Jump to content

gideon2386

Members
 View Profile  See their activity

  • Posts

    4

  • Joined

  • Last visited

 Content Type 

Everything posted by gideon2386

  1. gideon2386
    Yes I am still here.
  2. gideon2386
    New CF log ComboFix 13-07-11.03 - Tino 07/14/2013 20:22:50.3.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1387 [GMT -4:00] Running from: c:\users\Tino.BHIRenovationsL.001\Desktop\ComboFix.exe Command switches used :: c:\users\Tino.BHIRenovationsL.001\Desktop\CFScript.txt.txt AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-06-15 to 2013-07-15 ))))))))))))))))))))))))))))))) . . 2013-07-15 00:39 . 2013-07-15 00:39 -------- d-----w- c:\users\Tino\AppData\Local\temp 2013-07-15 00:39 . 2013-07-15 00:39 -------- d-----w- c:\users\Tino.BHIRenovationsL\AppData\Local\temp 2013-07-15 00:39 . 2013-07-15 00:39 -------- d-----w- c:\users\Tino.BHIRenovationsL.000\AppData\Local\temp 2013-07-15 00:39 . 2013-07-15 00:39 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-07-15 00:39 . 2013-07-15 00:39 -------- d-----w- c:\users\BHI Renovations LLC\AppData\Local\temp 2013-07-15 00:39 . 2013-07-15 00:39 -------- d-----w- c:\users\Alyssa\AppData\Local\temp 2013-07-15 00:39 . 2013-07-15 00:39 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-07-12 13:18 . 2013-07-12 13:18 -------- d-----w- c:\users\Tino.BHIRenovationsL.001\AppData\Roaming\Tific 2013-07-12 04:08 . 2013-07-12 04:08 -------- d-----w- C:\FRST 2013-07-11 21:36 . 2013-07-11 21:36 -------- d-----w- C:\3475043e4c5f81a47541accf5d 2013-07-04 07:57 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2013-07-04 07:57 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-31 15:31 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2013-05-31 15:31 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2013-05-16 01:00 . 2010-06-24 19:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-13 05:51 . 2013-06-11 20:15 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2013-05-13 05:51 . 2013-06-11 20:15 1464320 ----a-w- c:\windows\system32\crypt32.dll 2013-05-13 05:51 . 2013-06-11 20:15 139776 ----a-w- c:\windows\system32\cryptnet.dll 2013-05-13 05:50 . 2013-06-11 20:15 52224 ----a-w- c:\windows\system32\certenc.dll 2013-05-13 04:45 . 2013-06-11 20:15 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2013-05-13 04:45 . 2013-06-11 20:15 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-05-13 04:45 . 2013-06-11 20:15 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2013-05-13 03:43 . 2013-06-11 20:15 1192448 ----a-w- c:\windows\system32\certutil.exe 2013-05-13 03:08 . 2013-06-11 20:15 903168 ----a-w- c:\windows\SysWow64\certutil.exe 2013-05-13 03:08 . 2013-06-11 20:15 43008 ----a-w- c:\windows\SysWow64\certenc.dll 2013-05-10 05:49 . 2013-06-11 20:15 30720 ----a-w- c:\windows\system32\cryptdlg.dll 2013-05-10 03:20 . 2013-06-11 20:15 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll 2013-05-08 06:39 . 2013-06-11 20:15 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-04-26 05:51 . 2013-06-11 20:15 751104 ----a-w- c:\windows\system32\win32spl.dll 2013-04-26 04:55 . 2013-06-11 20:15 492544 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-04-25 23:30 . 2013-06-11 20:15 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll . . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\users\Tino.BHIRenovationsL.001\AppData\Roaming\Tific ---- . 2013-07-12 13:18 . 2013-07-12 13:19 11562 ----a-w- c:\users\Tino.BHIRenovationsL.001\AppData\Roaming\Tific\Environment.tfc 2013-07-12 13:18 . 2013-07-12 13:19 11562 ----a-w- c:\users\Tino.BHIRenovationsL.001\AppData\Roaming\Tific\tificocs.symantec.com.tfc . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}] c:\program files (x86)\StartNow Toolbar\Toolbar32.dll [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{5911488E-9D1E-40ec-8CBB-06B231CC153F}"= "c:\program files (x86)\StartNow Toolbar\Toolbar32.dll" [bU] . [HKEY_CLASSES_ROOT\clsid\{5911488e-9d1e-40ec-8cbb-06b231cc153f}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-11-22 2736128] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-15 336384] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-02-22 1497352] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-4-5 1149440] Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2010-11-18 1040952] Wireless Connection Manager.lnk - c:\program files (x86)\D-Link\DWA-131 revA\wirelesscm.exe [2011-12-16 517440] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x] R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx64.sys [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110630.050\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110630.050\IDSvia64.sys [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1207020.003\SYMNETS.SYS [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x] S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [x] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x] S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [x] S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x] S2 WlanWpsSvc;WlanWpsSvc;c:\program files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe;c:\program files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe [x] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2010-11-22 22:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2013-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-58572535-489909918-2348058734-1003Core.job - c:\users\Alyssa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-23 15:15] . 2013-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-58572535-489909918-2348058734-1003UA.job - c:\users\Alyssa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-23 15:15] . 2013-06-27 c:\windows\Tasks\HPCeeScheduleForTino.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter] @="{D25B32FE-CB96-491A-98FF-AD59DA382D69}" [HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}] 2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter] @="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}" [HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}] 2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter] @="{B3C78E40-6B64-47C3-AE34-60B770881EB8}" [HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}] 2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter] @="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}" [HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}] 2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter] @="{855156F0-2A0F-11DE-8C30-0800200C9A66}" [HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}] 2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-12-02 524800] "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12 . - - - - ORPHANS REMOVED - - - - . AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-07-14 20:42:35 ComboFix-quarantined-files.txt 2013-07-15 00:42 ComboFix2.txt 2013-07-12 19:07 . Pre-Run: 226,301,812,736 bytes free Post-Run: 225,873,248,256 bytes free . - - End Of File - - 86AD39069D2B28FF3A393BAF73DEE064 A36C5E4F47E84449FF07ED3517B43A31
  3. gideon2386
    Here the Fix Log Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-07-2013 01 Ran by SYSTEM at 2013-07-12 09:01:36 Run:1 Running from H:\ Boot Mode: Recovery ============================================== HKU\BHI Renovations LLC\Software\Microsoft\Windows\CurrentVersion\Run\\{0FD10AED-2B1A-2F4F-1F99-56963D4BA3DE} => Value deleted successfully. HKU\BHI Renovations LLC\Software\Microsoft\Windows\CurrentVersion\Run\\150.exe => Value deleted successfully. HKU\BHI Renovations LLC\Software\Microsoft\Windows\CurrentVersion\Run\\dP17724LfLkE17724 => Value deleted successfully. HKU\BHI Renovations LLC\Software\Microsoft\Windows\CurrentVersion\Run\\charient => Value deleted successfully. HKU\BHI Renovations LLC\Software\Microsoft\Windows\CurrentVersion\Run\\dccwview => Value deleted successfully. HKU\Tino.BHIRenovationsL.001\Software\Microsoft\Windows\CurrentVersion\Run\\ATI => Value deleted successfully. HKU\Tino.BHIRenovationsL.001\Software\Microsoft\Windows\CurrentVersion\Run\\Netscape => Value deleted successfully. HKU\Tino.BHIRenovationsL.001\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe CSS5.1 Manager => Value deleted successfully. HKU\Tino.BHIRenovationsL.001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Adobe CSS5.1 Manager => Value deleted successfully. HKU\Tino.BHIRenovationsL.001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully. HKLM\System\ControlSet001\Control\Session Manager\SubSystems\\Windows => Value was restored successfully. HKU\Tino.BHIRenovationsL.001\Software\Microsoft\Windows\CurrentVersion\Run\\TimeServer => Value deleted successfully. C:\Windows\Tasks\{4DA4FABE-9528-4E6F-9FBF-618B09E89173}.job => Moved successfully. C:\Windows\System32\Tasks\{4DA4FABE-9528-4E6F-9FBF-618B09E89173} => Moved successfully. C:\Users\Tino.BHIRenovationsL.001\AppData\Local\c99b2097-237f-4a8c-8921-155e54251682ad => Moved successfully. C:\Users\Tino.BHIRenovationsL.001\notepad.exe => No running process found C:\Users\Tino.BHIRenovationsL.001\rundll32.exe => Moved successfully. C:\Users\Tino.BHIRenovationsL.001\opera.exe => Moved successfully. C:\Users\BHI Renovations LLC\AppData\Roaming\Wasyaw => Moved successfully. C:\Users\BHI Renovations LLC\AppData\Roaming\Microsoft\98DA => Moved successfully. C:\ProgramData\dP17724LfLkE17724\ => Moved successfully. C:\Users\BHIREN~1\AppData\Local\Temp\drivlace.dll => Moved successfully. C:\Users\BHIREN~1\AppData\Local\Temp\drivlace64.dll => Moved successfully. C:\Users\Tino.BHIRenovationsL.001\AppData\Local\Intuit\ATI => Moved successfully. C:\Users\Tino.BHIRenovationsL.001\AppData\Local\Netscape\ => Moved successfully. "C:\Users\Tino.BHIRenovationsL.001\AppData\Local\c99b2097-237f-4a8c-8921-155e54251682ad" => File/Directory not found. C:\Users\Tino.BHIRenovationsL.001\AppData\Roaming\skype.dat => Moved successfully. C:\Users\Tino.BHIRenovationsL.001\AppData\Roaming\atiUtilLibs8 => Moved successfully. "C:\Users\Tino.BHIRenovationsL.001\AppData\Local\Netscape" => File/Directory not found. C:\Users\Tino.BHIRenovationsL.001\AppData\Roaming\skype.ini => Moved successfully. C:\Windows\Tasks\At* => Moved successfully. C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-58572535-489909918-2348058734-1002UA.job => Moved successfully. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 => Moved successfully. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 => Moved successfully. C:\Windows\System32\consrv.dll => Moved successfully. C:\Windows\assembly\GAC_32\Desktop.ini => Moved successfully. C:\Windows\assembly\GAC_64\Desktop.ini => Moved successfully. C:\Users\Tino.BHIRenovationsL.001\AppData\Local\{448ba2fe-1264-12d8-69cb-65e0f4030769} => Moved successfully. C:\ProgramData\w2SKWedwdkDaG2.exe => Moved successfully. C:\ProgramData\YPfdbKQmYWnOqAL.exe => Moved successfully. C:\ProgramData\I45akNWE.dat => Moved successfully. "C:\Windows\Tasks\{4DA4FABE-9528-4E6F-9FBF-618B09E89173}.job" => File/Directory not found. C:\Users\Tino.BHIRenovationsL.001\AppData\Roaming\Tific\ => Moved successfully. Error: DeleteJunctionsIndirectory: C:\Windows\system64 => entry should be fixed outside recovery mode. ==== End of Fixlog ==== Here is ComboFix Log ComboFix 13-07-11.03 - Tino 07/12/2013 11:43:47.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1178 [GMT -4:00] Running from: c:\users\Tino.BHIRenovationsL.001\Desktop\ComboFix.exe AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\StartNow Toolbar c:\program files (x86)\StartNow Toolbar\ReactivateIE.exe c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png c:\program files (x86)\StartNow Toolbar\Resources\installer.xml c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml c:\program files (x86)\StartNow Toolbar\Resources\update.xml c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe c:\program files (x86)\StartNow Toolbar\Toolbar32.dll c:\program files (x86)\StartNow Toolbar\ToolbarBroker.exe c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe c:\program files (x86)\StartNow Toolbar\uninstall.dat c:\program files (x86)\StartNow Toolbar\verify\Reactivate.exe c:\program files (x86)\StartNow Toolbar\verify\ReactivateFF.exe c:\program files (x86)\StartNow Toolbar\verify\StartNowToolbarUninstall.exe c:\program files (x86)\StartNow Toolbar\verify\Toolbar32.dll c:\program files (x86)\StartNow Toolbar\verify\ToolbarBroker.exe c:\program files (x86)\StartNow Toolbar\verify\ToolbarUpdaterService.exe c:\program files (x86)\StartNow Toolbar\verify\XBrowser.dll c:\users\Tino.BHIRenovationsL.001\notepad.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_Updater Service for StartNow Toolbar -------\Service_Updater Service for StartNow Toolbar . . ((((((((((((((((((((((((( Files Created from 2013-06-12 to 2013-07-12 ))))))))))))))))))))))))))))))) . . 2013-07-12 18:53 . 2013-07-12 18:53 -------- d-----w- c:\users\Tino.BHIRenovationsL\AppData\Local\temp 2013-07-12 13:18 . 2013-07-12 13:18 -------- d-----w- c:\users\Tino.BHIRenovationsL.001\AppData\Roaming\Tific 2013-07-12 04:08 . 2013-07-12 04:08 -------- d-----w- C:\FRST 2013-07-11 21:36 . 2013-07-11 21:36 -------- d-----w- C:\3475043e4c5f81a47541accf5d 2013-07-04 07:57 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2013-07-04 07:57 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-31 15:31 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2013-05-31 15:31 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2013-05-16 01:00 . 2010-06-24 19:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-13 05:51 . 2013-06-11 20:15 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2013-05-13 05:51 . 2013-06-11 20:15 1464320 ----a-w- c:\windows\system32\crypt32.dll 2013-05-13 05:51 . 2013-06-11 20:15 139776 ----a-w- c:\windows\system32\cryptnet.dll 2013-05-13 05:50 . 2013-06-11 20:15 52224 ----a-w- c:\windows\system32\certenc.dll 2013-05-13 04:45 . 2013-06-11 20:15 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2013-05-13 04:45 . 2013-06-11 20:15 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-05-13 04:45 . 2013-06-11 20:15 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2013-05-13 03:43 . 2013-06-11 20:15 1192448 ----a-w- c:\windows\system32\certutil.exe 2013-05-13 03:08 . 2013-06-11 20:15 903168 ----a-w- c:\windows\SysWow64\certutil.exe 2013-05-13 03:08 . 2013-06-11 20:15 43008 ----a-w- c:\windows\SysWow64\certenc.dll 2013-05-10 05:49 . 2013-06-11 20:15 30720 ----a-w- c:\windows\system32\cryptdlg.dll 2013-05-10 03:20 . 2013-06-11 20:15 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll 2013-05-08 06:39 . 2013-06-11 20:15 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-04-26 05:51 . 2013-06-11 20:15 751104 ----a-w- c:\windows\system32\win32spl.dll 2013-04-26 04:55 . 2013-06-11 20:15 492544 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-04-25 23:30 . 2013-06-11 20:15 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-11-22 2736128] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-15 336384] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-02-22 1497352] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-4-5 1149440] Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2010-11-18 1040952] Wireless Connection Manager.lnk - c:\program files (x86)\D-Link\DWA-131 revA\wirelesscm.exe [2011-12-16 517440] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x] R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx64.sys [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110630.050\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110630.050\IDSvia64.sys [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1207020.003\SYMNETS.SYS [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x] S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [x] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x] S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [x] S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x] S2 WlanWpsSvc;WlanWpsSvc;c:\program files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe;c:\program files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe [x] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2010-11-22 22:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2013-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-58572535-489909918-2348058734-1003Core.job - c:\users\Alyssa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-23 15:15] . 2013-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-58572535-489909918-2348058734-1003UA.job - c:\users\Alyssa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-23 15:15] . 2013-06-27 c:\windows\Tasks\HPCeeScheduleForTino.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter] @="{D25B32FE-CB96-491A-98FF-AD59DA382D69}" [HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}] 2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter] @="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}" [HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}] 2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter] @="{B3C78E40-6B64-47C3-AE34-60B770881EB8}" [HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}] 2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter] @="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}" [HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}] 2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter] @="{855156F0-2A0F-11DE-8C30-0800200C9A66}" [HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}] 2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-12-02 524800] "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.3 . - - - - ORPHANS REMOVED - - - - . BHO-{6E13D095-45C3-4271-9475-F3B48227DD9F} - c:\program files (x86)\StartNow Toolbar\Toolbar32.dll Toolbar-{5911488E-9D1E-40ec-8CBB-06B231CC153F} - c:\program files (x86)\StartNow Toolbar\Toolbar32.dll Wow6432Node-HKCU-Run-atiUtilLibs8 - c:\users\Tino.BHIRenovationsL.001\AppData\Roaming\atiUtilLibs8\atiUtilLibs8.dll Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe . ************************************************************************** . Completion time: 2013-07-12 15:07:24 - machine was rebooted ComboFix-quarantined-files.txt 2013-07-12 19:07 . Pre-Run: 225,769,791,488 bytes free Post-Run: 225,629,081,600 bytes free . - - End Of File - - 812779C46517ADEE3D669ABA6BF57EF8 A36C5E4F47E84449FF07ED3517B43A31
  4. gideon2386
    Hello All, I humbly require assistance in removing this FBI MoneyPak Virus that has my laptop on lockdown. I would highly appreciate any and all assistance. Thank you. Here are the frst.txt log and Service.txt log Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-07-2013 Ran by SYSTEM on 11-07-2013 20:09:32 Running from H:\ Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-16] (Synaptics Incorporated) HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [524800 2010-12-01] (IDT, Inc.) HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-07-21] (Hewlett-Packard Company) HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-13] (Microsoft Corporation) HKLM-x32\...\Run: [startCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2010-12-15] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Microsoft Default Manager] - "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [976832 2010-06-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2010-06-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard) HKLM-x32\...\Run: [intuit SyncManager] - C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup [1497352 2011-02-21] (Intuit Inc. All rights reserved.) HKLM-x32\...\Run: [sunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [249064 2010-10-29] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.) HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.) HKU\Alyssa\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-11-22] (Hewlett-Packard Company) HKU\Alyssa\...\Run: [Google Update] - "C:\Users\Alyssa\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-11-23] (Google Inc.) HKU\Alyssa\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex [247968 2011-12-11] (Adobe Systems, Inc.) HKU\BHI Renovations LLC\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-11-22] (Hewlett-Packard Company) HKU\BHI Renovations LLC\...\Run: [skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [19550344 2011-10-13] (Skype Technologies S.A.) HKU\BHI Renovations LLC\...\Run: [{0FD10AED-2B1A-2F4F-1F99-56963D4BA3DE}] - "C:\Users\BHI Renovations LLC\AppData\Roaming\Wasyaw\ewguac.exe" [196096 2011-05-22] () HKU\BHI Renovations LLC\...\Run: [150.exe] - C:\Users\BHI Renovations LLC\AppData\Roaming\Microsoft\98DA\150.exe [291840 2011-12-22] () HKU\BHI Renovations LLC\...\Run: [dP17724LfLkE17724] - C:\ProgramData\dP17724LfLkE17724\dP17724LfLkE17724.exe [372224 2011-12-22] () HKU\BHI Renovations LLC\...\Run: [charient] - rundll32 "C:\Users\BHIREN~1\AppData\Local\Temp\drivlace.dll",CreateProcessNotify [47616 2011-12-22] (Kaspersky Lab) <===== ATTENTION HKU\BHI Renovations LLC\...\Run: [dccwview] - rundll32 "C:\Users\BHIREN~1\AppData\Local\Temp\drivlace64.dll",CreateProcessNotify [52224 2011-12-22] (Kaspersky Lab) <===== ATTENTION HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation) HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation) HKU\Tino.BHIRenovationsL\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-11-22] (Hewlett-Packard Company) HKU\Tino.BHIRenovationsL.001\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-11-22] (Hewlett-Packard Company) HKU\Tino.BHIRenovationsL.001\...\Run: [ATI] - rundll32 "C:\Users\Tino.BHIRenovationsL.001\AppData\Local\Intuit\ATI\ghgmojmg.dll",DllRegisterServer [320000 2013-07-05] (Microsoft Corporation) <===== ATTENTION HKU\Tino.BHIRenovationsL.001\...\Run: [Netscape] - regsvr32.exe C:\Users\Tino.BHIRenovationsL.001\AppData\Local\Netscape\gsroesug.dll [891904 2013-07-05] (Autodesk, Inc.) <===== ATTENTION HKU\Tino.BHIRenovationsL.001\...\Run: [atiUtilLibs8] - rundll32.exe "C:\Users\Tino.BHIRenovationsL.001\AppData\Roaming\atiUtilLibs8\atiUtilLibs8.dll",fxMobileIo Bassmapcprt [31232 2013-07-06] () HKU\Tino.BHIRenovationsL.001\...\Run: [TimeServer] - "C:\Users\Tino.BHIRenovationsL.001\AppData\Roaming\Tific\WIN199E.exe" [133120 2013-07-07] () HKU\Tino.BHIRenovationsL.001\...\Run: [Adobe CSS5.1 Manager] - C:\Users\Tino.BHIRenovationsL.001\AppData\Local\c99b2097-237f-4a8c-8921-155e54251682ad\cbfacead.exe [172544 2013-07-11] () <===== ATTENTION HKU\Tino.BHIRenovationsL.001\...\RunOnce: [Adobe CSS5.1 Manager] - C:\Users\Tino.BHIRenovationsL.001\AppData\Local\c99b2097-237f-4a8c-8921-155e54251682ad\cbfacead.exe [172544 2013-07-11] () <===== ATTENTION HKU\Tino.BHIRenovationsL.001\...\Winlogon: [shell] explorer.exe,C:\Users\Tino.BHIRenovationsL.001\AppData\Roaming\skype.dat [142848 2011-11-16] (Intro-Software Lab.) <==== ATTENTION SubSystems: [Windows] ATTENTION! ====> ZeroAccess Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\ProgramData\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) Startup: C:\ProgramData\Start Menu\Programs\Startup\Snapfish PictureMover.lnk ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company) Startup: C:\ProgramData\Start Menu\Programs\Startup\Wireless Connection Manager.lnk ShortcutTarget: Wireless Connection Manager.lnk -> C:\Program Files (x86)\D-Link\DWA-131 revA\wirelesscm.exe (D-Link Corp.) ==================== Services (Whitelisted) ================= S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2010-12-15] (Advanced Micro Devices, Inc.) S2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices) S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation) S2 Updater Service for StartNow Toolbar; C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [244960 2011-10-25] () S2 WlanWpsSvc; C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe [167936 2008-06-26] () ==================== Drivers (Whitelisted) ==================== S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx64.sys [1143416 2011-05-19] (Symantec Corporation) S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx64.sys [1143416 2011-05-19] (Symantec Corporation) S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [481912 2011-05-10] (Symantec Corporation) S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [481912 2011-05-10] (Symantec Corporation) S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [136824 2011-06-01] (Symantec Corporation) S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110630.050\IDSvia64.sys [488056 2011-06-02] (Symantec Corporation) S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110630.050\IDSvia64.sys [488056 2011-06-02] (Symantec Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110630.038\ENG64.SYS [117880 2011-06-01] (Symantec Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110630.038\ENG64.SYS [117880 2011-06-01] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110630.038\EX64.SYS [2011768 2011-06-01] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110630.038\EX64.SYS [2011768 2011-06-01] (Symantec Corporation) S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation) S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation) S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-10] (MCCI Corporation) S0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation) S0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation) S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-11] (Symantec Corporation) S1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation) S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-11 20:08 - 2013-07-11 20:08 - 00000000 ____D C:\FRST 2013-07-11 14:19 - 2013-07-11 15:31 - 00000004 ____A C:\Users\Tino.BHIRenovationsL.001\AppData\Roaming\skype.ini 2013-07-11 14:16 - 2013-07-11 15:00 - 00000352 ___AH C:\Windows\Tasks\{4DA4FABE-9528-4E6F-9FBF-618B09E89173}.job 2013-07-11 14:16 - 2013-07-11 14:16 - 00003092 ____A C:\Windows\System32\Tasks\{4DA4FABE-9528-4E6F-9FBF-618B09E89173} 2013-07-11 14:16 - 2013-07-11 14:16 - 00000000 ____D C:\Users\Tino.BHIRenovationsL.001\AppData\Local\c99b2097-237f-4a8c-8921-155e54251682ad 2013-07-11 14:15 - 2013-07-11 14:15 - 00142848 ____A (Intro-Software Lab.) C:\Users\Tino.BHIRenovationsL.001\notepad.exe 2013-07-11 14:15 - 2013-07-11 14:15 - 00000000 ____A C:\Users\Tino.BHIRenovationsL.001\rundll32.exe 2013-07-11 14:15 - 2013-07-11 14:15 - 00000000 ____A C:\Users\Tino.BHIRenovationsL.001\opera.exe 2013-07-11 13:36 - 2013-07-11 13:36 - 00000000 ____D C:\3475043e4c5f81a47541accf5d 2013-07-09 23:33 - 2013-06-04 19:34 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-07-09 23:33 - 2013-06-03 22:00 - 00624128 ____A (Microsoft Corporation) C:\Windows\System32\qedit.dll 2013-07-09 23:33 - 2013-06-03 20:53 - 00509440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2013-07-09 23:33 - 2013-05-05 22:03 - 01887744 ____A (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL 2013-07-09 23:33 - 2013-05-05 20:56 - 01620480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-07-09 23:33 - 2013-04-09 15:34 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-07-09 23:33 - 2013-04-02 14:51 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll 2013-07-06 23:48 - 2013-07-06 23:48 - 00000000 ____D C:\Users\Tino.BHIRenovationsL.001\AppData\Roaming\atiUtilLibs8 2013-07-05 10:41 - 2013-07-05 22:19 - 00000000 ____D C:\Users\Tino.BHIRenovationsL.001\AppData\Local\Netscape 2013-07-03 23:57 - 2013-04-16 23:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-07-03 23:57 - 2013-04-16 22:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-07-02 23:01 - 2013-07-11 13:35 - 00068420 ____A C:\Windows\IE10_main.log 2013-06-13 17:43 - 2013-06-13 17:43 - 00262144 ____A C:\Windows\Minidump\061313-36145-01.dmp 2013-06-11 12:15 - 2013-05-12 21:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-11 12:15 - 2013-05-12 21:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-11 12:15 - 2013-05-12 21:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-11 12:15 - 2013-05-12 21:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-11 12:15 - 2013-05-12 20:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-11 12:15 - 2013-05-12 20:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-11 12:15 - 2013-05-12 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-11 12:15 - 2013-05-12 19:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-11 12:15 - 2013-05-12 19:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-11 12:15 - 2013-05-12 19:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-11 12:15 - 2013-05-09 21:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-11 12:15 - 2013-05-09 19:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-11 12:15 - 2013-05-07 22:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-11 12:15 - 2013-04-25 21:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-11 12:15 - 2013-04-25 20:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-11 12:15 - 2013-04-25 15:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-06-11 12:15 - 2013-03-31 14:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll ==================== One Month Modified Files and Folders ======= 2013-07-11 20:08 - 2013-07-11 20:08 - 00000000 ____D C:\FRST 2013-07-11 15:59 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-07-11 15:58 - 2009-07-13 20:51 - 00054411 ____A C:\Windows\setupact.log 2013-07-11 15:31 - 2013-07-11 14:19 - 00000004 ____A C:\Users\Tino.BHIRenovationsL.001\AppData\Roaming\skype.ini 2013-07-11 15:16 - 2011-12-24 05:34 - 00000354 ____A C:\Windows\Tasks\At40.job 2013-07-11 15:16 - 2011-12-24 05:34 - 00000352 ____A C:\Windows\Tasks\At39.job 2013-07-11 15:16 - 2011-08-16 11:58 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-58572535-489909918-2348058734-1002UA.job 2013-07-11 15:16 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-11 15:16 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-11 15:10 - 2011-03-10 23:04 - 01840270 ____A C:\Windows\WindowsUpdate.log 2013-07-11 15:09 - 2011-12-31 06:51 - 00000000 ____D C:\Users\Tino.BHIRenovationsL.001\AppData\Local\CrashDumps 2013-07-11 15:02 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI 2013-07-11 15:00 - 2013-07-11 14:16 - 00000352 ___AH C:\Windows\Tasks\{4DA4FABE-9528-4E6F-9FBF-618B09E89173}.job 2013-07-11 14:22 - 2011-12-24 05:34 - 00000354 ____A C:\Windows\Tasks\At24.job 2013-07-11 14:22 - 2011-12-24 05:34 - 00000352 ____A C:\Windows\Tasks\At29.job 2013-07-11 14:22 - 2009-07-13 20:45 - 00378824 ____A C:\Windows\System32\FNTCACHE.DAT 2013-07-11 14:21 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender 2013-07-11 14:21 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2013-07-11 14:18 - 2011-12-24 05:34 - 00000354 ____A C:\Windows\Tasks\At38.job 2013-07-11 14:18 - 2011-12-24 05:34 - 00000352 ____A C:\Windows\Tasks\At37.job 2013-07-11 14:17 - 2011-12-22 19:14 - 00000000 ____D C:\users\Tino.BHIRenovationsL.001 2013-07-11 14:17 - 2011-08-16 11:58 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-58572535-489909918-2348058734-1002Core.job 2013-07-11 14:16 - 2013-07-11 14:16 - 00003092 ____A C:\Windows\System32\Tasks\{4DA4FABE-9528-4E6F-9FBF-618B09E89173} 2013-07-11 14:16 - 2013-07-11 14:16 - 00000000 ____D C:\Users\Tino.BHIRenovationsL.001\AppData\Local\c99b2097-237f-4a8c-8921-155e54251682ad 2013-07-11 14:15 - 2013-07-11 14:15 - 00142848 ____A (Intro-Software Lab.) C:\Users\Tino.BHIRenovationsL.001\notepad.exe 2013-07-11 14:15 - 2013-07-11 14:15 - 00000000 ____A C:\Users\Tino.BHIRenovationsL.001\rundll32.exe 2013-07-11 14:15 - 2013-07-11 14:15 - 00000000 ____A C:\Users\Tino.BHIRenovationsL.001\opera.exe 2013-07-11 13:54 - 2011-11-23 07:15 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-58572535-489909918-2348058734-1003UA.job 2013-07-11 13:46 - 2011-12-24 05:34 - 00000354 ____A C:\Windows\Tasks\At36.job 2013-07-11 13:46 - 2011-12-24 05:34 - 00000354 ____A C:\Windows\Tasks\At34.job 2013-07-11 13:46 - 2011-12-24 05:34 - 00000354 ____A C:\Windows\Tasks\At32.job 2013-07-11 13:46 - 2011-12-24 05:34 - 00000354 ____A C:\Windows\Tasks\At30.job 2013-07-11 13:46 - 2011-12-24 05:34 - 00000354 ____A C:\Windows\Tasks\At28.job 2013-07-11 13:46 - 2011-12-24 05:34 - 00000354 ____A C:\Windows\Tasks\At26.job 2013-07-11 13:46 - 2011-12-24 05:34 - 00000354 ____A C:\Windows\Tasks\At22.job 2013-07-11 13:46 - 2011-12-24 05:34 - 00000354 ____A C:\Windows\Tasks\At20.job 2013-07-11 13:46 - 2011-12-24 05:34 - 00000354 ____A C:\Windows\Tasks\At18.job 2013-07-11 13:46 - 2011-12-24 05:34 - 00000354 ____A C:\Windows\Tasks\At16.job 2013-07-11 13:46 - 2011-12-24 05:34 - 00000354 ____A C:\Windows\Tasks\At14.job 2013-07-11 13:46 - 2011-12-24 05:34 - 00000354 ____A C:\Windows\Tasks\At12.job 2013-07-11 13:46 - 2011-12-24 05:34 - 00000352 ____A C:\Windows\Tasks\At35.job 2013-07-11 13:46 - 2011-12-24 05:34 - 00000352 ____A C:\Windows\Tasks\At33.job 2013-07-11 13:46 - 2011-12-24 05:34 - 00000352 ____A C:\Windows\Tasks\At31.job 2013-07-11 13:46 - 2011-12-24 05:34 - 00000352 ____A C:\Windows\Tasks\At27.job 2013-07-11 13:46 - 2011-12-24 05:34 - 00000352 ____A C:\Windows\Tasks\At25.job 2013-07-11 13:46 - 2011-12-24 05:34 - 00000352 ____A C:\Windows\Tasks\At23.job 2013-07-11 13:46 - 2011-12-24 05:34 - 00000352 ____A C:\Windows\Tasks\At21.job 2013-07-11 13:46 - 2011-12-24 05:34 - 00000352 ____A C:\Windows\Tasks\At19.job 2013-07-11 13:46 - 2011-12-24 05:34 - 00000352 ____A C:\Windows\Tasks\At17.job 2013-07-11 13:46 - 2011-12-24 05:34 - 00000352 ____A C:\Windows\Tasks\At15.job 2013-07-11 13:46 - 2011-12-24 05:34 - 00000352 ____A C:\Windows\Tasks\At13.job 2013-07-11 13:36 - 2013-07-11 13:36 - 00000000 ____D C:\3475043e4c5f81a47541accf5d 2013-07-11 13:36 - 2011-11-23 07:15 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-58572535-489909918-2348058734-1003Core.job 2013-07-11 13:35 - 2013-07-02 23:01 - 00068420 ____A C:\Windows\IE10_main.log 2013-07-11 13:33 - 2011-12-24 05:34 - 00000352 ____A C:\Windows\Tasks\At11.job 2013-07-11 00:22 - 2011-12-24 05:35 - 00000354 ____A C:\Windows\Tasks\At48.job 2013-07-11 00:22 - 2011-12-24 05:35 - 00000354 ____A C:\Windows\Tasks\At46.job 2013-07-11 00:22 - 2011-12-24 05:35 - 00000354 ____A C:\Windows\Tasks\At44.job 2013-07-11 00:22 - 2011-12-24 05:35 - 00000354 ____A C:\Windows\Tasks\At42.job 2013-07-11 00:22 - 2011-12-24 05:35 - 00000352 ____A C:\Windows\Tasks\At47.job 2013-07-11 00:22 - 2011-12-24 05:35 - 00000352 ____A C:\Windows\Tasks\At45.job 2013-07-11 00:22 - 2011-12-24 05:35 - 00000352 ____A C:\Windows\Tasks\At43.job 2013-07-11 00:22 - 2011-12-24 05:35 - 00000352 ____A C:\Windows\Tasks\At41.job 2013-07-11 00:22 - 2011-12-24 05:34 - 00000354 ____A C:\Windows\Tasks\At8.job 2013-07-11 00:22 - 2011-12-24 05:34 - 00000354 ____A C:\Windows\Tasks\At6.job 2013-07-11 00:22 - 2011-12-24 05:34 - 00000354 ____A C:\Windows\Tasks\At4.job 2013-07-11 00:22 - 2011-12-24 05:34 - 00000354 ____A C:\Windows\Tasks\At2.job 2013-07-11 00:22 - 2011-12-24 05:34 - 00000354 ____A C:\Windows\Tasks\At10.job 2013-07-11 00:22 - 2011-12-24 05:34 - 00000352 ____A C:\Windows\Tasks\At9.job 2013-07-11 00:22 - 2011-12-24 05:34 - 00000352 ____A C:\Windows\Tasks\At7.job 2013-07-11 00:22 - 2011-12-24 05:34 - 00000352 ____A C:\Windows\Tasks\At5.job 2013-07-11 00:22 - 2011-12-24 05:34 - 00000352 ____A C:\Windows\Tasks\At3.job 2013-07-11 00:22 - 2011-12-24 05:34 - 00000352 ____A C:\Windows\Tasks\At1.job 2013-07-09 23:49 - 2011-05-10 03:24 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log 2013-07-09 23:48 - 2011-12-20 16:36 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt 2013-07-07 19:54 - 2011-12-22 20:08 - 00000000 ____D C:\Users\Tino.BHIRenovationsL.001\AppData\Roaming\Tific 2013-07-06 23:48 - 2013-07-06 23:48 - 00000000 ____D C:\Users\Tino.BHIRenovationsL.001\AppData\Roaming\atiUtilLibs8 2013-07-05 22:19 - 2013-07-05 10:41 - 00000000 ____D C:\Users\Tino.BHIRenovationsL.001\AppData\Local\Netscape 2013-07-05 22:18 - 2013-05-19 13:36 - 423270142 ____A C:\Windows\MEMORY.DMP 2013-07-05 22:18 - 2011-07-03 22:51 - 00000000 ____D C:\Windows\Minidump 2013-07-05 10:41 - 2012-03-15 16:23 - 00000000 ____D C:\Users\Tino.BHIRenovationsL.001\AppData\Local\Intuit 2013-07-05 10:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF 2013-07-04 00:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK 2013-07-04 00:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR 2013-07-04 00:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\zh-HK 2013-07-04 00:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\tr-TR 2013-07-02 23:07 - 2013-07-02 23:07 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-07-02 23:07 - 2013-07-02 23:07 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-06-26 23:55 - 2013-02-26 12:21 - 00003180 ____A C:\Windows\System32\Tasks\HPCeeScheduleForTino 2013-06-26 23:55 - 2013-02-26 12:21 - 00000328 ____A C:\Windows\Tasks\HPCeeScheduleForTino.job 2013-06-13 17:43 - 2013-06-13 17:43 - 00262144 ____A C:\Windows\Minidump\061313-36145-01.dmp ZeroAccess: C:\Windows\System32\consrv.dll ZeroAccess: C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess: C:\Windows\assembly\GAC_64\Desktop.ini ZeroAccess: C:\Users\Tino.BHIRenovationsL.001\AppData\Local\{448ba2fe-1264-12d8-69cb-65e0f4030769} C:\Users\Tino.BHIRenovationsL.001\AppData\Local\{448ba2fe-1264-12d8-69cb-65e0f4030769}\@ C:\Users\Tino.BHIRenovationsL.001\AppData\Local\{448ba2fe-1264-12d8-69cb-65e0f4030769}\L C:\Users\Tino.BHIRenovationsL.001\AppData\Local\{448ba2fe-1264-12d8-69cb-65e0f4030769}\n C:\Users\Tino.BHIRenovationsL.001\AppData\Local\{448ba2fe-1264-12d8-69cb-65e0f4030769}\U C:\Users\Tino.BHIRenovationsL.001\AppData\Local\{448ba2fe-1264-12d8-69cb-65e0f4030769}\L\00000004.@ C:\Users\Tino.BHIRenovationsL.001\AppData\Local\{448ba2fe-1264-12d8-69cb-65e0f4030769}\L\4cce1f70 C:\Users\Tino.BHIRenovationsL.001\AppData\Local\{448ba2fe-1264-12d8-69cb-65e0f4030769}\U\00000004.@ C:\Users\Tino.BHIRenovationsL.001\AppData\Local\{448ba2fe-1264-12d8-69cb-65e0f4030769}\U\00000008.@ C:\Users\Tino.BHIRenovationsL.001\AppData\Local\{448ba2fe-1264-12d8-69cb-65e0f4030769}\U\000000cb.@ C:\Users\Tino.BHIRenovationsL.001\AppData\Local\{448ba2fe-1264-12d8-69cb-65e0f4030769}\U\80000000.@ C:\Users\Tino.BHIRenovationsL.001\AppData\Local\{448ba2fe-1264-12d8-69cb-65e0f4030769}\U\80000032.@ C:\Users\Tino.BHIRenovationsL.001\AppData\Local\{448ba2fe-1264-12d8-69cb-65e0f4030769}\U\80000064.@ Files to move or delete: ==================== C:\ProgramData\w2SKWedwdkDaG2.exe C:\ProgramData\YPfdbKQmYWnOqAL.exe C:\Users\Tino.BHIRenovationsL.001\notepad.exe C:\Users\Tino.BHIRenovationsL.001\opera.exe C:\Users\Tino.BHIRenovationsL.001\rundll32.exe C:\Users\Tino.BHIRenovationsL.001\AppData\Roaming\skype.dat C:\Users\Tino.BHIRenovationsL.001\AppData\Roaming\skype.ini C:\ProgramData\I45akNWE.dat C:\Windows\Tasks\At1.job C:\Windows\Tasks\At10.job C:\Windows\Tasks\At11.job C:\Windows\Tasks\At12.job C:\Windows\Tasks\At13.job C:\Windows\Tasks\At14.job C:\Windows\Tasks\At15.job C:\Windows\Tasks\At16.job C:\Windows\Tasks\At17.job C:\Windows\Tasks\At18.job C:\Windows\Tasks\At19.job C:\Windows\Tasks\At2.job C:\Windows\Tasks\At20.job C:\Windows\Tasks\At21.job C:\Windows\Tasks\At22.job C:\Windows\Tasks\At23.job C:\Windows\Tasks\At24.job C:\Windows\Tasks\At25.job C:\Windows\Tasks\At26.job C:\Windows\Tasks\At27.job C:\Windows\Tasks\At28.job C:\Windows\Tasks\At29.job C:\Windows\Tasks\At3.job C:\Windows\Tasks\At30.job C:\Windows\Tasks\At31.job C:\Windows\Tasks\At32.job C:\Windows\Tasks\At33.job C:\Windows\Tasks\At34.job C:\Windows\Tasks\At35.job C:\Windows\Tasks\At36.job C:\Windows\Tasks\At37.job C:\Windows\Tasks\At38.job C:\Windows\Tasks\At39.job C:\Windows\Tasks\At4.job C:\Windows\Tasks\At40.job C:\Windows\Tasks\At41.job C:\Windows\Tasks\At42.job C:\Windows\Tasks\At43.job C:\Windows\Tasks\At44.job C:\Windows\Tasks\At45.job C:\Windows\Tasks\At46.job C:\Windows\Tasks\At47.job C:\Windows\Tasks\At48.job C:\Windows\Tasks\At5.job C:\Windows\Tasks\At6.job C:\Windows\Tasks\At7.job C:\Windows\Tasks\At8.job C:\Windows\Tasks\At9.job C:\Windows\Tasks\{4DA4FABE-9528-4E6F-9FBF-618B09E89173}.job ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64 ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-07-04 05:48:21 Restore point made on: 2013-07-05 10:30:18 Restore point made on: 2013-07-05 23:00:59 Restore point made on: 2013-07-06 23:43:43 Restore point made on: 2013-07-07 23:00:40 Restore point made on: 2013-07-08 23:15:09 Restore point made on: 2013-07-09 23:22:28 Restore point made on: 2013-07-10 23:58:13 ==================== Memory info =========================== Percentage of memory in use: 23% Total physical RAM: 2810.9 MB Available physical RAM: 2142.89 MB Total Pagefile: 2809.05 MB Available Pagefile: 2137.85 MB Total Virtual: 8192 MB Available Virtual: 8191.86 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:282.82 GB) (Free:202.86 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)] Drive e: (RECOVERY) (Fixed) (Total:14.98 GB) (Free:1.87 GB) NTFS (Disk=0 Partition=3) ==>[system with boot components (obtained from reading drive)] Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 (Disk=0 Partition=4) Drive h: () (Removable) (Total:7.45 GB) (Free:1.88 GB) FAT32 (Disk=1 Partition=1) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS (Disk=0 Partition=1) ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: CB3F4DE8) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=283 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ======================================================== Disk: 1 (Size: 7 GB) (Disk ID: 00000000) Partition 1: (Not Active) - (Size=7 GB) - (Type=0B) LastRegBack: 2012-12-26 14:36 ==================== End Of Log ============================ Farbar Recovery Scan Tool (x64) Version: 12-07-2013 Ran by SYSTEM at 2013-07-11 20:13:02 Running from H:\ Boot Mode: Recovery ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\system64\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB ====== End Of Search ======
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.