
    I thought I attached it because it is big. Let me attach it again. TDSSKiller.2.8.16.0_01.03.2013_14.59.38_log.txt
  9. AlanBuck
    Here are the logs: 14:55:46.0215 5504 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 14:55:46.0828 5504 ============================================================ 14:55:46.0829 5504 Current date / time: 2013/03/01 14:55:46.0828 14:55:46.0829 5504 SystemInfo: 14:55:46.0829 5504 14:55:46.0829 5504 OS Version: 6.1.7601 ServicePack: 1.0 14:55:46.0829 5504 Product type: Workstation 14:55:46.0829 5504 ComputerName: Windows-7-Pro 14:55:46.0829 5504 UserName: Alan 14:55:46.0829 5504 Windows directory: C:\Windows 14:55:46.0829 5504 System windows directory: C:\Windows 14:55:46.0829 5504 Running under WOW64 14:55:46.0829 5504 Processor architecture: Intel x64 14:55:46.0829 5504 Number of processors: 4 14:55:46.0829 5504 Page size: 0x1000 14:55:46.0829 5504 Boot type: Normal boot 14:55:46.0829 5504 ============================================================ 14:55:47.0892 5504 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 14:55:47.0896 5504 ============================================================ 14:55:47.0896 5504 \Device\Harddisk0\DR0: 14:55:47.0905 5504 MBR partitions: 14:55:47.0905 5504 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 14:55:47.0905 5504 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800 14:55:47.0905 5504 ============================================================ 14:55:47.0931 5504 C: <-> \Device\Harddisk0\DR0\Partition2 14:55:47.0931 5504 ============================================================ 14:55:47.0931 5504 Initialize success 14:55:47.0931 5504 ============================================================ 14:56:18.0914 5580 Deinitialize success
  10. AlanBuck
    First off, thank you MrCharlie. I really appreciate your help. If my computer gets clean it will be a blessing. I wasn't looking forward to wiping the hard drive. As you can see I've got a lot going on this machine. It is my learning/play machine for increasing my development skills and would be very costly in time and possible loss of files. I will gladly give you $50 at the end of this. I hope that is reason compensation for not only your time but also the time it took to learn the skills to help me. Here is what I got from running RogueKiller. RogueKiller V8.5.2 _x64_ [Feb 23 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Alan [Admin rights] Mode : Scan -- Date : 02/28/2013 15:31:33 | ARK || FAK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤ [sUSP PATH] DAODx.exe -- C:\Windows\DAODx.exe [-] -> KILLED [TermProc] ¤¤¤ Registry Entries : 8 ¤¤¤ [TASK][sUSP PATH] RunDAOD : C:\Windows\DAODx.exe [-] -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 fr.a2dfp.net 127.0.0.1 m.fr.a2dfp.net 127.0.0.1 ad.a8.net 127.0.0.1 asy.a8ww.net 127.0.0.1 acezip.net #[siteAdvisor.acezip.net] 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions] 127.0.0.1 phpadsnew.abac.com 127.0.0.1 a.abnad.net 127.0.0.1 b.abnad.net 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie] 127.0.0.1 d.abnad.net 127.0.0.1 e.abnad.net 127.0.0.1 t.abnad.net 127.0.0.1 z.abnad.net 127.0.0.1 banners.absolpublisher.com 127.0.0.1 tracking.absolstats.com 127.0.0.1 adv.abv.bg 127.0.0.1 bimg.abv.bg 127.0.0.1 www2.a-counter.kiev.ua [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD1001FALS-75J7B0 ATA Device +++++ --- User --- [MBR] 64d9ec1435e17d5e5c7ca7acdf52d39c [bSP] 5a8f11bc812a9f25189a94adf957bed8 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_02282013_02d1531.txt >> RKreport[1]_S_02282013_02d1531.txt
  11. AlanBuck
    When I ran a Avira scan it notified of the crypt.XPACK.gen7 trojan. So I'm concerned that might be more bad software on my machine. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.15.2 Run by Alan at 17:31:59 on 2013-02-27 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.7934.5892 [GMT -8:00] . AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\svchost.exe -k NetworkService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe C:\Windows\system32\svchost.exe -k apphost C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\mqsvc.exe c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\DAODx.exe C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Users\Alan\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe C:\Program Files (x86)\MagicDisc\MagicDisc.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k iissvcs C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe" uRun: [Google Update] "C:\Users\Alan\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [Yugma] C:\Users\Alan\Yugma\4.1\LaunchExtractor.exe 1 uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden mRun: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\Users\Alan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Alan\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\Alan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe StartupFolder: C:\Users\Alan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUDIBL~1.LNK - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {1CBF1F26-C9D6-4573-884A-3EC702A7333E} - hxxps://saas4.kaseya.net/klc/resources/cab/LiveConnectX.cab DPF: {42C384CA-2518-4150-97B8-461E11308305} - hxxps://saas4.kaseya.net/klc/resources/cab/LiveConnectX.cab DPF: {538793D5-659C-4639-A56C-A179AD87ED44} - hxxps://vpn.rph.com/CACHE/stc/1/binaries/vpnweb.cab DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.rph.com/CACHE/stc/1/binaries/vpnweb.cab DPF: {62FA83F7-20EC-4D62-AC86-BAB705EE1CCD} - hxxp://saas4.kaseya.net/klc/resources/cab/LiveConnectX.cab DPF: {9210FB3F-586D-45A6-9668-D28EB62669DA} - hxxp://saas4.kaseya.net/klc/resources/cab/LiveConnectX.cab DPF: {BC9E8CBE-1226-4A6D-9D3C-F46F0971BF88} - hxxps://saas4.kaseya.net/klc/resources/cab/LiveConnectX.cab DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} - hxxps://vpn.rph.com/CACHE/stc/1/binaries/vpnweb.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://vconnect.kaseya.com/dana-cached/sc/JuniperSetupClient.cab TCP: NameServer = 192.168.15.1 TCP: Interfaces\{83A890E5-6F2C-4991-A617-51E99E7E750D} : DHCPNameServer = 192.168.15.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab x64-DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> Hosts: 127.0.0.1 ads.mcafee.com Hosts: 127.0.0.1 wdcs.trendmicro.com Hosts: 127.0.0.1 om.symantec.com Hosts: 127.0.0.1 oms.symantec.com . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\3lc5p8po.default\ FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll FF - plugin: C:\Users\Alan\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\System32\drivers\NBVol.sys [2012-4-24 72240] R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\System32\drivers\NBVolUp.sys [2012-4-24 15920] R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2011-10-29 27760] R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2011-10-29 98848] S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2012-3-21 35840] S3 NWUSBCDFIL64;Novatel Wireless Installation CD;C:\Windows\System32\drivers\NwUsbCdFil64.sys [2010-7-8 25600] S3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);C:\Windows\System32\drivers\nwusbmdm_000.sys [2010-7-8 217728] S3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);C:\Windows\System32\drivers\nwusbser_000.sys [2010-7-8 217728] S3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);C:\Windows\System32\drivers\nwusbser2_000.sys [2010-7-8 217728] S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144] . =============== File Associations =============== . FileExt: .js: JSFile=C:\Windows\System32\Notepad.exe %1 [default=Edit - 'Open' doesn't exist] . =============== Created Last 30 ================ . 2013-02-28 01:21:02 -------- d-----w- C:\Kaseya 2013-02-24 00:37:09 -------- d-----w- C:\Program Files (x86)\Conduit 2013-02-24 00:37:07 -------- d-----w- C:\Users\Alan\AppData\Local\Conduit 2013-02-24 00:36:52 -------- d-----w- C:\Users\Alan\AppData\Local\CRE 2013-02-24 00:36:01 -------- d-----w- C:\ProgramData\Freemake 2013-02-24 00:35:57 -------- d-----w- C:\Users\Alan\AppData\Roaming\OpenCandy 2013-02-24 00:04:43 -------- d-----w- C:\Program Files\Handbrake 2013-02-23 23:44:11 -------- d-----w- C:\Users\Alan\AppData\Roaming\Digiarty 2013-02-23 23:29:11 -------- d-----w- C:\Program Files (x86)\VideoLAN 2013-02-19 22:39:42 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-02-18 17:02:16 -------- d-----r- C:\Program Files (x86)\Skype . ==================== Find3M ==================== . 2013-02-27 23:42:44 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-27 23:42:44 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-02-19 22:39:29 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2013-02-19 22:39:29 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-15 00:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys . ============= FINISH: 17:34:53.99 =============== B. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 9/17/2009 7:50:22 PM System Uptime: 2/27/2013 5:26:53 PM (0 hours ago) . Motherboard: ASUSTeK Computer INC. | | M4A78T-E Processor: AMD Phenom II X4 810 Processor | AM3 | 2608/200mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 931 GiB total, 132.659 GiB free. D: is CDROM () E: is FIXED (NTFS) - 1863 GiB total, 1661.662 GiB free. I: is CDROM (CDFS) . ==== Disabled Device Manager Items ============= . Class GUID: Description: Device ID: ACPI\ATK0110\1010110 Manufacturer: Name: PNP Device ID: ACPI\ATK0110\1010110 Service: . ==== System Restore Points =================== . RP238: 2/11/2013 3:30:06 PM - Scheduled Checkpoint RP239: 2/19/2013 2:36:14 PM - Removed Java 6 Update 37 RP240: 2/19/2013 2:39:07 PM - Installed Java 7 Update 15 RP241: 2/27/2013 5:13:26 PM - Removed Cisco AnyConnect VPN Client RP242: 2/27/2013 5:19:06 PM - Removed Kaseya Server . ==== Installed Programs ====================== . 7-Zip 4.65 Accent on Interactivity 1.6 Adobe AIR Adobe Community Help Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop 6.0 Adobe SVG Viewer Aimersoft Video Converter Ultimate(Build 4.2.4.0) Apple Application Support Apple Mobile Device Support Apple Software Update Applian Director Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver Audible Download Manager Avira Free Antivirus Bing Rewards Client Installer Blender Bonjour CoffeeCup Direct FTP Coupon Printer for Windows Crystal Reports Basic for Visual Studio 2008 Crystal Reports Basic Runtime for Visual Studio 2008 (x64) Crystal Reports for Visual Studio Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dotfuscator Software Services - Community Edition Dropbox DVD Decrypter (Remove Only) DVDFab 8.1.6.3 (11/02/2012) Qt Foxit Reader GDR 5512 for SQL Server 2008 (KB2716436) (64-bit) GIMP 2.6.11 Git version 1.8.0-preview20121022 Google Chrome GrampsAIO HandBrake 0.9.8 HijackThis 2.0.2 Hotfix for Microsoft Team Foundation Server 2010 Object Model - ENU (KB2736182) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB2538241) Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971092) Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2529927) Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2548139) Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2549864) Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2565057) Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2635973) Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2736182) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233) HP Deskjet 3050 J610 series Basic Device Software HP Deskjet 3050 J610 series Help HP Deskjet 3050 J610 series Product Improvement Study HP Photo Creations HP Update IIS 7.5 Express IIS URL Rewrite Module 2 IntelliJ IDEA Community Edition 10.5.2 iTunes Java 7 Update 15 Java Auto Updater Java 7 Update 2 (64-bit) Java SE Development Kit 7 (64-bit) JetBrains ReSharper 6.1 JetBrains WebStorm 2.0 join.me Kaseya Server Logitech Harmony Remote Software 7 Magic ISO Maker v5.5 (build 0281) MagicDisc 2.7.106 Malwarebytes Anti-Malware version 1.70.0.1100 Marble (remove only) Microsoft .NET Compact Framework 2.0 SP2 Microsoft .NET Compact Framework 3.5 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft ADO.NET Entity Framework 4.1 Microsoft Application Error Reporting Microsoft ASP.NET MVC 2 Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools Microsoft ASP.NET MVC 3 Microsoft ASP.NET MVC 3 - Visual Studio 2010 Tools Update Microsoft ASP.NET Web Pages Microsoft ASP.NET Web Pages - Visual Studio 2010 Tools Microsoft Device Emulator (64 bit) version 3.0 - ENU Microsoft Document Explorer 2008 Microsoft Help Viewer 1.1 Microsoft Office 2003 Web Components Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) Microsoft Office Single Image 2010 Microsoft Office Visual Web Developer 2007 Microsoft Office Visual Web Developer MUI (English) 2007 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft Silverlight 4 SDK Microsoft SQL Server 2000 Sample Database Scripts Microsoft SQL Server 2005 Microsoft SQL Server 2005 Tools Express Edition Microsoft SQL Server 2008 (64-bit) Microsoft SQL Server 2008 Browser Microsoft SQL Server 2008 Client Tools Microsoft SQL Server 2008 Common Files Microsoft SQL Server 2008 Database Engine Services Microsoft SQL Server 2008 Database Engine Shared Microsoft SQL Server 2008 Management Studio Microsoft SQL Server 2008 Policies Microsoft SQL Server 2008 R2 Data-Tier Application Framework Microsoft SQL Server 2008 R2 Data-Tier Application Project Microsoft SQL Server 2008 R2 Management Objects Microsoft SQL Server 2008 R2 Management Objects (x64) Microsoft SQL Server 2008 R2 Native Client Microsoft SQL Server 2008 R2 Transact-SQL Language Service Microsoft SQL Server 2008 Reporting Services Microsoft SQL Server 2008 RsFx Driver Microsoft SQL Server 2008 Setup Support Files Microsoft SQL Server Compact 3.5 for Devices ENU Microsoft SQL Server Compact 3.5 SP1 Design Tools English Microsoft SQL Server Compact 3.5 SP1 Query Tools English Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft SQL Server Compact 3.5 SP2 x64 ENU Microsoft SQL Server Database Publishing Wizard 1.4 Microsoft SQL Server Native Client Microsoft SQL Server Setup Support Files (English) Microsoft SQL Server System CLR Types Microsoft SQL Server System CLR Types (x64) Microsoft SQL Server VSS Writer Microsoft Sync Framework Runtime v1.0 SP1 (x64) Microsoft Sync Framework SDK v1.0 SP1 Microsoft Sync Framework Services v1.0 SP1 (x64) Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) Microsoft Team Foundation Server 2010 Object Model - ENU Microsoft Visual C++ Compilers 2010 Standard - enu - x64 Microsoft Visual C++ Compilers 2010 Standard - enu - x86 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 Microsoft Visual F# 2.0 Runtime Microsoft Visual Studio 2005 Tools for Office Runtime Microsoft Visual Studio 2008 Professional Edition - ENU Microsoft Visual Studio 2008 Professional Edition - ENU Service Pack 1 (KB945140) Microsoft Visual Studio 2008 Remote Debugger - ENU Microsoft Visual Studio 2008 Remote Debugger - ENU Service Pack 1 (KB945140) Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools Microsoft Visual Studio 2010 Office Developer Tools (x64) Microsoft Visual Studio 2010 Professional - ENU Microsoft Visual Studio 2010 Service Pack 1 Microsoft Visual Studio 2010 SharePoint Developer Tools Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Visual Studio Macro Tools Microsoft Visual Studio Tools for Applications 2.0 - ENU Microsoft Visual Studio Web Authoring Component Microsoft Web Deploy 2.0 Microsoft Web Platform Installer 3.0 Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense Microsoft Windows SDK for Visual Studio 2008 SP1 Tools Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools Microsoft XML Parser Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Mozilla Firefox 19.0 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP2 (KB973688) Nero 8 Nero Backup Drivers neroxml Notepad++ NUnit 2.5 NUnit 2.6.2 OpenOffice.org 3.3 Pixel Editor Python 3.1.2 Remote Control USB Driver Replay Video Capture 5 Scratch Seagate Dashboard Security Update for 2007 Microsoft Office System (KB2288621) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2289078) Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft Publisher 2010 (KB2409055) Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition Security Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB2251487) Security Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB2669970) Security Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972222) Security Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973675) Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2645410) Security Update for Microsoft Visual Studio Macro Tools (KB2669970) Security Update for Microsoft Word 2010 (KB2345000) Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) Skype™ 6.2 Sony Pictures Download Manager Sql Server Customer Experience Improvement Program SQLite ADO.NET 2.0/3.5 Provider System.Data.SQLite v1.0.84.0 TestDriven.Net 3.0 Personal TortoiseGit 1.7.15.0 (64 bit) TortoiseSVN 1.6.16.21511 (64 bit) TweetDeck Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft Office 2007 System (KB2539530) Update for Microsoft Office 2010 (KB2202188) Update for Microsoft Office 2010 (KB2413186) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2523113) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft Visual Studio Web Authoring Component (KB945140) VC Runtimes MSI VCRedistSetup Verizon Mobile Broadband Drivers Verizon Wireless USB760 Firmware Updates Visual C++ 2008 IA64 Runtime - (v9.0.30729) Visual C++ 2008 IA64 Runtime - v9.0.30729.01 Visual C++ 2008 x64 Runtime - (v9.0.30729) Visual C++ 2008 x64 Runtime - v9.0.30729.01 Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - (v9.0.30729.4148) Visual C++ 2008 x86 Runtime - (v9.0.30729.6161) Visual C++ 2008 x86 Runtime - v9.0.30729.01 Visual C++ 2008 x86 Runtime - v9.0.30729.4148 Visual C++ 2008 x86 Runtime - v9.0.30729.6161 Visual Site Designer Visual Studio .NET Prerequisites - English Visual Studio 2005 Tools for Office Second Edition Runtime Visual Studio 2010 Prerequisites - English Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU Visual Studio Tools for the Office system 3.0 Runtime Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) VLC media player 2.0.5 VZAccess Manager WCF RIA Services V1.0 SP1 Web Deployment Tool Web Image Studio Windows 7 USB/DVD Download Tool Windows Grep 2.3 Windows Mobile 5.0 SDK R2 for Pocket PC Windows Mobile 5.0 SDK R2 for Smartphone WinMerge 2.10.2.0 . ==== Event Viewer Messages From Past Week ======== . 2/27/2013 5:27:14 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter 2/27/2013 5:27:14 PM, Error: atikmdag [43029] - Display is not active 2/27/2013 3:42:27 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 2/27/2013 3:35:08 PM, Error: Service Control Manager [7022] - The Service Sendori service hung on starting. 2/25/2013 2:37:35 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 2/24/2013 4:24:09 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting. 2/24/2013 4:19:34 PM, Error: Service Control Manager [7034] - The sndappv2 service terminated unexpectedly. It has done this 1 time(s). . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.