gideon2386
-
Posts
4 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by gideon2386
-
-
New CF log
ComboFix 13-07-11.03 - Tino 07/14/2013 20:22:50.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1387 [GMT -4:00]
Running from: c:\users\Tino.BHIRenovationsL.001\Desktop\ComboFix.exe
Command switches used :: c:\users\Tino.BHIRenovationsL.001\Desktop\CFScript.txt.txt
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-06-15 to 2013-07-15 )))))))))))))))))))))))))))))))
.
.
2013-07-15 00:39 . 2013-07-15 00:39 -------- d-----w- c:\users\Tino\AppData\Local\temp
2013-07-15 00:39 . 2013-07-15 00:39 -------- d-----w- c:\users\Tino.BHIRenovationsL\AppData\Local\temp
2013-07-15 00:39 . 2013-07-15 00:39 -------- d-----w- c:\users\Tino.BHIRenovationsL.000\AppData\Local\temp
2013-07-15 00:39 . 2013-07-15 00:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-15 00:39 . 2013-07-15 00:39 -------- d-----w- c:\users\BHI Renovations LLC\AppData\Local\temp
2013-07-15 00:39 . 2013-07-15 00:39 -------- d-----w- c:\users\Alyssa\AppData\Local\temp
2013-07-15 00:39 . 2013-07-15 00:39 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-07-12 13:18 . 2013-07-12 13:18 -------- d-----w- c:\users\Tino.BHIRenovationsL.001\AppData\Roaming\Tific
2013-07-12 04:08 . 2013-07-12 04:08 -------- d-----w- C:\FRST
2013-07-11 21:36 . 2013-07-11 21:36 -------- d-----w- C:\3475043e4c5f81a47541accf5d
2013-07-04 07:57 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-07-04 07:57 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-31 15:31 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-05-31 15:31 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2013-05-16 01:00 . 2010-06-24 19:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-13 05:51 . 2013-06-11 20:15 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-11 20:15 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-11 20:15 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-11 20:15 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-11 20:15 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-11 20:15 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-11 20:15 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-11 20:15 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-11 20:15 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-11 20:15 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-11 20:15 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-11 20:15 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-11 20:15 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-04-26 05:51 . 2013-06-11 20:15 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-04-26 04:55 . 2013-06-11 20:15 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-04-25 23:30 . 2013-06-11 20:15 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\Tino.BHIRenovationsL.001\AppData\Roaming\Tific ----
.
2013-07-12 13:18 . 2013-07-12 13:19 11562 ----a-w- c:\users\Tino.BHIRenovationsL.001\AppData\Roaming\Tific\Environment.tfc
2013-07-12 13:18 . 2013-07-12 13:19 11562 ----a-w- c:\users\Tino.BHIRenovationsL.001\AppData\Roaming\Tific\tificocs.symantec.com.tfc
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}]
c:\program files (x86)\StartNow Toolbar\Toolbar32.dll [bU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{5911488E-9D1E-40ec-8CBB-06B231CC153F}"= "c:\program files (x86)\StartNow Toolbar\Toolbar32.dll" [bU]
.
[HKEY_CLASSES_ROOT\clsid\{5911488e-9d1e-40ec-8cbb-06b231cc153f}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-11-22 2736128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-15 336384]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-02-22 1497352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-4-5 1149440]
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2010-11-18 1040952]
Wireless Connection Manager.lnk - c:\program files (x86)\D-Link\DWA-131 revA\wirelesscm.exe [2011-12-16 517440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110630.050\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110630.050\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1207020.003\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [x]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]
S2 WlanWpsSvc;WlanWpsSvc;c:\program files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe;c:\program files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-11-22 22:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-58572535-489909918-2348058734-1003Core.job
- c:\users\Alyssa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-23 15:15]
.
2013-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-58572535-489909918-2348058734-1003UA.job
- c:\users\Alyssa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-23 15:15]
.
2013-06-27 c:\windows\Tasks\HPCeeScheduleForTino.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-12-02 524800]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-14 20:42:35
ComboFix-quarantined-files.txt 2013-07-15 00:42
ComboFix2.txt 2013-07-12 19:07
.
Pre-Run: 226,301,812,736 bytes free
Post-Run: 225,873,248,256 bytes free
.
- - End Of File - - 86AD39069D2B28FF3A393BAF73DEE064
A36C5E4F47E84449FF07ED3517B43A31
-
Here the Fix Log
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-07-2013 01
Ran by SYSTEM at 2013-07-12 09:01:36 Run:1
Running from H:\
Boot Mode: Recovery
==============================================HKU\BHI Renovations LLC\Software\Microsoft\Windows\CurrentVersion\Run\\{0FD10AED-2B1A-2F4F-1F99-56963D4BA3DE} => Value deleted successfully.
HKU\BHI Renovations LLC\Software\Microsoft\Windows\CurrentVersion\Run\\150.exe => Value deleted successfully.
HKU\BHI Renovations LLC\Software\Microsoft\Windows\CurrentVersion\Run\\dP17724LfLkE17724 => Value deleted successfully.
HKU\BHI Renovations LLC\Software\Microsoft\Windows\CurrentVersion\Run\\charient => Value deleted successfully.
HKU\BHI Renovations LLC\Software\Microsoft\Windows\CurrentVersion\Run\\dccwview => Value deleted successfully.
HKU\Tino.BHIRenovationsL.001\Software\Microsoft\Windows\CurrentVersion\Run\\ATI => Value deleted successfully.
HKU\Tino.BHIRenovationsL.001\Software\Microsoft\Windows\CurrentVersion\Run\\Netscape => Value deleted successfully.
HKU\Tino.BHIRenovationsL.001\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe CSS5.1 Manager => Value deleted successfully.
HKU\Tino.BHIRenovationsL.001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Adobe CSS5.1 Manager => Value deleted successfully.
HKU\Tino.BHIRenovationsL.001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKLM\System\ControlSet001\Control\Session Manager\SubSystems\\Windows => Value was restored successfully.
HKU\Tino.BHIRenovationsL.001\Software\Microsoft\Windows\CurrentVersion\Run\\TimeServer => Value deleted successfully.
C:\Windows\Tasks\{4DA4FABE-9528-4E6F-9FBF-618B09E89173}.job => Moved successfully.
C:\Windows\System32\Tasks\{4DA4FABE-9528-4E6F-9FBF-618B09E89173} => Moved successfully.
C:\Users\Tino.BHIRenovationsL.001\AppData\Local\c99b2097-237f-4a8c-8921-155e54251682ad => Moved successfully.
C:\Users\Tino.BHIRenovationsL.001\notepad.exe => No running process found
C:\Users\Tino.BHIRenovationsL.001\rundll32.exe => Moved successfully.
C:\Users\Tino.BHIRenovationsL.001\opera.exe => Moved successfully.
C:\Users\BHI Renovations LLC\AppData\Roaming\Wasyaw => Moved successfully.
C:\Users\BHI Renovations LLC\AppData\Roaming\Microsoft\98DA => Moved successfully.
C:\ProgramData\dP17724LfLkE17724\ => Moved successfully.
C:\Users\BHIREN~1\AppData\Local\Temp\drivlace.dll => Moved successfully.
C:\Users\BHIREN~1\AppData\Local\Temp\drivlace64.dll => Moved successfully.
C:\Users\Tino.BHIRenovationsL.001\AppData\Local\Intuit\ATI => Moved successfully.
C:\Users\Tino.BHIRenovationsL.001\AppData\Local\Netscape\ => Moved successfully.
"C:\Users\Tino.BHIRenovationsL.001\AppData\Local\c99b2097-237f-4a8c-8921-155e54251682ad" => File/Directory not found.
C:\Users\Tino.BHIRenovationsL.001\AppData\Roaming\skype.dat => Moved successfully.
C:\Users\Tino.BHIRenovationsL.001\AppData\Roaming\atiUtilLibs8 => Moved successfully.
"C:\Users\Tino.BHIRenovationsL.001\AppData\Local\Netscape" => File/Directory not found.
C:\Users\Tino.BHIRenovationsL.001\AppData\Roaming\skype.ini => Moved successfully.
C:\Windows\Tasks\At* => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-58572535-489909918-2348058734-1002UA.job => Moved successfully.
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 => Moved successfully.
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 => Moved successfully.
C:\Windows\System32\consrv.dll => Moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini => Moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini => Moved successfully.
C:\Users\Tino.BHIRenovationsL.001\AppData\Local\{448ba2fe-1264-12d8-69cb-65e0f4030769} => Moved successfully.
C:\ProgramData\w2SKWedwdkDaG2.exe => Moved successfully.
C:\ProgramData\YPfdbKQmYWnOqAL.exe => Moved successfully.
C:\ProgramData\I45akNWE.dat => Moved successfully.
"C:\Windows\Tasks\{4DA4FABE-9528-4E6F-9FBF-618B09E89173}.job" => File/Directory not found.
C:\Users\Tino.BHIRenovationsL.001\AppData\Roaming\Tific\ => Moved successfully.
Error: DeleteJunctionsIndirectory: C:\Windows\system64 => entry should be fixed outside recovery mode.==== End of Fixlog ====
Here is ComboFix Log
ComboFix 13-07-11.03 - Tino 07/12/2013 11:43:47.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1178 [GMT -4:00]
Running from: c:\users\Tino.BHIRenovationsL.001\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\StartNow Toolbar
c:\program files (x86)\StartNow Toolbar\ReactivateIE.exe
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files (x86)\StartNow Toolbar\Resources\installer.xml
c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml
c:\program files (x86)\StartNow Toolbar\Resources\update.xml
c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files (x86)\StartNow Toolbar\Toolbar32.dll
c:\program files (x86)\StartNow Toolbar\ToolbarBroker.exe
c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files (x86)\StartNow Toolbar\uninstall.dat
c:\program files (x86)\StartNow Toolbar\verify\Reactivate.exe
c:\program files (x86)\StartNow Toolbar\verify\ReactivateFF.exe
c:\program files (x86)\StartNow Toolbar\verify\StartNowToolbarUninstall.exe
c:\program files (x86)\StartNow Toolbar\verify\Toolbar32.dll
c:\program files (x86)\StartNow Toolbar\verify\ToolbarBroker.exe
c:\program files (x86)\StartNow Toolbar\verify\ToolbarUpdaterService.exe
c:\program files (x86)\StartNow Toolbar\verify\XBrowser.dll
c:\users\Tino.BHIRenovationsL.001\notepad.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Updater Service for StartNow Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2013-06-12 to 2013-07-12 )))))))))))))))))))))))))))))))
.
.
2013-07-12 18:53 . 2013-07-12 18:53 -------- d-----w- c:\users\Tino.BHIRenovationsL\AppData\Local\temp
2013-07-12 13:18 . 2013-07-12 13:18 -------- d-----w- c:\users\Tino.BHIRenovationsL.001\AppData\Roaming\Tific
2013-07-12 04:08 . 2013-07-12 04:08 -------- d-----w- C:\FRST
2013-07-11 21:36 . 2013-07-11 21:36 -------- d-----w- C:\3475043e4c5f81a47541accf5d
2013-07-04 07:57 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-07-04 07:57 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-31 15:31 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-05-31 15:31 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2013-05-16 01:00 . 2010-06-24 19:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-13 05:51 . 2013-06-11 20:15 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-11 20:15 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-11 20:15 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-11 20:15 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-11 20:15 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-11 20:15 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-11 20:15 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-11 20:15 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-11 20:15 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-11 20:15 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-11 20:15 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-11 20:15 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-11 20:15 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-04-26 05:51 . 2013-06-11 20:15 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-04-26 04:55 . 2013-06-11 20:15 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-04-25 23:30 . 2013-06-11 20:15 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-11-22 2736128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-15 336384]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-02-22 1497352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-4-5 1149440]
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2010-11-18 1040952]
Wireless Connection Manager.lnk - c:\program files (x86)\D-Link\DWA-131 revA\wirelesscm.exe [2011-12-16 517440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110630.050\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110630.050\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1207020.003\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [x]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]
S2 WlanWpsSvc;WlanWpsSvc;c:\program files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe;c:\program files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-11-22 22:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-58572535-489909918-2348058734-1003Core.job
- c:\users\Alyssa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-23 15:15]
.
2013-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-58572535-489909918-2348058734-1003UA.job
- c:\users\Alyssa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-23 15:15]
.
2013-06-27 c:\windows\Tasks\HPCeeScheduleForTino.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-12-02 524800]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.3
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{6E13D095-45C3-4271-9475-F3B48227DD9F} - c:\program files (x86)\StartNow Toolbar\Toolbar32.dll
Toolbar-{5911488E-9D1E-40ec-8CBB-06B231CC153F} - c:\program files (x86)\StartNow Toolbar\Toolbar32.dll
Wow6432Node-HKCU-Run-atiUtilLibs8 - c:\users\Tino.BHIRenovationsL.001\AppData\Roaming\atiUtilLibs8\atiUtilLibs8.dll
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2013-07-12 15:07:24 - machine was rebooted
ComboFix-quarantined-files.txt 2013-07-12 19:07
.
Pre-Run: 225,769,791,488 bytes free
Post-Run: 225,629,081,600 bytes free
.
- - End Of File - - 812779C46517ADEE3D669ABA6BF57EF8
A36C5E4F47E84449FF07ED3517B43A31
-
Hello All,
I humbly require assistance in removing this FBI MoneyPak Virus that has my laptop on lockdown. I would highly appreciate any and all assistance. Thank you.
Here are the frst.txt log and Service.txt log
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-07-2013
Ran by SYSTEM on 11-07-2013 20:09:32
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: RecoveryThe current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.==================== Registry (Whitelisted) ==================
HKLM\...\Run: [synTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-16] (Synaptics Incorporated)
HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [524800 2010-12-01] (IDT, Inc.)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-13] (Microsoft Corporation)
HKLM-x32\...\Run: [startCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2010-12-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] - "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [976832 2010-06-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2010-06-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [intuit SyncManager] - C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup [1497352 2011-02-21] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKU\Alyssa\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-11-22] (Hewlett-Packard Company)
HKU\Alyssa\...\Run: [Google Update] - "C:\Users\Alyssa\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-11-23] (Google Inc.)
HKU\Alyssa\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex [247968 2011-12-11] (Adobe Systems, Inc.)
HKU\BHI Renovations LLC\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-11-22] (Hewlett-Packard Company)
HKU\BHI Renovations LLC\...\Run: [skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [19550344 2011-10-13] (Skype Technologies S.A.)
HKU\BHI Renovations LLC\...\Run: [{0FD10AED-2B1A-2F4F-1F99-56963D4BA3DE}] - "C:\Users\BHI Renovations LLC\AppData\Roaming\Wasyaw\ewguac.exe" [196096 2011-05-22] ()
HKU\BHI Renovations LLC\...\Run: [150.exe] - C:\Users\BHI Renovations LLC\AppData\Roaming\Microsoft\98DA\150.exe [291840 2011-12-22] ()
HKU\BHI Renovations LLC\...\Run: [dP17724LfLkE17724] - C:\ProgramData\dP17724LfLkE17724\dP17724LfLkE17724.exe [372224 2011-12-22] ()
HKU\BHI Renovations LLC\...\Run: [charient] - rundll32 "C:\Users\BHIREN~1\AppData\Local\Temp\drivlace.dll",CreateProcessNotify [47616 2011-12-22] (Kaspersky Lab) <===== ATTENTION
HKU\BHI Renovations LLC\...\Run: [dccwview] - rundll32 "C:\Users\BHIREN~1\AppData\Local\Temp\drivlace64.dll",CreateProcessNotify [52224 2011-12-22] (Kaspersky Lab) <===== ATTENTION
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\Tino.BHIRenovationsL\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-11-22] (Hewlett-Packard Company)
HKU\Tino.BHIRenovationsL.001\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-11-22] (Hewlett-Packard Company)
HKU\Tino.BHIRenovationsL.001\...\Run: [ATI] - rundll32 "C:\Users\Tino.BHIRenovationsL.001\AppData\Local\Intuit\ATI\ghgmojmg.dll",DllRegisterServer [320000 2013-07-05] (Microsoft Corporation) <===== ATTENTION
HKU\Tino.BHIRenovationsL.001\...\Run: [Netscape] - regsvr32.exe C:\Users\Tino.BHIRenovationsL.001\AppData\Local\Netscape\gsroesug.dll [891904 2013-07-05] (Autodesk, Inc.) <===== ATTENTION
HKU\Tino.BHIRenovationsL.001\...\Run: [atiUtilLibs8] - rundll32.exe "C:\Users\Tino.BHIRenovationsL.001\AppData\Roaming\atiUtilLibs8\atiUtilLibs8.dll",fxMobileIo Bassmapcprt [31232 2013-07-06] ()
HKU\Tino.BHIRenovationsL.001\...\Run: [TimeServer] - "C:\Users\Tino.BHIRenovationsL.001\AppData\Roaming\Tific\WIN199E.exe" [133120 2013-07-07] ()
HKU\Tino.BHIRenovationsL.001\...\Run: [Adobe CSS5.1 Manager] - C:\Users\Tino.BHIRenovationsL.001\AppData\Local\c99b2097-237f-4a8c-8921-155e54251682ad\cbfacead.exe [172544 2013-07-11] () <===== ATTENTION
HKU\Tino.BHIRenovationsL.001\...\RunOnce: [Adobe CSS5.1 Manager] - C:\Users\Tino.BHIRenovationsL.001\AppData\Local\c99b2097-237f-4a8c-8921-155e54251682ad\cbfacead.exe [172544 2013-07-11] () <===== ATTENTION
HKU\Tino.BHIRenovationsL.001\...\Winlogon: [shell] explorer.exe,C:\Users\Tino.BHIRenovationsL.001\AppData\Roaming\skype.dat [142848 2011-11-16] (Intro-Software Lab.) <==== ATTENTION
SubSystems: [Windows] ATTENTION! ====> ZeroAccess
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
ShortcutTarget: Wireless Connection Manager.lnk -> C:\Program Files (x86)\D-Link\DWA-131 revA\wirelesscm.exe (D-Link Corp.)==================== Services (Whitelisted) =================
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2010-12-15] (Advanced Micro Devices, Inc.)
S2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
S2 Updater Service for StartNow Toolbar; C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [244960 2011-10-25] ()
S2 WlanWpsSvc; C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe [167936 2008-06-26] ()==================== Drivers (Whitelisted) ====================
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx64.sys [1143416 2011-05-19] (Symantec Corporation)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx64.sys [1143416 2011-05-19] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [481912 2011-05-10] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [481912 2011-05-10] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [136824 2011-06-01] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110630.050\IDSvia64.sys [488056 2011-06-02] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110630.050\IDSvia64.sys [488056 2011-06-02] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110630.038\ENG64.SYS [117880 2011-06-01] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110630.038\ENG64.SYS [117880 2011-06-01] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110630.038\EX64.SYS [2011768 2011-06-01] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110630.038\EX64.SYS [2011768 2011-06-01] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-10] (MCCI Corporation)
S0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-11] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-11 20:08 - 2013-07-11 20:08 - 00000000 ____D C:\FRST
2013-07-11 14:19 - 2013-07-11 15:31 - 00000004 ____A C:\Users\Tino.BHIRenovationsL.001\AppData\Roaming\skype.ini
2013-07-11 14:16 - 2013-07-11 15:00 - 00000352 ___AH C:\Windows\Tasks\{4DA4FABE-9528-4E6F-9FBF-618B09E89173}.job
2013-07-11 14:16 - 2013-07-11 14:16 - 00003092 ____A C:\Windows\System32\Tasks\{4DA4FABE-9528-4E6F-9FBF-618B09E89173}
2013-07-11 14:16 - 2013-07-11 14:16 - 00000000 ____D C:\Users\Tino.BHIRenovationsL.001\AppData\Local\c99b2097-237f-4a8c-8921-155e54251682ad
2013-07-11 14:15 - 2013-07-11 14:15 - 00142848 ____A (Intro-Software Lab.) C:\Users\Tino.BHIRenovationsL.001\notepad.exe
2013-07-11 14:15 - 2013-07-11 14:15 - 00000000 ____A C:\Users\Tino.BHIRenovationsL.001\rundll32.exe
2013-07-11 14:15 - 2013-07-11 14:15 - 00000000 ____A C:\Users\Tino.BHIRenovationsL.001\opera.exe
2013-07-11 13:36 - 2013-07-11 13:36 - 00000000 ____D C:\3475043e4c5f81a47541accf5d
2013-07-09 23:33 - 2013-06-04 19:34 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-09 23:33 - 2013-06-03 22:00 - 00624128 ____A (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-09 23:33 - 2013-06-03 20:53 - 00509440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-09 23:33 - 2013-05-05 22:03 - 01887744 ____A (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-09 23:33 - 2013-05-05 20:56 - 01620480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-09 23:33 - 2013-04-09 15:34 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-09 23:33 - 2013-04-02 14:51 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-06 23:48 - 2013-07-06 23:48 - 00000000 ____D C:\Users\Tino.BHIRenovationsL.001\AppData\Roaming\atiUtilLibs8
2013-07-05 10:41 - 2013-07-05 22:19 - 00000000 ____D C:\Users\Tino.BHIRenovationsL.001\AppData\Local\Netscape
2013-07-03 23:57 - 2013-04-16 23:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-07-03 23:57 - 2013-04-16 22:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-02 23:01 - 2013-07-11 13:35 - 00068420 ____A C:\Windows\IE10_main.log
2013-06-13 17:43 - 2013-06-13 17:43 - 00262144 ____A C:\Windows\Minidump\061313-36145-01.dmp
2013-06-11 12:15 - 2013-05-12 21:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-11 12:15 - 2013-05-12 21:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-11 12:15 - 2013-05-12 21:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-11 12:15 - 2013-05-12 21:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-11 12:15 - 2013-05-12 20:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-11 12:15 - 2013-05-12 20:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-11 12:15 - 2013-05-12 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-11 12:15 - 2013-05-12 19:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-11 12:15 - 2013-05-12 19:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-11 12:15 - 2013-05-12 19:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-11 12:15 - 2013-05-09 21:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-11 12:15 - 2013-05-09 19:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-11 12:15 - 2013-05-07 22:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-11 12:15 - 2013-04-25 21:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-11 12:15 - 2013-04-25 20:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-11 12:15 - 2013-04-25 15:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-11 12:15 - 2013-03-31 14:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll==================== One Month Modified Files and Folders =======
2013-07-11 20:08 - 2013-07-11 20:08 - 00000000 ____D C:\FRST
2013-07-11 15:59 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-11 15:58 - 2009-07-13 20:51 - 00054411 ____A C:\Windows\setupact.log
2013-07-11 15:31 - 2013-07-11 14:19 - 00000004 ____A C:\Users\Tino.BHIRenovationsL.001\AppData\Roaming\skype.ini
2013-07-11 15:16 - 2011-12-24 05:34 - 00000354 ____A C:\Windows\Tasks\At40.job
2013-07-11 15:16 - 2011-12-24 05:34 - 00000352 ____A C:\Windows\Tasks\At39.job
2013-07-11 15:16 - 2011-08-16 11:58 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-58572535-489909918-2348058734-1002UA.job
2013-07-11 15:16 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-11 15:16 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-11 15:10 - 2011-03-10 23:04 - 01840270 ____A C:\Windows\WindowsUpdate.log
2013-07-11 15:09 - 2011-12-31 06:51 - 00000000 ____D C:\Users\Tino.BHIRenovationsL.001\AppData\Local\CrashDumps
2013-07-11 15:02 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-11 15:00 - 2013-07-11 14:16 - 00000352 ___AH C:\Windows\Tasks\{4DA4FABE-9528-4E6F-9FBF-618B09E89173}.job
2013-07-11 14:22 - 2011-12-24 05:34 - 00000354 ____A C:\Windows\Tasks\At24.job
2013-07-11 14:22 - 2011-12-24 05:34 - 00000352 ____A C:\Windows\Tasks\At29.job
2013-07-11 14:22 - 2009-07-13 20:45 - 00378824 ____A C:\Windows\System32\FNTCACHE.DAT
2013-07-11 14:21 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 14:21 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-11 14:18 - 2011-12-24 05:34 - 00000354 ____A C:\Windows\Tasks\At38.job
2013-07-11 14:18 - 2011-12-24 05:34 - 00000352 ____A C:\Windows\Tasks\At37.job
2013-07-11 14:17 - 2011-12-22 19:14 - 00000000 ____D C:\users\Tino.BHIRenovationsL.001
2013-07-11 14:17 - 2011-08-16 11:58 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-58572535-489909918-2348058734-1002Core.job
2013-07-11 14:16 - 2013-07-11 14:16 - 00003092 ____A C:\Windows\System32\Tasks\{4DA4FABE-9528-4E6F-9FBF-618B09E89173}
2013-07-11 14:16 - 2013-07-11 14:16 - 00000000 ____D C:\Users\Tino.BHIRenovationsL.001\AppData\Local\c99b2097-237f-4a8c-8921-155e54251682ad
2013-07-11 14:15 - 2013-07-11 14:15 - 00142848 ____A (Intro-Software Lab.) C:\Users\Tino.BHIRenovationsL.001\notepad.exe
2013-07-11 14:15 - 2013-07-11 14:15 - 00000000 ____A C:\Users\Tino.BHIRenovationsL.001\rundll32.exe
2013-07-11 14:15 - 2013-07-11 14:15 - 00000000 ____A C:\Users\Tino.BHIRenovationsL.001\opera.exe
2013-07-11 13:54 - 2011-11-23 07:15 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-58572535-489909918-2348058734-1003UA.job
2013-07-11 13:46 - 2011-12-24 05:34 - 00000354 ____A C:\Windows\Tasks\At36.job
2013-07-11 13:46 - 2011-12-24 05:34 - 00000354 ____A C:\Windows\Tasks\At34.job
2013-07-11 13:46 - 2011-12-24 05:34 - 00000354 ____A C:\Windows\Tasks\At32.job
2013-07-11 13:46 - 2011-12-24 05:34 - 00000354 ____A C:\Windows\Tasks\At30.job
2013-07-11 13:46 - 2011-12-24 05:34 - 00000354 ____A C:\Windows\Tasks\At28.job
2013-07-11 13:46 - 2011-12-24 05:34 - 00000354 ____A C:\Windows\Tasks\At26.job
2013-07-11 13:46 - 2011-12-24 05:34 - 00000354 ____A C:\Windows\Tasks\At22.job
2013-07-11 13:46 - 2011-12-24 05:34 - 00000354 ____A C:\Windows\Tasks\At20.job
2013-07-11 13:46 - 2011-12-24 05:34 - 00000354 ____A C:\Windows\Tasks\At18.job
2013-07-11 13:46 - 2011-12-24 05:34 - 00000354 ____A C:\Windows\Tasks\At16.job
2013-07-11 13:46 - 2011-12-24 05:34 - 00000354 ____A C:\Windows\Tasks\At14.job
2013-07-11 13:46 - 2011-12-24 05:34 - 00000354 ____A C:\Windows\Tasks\At12.job
2013-07-11 13:46 - 2011-12-24 05:34 - 00000352 ____A C:\Windows\Tasks\At35.job
2013-07-11 13:46 - 2011-12-24 05:34 - 00000352 ____A C:\Windows\Tasks\At33.job
2013-07-11 13:46 - 2011-12-24 05:34 - 00000352 ____A C:\Windows\Tasks\At31.job
2013-07-11 13:46 - 2011-12-24 05:34 - 00000352 ____A C:\Windows\Tasks\At27.job
2013-07-11 13:46 - 2011-12-24 05:34 - 00000352 ____A C:\Windows\Tasks\At25.job
2013-07-11 13:46 - 2011-12-24 05:34 - 00000352 ____A C:\Windows\Tasks\At23.job
2013-07-11 13:46 - 2011-12-24 05:34 - 00000352 ____A C:\Windows\Tasks\At21.job
2013-07-11 13:46 - 2011-12-24 05:34 - 00000352 ____A C:\Windows\Tasks\At19.job
2013-07-11 13:46 - 2011-12-24 05:34 - 00000352 ____A C:\Windows\Tasks\At17.job
2013-07-11 13:46 - 2011-12-24 05:34 - 00000352 ____A C:\Windows\Tasks\At15.job
2013-07-11 13:46 - 2011-12-24 05:34 - 00000352 ____A C:\Windows\Tasks\At13.job
2013-07-11 13:36 - 2013-07-11 13:36 - 00000000 ____D C:\3475043e4c5f81a47541accf5d
2013-07-11 13:36 - 2011-11-23 07:15 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-58572535-489909918-2348058734-1003Core.job
2013-07-11 13:35 - 2013-07-02 23:01 - 00068420 ____A C:\Windows\IE10_main.log
2013-07-11 13:33 - 2011-12-24 05:34 - 00000352 ____A C:\Windows\Tasks\At11.job
2013-07-11 00:22 - 2011-12-24 05:35 - 00000354 ____A C:\Windows\Tasks\At48.job
2013-07-11 00:22 - 2011-12-24 05:35 - 00000354 ____A C:\Windows\Tasks\At46.job
2013-07-11 00:22 - 2011-12-24 05:35 - 00000354 ____A C:\Windows\Tasks\At44.job
2013-07-11 00:22 - 2011-12-24 05:35 - 00000354 ____A C:\Windows\Tasks\At42.job
2013-07-11 00:22 - 2011-12-24 05:35 - 00000352 ____A C:\Windows\Tasks\At47.job
2013-07-11 00:22 - 2011-12-24 05:35 - 00000352 ____A C:\Windows\Tasks\At45.job
2013-07-11 00:22 - 2011-12-24 05:35 - 00000352 ____A C:\Windows\Tasks\At43.job
2013-07-11 00:22 - 2011-12-24 05:35 - 00000352 ____A C:\Windows\Tasks\At41.job
2013-07-11 00:22 - 2011-12-24 05:34 - 00000354 ____A C:\Windows\Tasks\At8.job
2013-07-11 00:22 - 2011-12-24 05:34 - 00000354 ____A C:\Windows\Tasks\At6.job
2013-07-11 00:22 - 2011-12-24 05:34 - 00000354 ____A C:\Windows\Tasks\At4.job
2013-07-11 00:22 - 2011-12-24 05:34 - 00000354 ____A C:\Windows\Tasks\At2.job
2013-07-11 00:22 - 2011-12-24 05:34 - 00000354 ____A C:\Windows\Tasks\At10.job
2013-07-11 00:22 - 2011-12-24 05:34 - 00000352 ____A C:\Windows\Tasks\At9.job
2013-07-11 00:22 - 2011-12-24 05:34 - 00000352 ____A C:\Windows\Tasks\At7.job
2013-07-11 00:22 - 2011-12-24 05:34 - 00000352 ____A C:\Windows\Tasks\At5.job
2013-07-11 00:22 - 2011-12-24 05:34 - 00000352 ____A C:\Windows\Tasks\At3.job
2013-07-11 00:22 - 2011-12-24 05:34 - 00000352 ____A C:\Windows\Tasks\At1.job
2013-07-09 23:49 - 2011-05-10 03:24 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2013-07-09 23:48 - 2011-12-20 16:36 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-07-07 19:54 - 2011-12-22 20:08 - 00000000 ____D C:\Users\Tino.BHIRenovationsL.001\AppData\Roaming\Tific
2013-07-06 23:48 - 2013-07-06 23:48 - 00000000 ____D C:\Users\Tino.BHIRenovationsL.001\AppData\Roaming\atiUtilLibs8
2013-07-05 22:19 - 2013-07-05 10:41 - 00000000 ____D C:\Users\Tino.BHIRenovationsL.001\AppData\Local\Netscape
2013-07-05 22:18 - 2013-05-19 13:36 - 423270142 ____A C:\Windows\MEMORY.DMP
2013-07-05 22:18 - 2011-07-03 22:51 - 00000000 ____D C:\Windows\Minidump
2013-07-05 10:41 - 2012-03-15 16:23 - 00000000 ____D C:\Users\Tino.BHIRenovationsL.001\AppData\Local\Intuit
2013-07-05 10:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-07-04 00:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-07-04 00:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-07-04 00:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-07-04 00:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-07-02 23:07 - 2013-07-02 23:07 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-02 23:07 - 2013-07-02 23:07 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-26 23:55 - 2013-02-26 12:21 - 00003180 ____A C:\Windows\System32\Tasks\HPCeeScheduleForTino
2013-06-26 23:55 - 2013-02-26 12:21 - 00000328 ____A C:\Windows\Tasks\HPCeeScheduleForTino.job
2013-06-13 17:43 - 2013-06-13 17:43 - 00262144 ____A C:\Windows\Minidump\061313-36145-01.dmpZeroAccess:
C:\Windows\System32\consrv.dllZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.iniZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.iniZeroAccess:
C:\Users\Tino.BHIRenovationsL.001\AppData\Local\{448ba2fe-1264-12d8-69cb-65e0f4030769}
C:\Users\Tino.BHIRenovationsL.001\AppData\Local\{448ba2fe-1264-12d8-69cb-65e0f4030769}\@
C:\Users\Tino.BHIRenovationsL.001\AppData\Local\{448ba2fe-1264-12d8-69cb-65e0f4030769}\L
C:\Users\Tino.BHIRenovationsL.001\AppData\Local\{448ba2fe-1264-12d8-69cb-65e0f4030769}\n
C:\Users\Tino.BHIRenovationsL.001\AppData\Local\{448ba2fe-1264-12d8-69cb-65e0f4030769}\U
C:\Users\Tino.BHIRenovationsL.001\AppData\Local\{448ba2fe-1264-12d8-69cb-65e0f4030769}\L\00000004.@
C:\Users\Tino.BHIRenovationsL.001\AppData\Local\{448ba2fe-1264-12d8-69cb-65e0f4030769}\L\4cce1f70
C:\Users\Tino.BHIRenovationsL.001\AppData\Local\{448ba2fe-1264-12d8-69cb-65e0f4030769}\U\00000004.@
C:\Users\Tino.BHIRenovationsL.001\AppData\Local\{448ba2fe-1264-12d8-69cb-65e0f4030769}\U\00000008.@
C:\Users\Tino.BHIRenovationsL.001\AppData\Local\{448ba2fe-1264-12d8-69cb-65e0f4030769}\U\000000cb.@
C:\Users\Tino.BHIRenovationsL.001\AppData\Local\{448ba2fe-1264-12d8-69cb-65e0f4030769}\U\80000000.@
C:\Users\Tino.BHIRenovationsL.001\AppData\Local\{448ba2fe-1264-12d8-69cb-65e0f4030769}\U\80000032.@
C:\Users\Tino.BHIRenovationsL.001\AppData\Local\{448ba2fe-1264-12d8-69cb-65e0f4030769}\U\80000064.@Files to move or delete:
====================
C:\ProgramData\w2SKWedwdkDaG2.exe
C:\ProgramData\YPfdbKQmYWnOqAL.exe
C:\Users\Tino.BHIRenovationsL.001\notepad.exe
C:\Users\Tino.BHIRenovationsL.001\opera.exe
C:\Users\Tino.BHIRenovationsL.001\rundll32.exe
C:\Users\Tino.BHIRenovationsL.001\AppData\Roaming\skype.dat
C:\Users\Tino.BHIRenovationsL.001\AppData\Roaming\skype.ini
C:\ProgramData\I45akNWE.dat
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At10.job
C:\Windows\Tasks\At11.job
C:\Windows\Tasks\At12.job
C:\Windows\Tasks\At13.job
C:\Windows\Tasks\At14.job
C:\Windows\Tasks\At15.job
C:\Windows\Tasks\At16.job
C:\Windows\Tasks\At17.job
C:\Windows\Tasks\At18.job
C:\Windows\Tasks\At19.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At20.job
C:\Windows\Tasks\At21.job
C:\Windows\Tasks\At22.job
C:\Windows\Tasks\At23.job
C:\Windows\Tasks\At24.job
C:\Windows\Tasks\At25.job
C:\Windows\Tasks\At26.job
C:\Windows\Tasks\At27.job
C:\Windows\Tasks\At28.job
C:\Windows\Tasks\At29.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At30.job
C:\Windows\Tasks\At31.job
C:\Windows\Tasks\At32.job
C:\Windows\Tasks\At33.job
C:\Windows\Tasks\At34.job
C:\Windows\Tasks\At35.job
C:\Windows\Tasks\At36.job
C:\Windows\Tasks\At37.job
C:\Windows\Tasks\At38.job
C:\Windows\Tasks\At39.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At40.job
C:\Windows\Tasks\At41.job
C:\Windows\Tasks\At42.job
C:\Windows\Tasks\At43.job
C:\Windows\Tasks\At44.job
C:\Windows\Tasks\At45.job
C:\Windows\Tasks\At46.job
C:\Windows\Tasks\At47.job
C:\Windows\Tasks\At48.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At8.job
C:\Windows\Tasks\At9.job
C:\Windows\Tasks\{4DA4FABE-9528-4E6F-9FBF-618B09E89173}.job==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK==================== Restore Points =========================
Restore point made on: 2013-07-04 05:48:21
Restore point made on: 2013-07-05 10:30:18
Restore point made on: 2013-07-05 23:00:59
Restore point made on: 2013-07-06 23:43:43
Restore point made on: 2013-07-07 23:00:40
Restore point made on: 2013-07-08 23:15:09
Restore point made on: 2013-07-09 23:22:28
Restore point made on: 2013-07-10 23:58:13==================== Memory info ===========================
Percentage of memory in use: 23%
Total physical RAM: 2810.9 MB
Available physical RAM: 2142.89 MB
Total Pagefile: 2809.05 MB
Available Pagefile: 2137.85 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB==================== Drives ================================
Drive c: () (Fixed) (Total:282.82 GB) (Free:202.86 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)]
Drive e: (RECOVERY) (Fixed) (Total:14.98 GB) (Free:1.87 GB) NTFS (Disk=0 Partition=3) ==>[system with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 (Disk=0 Partition=4)
Drive h: () (Removable) (Total:7.45 GB) (Free:1.88 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS (Disk=0 Partition=1) ==>[system with boot components (obtained from reading drive)]==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: CB3F4DE8)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=283 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)LastRegBack: 2012-12-26 14:36
==================== End Of Log ============================
Farbar Recovery Scan Tool (x64) Version: 12-07-2013
Ran by SYSTEM at 2013-07-11 20:13:02
Running from H:\
Boot Mode: Recovery================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCBC:\Windows\system64\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCBC:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB====== End Of Search ======
FBI MoneyPak Virus..Require Removal Assistance
in Resolved Malware Removal Logs
Posted
Yes I am still here.