Jump to content

Blackjack

Honorary Members
 View Profile  See their activity

  • Posts

    28

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Blackjack
    Thank you, thank you, that sounds more than generous. Have a good holiday.
  2. Blackjack
    If someone's recording my every move, they've got about 18 hours of work every single day to wade through, I almost feel sorry for them. Not really, but you get the idea.
  3. Blackjack
    I'm sorry, this is the busiest time of the year for me, can you close it down and let me get back to someone when I can catch a breath?
  4. Blackjack
    Well, I'm not real happy about WebWatcher running on my computer. Has it been removed? I can understand you if you say yes or no. =) Do you think I need to follow the rest of those instructions, can you give me one sentence to kind of summarize what each step is meant to accomplish?
  5. Blackjack
    I will do them though, but I need a couple extra days -- unless my computer is in jeopardy or something, if so, please do let me know! Otherwise, I am buried in work at the moment but will have time this weekend, if that's alright with you?
  6. Blackjack
    Hi, I haven't done them yet because I will have to repeat the steps to remove java. I have to use several java apps for work, so I re-installed them all. Plus I finally realized that the thing that was running was WebWatcher, which I knew was there, but thought was disabled. Is it dead yet?
  7. Blackjack
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-11-2013 02 Ran by Allen at 2013-11-17 23:09:55 Run:1 Running from C:\Users\Allen\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Java™ Platform SE 7 U45) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) ***************** HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2 => Key deleted successfully. C:\windows\system32\npDeployJava1.dll => Moved successfully. HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2 => Key not found. "C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll" => not found. HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.45.2 => Key not found. C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll not found. HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2 => Key not found. C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll not found. C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll not found. C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll not found. ==== End of Fixlog ====
  8. Blackjack
    I updated Firefox to version 24, maybe that's why the path is wrong below -- I think it should be C:\Program Files (x86)\Mozilla Firefox\BROWSER\extensions\{...} JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Sun Nov 17 22:35:10 2013 There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124. Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Found and removed: SOFTWARE\JavaSoft Found and removed: SOFTWARE\JreMetrics Found and removed: SOFTWARE\MozillaPlugins ------------------------------------ Finished reporting. JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Sun Nov 17 22:54:45 2013 There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124. ------------------------------------ Finished reporting.
  9. Blackjack
    Sorry, here is the attached file, I neglected to click "Attach this File" after I chose one.Addition.txt
  10. Blackjack
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2013 Ran by Allen (administrator) on ALLEN-PC on 16-11-2013 05:28:53 Running from C:\Users\Allen\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieRpcSs.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Google Inc.) C:\Sandbox\Allen\DefaultBox\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Allen\DefaultBox\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Google Inc.) C:\Sandbox\Allen\DefaultBox\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieCrypto.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\32\SbieSvc.exe (Google Inc.) C:\Sandbox\Allen\DefaultBox\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Allen\DefaultBox\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Allen\DefaultBox\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-09-08] (Lenovo) HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation) HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] () Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Run: [sandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2013-10-16] (Sandboxie Holdings, LLC) HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation) HKLM-x32\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe [1581056 2007-04-27] (Lenovo(beijing) Limited) HKLM-x32\...\Run: [EnergyCut] - C:\Program Files (x86)\Lenovo\EnergyCut\EnergyCut.exe [1167360 2007-03-09] (Lenovo (Beijing) Limited) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 Tcpip\..\Interfaces\{2D2093C2-D542-42D1-8A2F-27A7AA54C040}: [NameServer]8.8.8.8 4.2.2.2 FireFox: ======== FF ProfilePath: C:\Users\Allen\AppData\Roaming\Mozilla\Firefox\Profiles\sx3zrdti.default FF Homepage: https://www.google.com/ FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll () FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL No File FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No File FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: No Name - C:\Users\Allen\AppData\Roaming\Mozilla\Firefox\Profiles\sx3zrdti.default\Extensions\trash FF Extension: No Name - C:\Users\Allen\AppData\Roaming\Mozilla\Firefox\Profiles\sx3zrdti.default\Extensions\{ff356687-aa08-463d-a46c-11c451824939}.xpi Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Java Platform SE 7 U45) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () CHR Extension: (Google Wallet) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0 ==================== Services (Whitelisted) ================= R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [186056 2013-10-16] (Sandboxie Holdings, LLC) ==================== Drivers (Whitelisted) ==================== R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [200552 2013-10-16] (Sandboxie Holdings, LLC) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) S3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [250752 2011-06-14] (Vimicro Corporation) S3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-08-16] (Vimicro Corporation) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) U3 BcmSqlStartupSvc; S4 catchme; \??\C:\ComboFix\catchme.sys [x] U2 CLKMSVC10_3A60B698; U2 CLKMSVC10_C3B3B687; S3 clwvd; system32\DRIVERS\clwvd.sys [x] U2 DriverService; U2 iATAgentService; U2 idealife Update Service; U3 IGRS; U2 IviRegMgr; S0 LHDmgr; System32\DRIVERS\LhdX64.sys [x] U2 nvUpdatusService; U2 Oasis2Service; U2 PCCarerService; U2 ReadyComm.DirectRouter; U2 RichVideo; U2 RtLedService; U2 SeaPort; U2 SoftwareService; U3 SQLWriter; U2 Stereo Service; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-16 05:28 - 2013-11-16 05:29 - 00010852 _____ C:\Users\Allen\Desktop\FRST.txt 2013-11-16 05:28 - 2013-11-16 05:28 - 01957794 _____ (Farbar) C:\Users\Allen\Desktop\FRST64.exe 2013-11-16 05:28 - 2013-11-16 05:28 - 00000000 ____D C:\FRST 2013-11-16 02:53 - 2013-11-16 02:53 - 00000000 ____D C:\Users\Allen\AppData\Local\{0260E89E-FBB6-43B6-915E-BEDEFAAFB713} 2013-11-15 17:45 - 2013-11-15 17:45 - 00017583 _____ C:\ComboFix.txt 2013-11-15 17:29 - 2011-06-25 22:45 - 00256000 _____ C:\windows\PEV.exe 2013-11-15 17:29 - 2010-11-07 09:20 - 00208896 _____ C:\windows\MBR.exe 2013-11-15 17:29 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe 2013-11-15 17:29 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe 2013-11-15 17:29 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe 2013-11-15 17:29 - 2000-08-30 16:00 - 00098816 _____ C:\windows\sed.exe 2013-11-15 17:29 - 2000-08-30 16:00 - 00080412 _____ C:\windows\grep.exe 2013-11-15 17:29 - 2000-08-30 16:00 - 00068096 _____ C:\windows\zip.exe 2013-11-15 17:28 - 2013-11-15 17:46 - 00000000 ____D C:\Qoobox 2013-11-15 08:32 - 2013-11-15 08:32 - 00000000 ____D C:\Users\Allen\AppData\Local\{9DD2206E-EB3B-4237-AC1C-43BDE9303D2B} 2013-11-15 08:30 - 2013-11-15 08:30 - 00000493 _____ C:\windows\SynInst.log 2013-11-15 07:30 - 2013-11-15 07:30 - 00000020 ___SH C:\Users\Allen\ntuser.ini 2013-11-14 23:07 - 2013-11-14 23:07 - 07020032 _____ C:\Users\Allen\Documents\AutoRuns.arn 2013-11-14 18:45 - 2013-11-14 18:45 - 00000000 ____D C:\Users\Allen\AppData\Local\{23368A9D-272E-4F42-9305-062C4F119EEF} 2013-11-14 06:44 - 2013-11-14 06:45 - 00000000 ____D C:\Users\Allen\AppData\Local\{982B774A-DBBF-4413-966B-3510539E52F3} 2013-11-13 21:24 - 2013-11-13 21:24 - 00003128 _____ C:\windows\System32\Tasks\{94045FC0-11AC-4BED-8E9B-5ED3F4213049} 2013-11-13 21:21 - 2013-11-13 21:21 - 00003128 _____ C:\windows\System32\Tasks\{EFD3E1F1-B9C7-4893-89A8-6ACDB10A80E0} 2013-11-13 14:06 - 2013-11-13 14:06 - 00000000 ____D C:\Users\Allen\AppData\Local\{6F6ED3AC-9386-4B44-B4AF-5EC80C57F8F4} 2013-11-13 02:05 - 2013-11-13 02:05 - 00000000 ____D C:\Users\Allen\AppData\Local\{894B07E1-86D9-4DBF-8699-74F394090789} 2013-11-13 01:56 - 2013-10-01 18:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys 2013-11-13 01:56 - 2013-10-01 18:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2013-11-13 01:56 - 2013-10-01 18:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2013-11-13 01:56 - 2013-10-01 17:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll 2013-11-13 01:56 - 2013-10-01 17:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll 2013-11-13 01:56 - 2013-10-01 17:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll 2013-11-13 01:56 - 2013-10-01 17:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll 2013-11-13 01:56 - 2013-10-01 16:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll 2013-11-13 01:56 - 2013-10-01 16:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll 2013-11-13 01:56 - 2013-10-01 16:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll 2013-11-13 01:56 - 2013-10-01 16:08 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe 2013-11-13 01:56 - 2013-10-01 16:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe 2013-11-13 01:56 - 2013-10-01 15:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll 2013-11-13 01:56 - 2013-10-01 15:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe 2013-11-13 01:56 - 2013-10-01 15:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll 2013-11-13 01:56 - 2013-10-01 14:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe 2013-11-13 01:56 - 2013-10-01 12:57 - 06578176 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll 2013-11-13 01:56 - 2013-10-01 12:55 - 05698048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll 2013-11-13 01:51 - 2013-10-05 12:25 - 01474048 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll 2013-11-13 01:51 - 2013-10-05 11:57 - 01168384 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll 2013-11-13 01:51 - 2013-10-03 18:28 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\SmartcardCredentialProvider.dll 2013-11-13 01:51 - 2013-10-03 18:25 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\credui.dll 2013-11-13 01:51 - 2013-10-03 18:24 - 01930752 _____ (Microsoft Corporation) C:\windows\system32\authui.dll 2013-11-13 01:51 - 2013-10-03 17:58 - 00152576 _____ (Microsoft Corporation) C:\windows\SysWOW64\SmartcardCredentialProvider.dll 2013-11-13 01:51 - 2013-10-03 17:56 - 01796096 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll 2013-11-13 01:51 - 2013-10-03 17:56 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\credui.dll 2013-11-13 01:51 - 2013-09-27 17:09 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys 2013-11-13 01:51 - 2013-09-24 18:26 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys 2013-11-13 01:51 - 2013-09-24 18:26 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys 2013-11-13 01:51 - 2013-09-24 18:23 - 01030144 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll 2013-11-13 01:51 - 2013-09-24 18:23 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll 2013-11-13 01:51 - 2013-09-24 18:23 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll 2013-11-13 01:51 - 2013-09-24 18:23 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll 2013-11-13 01:51 - 2013-09-24 18:22 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll 2013-11-13 01:51 - 2013-09-24 18:21 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2013-11-13 01:51 - 2013-09-24 18:21 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll 2013-11-13 01:51 - 2013-09-24 17:58 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll 2013-11-13 01:51 - 2013-09-24 17:57 - 00792576 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll 2013-11-13 01:51 - 2013-09-24 17:57 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll 2013-11-13 01:51 - 2013-09-24 17:57 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll 2013-11-13 01:51 - 2013-09-24 17:56 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll 2013-11-13 01:51 - 2013-09-24 17:03 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe 2013-11-13 01:51 - 2013-07-04 04:18 - 00458712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys 2013-11-13 01:50 - 2013-10-11 18:30 - 00830464 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll 2013-11-13 01:50 - 2013-10-11 18:29 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL 2013-11-13 01:50 - 2013-10-11 18:29 - 00324096 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL 2013-11-13 01:50 - 2013-10-11 18:03 - 00656896 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll 2013-11-13 01:50 - 2013-10-11 18:01 - 00216576 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL 2013-11-13 01:50 - 2013-10-02 18:23 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll 2013-11-13 01:50 - 2013-10-02 18:00 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll 2013-11-12 14:05 - 2013-11-12 14:05 - 00000000 ____D C:\Users\Allen\AppData\Local\{785B9571-91A3-449B-AD8C-E9539363A03F} 2013-11-12 02:04 - 2013-11-12 02:05 - 00000000 ____D C:\Users\Allen\AppData\Local\{1CB115BF-F1F2-4F90-819B-4D0562315336} 2013-11-11 14:04 - 2013-11-11 14:04 - 00000000 ____D C:\Users\Allen\AppData\Local\{03CF13AD-8664-4688-AFFB-EA1E2EB2A564} 2013-11-11 02:04 - 2013-11-11 02:04 - 00000000 ____D C:\Users\Allen\AppData\Local\{12B2B0E3-C28C-421B-97FB-FF1B63628E5A} 2013-11-10 12:46 - 2013-11-10 12:47 - 00000000 ____D C:\Users\Allen\AppData\Local\{601CCCA4-D03A-44EE-86E6-A8BE26C9A4F1} 2013-11-10 02:14 - 2013-11-10 02:14 - 1464364738 _____ C:\windows\MEMORY.DMP 2013-11-10 02:14 - 2013-11-10 02:14 - 00280320 _____ C:\windows\Minidump\111013-22729-01.dmp 2013-11-10 00:45 - 2013-11-10 00:46 - 00000000 ____D C:\Users\Allen\AppData\Local\{79DB994E-D837-4EAA-8AD5-811DA12B3677} 2013-11-09 12:45 - 2013-11-09 12:45 - 00000000 ____D C:\Users\Allen\AppData\Local\{F38E45B7-C83A-4243-9EFA-9961AF03173F} 2013-11-09 00:44 - 2013-11-09 00:45 - 00000000 ____D C:\Users\Allen\AppData\Local\{5F07EBF8-DB64-472F-BDFA-3EF355967A77} 2013-11-08 12:44 - 2013-11-08 12:44 - 00000000 ____D C:\Users\Allen\AppData\Local\{0670ED63-8060-41A5-AD95-866E8BA17E00} 2013-11-08 11:46 - 2013-11-08 11:46 - 00000000 ____D C:\Program Files (x86)\Imagenomic 2013-11-08 00:44 - 2013-11-08 00:44 - 00000000 ____D C:\Users\Allen\AppData\Local\{70EF9723-6C0B-45D1-81C6-45A985BF8ED2} 2013-11-07 12:43 - 2013-11-07 12:43 - 00000000 ____D C:\Users\Allen\AppData\Local\{F53B0A45-4DC7-4500-9FF6-A5236082118C} 2013-11-06 21:46 - 2013-11-06 21:46 - 00000000 ____D C:\Users\Allen\AppData\Local\{DC1D963C-8997-41DC-924A-E37D8B118CBA} 2013-11-06 09:45 - 2013-11-06 09:46 - 00000000 ____D C:\Users\Allen\AppData\Local\{0F0A907A-BD52-4AFB-B235-AE78EA04C26D} 2013-11-06 07:57 - 2013-11-06 07:57 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-11-06 07:57 - 2013-11-06 07:57 - 00000000 ____D C:\Users\Allen\AppData\Roaming\Malwarebytes 2013-11-06 07:57 - 2013-11-06 07:57 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-11-06 07:57 - 2013-11-06 07:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-11-06 07:57 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2013-11-05 21:45 - 2013-11-05 21:45 - 00000000 ____D C:\Users\Allen\AppData\Local\{FDF6E9BD-AD86-48C7-90AF-604EB3A2A5C1} 2013-11-05 09:45 - 2013-11-05 09:45 - 00000000 ____D C:\Users\Allen\AppData\Local\{8DF1CD3B-701C-465C-8658-D824C9DFE0F8} 2013-11-04 23:57 - 2013-11-04 23:57 - 00000895 _____ C:\Users\Public\Desktop\YTD Video Downloader.lnk 2013-11-04 23:57 - 2013-11-04 23:57 - 00000000 ____D C:\Users\Allen\YTD Video Downloader 2013-11-04 23:57 - 2013-11-04 23:57 - 00000000 ____D C:\ProgramData\YTD Video Downloader 2013-11-04 19:46 - 2013-11-04 19:46 - 00000000 ____D C:\Users\Allen\AppData\Local\{8412FA03-2E69-4318-B86B-17F60F035ACC} 2013-11-04 07:45 - 2013-11-04 07:45 - 00000000 ____D C:\Users\Allen\AppData\Local\{C8CEE8AE-0AFB-4523-8F81-9099A155FC66} 2013-11-03 19:45 - 2013-11-03 19:45 - 00000000 ____D C:\Users\Allen\AppData\Local\{568F16E5-906A-44B8-A724-92B6BD8D52A0} 2013-11-03 07:44 - 2013-11-03 07:44 - 00000000 ____D C:\Users\Allen\AppData\Local\{BAFDF9A7-82AB-45AE-8409-C4840BE69B1E} 2013-11-02 19:43 - 2013-11-02 19:44 - 00000000 ____D C:\Users\Allen\AppData\Local\{9899A46E-A084-4457-9246-1003E610C888} 2013-11-02 07:43 - 2013-11-02 07:43 - 00000000 ____D C:\Users\Allen\AppData\Local\{AF583A82-41A2-4325-A6B9-34828BB27FE4} 2013-11-01 15:01 - 2013-11-01 15:01 - 00000000 ____D C:\Users\Allen\AppData\Local\{49EBBF29-A193-4CAB-9B00-8B277BDFEA69} 2013-11-01 03:00 - 2013-11-01 03:01 - 00000000 ____D C:\Users\Allen\AppData\Local\{1540AB48-F254-458C-9BB2-BA676E19BEB7} 2013-10-31 10:59 - 2013-10-31 10:59 - 00000000 ____D C:\Users\Allen\AppData\Local\{37F07E98-432A-42F1-A199-A76E9B5CED6B} 2013-10-30 21:08 - 2013-10-30 21:08 - 00000000 ____D C:\Users\Allen\AppData\Local\{2A9C8E4E-8616-42F7-B72D-F39F9694E6C4} 2013-10-30 14:50 - 2013-10-30 15:38 - 00000000 ____D C:\MATS 2013-10-30 09:08 - 2013-10-30 09:08 - 00000000 ____D C:\Users\Allen\AppData\Local\{2041A833-FA50-42D6-990E-873BC255CF08} 2013-10-29 21:07 - 2013-10-29 21:07 - 00000000 ____D C:\Users\Allen\AppData\Local\{2C250098-97DD-4E46-AB94-841659BC6594} 2013-10-29 09:06 - 2013-10-29 09:07 - 00000000 ____D C:\Users\Allen\AppData\Local\{7AC2816D-8ABD-4448-BB7C-16FF3B30777E} 2013-10-28 21:06 - 2013-10-28 21:06 - 00000000 ____D C:\Users\Allen\AppData\Local\{E23E7827-3A09-4DA0-805F-30E405DEBF26} 2013-10-28 18:16 - 2013-10-28 18:15 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe 2013-10-28 18:16 - 2013-10-28 18:15 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe 2013-10-28 18:16 - 2013-10-28 18:15 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe 2013-10-28 18:16 - 2013-10-28 18:15 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll 2013-10-28 18:15 - 2013-10-28 18:15 - 00000000 ____D C:\Program Files (x86)\Java 2013-10-28 18:06 - 2013-10-28 18:05 - 01093032 _____ (Oracle Corporation) C:\windows\system32\npDeployJava1.dll 2013-10-28 18:06 - 2013-10-28 18:05 - 00972712 _____ (Oracle Corporation) C:\windows\system32\deployJava1.dll 2013-10-28 18:06 - 2013-10-28 18:05 - 00312232 _____ (Oracle Corporation) C:\windows\system32\javaws.exe 2013-10-28 18:05 - 2013-10-28 18:05 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe 2013-10-28 18:05 - 2013-10-28 18:05 - 00188840 _____ (Oracle Corporation) C:\windows\system32\java.exe 2013-10-28 18:05 - 2013-10-28 18:05 - 00108968 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll 2013-10-28 18:05 - 2013-10-28 18:05 - 00000000 ____D C:\Program Files\Java 2013-10-28 09:05 - 2013-10-28 09:06 - 00000000 ____D C:\Users\Allen\AppData\Local\{C5803F7D-E272-43D7-B342-F46C06E80B3D} 2013-10-27 13:28 - 2013-10-27 13:28 - 00000000 ____D C:\Users\Allen\AppData\Local\{EB8B1E64-02D9-4962-B276-80916EF1E9FA} 2013-10-27 01:28 - 2013-10-27 01:28 - 00000000 ____D C:\Users\Allen\AppData\Local\{27210557-3F57-4B3B-8262-422A1A69EE7B} 2013-10-27 00:56 - 2013-10-27 00:56 - 00000000 ____D C:\Program Files (x86)\ESET 2013-10-27 00:23 - 2013-10-27 00:23 - 00000000 ____D C:\windows\ERUNT 2013-10-26 23:57 - 2013-10-27 00:17 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-10-26 17:27 - 2013-10-26 17:27 - 00002968 _____ C:\windows\System32\Tasks\{513A39DE-196E-4980-B19E-2C0B8022DDEA} 2013-10-26 02:11 - 2013-11-15 17:43 - 00000000 ____D C:\windows\ERDNT 2013-10-25 18:57 - 2013-11-12 02:56 - 00000000 ____D C:\AdwCleaner 2013-10-25 17:50 - 2013-09-04 04:12 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys 2013-10-25 17:50 - 2013-09-04 04:11 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys 2013-10-25 17:50 - 2013-09-04 04:11 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys 2013-10-25 17:50 - 2013-09-04 04:11 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys 2013-10-25 17:50 - 2013-09-04 04:11 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys 2013-10-25 17:50 - 2013-09-04 04:11 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys 2013-10-25 17:50 - 2013-09-04 04:11 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys 2013-10-24 15:35 - 2013-11-16 02:51 - 00065536 _____ C:\windows\system32\Ikeext.etl 2013-10-22 15:23 - 2013-10-22 15:23 - 00001193 _____ C:\Users\Allen\Desktop\Moo0 FileShredder 1.17.lnk 2013-10-22 15:23 - 2013-10-22 15:23 - 00000000 ____D C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Moo0 2013-10-22 15:23 - 2013-10-22 15:23 - 00000000 ____D C:\Program Files (x86)\Moo0 2013-10-21 14:16 - 2013-10-21 14:16 - 00000087 _____ C:\Users\Allen\AppData\Roaming\WB.CFG 2013-10-21 13:53 - 2013-10-21 13:25 - 00659264 _____ (Microsoft Corporation) C:\windows\system32\mscomct2.ocx 2013-10-20 14:26 - 2013-11-02 07:41 - 00438024 _____ C:\windows\system32\FNTCACHE.DAT 2013-10-20 14:25 - 2013-11-16 02:51 - 00085322 _____ C:\windows\PFRO.log 2013-10-20 08:04 - 2013-11-16 02:51 - 00003089 _____ C:\windows\setupact.log 2013-10-20 08:04 - 2013-10-20 08:04 - 00000000 _____ C:\windows\setuperr.log 2013-10-20 03:58 - 2013-11-01 05:43 - 00114848 _____ C:\Users\Allen\AppData\Local\GDIPFONTCACHEV1.DAT 2013-10-20 03:53 - 2013-10-20 03:53 - 00003130 _____ C:\windows\System32\Tasks\{6FD5D953-82C7-4DE0-84C6-42CFBE92A668} 2013-10-20 03:39 - 2013-10-20 03:39 - 00003132 _____ C:\windows\System32\Tasks\{73F0D62D-6021-421B-9E6C-BE57BA8F9EA7} 2013-10-20 03:38 - 2013-10-20 03:38 - 00003130 _____ C:\windows\System32\Tasks\{3CE0E019-97A7-4CB6-A7D1-A59FBD2C2A64} 2013-10-20 03:37 - 2013-10-20 03:37 - 00003130 _____ C:\windows\System32\Tasks\{5DEA9D6B-306B-48F9-9A45-BA17802C18ED} 2013-10-20 03:33 - 2010-09-30 15:45 - 00299520 _____ (Realtek Semiconductor Corp.) C:\windows\system32\Drivers\rtsuvstor.sys 2013-10-20 03:33 - 2009-11-25 13:21 - 07367200 _____ (Realtek Semiconductor Corp.) C:\windows\SysWOW64\RtsUVStoricon.dll 2013-10-20 03:24 - 2013-10-20 03:24 - 00003130 _____ C:\windows\System32\Tasks\{8D162DEE-BED6-4289-8D4A-6C4F91C12841} 2013-10-20 03:18 - 2013-10-20 03:18 - 00000000 ____D C:\Users\Allen\AppData\Local\DriverTuner 2013-10-20 03:13 - 2013-10-20 03:13 - 00000000 ____D C:\Users\Allen\AppData\Roaming\InstallShield 2013-10-20 02:03 - 2013-10-20 02:04 - 00004154 _____ C:\windows\SysWOW64\jupdate-1.7.0_45-b18.log 2013-10-20 02:02 - 2013-09-22 15:27 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2013-10-20 02:02 - 2013-09-22 15:27 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2013-10-20 02:02 - 2013-09-22 15:27 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2013-10-20 02:02 - 2013-09-22 15:27 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2013-10-20 02:02 - 2013-09-22 15:27 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll 2013-10-20 02:02 - 2013-09-22 15:27 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2013-10-20 02:02 - 2013-09-22 15:27 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2013-10-20 02:02 - 2013-09-22 14:55 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2013-10-20 02:02 - 2013-09-22 14:54 - 02647552 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2013-10-20 02:02 - 2013-09-22 14:54 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2013-10-20 02:02 - 2013-09-22 14:54 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2013-10-20 02:02 - 2013-09-22 14:54 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2013-10-20 02:02 - 2013-09-22 14:54 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll 2013-10-20 02:02 - 2013-09-22 14:54 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2013-10-20 02:02 - 2013-09-22 14:54 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2013-10-20 02:02 - 2013-09-20 19:38 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2013-10-20 02:02 - 2013-09-20 19:30 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2013-10-20 02:02 - 2013-09-20 18:48 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe 2013-10-20 02:02 - 2013-09-20 18:39 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe 2013-10-20 02:01 - 2013-09-22 15:28 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2013-10-20 02:01 - 2013-09-22 15:28 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2013-10-20 02:01 - 2013-09-22 15:27 - 14335488 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2013-10-20 02:01 - 2013-09-22 15:27 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2013-10-20 02:01 - 2013-09-22 15:27 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2013-10-20 02:01 - 2013-09-22 15:27 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2013-10-20 02:01 - 2013-09-22 14:55 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2013-10-20 02:01 - 2013-09-22 14:55 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2013-10-20 02:01 - 2013-09-22 14:54 - 19252224 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2013-10-20 02:01 - 2013-09-22 14:54 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2013-10-20 02:01 - 2013-09-22 14:54 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2013-10-20 02:01 - 2013-09-22 14:54 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2013-10-20 01:32 - 2013-09-07 18:30 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys 2013-10-20 01:32 - 2013-09-07 18:27 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll 2013-10-20 01:32 - 2013-09-07 18:03 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll 2013-10-20 01:32 - 2013-08-28 18:17 - 05549504 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2013-10-20 01:32 - 2013-08-28 18:16 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll 2013-10-20 01:32 - 2013-08-28 18:16 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll 2013-10-20 01:32 - 2013-08-28 18:16 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll 2013-10-20 01:32 - 2013-08-28 18:13 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll 2013-10-20 01:32 - 2013-08-28 17:51 - 03969472 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe 2013-10-20 01:32 - 2013-08-28 17:51 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe 2013-10-20 01:32 - 2013-08-28 17:50 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll 2013-10-20 01:32 - 2013-08-28 17:50 - 00619520 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll 2013-10-20 01:32 - 2013-08-28 17:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll 2013-10-20 01:32 - 2013-08-28 17:48 - 00640512 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll 2013-10-20 01:32 - 2013-08-28 16:49 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe 2013-10-20 01:32 - 2013-08-28 16:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll 2013-10-20 01:32 - 2013-08-28 16:49 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe 2013-10-20 01:32 - 2013-08-28 16:49 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe 2013-10-20 01:32 - 2013-08-27 17:12 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll 2013-10-20 01:32 - 2013-07-20 02:33 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-10-20 01:32 - 2013-07-20 02:33 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2013-10-20 01:32 - 2013-07-12 02:41 - 00185344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys 2013-10-20 01:32 - 2013-07-12 02:41 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys 2013-10-20 01:32 - 2013-07-04 04:57 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll 2013-10-20 01:32 - 2013-07-04 04:50 - 00102400 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll 2013-10-20 01:32 - 2013-07-04 03:57 - 00205824 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll 2013-10-20 01:32 - 2013-07-04 03:51 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll 2013-10-20 01:32 - 2013-07-04 02:11 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys 2013-10-20 01:32 - 2013-06-25 14:55 - 00785624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys 2013-10-20 01:31 - 2013-08-27 17:21 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2013-10-20 01:31 - 2013-07-02 20:40 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbscan.sys 2013-10-20 01:31 - 2013-07-02 20:05 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys 2013-10-20 01:31 - 2013-07-02 20:05 - 00032896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys 2013-10-20 01:31 - 2013-06-05 21:50 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll 2013-10-20 01:31 - 2013-06-05 21:49 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll 2013-10-20 01:31 - 2013-06-05 21:49 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll 2013-10-20 01:31 - 2013-06-05 21:47 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll 2013-10-20 01:31 - 2013-06-05 20:57 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll 2013-10-20 01:31 - 2013-06-05 20:51 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll 2013-10-20 01:31 - 2013-06-05 20:50 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll 2013-10-20 01:31 - 2013-06-05 19:30 - 00368128 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll 2013-10-20 01:31 - 2013-06-05 19:01 - 00295424 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll 2013-10-20 01:31 - 2013-06-05 19:01 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll 2013-10-20 01:30 - 2013-07-04 04:50 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll 2013-10-20 01:30 - 2013-07-04 03:50 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll ==================== One Month Modified Files and Folders ======= 2013-11-16 05:29 - 2013-11-16 05:28 - 00010852 _____ C:\Users\Allen\Desktop\FRST.txt 2013-11-16 05:28 - 2013-11-16 05:28 - 01957794 _____ (Farbar) C:\Users\Allen\Desktop\FRST64.exe 2013-11-16 05:28 - 2013-11-16 05:28 - 00000000 ____D C:\FRST 2013-11-16 04:44 - 2009-07-13 19:20 - 00000000 ____D C:\windows\tracing 2013-11-16 03:04 - 2012-09-08 15:56 - 01136582 _____ C:\windows\WindowsUpdate.log 2013-11-16 02:59 - 2009-07-13 20:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-16 02:59 - 2009-07-13 20:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-16 02:58 - 2009-07-13 21:13 - 00726444 _____ C:\windows\system32\PerfStringBackup.INI 2013-11-16 02:53 - 2013-11-16 02:53 - 00000000 ____D C:\Users\Allen\AppData\Local\{0260E89E-FBB6-43B6-915E-BEDEFAAFB713} 2013-11-16 02:52 - 2012-09-08 16:40 - 00466644 _____ C:\windows\system32\fastboot.set 2013-11-16 02:51 - 2013-10-24 15:35 - 00065536 _____ C:\windows\system32\Ikeext.etl 2013-11-16 02:51 - 2013-10-20 14:25 - 00085322 _____ C:\windows\PFRO.log 2013-11-16 02:51 - 2013-10-20 08:04 - 00003089 _____ C:\windows\setupact.log 2013-11-16 02:51 - 2009-07-13 21:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-11-15 17:46 - 2013-11-15 17:28 - 00000000 ____D C:\Qoobox 2013-11-15 17:45 - 2013-11-15 17:45 - 00017583 _____ C:\ComboFix.txt 2013-11-15 17:43 - 2013-10-26 02:11 - 00000000 ____D C:\windows\ERDNT 2013-11-15 17:37 - 2009-07-13 18:34 - 00000215 _____ C:\windows\system.ini 2013-11-15 15:36 - 2009-07-13 19:20 - 00000000 ____D C:\windows\rescache 2013-11-15 14:59 - 2012-12-03 18:35 - 02210075 _____ C:\FaceProv.log 2013-11-15 14:59 - 2012-09-08 16:32 - 00000000 ____D C:\ProgramData\VeriFace 2013-11-15 14:59 - 2011-09-28 19:37 - 00000000 ___RD C:\Users\Public\Recorded TV 2013-11-15 11:25 - 2009-07-13 19:20 - 00000000 ____D C:\windows\system32\NDF 2013-11-15 08:32 - 2013-11-15 08:32 - 00000000 ____D C:\Users\Allen\AppData\Local\{9DD2206E-EB3B-4237-AC1C-43BDE9303D2B} 2013-11-15 08:30 - 2013-11-15 08:30 - 00000493 _____ C:\windows\SynInst.log 2013-11-15 07:30 - 2013-11-15 07:30 - 00000020 ___SH C:\Users\Allen\ntuser.ini 2013-11-15 07:30 - 2012-12-03 18:35 - 00000000 ____D C:\Users\Allen 2013-11-14 23:07 - 2013-11-14 23:07 - 07020032 _____ C:\Users\Allen\Documents\AutoRuns.arn 2013-11-14 18:45 - 2013-11-14 18:45 - 00000000 ____D C:\Users\Allen\AppData\Local\{23368A9D-272E-4F42-9305-062C4F119EEF} 2013-11-14 08:39 - 2013-04-17 18:08 - 00000000 ____D C:\Users\Allen\AppData\Local\Apps\2.0 2013-11-14 06:45 - 2013-11-14 06:44 - 00000000 ____D C:\Users\Allen\AppData\Local\{982B774A-DBBF-4413-966B-3510539E52F3} 2013-11-13 21:25 - 2013-07-02 14:45 - 00001890 _____ C:\Users\Allen\Desktop\IrfanView Thumbnails.lnk 2013-11-13 21:25 - 2013-07-02 14:45 - 00000998 _____ C:\Users\Allen\Desktop\IrfanView.lnk 2013-11-13 21:24 - 2013-11-13 21:24 - 00003128 _____ C:\windows\System32\Tasks\{94045FC0-11AC-4BED-8E9B-5ED3F4213049} 2013-11-13 21:21 - 2013-11-13 21:21 - 00003128 _____ C:\windows\System32\Tasks\{EFD3E1F1-B9C7-4893-89A8-6ACDB10A80E0} 2013-11-13 17:54 - 2013-04-17 17:31 - 00000000 ____D C:\Users\Allen\AppData\Local\Microsoft Help 2013-11-13 14:06 - 2013-11-13 14:06 - 00000000 ____D C:\Users\Allen\AppData\Local\{6F6ED3AC-9386-4B44-B4AF-5EC80C57F8F4} 2013-11-13 02:05 - 2013-11-13 02:05 - 00000000 ____D C:\Users\Allen\AppData\Local\{894B07E1-86D9-4DBF-8699-74F394090789} 2013-11-13 01:56 - 2013-04-17 17:30 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-11-13 01:55 - 2013-03-05 16:00 - 00001945 _____ C:\windows\epplauncher.mif 2013-11-13 01:55 - 2013-03-05 16:00 - 00000000 ____D C:\Program Files\Microsoft Security Client 2013-11-13 01:55 - 2013-03-05 16:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client 2013-11-13 01:54 - 2013-07-23 00:19 - 00000000 ____D C:\windows\system32\MRT 2013-11-13 01:52 - 2012-12-03 16:17 - 82896128 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2013-11-12 14:05 - 2013-11-12 14:05 - 00000000 ____D C:\Users\Allen\AppData\Local\{785B9571-91A3-449B-AD8C-E9539363A03F} 2013-11-12 09:57 - 2013-10-08 21:13 - 00006522 _____ C:\windows\Sandboxie.ini 2013-11-12 02:56 - 2013-10-25 18:57 - 00000000 ____D C:\AdwCleaner 2013-11-12 02:05 - 2013-11-12 02:04 - 00000000 ____D C:\Users\Allen\AppData\Local\{1CB115BF-F1F2-4F90-819B-4D0562315336} 2013-11-11 14:04 - 2013-11-11 14:04 - 00000000 ____D C:\Users\Allen\AppData\Local\{03CF13AD-8664-4688-AFFB-EA1E2EB2A564} 2013-11-11 02:04 - 2013-11-11 02:04 - 00000000 ____D C:\Users\Allen\AppData\Local\{12B2B0E3-C28C-421B-97FB-FF1B63628E5A} 2013-11-10 12:47 - 2013-11-10 12:46 - 00000000 ____D C:\Users\Allen\AppData\Local\{601CCCA4-D03A-44EE-86E6-A8BE26C9A4F1} 2013-11-10 02:14 - 2013-11-10 02:14 - 1464364738 _____ C:\windows\MEMORY.DMP 2013-11-10 02:14 - 2013-11-10 02:14 - 00280320 _____ C:\windows\Minidump\111013-22729-01.dmp 2013-11-10 02:14 - 2013-08-29 00:22 - 00000000 ____D C:\windows\Minidump 2013-11-10 00:46 - 2013-11-10 00:45 - 00000000 ____D C:\Users\Allen\AppData\Local\{79DB994E-D837-4EAA-8AD5-811DA12B3677} 2013-11-09 12:45 - 2013-11-09 12:45 - 00000000 ____D C:\Users\Allen\AppData\Local\{F38E45B7-C83A-4243-9EFA-9961AF03173F} 2013-11-09 00:45 - 2013-11-09 00:44 - 00000000 ____D C:\Users\Allen\AppData\Local\{5F07EBF8-DB64-472F-BDFA-3EF355967A77} 2013-11-08 12:44 - 2013-11-08 12:44 - 00000000 ____D C:\Users\Allen\AppData\Local\{0670ED63-8060-41A5-AD95-866E8BA17E00} 2013-11-08 11:46 - 2013-11-08 11:46 - 00000000 ____D C:\Program Files (x86)\Imagenomic 2013-11-08 00:44 - 2013-11-08 00:44 - 00000000 ____D C:\Users\Allen\AppData\Local\{70EF9723-6C0B-45D1-81C6-45A985BF8ED2} 2013-11-07 12:43 - 2013-11-07 12:43 - 00000000 ____D C:\Users\Allen\AppData\Local\{F53B0A45-4DC7-4500-9FF6-A5236082118C} 2013-11-06 21:46 - 2013-11-06 21:46 - 00000000 ____D C:\Users\Allen\AppData\Local\{DC1D963C-8997-41DC-924A-E37D8B118CBA} 2013-11-06 09:46 - 2013-11-06 09:45 - 00000000 ____D C:\Users\Allen\AppData\Local\{0F0A907A-BD52-4AFB-B235-AE78EA04C26D} 2013-11-06 07:57 - 2013-11-06 07:57 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-11-06 07:57 - 2013-11-06 07:57 - 00000000 ____D C:\Users\Allen\AppData\Roaming\Malwarebytes 2013-11-06 07:57 - 2013-11-06 07:57 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-11-06 07:57 - 2013-11-06 07:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-11-05 21:45 - 2013-11-05 21:45 - 00000000 ____D C:\Users\Allen\AppData\Local\{FDF6E9BD-AD86-48C7-90AF-604EB3A2A5C1} 2013-11-05 09:45 - 2013-11-05 09:45 - 00000000 ____D C:\Users\Allen\AppData\Local\{8DF1CD3B-701C-465C-8658-D824C9DFE0F8} 2013-11-05 00:02 - 2013-03-18 12:38 - 00000000 ____D C:\Users\Allen\Documents\Youcam 2013-11-04 23:57 - 2013-11-04 23:57 - 00000895 _____ C:\Users\Public\Desktop\YTD Video Downloader.lnk 2013-11-04 23:57 - 2013-11-04 23:57 - 00000000 ____D C:\Users\Allen\YTD Video Downloader 2013-11-04 23:57 - 2013-11-04 23:57 - 00000000 ____D C:\ProgramData\YTD Video Downloader 2013-11-04 19:46 - 2013-11-04 19:46 - 00000000 ____D C:\Users\Allen\AppData\Local\{8412FA03-2E69-4318-B86B-17F60F035ACC} 2013-11-04 07:45 - 2013-11-04 07:45 - 00000000 ____D C:\Users\Allen\AppData\Local\{C8CEE8AE-0AFB-4523-8F81-9099A155FC66} 2013-11-03 19:45 - 2013-11-03 19:45 - 00000000 ____D C:\Users\Allen\AppData\Local\{568F16E5-906A-44B8-A724-92B6BD8D52A0} 2013-11-03 18:54 - 2012-12-03 15:43 - 00000000 ____D C:\Users\Allen\AppData\Roaming\Adobe 2013-11-03 07:44 - 2013-11-03 07:44 - 00000000 ____D C:\Users\Allen\AppData\Local\{BAFDF9A7-82AB-45AE-8409-C4840BE69B1E} 2013-11-02 19:44 - 2013-11-02 19:43 - 00000000 ____D C:\Users\Allen\AppData\Local\{9899A46E-A084-4457-9246-1003E610C888} 2013-11-02 07:43 - 2013-11-02 07:43 - 00000000 ____D C:\Users\Allen\AppData\Local\{AF583A82-41A2-4325-A6B9-34828BB27FE4} 2013-11-02 07:41 - 2013-10-20 14:26 - 00438024 _____ C:\windows\system32\FNTCACHE.DAT 2013-11-01 15:01 - 2013-11-01 15:01 - 00000000 ____D C:\Users\Allen\AppData\Local\{49EBBF29-A193-4CAB-9B00-8B277BDFEA69} 2013-11-01 05:43 - 2013-10-20 03:58 - 00114848 _____ C:\Users\Allen\AppData\Local\GDIPFONTCACHEV1.DAT 2013-11-01 03:01 - 2013-11-01 03:00 - 00000000 ____D C:\Users\Allen\AppData\Local\{1540AB48-F254-458C-9BB2-BA676E19BEB7} 2013-10-31 10:59 - 2013-10-31 10:59 - 00000000 ____D C:\Users\Allen\AppData\Local\{37F07E98-432A-42F1-A199-A76E9B5CED6B} 2013-10-30 21:08 - 2013-10-30 21:08 - 00000000 ____D C:\Users\Allen\AppData\Local\{2A9C8E4E-8616-42F7-B72D-F39F9694E6C4} 2013-10-30 15:53 - 2012-09-08 16:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2013-10-30 15:40 - 2011-09-28 19:37 - 00000000 ____D C:\windows\ShellNew 2013-10-30 15:38 - 2013-10-30 14:50 - 00000000 ____D C:\MATS 2013-10-30 15:29 - 2009-07-13 18:34 - 00000387 _____ C:\windows\win.ini 2013-10-30 15:26 - 2012-12-08 18:26 - 00000000 ____D C:\Program Files\Microsoft Office 2013-10-30 14:53 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2013-10-30 13:44 - 2009-07-13 19:20 - 00000000 ____D C:\windows\registration 2013-10-30 09:08 - 2013-10-30 09:08 - 00000000 ____D C:\Users\Allen\AppData\Local\{2041A833-FA50-42D6-990E-873BC255CF08} 2013-10-30 08:40 - 2013-03-04 12:58 - 00000000 ____D C:\Users\Allen\Desktop\[Default]My Computer 2013-10-29 21:07 - 2013-10-29 21:07 - 00000000 ____D C:\Users\Allen\AppData\Local\{2C250098-97DD-4E46-AB94-841659BC6594} 2013-10-29 09:07 - 2013-10-29 09:06 - 00000000 ____D C:\Users\Allen\AppData\Local\{7AC2816D-8ABD-4448-BB7C-16FF3B30777E} 2013-10-28 21:06 - 2013-10-28 21:06 - 00000000 ____D C:\Users\Allen\AppData\Local\{E23E7827-3A09-4DA0-805F-30E405DEBF26} 2013-10-28 18:16 - 2013-10-08 22:18 - 00000000 ____D C:\ProgramData\Oracle 2013-10-28 18:15 - 2013-10-28 18:16 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe 2013-10-28 18:15 - 2013-10-28 18:16 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe 2013-10-28 18:15 - 2013-10-28 18:16 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe 2013-10-28 18:15 - 2013-10-28 18:16 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll 2013-10-28 18:15 - 2013-10-28 18:15 - 00000000 ____D C:\Program Files (x86)\Java 2013-10-28 18:05 - 2013-10-28 18:06 - 01093032 _____ (Oracle Corporation) C:\windows\system32\npDeployJava1.dll 2013-10-28 18:05 - 2013-10-28 18:06 - 00972712 _____ (Oracle Corporation) C:\windows\system32\deployJava1.dll 2013-10-28 18:05 - 2013-10-28 18:06 - 00312232 _____ (Oracle Corporation) C:\windows\system32\javaws.exe 2013-10-28 18:05 - 2013-10-28 18:05 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe 2013-10-28 18:05 - 2013-10-28 18:05 - 00188840 _____ (Oracle Corporation) C:\windows\system32\java.exe 2013-10-28 18:05 - 2013-10-28 18:05 - 00108968 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll 2013-10-28 18:05 - 2013-10-28 18:05 - 00000000 ____D C:\Program Files\Java 2013-10-28 14:50 - 2012-12-03 15:52 - 00000000 ____D C:\windows\System32\Tasks\Games 2013-10-28 09:06 - 2013-10-28 09:05 - 00000000 ____D C:\Users\Allen\AppData\Local\{C5803F7D-E272-43D7-B342-F46C06E80B3D} 2013-10-27 13:28 - 2013-10-27 13:28 - 00000000 ____D C:\Users\Allen\AppData\Local\{EB8B1E64-02D9-4962-B276-80916EF1E9FA} 2013-10-27 01:28 - 2013-10-27 01:28 - 00000000 ____D C:\Users\Allen\AppData\Local\{27210557-3F57-4B3B-8262-422A1A69EE7B} 2013-10-27 00:56 - 2013-10-27 00:56 - 00000000 ____D C:\Program Files (x86)\ESET 2013-10-27 00:23 - 2013-10-27 00:23 - 00000000 ____D C:\windows\ERUNT 2013-10-27 00:17 - 2013-10-26 23:57 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-10-26 21:36 - 2012-09-08 16:06 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-10-26 21:34 - 2012-09-08 16:24 - 00000000 ____D C:\Program Files (x86)\Lenovo 2013-10-26 17:57 - 2012-09-08 16:22 - 00000000 ____D C:\Program Files (x86)\USB Camera 2013-10-26 17:27 - 2013-10-26 17:27 - 00002968 _____ C:\windows\System32\Tasks\{513A39DE-196E-4980-B19E-2C0B8022DDEA} 2013-10-26 09:22 - 2012-12-03 18:35 - 00000000 ___RD C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-10-22 15:23 - 2013-10-22 15:23 - 00001193 _____ C:\Users\Allen\Desktop\Moo0 FileShredder 1.17.lnk 2013-10-22 15:23 - 2013-10-22 15:23 - 00000000 ____D C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Moo0 2013-10-22 15:23 - 2013-10-22 15:23 - 00000000 ____D C:\Program Files (x86)\Moo0 2013-10-21 14:16 - 2013-10-21 14:16 - 00000087 _____ C:\Users\Allen\AppData\Roaming\WB.CFG 2013-10-21 13:25 - 2013-10-21 13:53 - 00659264 _____ (Microsoft Corporation) C:\windows\system32\mscomct2.ocx 2013-10-21 13:25 - 2009-03-24 11:52 - 00659264 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscomct2.ocx 2013-10-21 11:40 - 2012-12-03 18:35 - 00000000 ____D C:\Users\Allen\AppData\Local\VirtualStore 2013-10-20 14:27 - 2011-02-22 03:19 - 00000000 ____D C:\windows\Panther 2013-10-20 14:25 - 2013-04-09 14:56 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-10-20 14:25 - 2013-04-09 14:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-10-20 08:04 - 2013-10-20 08:04 - 00000000 _____ C:\windows\setuperr.log 2013-10-20 03:55 - 2012-09-08 16:13 - 00000000 ____D C:\windows\SysWOW64\Atheros_L1e 2013-10-20 03:53 - 2013-10-20 03:53 - 00003130 _____ C:\windows\System32\Tasks\{6FD5D953-82C7-4DE0-84C6-42CFBE92A668} 2013-10-20 03:39 - 2013-10-20 03:39 - 00003132 _____ C:\windows\System32\Tasks\{73F0D62D-6021-421B-9E6C-BE57BA8F9EA7} 2013-10-20 03:38 - 2013-10-20 03:38 - 00003130 _____ C:\windows\System32\Tasks\{3CE0E019-97A7-4CB6-A7D1-A59FBD2C2A64} 2013-10-20 03:37 - 2013-10-20 03:37 - 00003130 _____ C:\windows\System32\Tasks\{5DEA9D6B-306B-48F9-9A45-BA17802C18ED} 2013-10-20 03:33 - 2012-09-08 16:14 - 00000000 ____D C:\Program Files (x86)\Realtek 2013-10-20 03:24 - 2013-10-20 03:24 - 00003130 _____ C:\windows\System32\Tasks\{8D162DEE-BED6-4289-8D4A-6C4F91C12841} 2013-10-20 03:19 - 2013-10-10 11:25 - 00000975 _____ C:\Users\Allen\Desktop\CCleaner.lnk 2013-10-20 03:18 - 2013-10-20 03:18 - 00000000 ____D C:\Users\Allen\AppData\Local\DriverTuner 2013-10-20 03:13 - 2013-10-20 03:13 - 00000000 ____D C:\Users\Allen\AppData\Roaming\InstallShield 2013-10-20 02:52 - 2012-12-08 18:27 - 00000000 ____D C:\Users\Allen\AppData\Roaming\SoftGrid Client 2013-10-20 02:51 - 2013-01-10 10:02 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-10-20 02:46 - 2012-12-03 18:36 - 00000000 ____D C:\ProgramData\Energy Management 2013-10-20 02:46 - 2012-12-03 18:35 - 00000000 ____D C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo 2013-10-20 02:45 - 2013-07-07 09:01 - 00000000 ____D C:\BigFishGamesCache 2013-10-20 02:04 - 2013-10-20 02:03 - 00004154 _____ C:\windows\SysWOW64\jupdate-1.7.0_45-b18.log 2013-10-20 01:49 - 2013-10-08 20:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Works 2013-10-20 01:45 - 2012-09-08 16:07 - 00000000 ____D C:\Intel 2013-10-20 01:45 - 2012-09-08 16:06 - 00000000 ____D C:\Program Files (x86)\Intel 2013-10-18 23:18 - 2012-12-03 15:42 - 00000000 ____D C:\Users\Allen\AppData\Local\Google 2013-10-17 04:06 - 2013-03-26 01:42 - 00000000 ____D C:\Users\Allen\AppData\Local\Microsoft Games ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-10 06:54 ==================== End Of Log ============================
  11. Blackjack
    Do you know if this is a good entry or can I remove it, because Office is working really well now that I removed Office 2010, except for one little glitch when you fire up Excel. IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
  12. Blackjack
    I am still here, I read as much as possible out of the list you provided two messages up, that took some time, and now here is the ComboFix log. I hope you will explain what it was that ComboFix deleted. ComboFix 13-11-15.01 - Allen 11/15/2013 17:30:40.1.2 - x64Running from: c:\users\Allen\Desktop\ComboFix.exe..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\windows\s.batc:\windows\SysWow64\FlashPlayerApp.exec:\windows\Tasks\SoundRecorder.exe..((((((((((((((((((((((((( Files Created from 2013-10-16 to 2013-11-16 )))))))))))))))))))))))))))))))..2013-11-16 01:37 . 2013-11-16 01:37 -------- d-----w- c:\users\Default\AppData\Local\temp2013-11-15 09:46 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5DE7EA8B-22A2-4958-8199-37944C9E9864}\mpengine.dll2013-11-14 17:25 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-11-13 09:51 . 2013-09-25 02:23 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll2013-11-13 09:50 . 2013-10-03 02:23 404480 ----a-w- c:\windows\system32\gdi32.dll2013-11-13 09:50 . 2013-10-03 02:00 311808 ----a-w- c:\windows\SysWow64\gdi32.dll2013-11-13 09:50 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll2013-11-13 09:50 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL2013-11-13 09:50 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL2013-11-13 09:50 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll2013-11-13 09:50 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL2013-11-08 19:46 . 2013-11-08 19:46 -------- d-----w- c:\program files (x86)\Imagenomic2013-11-06 15:57 . 2013-11-06 15:57 -------- d-----w- c:\users\Allen\AppData\Roaming\Malwarebytes2013-11-06 15:57 . 2013-11-06 15:57 -------- d-----w- c:\programdata\Malwarebytes2013-11-06 15:57 . 2013-11-06 15:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2013-11-06 15:57 . 2013-04-04 22:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys2013-11-06 06:14 . 2013-10-18 18:39 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5D7604DB-86E2-4A06-9140-05885C1E848B}\gapaengine.dll2013-11-05 07:57 . 2013-11-05 07:57 -------- d-----w- c:\programdata\YTD Video Downloader2013-11-05 07:57 . 2013-11-05 07:57 -------- d-----w- c:\users\Allen\YTD Video Downloader2013-10-30 22:50 . 2013-10-30 23:38 -------- d-----w- C:\MATS2013-10-29 02:16 . 2013-10-29 02:16 -------- d-----w- c:\program files (x86)\Common Files\Java2013-10-29 02:16 . 2013-10-29 02:15 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-10-29 02:15 . 2013-10-29 02:15 -------- d-----w- c:\program files (x86)\Java2013-10-29 02:06 . 2013-10-29 02:05 312232 ----a-w- c:\windows\system32\javaws.exe2013-10-29 02:06 . 2013-10-29 02:05 972712 ----a-w- c:\windows\system32\deployJava1.dll2013-10-29 02:06 . 2013-10-29 02:05 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll2013-10-29 02:05 . 2013-10-29 02:05 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll2013-10-29 02:05 . 2013-10-29 02:05 189352 ----a-w- c:\windows\system32\javaw.exe2013-10-29 02:05 . 2013-10-29 02:05 188840 ----a-w- c:\windows\system32\java.exe2013-10-29 02:05 . 2013-10-29 02:05 -------- d-----w- c:\program files\Java2013-10-27 08:56 . 2013-10-27 08:56 -------- d-----w- c:\program files (x86)\ESET2013-10-27 08:42 . 2013-11-14 16:24 -------- d-----w- c:\users\Allen\AppData\Local\ElevatedDiagnostics2013-10-27 08:23 . 2013-10-27 08:23 -------- d-----w- c:\windows\ERUNT2013-10-27 07:57 . 2013-10-27 08:17 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2013-10-26 02:57 . 2013-11-12 10:56 -------- d-----w- C:\AdwCleaner2013-10-26 01:50 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys2013-10-26 01:50 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys2013-10-26 01:50 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys2013-10-26 01:50 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys2013-10-26 01:50 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys2013-10-26 01:50 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys2013-10-26 01:50 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys2013-10-22 23:23 . 2013-10-22 23:23 -------- d-----w- c:\program files (x86)\Moo02013-10-21 21:53 . 2013-10-21 21:25 659264 ----a-w- c:\windows\system32\mscomct2.ocx2013-10-20 11:33 . 2010-09-30 23:45 299520 ----a-w- c:\windows\system32\drivers\rtsuvstor.sys2013-10-20 11:33 . 2009-11-25 21:21 7367200 ----a-w- c:\windows\SysWow64\RtsUVStoricon.dll2013-10-20 11:18 . 2013-10-20 11:18 -------- d-----w- c:\users\Allen\AppData\Local\DriverTuner2013-10-20 11:13 . 2013-10-20 11:13 -------- d-----w- c:\users\Allen\AppData\Roaming\InstallShield2013-10-20 11:13 . 2013-10-20 11:39 -------- d-----w- C:\Drivers2013-10-20 10:01 . 2013-09-22 23:27 2876928 ----a-w- c:\windows\SysWow64\jscript9.dll2013-10-20 09:32 . 2013-07-20 10:33 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll2013-10-20 09:31 . 2013-06-06 03:30 368128 ----a-w- c:\windows\system32\atmfd.dll2013-10-20 09:30 . 2013-07-04 11:50 530432 ----a-w- c:\windows\SysWow64\comctl32.dll2013-10-20 09:30 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll2013-10-20 08:54 . 2013-10-20 08:54 -------- d-----w- c:\users\Allen\AppData\Local\Programs...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-11-13 09:52 . 2012-12-04 00:17 82896128 ----a-w- c:\windows\system32\MRT.exe2013-10-21 21:25 . 2009-03-24 19:52 659264 ----a-w- c:\windows\SysWow64\mscomct2.ocx2013-10-18 18:39 . 2013-03-27 23:22 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2013-10-09 05:19 . 2013-04-21 00:37 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-09-27 17:53 . 2013-09-27 17:53 248240 ----a-w- c:\windows\system32\drivers\MpFilter.sys2013-09-27 17:53 . 2013-01-20 20:59 134944 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys2013-08-29 01:48 . 2013-10-20 09:32 44032 ----a-w- c:\windows\apppatch\acwow64.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2013-10-16 759496].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-02-18 283160]"EnergyUtility"="c:\program files (x86)\Lenovo\EnergyCut\utilty.exe" [2007-04-28 1581056]"EnergyCut"="c:\program files (x86)\Lenovo\EnergyCut\EnergyCut.exe" [2007-03-10 1167360]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2012-09-09 329056].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux1"=wdmaud.drv.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x]R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys;c:\windows\SYSNATIVE\Drivers\vm331avs.sys [x]R3 vmuvcflt;Vimicro USB Camera Filter;c:\windows\system32\Drivers\vmuvcflt.sys;c:\windows\SYSNATIVE\Drivers\vmuvcflt.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]svcboot_cyjcgd REG_MULTI_SZ svcboot_cyjcgd.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-11-15 06:00 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]@="{771C7324-DA80-49D3-8017-753B0AF60951}"[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]2012-09-09 00:32 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2012-09-09 114688]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-24 1266912]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.htmlTCP: DhcpNameServer = 8.8.8.8 8.8.4.4 209.55.27.13TCP: Interfaces\{2D2093C2-D542-42D1-8A2F-27A7AA54C040}: NameServer = 8.8.8.8 4.2.2.2FF - ProfilePath - c:\users\Allen\AppData\Roaming\Mozilla\Firefox\Profiles\sx3zrdti.default\FF - prefs.js: keyword.enabled - false.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startToolbar-Locked - (no file)...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\software\McAfee]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-11-15 17:45:49ComboFix-quarantined-files.txt 2013-11-16 01:45.Pre-Run: 143,432,380,416 bytes freePost-Run: 144,034,656,256 bytes free.- - End Of File - - 2BA012F3016B9FE84C109A179D2AD068
  13. Blackjack
    There are no signs of infection and other than Word, my computer is running better than it ever has! Thank you so much, also thanks for the pointer re. Word. Okay, okay, I will update Firefox. =) You do good deeds, Ron Lewis!
  14. Blackjack
    Task Manager shows wscsvc is running.
  15. Blackjack
    I have had problems with newer versions of Firefox, I run one update behind. Also, whenever I open a Word document, which is frequently, it takes a few minutes to "configure Office 2007", is there anyway to clean the trial version of Office 2010 off this computer so it is easier to use my registered copy of Office 2007?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.