Malware returns on re-boot

philns · May 23, 2012

I have a persistent infection that I cannot completely eliminate. Malwarebytes detects and removes everything, but there are always threats detected on re-boot. It seems as though the longer the computer remains on the more threats are detected. When I run a scan immediately after the re-boot the following 2 threats will be present:

HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\Gruchy\LOCALS~1\Temp\msqwpsz.com -> Delete on reboot.

Here is the DDS.txt:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Gruchy at 21:25:59 on 2012-05-22

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.6049.4054 [GMT -3:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

c:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

c:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe

C:\Program Files (x86)\DELL\DELLOSD\TestDispChangedEvent.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\mfevtps.exe

C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

c:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\rundll32.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Windows\System32\rundll32.exe

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe

C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe

c:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\ProgramData\evbzkmjw.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe

C:\Program Files (x86)\DELL\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe

C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe

C:\Users\Gruchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\daw.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\IndicatorOSD.exe

C:\Program Files\mcafee.com\agent\mcagent.exe

C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe

C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe

C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

c:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe

C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe

C:\Program Files (x86)\DELL\DELLOSD\DELLOSD.exe

C:\Program Files (x86)\Sensible Vision\Fast Access\Vendor\FastAccessChatAssist.exe

C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\syswow64\svchost.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Gruchy\AppData\Roaming\vwtrjl.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe

C:\Users\Gruchy\AppData\Roaming\system\config.exe

C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Nero\Update\NASvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files\Common Files\McAfee\Core\mchost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://msn.ca/

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

uWindows: Load=C:\Users\Gruchy\LOCALS~1\Temp\msqwpsz.com

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120429234322.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO: SSOIEAddonBHO Class: {da5bce70-d057-4d63-943d-5f3927ec59f1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [mau] "C:\Users\Gruchy\AppData\Roaming\mau"

uRun: [HD Audio Service] "C:\Users\Gruchy\AppData\Local\HDAudio.exe"

uRun: [Audio Driver] C:\Users\Gruchy\AppData\Roaming\system\config.exe

uRun: [a] C:\Users\Gruchy\Desktop\daw.exe

uRun: C:\Users\Gruchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\daw.exe

uRun: [c] C:\Users\Gruchy\Documents\daw.exe

uRun: [d] C:\Users\Gruchy\Favorites\daw.exe

uRun: [e] C:\Users\Gruchy\AppData\Roaming\Microsoft\Windows\Start Menu\daw.exe

uRun: [Nzk3M0RGNTYxODgzNTkzNU] C:\ProgramData\evbzkmjw.exe

uRun: [Nvidia] C:\ProgramData\kuqsrtjy.exe

uRun: [MUNDNTJFNjBCMEJBNThFOD] C:\ProgramData\qqapqnej.exe

mRun: [DELLOSD] C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe

mRun: [Chicony_OSD] "C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe"

mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"

mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe

mRun: [stickyNotesWidget] "c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\notes_startup_widgets.exe" "c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\start.umj"

mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [FAStartup]

mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [<NO NAME>]

mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\Users\Gruchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\daw.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 24.222.0.94 24.222.0.95

TCP: Interfaces\{68120DF6-C12E-4F5A-9471-A677598B1E1A} : DhcpNameServer = 24.222.0.94 24.222.0.95

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll

Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

LSA: Notification Packages = scecli FAPassSync

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120429234322.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: SSOIEAddonBHO Class: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll

BHO-X64: SSOIEAddonBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun-x64: [DELLOSD] C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe

mRun-x64: [Chicony_OSD] "C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe"

mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"

mRun-x64: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe

mRun-x64: [stickyNotesWidget] "c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\notes_startup_widgets.exe" "c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\start.umj"

mRun-x64: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe

mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun-x64: [FAStartup]

mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [(Default)]

mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 fltsrv;Acronis Storage Filter Management;C:\Windows\system32\DRIVERS\fltsrv.sys --> C:\Windows\system32\DRIVERS\fltsrv.sys [?]

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R0 vididr;Acronis Virtual Disk;C:\Windows\system32\DRIVERS\vididr.sys --> C:\Windows\system32\DRIVERS\vididr.sys [?]

R0 vidsflt61;Acronis Disk Storage Filter (61);C:\Windows\system32\DRIVERS\vsflt61.sys --> C:\Windows\system32\DRIVERS\vsflt61.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-10-23 98208]

R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-1-7 3450832]

R2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-4-21 1136640]

R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-3-30 923984]

R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-3-30 1001808]

R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-4-21 134928]

R2 Dell WMI Service;Dell WMI Service;C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe [2011-10-23 98304]

R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-4-10 166912]

R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-11-2 2428552]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-10-23 199272]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-10-23 210584]

R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]

R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]

R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\DELL\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]

R2 OSDSvc;ChiconyOSDService;C:\Program Files (x86)\DELL\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [2011-10-23 176128]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-10-23 1692480]

R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2011-12-16 5881952]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-23 2656280]

R3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]

R3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?]

R3 AVer7231_x64;AVerMedia 7231 capture service;C:\Windows\system32\DRIVERS\AVer7231_x64.sys --> C:\Windows\system32\DRIVERS\AVer7231_x64.sys [?]

R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-3-30 1321296]

R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]

R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]

R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]

R3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys --> C:\Windows\system32\DRIVERS\iwdbus.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/10/23 07:39:57;C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-26 236016]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]

S2 zproty;Common Integration Service;C:\Windows\System32\zproty.exe [2012-5-18 0]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-8 257696]

S3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]

S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]

S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys --> C:\Windows\system32\drivers\intelaud.sys [?]

S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-10-23 224704]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUVStor.sys --> C:\Windows\system32\Drivers\RtsUVStor.sys [?]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]

S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys --> C:\Windows\system32\DRIVERS\ssadserd.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-05-23 00:14:46 143360 ----a-w- C:\Users\Gruchy\AppData\Roaming\vwtrjl.exe_xiqnh

2012-05-22 23:54:32 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-05-22 23:54:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-05-22 23:51:43 143360 ----a-w- C:\Users\Gruchy\AppData\Roaming\nnrjyf.exe_cdkmq

2012-05-22 22:50:33 -------- d-----w- C:\Users\Gruchy\AppData\Roaming\nightupdate

2012-05-22 22:28:51 -------- d-----w- C:\Users\Gruchy\AppData\Local\{E3E1B852-95B4-4B01-889C-24998359DAEB}

2012-05-22 22:28:29 -------- d-----w- C:\Users\Gruchy\AppData\Local\{FE5302A6-5922-4A8E-BEBF-5F634F29C535}

2012-05-22 22:15:17 846745 ----a-w- C:\Users\Gruchy\AppData\Roaming\ewwkin.exe

2012-05-22 22:11:10 94208 ----a-w- C:\Users\Gruchy\AppData\Roaming\uekdmb.exe_sybex

2012-05-22 22:08:31 81920 ----a-w- C:\Users\Gruchy\AppData\Roaming\config.exe_wezxw

2012-05-22 22:08:12 12288 ----a-w- C:\Users\Gruchy\AppData\Roaming\55W1CDTOG3gogogo.exe

2012-05-22 21:55:22 0 ----a-w- C:\Users\Gruchy\AppData\Roaming\HK1XTIM0CT76sx.exe

2012-05-22 21:33:33 143360 ----a-w- C:\Users\Gruchy\AppData\Roaming\pgbcgc.exe_escox

2012-05-22 20:59:57 94208 ----a-w- C:\Users\Gruchy\AppData\Roaming\Microsoft\LfIAUqwnnbOVmuCRL.exe

2012-05-22 20:57:30 1530 ----a-w- C:\Users\Gruchy\AppData\Roaming\chyqye.exe

2012-05-22 18:41:09 32072 ----a-w- C:\Users\Gruchy\AppData\Roaming\256QIKG7FD.exe

2012-05-22 17:47:46 737280 ---h--w- C:\ProgramData\evbzkmjw.exe

2012-05-22 17:14:04 94208 ----a-w- C:\Users\Gruchy\AppData\Roaming\Microsoft\pgVAfGdO.exe

2012-05-22 16:11:44 659456 ----a-w- C:\Users\Gruchy\AppData\Roaming\Microsoft\FWucTuInLWOVhLNdcgdWCxveHULmb.exe

2012-05-22 16:05:04 327687 ----a-w- C:\Users\Gruchy\AppData\Roaming\2NBWH6GHUV58hbx.exe

2012-05-22 10:27:59 -------- d-----w- C:\Users\Gruchy\AppData\Local\{8A3E7471-A8E2-4359-8916-939949E98C45}

2012-05-22 10:27:36 -------- d-----w- C:\Users\Gruchy\AppData\Local\{2E815A17-FD0A-47F5-9A2F-69244342EA64}

2012-05-22 01:00:06 659456 ----a-w- C:\Users\Gruchy\AppData\Roaming\Microsoft\DdatATBqGewNkGNCGfGRigMANVDC.exe

2012-05-21 23:46:46 0 ----a-w- C:\Users\Gruchy\AppData\Roaming\LF7REU111.exe

2012-05-21 23:13:18 671744 ----a-w- C:\Users\Gruchy\AppData\Roaming\5-21.exe

2012-05-21 17:08:26 -------- d-----w- C:\Users\Gruchy\AppData\Local\{524B3C87-2E85-4CC9-9D8A-2A1F5667E977}

2012-05-21 17:08:03 -------- d-----w- C:\Users\Gruchy\AppData\Local\{5CFAFAE1-B1F1-40E9-B1D0-66A4F63F06E0}

2012-05-20 20:42:58 34 ----a-w- C:\Users\Gruchy\AppData\Roaming\vbc.exe

2012-05-20 18:56:48 -------- d-----w- C:\Users\Gruchy\AppData\Roaming\GoogleUpdates

2012-05-20 18:41:21 161211 ----a-w- C:\Users\Gruchy\AppData\Roaming\lulgck.exe

2012-05-20 18:41:21 161211 ----a-w- C:\Users\Gruchy\AppData\Roaming\fucfhn.exe

2012-05-20 18:23:22 846745 ----a-w- C:\Users\Gruchy\AppData\Roaming\godham.exe

2012-05-20 18:23:22 846745 ----a-w- C:\Users\Gruchy\AppData\Roaming\didwxr.exe

2012-05-20 18:17:59 507904 ----a-w- C:\Users\Gruchy\AppData\Roaming\yzvofg.exe

2012-05-20 18:17:59 507904 ----a-w- C:\Users\Gruchy\AppData\Roaming\lfgxll.exe

2012-05-20 17:48:30 828928 ----a-w- C:\Users\Gruchy\AppData\Roaming\iaylwi.exe_yiazf

2012-05-20 17:37:41 -------- d-----w- C:\Users\Gruchy\AppData\Roaming\Windows Live

2012-05-20 17:34:32 846745 ----a-w- C:\Users\Gruchy\AppData\Roaming\pcwfaa.exe

2012-05-20 17:34:32 846745 ----a-w- C:\Users\Gruchy\AppData\Roaming\lufhnw.exe

2012-05-20 15:40:46 32072 ----a-w- C:\Users\Gruchy\AppData\Roaming\2EGC87RUM0.exe_bwstw

2012-05-20 15:40:46 32072 ----a-w- C:\Users\Gruchy\AppData\Roaming\2EGC87RUM0.exe_abvid

2012-05-20 15:40:46 32072 ----a-w- C:\Users\Gruchy\AppData\Roaming\2EGC87RUM0.exe

2012-05-20 14:28:47 507904 ----a-w- C:\Users\Gruchy\AppData\Roaming\eiufpk.exe

2012-05-20 14:27:22 846745 ----a-w- C:\Users\Gruchy\AppData\Roaming\kkpxqh.exe

2012-05-20 14:22:54 507904 ----a-w- C:\Users\Gruchy\AppData\Roaming\ulbcwm.exe

2012-05-20 14:20:28 507904 ----a-w- C:\Users\Gruchy\AppData\Roaming\lzjvji.exe

2012-05-20 12:30:40 -------- d-----w- C:\Users\Gruchy\AppData\Local\Windows Live

2012-05-20 11:48:20 2560 ----a-w- C:\Users\Gruchy\AppData\Roaming\taskmgr.exe_qxkju

2012-05-20 11:48:06 32072 --sha-r- C:\Users\Gruchy\AppData\Roaming\bot.exe_jzufg

2012-05-20 02:44:45 -------- d-----r- C:\Program Files (x86)\Skype

2012-05-20 00:46:19 846745 ----a-w- C:\Users\Gruchy\AppData\Roaming\kclwij.exe

2012-05-19 20:32:02 846745 ----a-w- C:\Users\Gruchy\AppData\Roaming\vlcryv.exe

2012-05-19 19:15:04 846745 ----a-w- C:\Users\Gruchy\AppData\Roaming\zagrei.exe

2012-05-19 10:19:07 2560 ----a-w- C:\Users\Gruchy\AppData\Roaming\taskmgr.exe_mmeqj

2012-05-18 11:25:21 0 ----a-w- C:\Windows\SysWow64\zproty.exe

2012-05-18 10:13:27 55296 ----a-w- C:\Windows\System32\zproty.exe

2012-05-17 23:56:46 507904 ---ha-w- C:\Users\Gruchy\AppData\Roaming\Mjdnmdnoql.exe_yqcra

2012-05-17 23:48:09 -------- d-----w- C:\jagex_cache

2012-05-17 23:47:26 507904 ---ha-w- C:\Users\Gruchy\AppData\Roaming\Rndqqjwocr.exe_eggug

2012-05-17 22:35:48 507904 ---h--w- C:\Users\Gruchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\daw.exe

2012-05-17 22:35:48 507904 ---h--w- C:\Users\Gruchy\AppData\Roaming\Microsoft\Windows\Start Menu\daw.exe

2012-05-17 22:35:48 507904 ------r- C:\Users\Gruchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\daw.exe

2012-05-17 21:20:23 524800 ---ha-w- C:\Users\Gruchy\AppData\Roaming\thghmh.exe_hqcjp

2012-05-17 21:20:23 524800 ---ha-w- C:\Users\Gruchy\AppData\Roaming\odnvke.exe

2012-05-17 02:53:55 32072 --sha-r- C:\Users\Gruchy\AppData\Roaming\tnet.exe_lkwyf

2012-05-16 23:42:50 32072 --sha-r- C:\Users\Gruchy\AppData\Roaming\tnet.exe_hqzzw

2012-05-14 12:33:51 -------- d-----w- C:\directory

2012-05-13 00:07:48 -------- d-----w- C:\Users\Gruchy\AppData\Roaming\3 5

2012-05-11 21:08:21 1544704 ----a-w- C:\Windows\System32\DWrite.dll

2012-05-11 21:08:20 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-05-11 21:08:19 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-11 21:08:19 3146240 ----a-w- C:\Windows\System32\win32k.sys

2012-05-11 21:08:18 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-11 21:08:18 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-11 21:07:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys

2012-05-11 21:07:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-05-11 21:07:45 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-11 21:07:45 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL

2012-05-11 21:07:45 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll

2012-05-11 21:07:45 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll

2012-05-11 21:07:45 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-11 17:42:56 -------- d-----w- C:\Users\Gruchy\AppData\Roaming\Malwarebytes

2012-05-11 17:42:44 -------- d-----w- C:\ProgramData\Malwarebytes

2012-05-11 15:32:32 -------- d-----w- C:\Users\Gruchy\AppData\Local\Speed Booster PRO

2012-05-11 15:32:30 -------- d-----w- C:\Program Files (x86)\Speed Booster PRO

2012-05-10 13:33:13 -------- d-----w- C:\Windows\SysWow64\Adobe

2012-05-07 01:16:35 -------- d-----w- C:\Windows\en

2012-05-07 01:10:09 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2557abc01cd2bee0b\MeshBetaRemover.exe

2012-05-07 01:10:03 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\210fa15e1cd2bee0a\DXSETUP.exe

2012-05-07 01:10:02 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\210fa15e1cd2bee0a\DSETUP.dll

2012-05-07 01:10:02 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\210fa15e1cd2bee0a\dsetup32.dll

2012-05-07 01:09:57 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1d7738091cd2bee09\DSETUP.dll

2012-05-07 01:09:57 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1d7738091cd2bee09\DXSETUP.exe

2012-05-07 01:09:57 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1d7738091cd2bee09\dsetup32.dll

2012-04-27 23:18:09 -------- d-----w- C:\Users\Gruchy\AppData\Roaming\wargaming.net

2012-04-27 23:17:44 -------- d--h--w- C:\Windows\msdownld.tmp

2012-04-27 23:17:44 -------- d-----w- C:\Windows\SysWow64\directx

2012-04-27 23:17:40 -------- d-----w- C:\Games

2012-04-27 09:53:03 -------- d-----w- C:\Program Files (x86)\Dell Digital Delivery

.

==================== Find3M ====================

.

2012-05-04 23:09:23 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-04 23:09:23 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-04 23:09:05 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-03-20 16:11:30 162192 ----a-w- C:\Windows\System32\mfevtps.exe

2012-03-08 21:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll

2012-03-08 21:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR

2012-03-05 22:18:17 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

.

============= FINISH: 21:26:40.03 ===============

I would appreciate any assistance that can be offered.

Attach.txt

LDTate · May 23, 2012

Logs will be closed if you haven't replied within 3 days

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
Double click on ComboFix.exe & follow the prompts.
Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
Note: If you have XP SP3, use the XP SP2 package.
If Vista or Windows 7, skip the Recovery Console part
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

philns · May 23, 2012

Thanks very much for taking a look at this for me. The computer is running fine. I was getting strange security notices and knew something was off. I just ran Malwarebytes and it again detected the following:

HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully

I will re-boot and scan again.

The following is the Combofix log:

ComboFix 12-05-23.05 - Gruchy 23/05/2012 18:23:40.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.6049.4214 [GMT -3:00]

Running from: c:\users\Gruchy\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\evbzkmjw.exe

c:\programdata\Roaming

c:\users\Gruchy\AppData\Roaming\3 5

c:\users\Gruchy\AppData\Roaming\3 5\api-example.c

c:\users\Gruchy\AppData\Roaming\3 5\api-example.php

c:\users\Gruchy\AppData\Roaming\3 5\API.class

c:\users\Gruchy\AppData\Roaming\3 5\API.java

c:\users\Gruchy\AppData\Roaming\3 5\bat.bat

c:\users\Gruchy\AppData\Roaming\3 5\bt.lnk

c:\users\Gruchy\AppData\Roaming\3 5\diablo120328.cl

c:\users\Gruchy\AppData\Roaming\3 5\diakgcn120427.cl

c:\users\Gruchy\AppData\Roaming\3 5\example.conf

c:\users\Gruchy\AppData\Roaming\3 5\j.exe

c:\users\Gruchy\AppData\Roaming\3 5\libcurl-4.dll

c:\users\Gruchy\AppData\Roaming\3 5\libpdcurses.dll

c:\users\Gruchy\AppData\Roaming\3 5\libusb-1.0.dll

c:\users\Gruchy\AppData\Roaming\3 5\miner.php

c:\users\Gruchy\AppData\Roaming\3 5\OpenCL.dll

c:\users\Gruchy\AppData\Roaming\3 5\phatk120223.cl

c:\users\Gruchy\AppData\Roaming\3 5\poclbm120327.cl

c:\users\Gruchy\AppData\Roaming\3 5\pthreadGC2.dll

c:\users\Gruchy\AppData\Roaming\5-21.exe

c:\users\Gruchy\AppData\Roaming\bot.exe_jzufg

c:\users\Gruchy\AppData\Roaming\didwxr.exe

c:\users\Gruchy\AppData\Roaming\ewwkin.exe

c:\users\Gruchy\AppData\Roaming\F56F1F.exe

c:\users\Gruchy\AppData\Roaming\godham.exe

c:\users\Gruchy\AppData\Roaming\Gruchylog.dat

c:\users\Gruchy\AppData\Roaming\kclwij.exe

c:\users\Gruchy\AppData\Roaming\kkpxqh.exe

c:\users\Gruchy\AppData\Roaming\lufhnw.exe

c:\users\Gruchy\AppData\Roaming\Microsoft\Windows\Start Menu\daw.exe

c:\users\Gruchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\daw.exe

c:\users\Gruchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\daw.exe

c:\users\Gruchy\AppData\Roaming\odnvke.exe

c:\users\Gruchy\AppData\Roaming\pcwfaa.exe

c:\users\Gruchy\AppData\Roaming\thghmh.exe_hqcjp

c:\users\Gruchy\AppData\Roaming\tnet.exe_hqzzw

c:\users\Gruchy\AppData\Roaming\tnet.exe_lkwyf

c:\users\Gruchy\AppData\Roaming\vlcryv.exe

c:\users\Gruchy\AppData\Roaming\zagrei.exe

c:\users\Gruchy\Desktop\daw.exe

c:\users\Gruchy\Documents\daw.exe

c:\users\Gruchy\Favorites\daw.exe

c:\users\Gruchy\GoToAssistDownloadHelper.exe

c:\windows\SysWow64\zproty.exe

.

((((((((((((((((((((((((( Files Created from 2012-04-23 to 2012-05-23 )))))))))))))))))))))))))))))))

.

2012-05-23 21:29 . 2012-05-23 21:29 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-23 21:05 . 2012-05-23 21:05 143360 ----a-w- c:\users\Gruchy\AppData\Roaming\xwxpor.exe_yoiov

2012-05-23 10:29 . 2012-05-23 21:09 -------- d-----w- c:\users\Gruchy\AppData\Local\Windows Live

2012-05-23 00:30 . 2012-05-23 00:30 -------- d-----w- c:\users\Gruchy\AppData\Local\ElevatedDiagnostics

2012-05-23 00:30 . 2012-05-23 00:30 143360 ----a-w- c:\users\Gruchy\AppData\Roaming\teqgxt.exe_pemil

2012-05-23 00:14 . 2012-05-23 00:14 143360 ----a-w- c:\users\Gruchy\AppData\Roaming\vwtrjl.exe_xiqnh

2012-05-22 23:54 . 2012-04-04 18:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-22 23:54 . 2012-05-23 00:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-05-20 18:56 . 2012-05-20 18:56 -------- d-----w- c:\users\Gruchy\AppData\Roaming\GoogleUpdates

2012-05-20 17:37 . 2012-05-20 21:42 -------- d-----w- c:\users\Gruchy\AppData\Roaming\Windows Live

2012-05-20 02:44 . 2012-05-20 02:44 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-05-20 02:44 . 2012-05-20 02:44 -------- d-----r- c:\program files (x86)\Skype

2012-05-18 10:13 . 2012-05-18 10:13 55296 ----a-w- c:\windows\system32\zproty.exe

2012-05-18 02:03 . 2012-05-18 02:03 -------- d-----w- c:\program files\Microsoft Silverlight

2012-05-18 02:03 . 2012-05-18 02:03 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2012-05-17 23:56 . 2012-05-17 23:56 507904 ---ha-w- c:\users\Gruchy\AppData\Roaming\Mjdnmdnoql.exe_yqcra

2012-05-17 23:48 . 2012-05-17 23:48 -------- d-----w- C:\jagex_cache

2012-05-17 23:47 . 2012-05-17 23:47 507904 ---ha-w- c:\users\Gruchy\AppData\Roaming\Rndqqjwocr.exe_eggug

2012-05-14 12:33 . 2012-05-20 21:42 -------- d-----w- C:\directory

2012-05-11 21:08 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll

2012-05-11 21:08 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-05-11 21:08 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-11 21:08 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys

2012-05-11 21:08 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-11 21:08 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-11 21:07 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-11 21:07 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-11 21:07 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-05-11 21:07 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2012-05-11 21:07 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-11 21:07 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2012-05-11 21:07 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-11 17:42 . 2012-05-11 17:42 -------- d-----w- c:\users\Gruchy\AppData\Roaming\Malwarebytes

2012-05-11 17:42 . 2012-05-11 17:42 -------- d-----w- c:\programdata\Malwarebytes

2012-05-11 15:32 . 2012-05-11 15:32 -------- d-----w- c:\users\Gruchy\AppData\Local\Speed Booster PRO

2012-05-11 15:32 . 2012-05-11 15:32 -------- d-----w- c:\program files (x86)\Speed Booster PRO

2012-05-10 13:33 . 2012-05-10 13:33 -------- d-----w- c:\windows\SysWow64\Adobe

2012-05-07 01:16 . 2012-05-07 01:16 -------- d-----w- c:\windows\en

2012-05-07 01:11 . 2012-05-15 20:34 -------- d-----w- c:\program files (x86)\Windows Live

2012-05-07 01:10 . 2012-05-07 01:11 -------- d-----w- c:\program files\Windows Live

2012-05-07 01:10 . 2012-05-07 01:10 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\2557abc01cd2bee0b\MeshBetaRemover.exe

2012-05-07 01:10 . 2012-05-07 01:10 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\210fa15e1cd2bee0a\DXSETUP.exe

2012-05-07 01:10 . 2012-05-07 01:10 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\210fa15e1cd2bee0a\DSETUP.dll

2012-05-07 01:10 . 2012-05-07 01:10 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\210fa15e1cd2bee0a\dsetup32.dll

2012-05-07 01:09 . 2012-05-07 01:09 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\1d7738091cd2bee09\DSETUP.dll

2012-05-07 01:09 . 2012-05-07 01:09 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\1d7738091cd2bee09\DXSETUP.exe

2012-05-07 01:09 . 2012-05-07 01:09 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\1d7738091cd2bee09\dsetup32.dll

2012-04-27 23:18 . 2012-04-27 23:18 -------- d-----w- c:\users\Gruchy\AppData\Roaming\wargaming.net

2012-04-27 23:17 . 2012-04-27 23:18 -------- d--h--w- c:\windows\msdownld.tmp

2012-04-27 23:17 . 2012-04-27 23:17 -------- d-----w- C:\Games

2012-04-27 09:53 . 2012-04-27 09:53 -------- d-----w- c:\program files (x86)\Dell Digital Delivery

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-07 01:10 . 2011-03-28 21:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-05-04 23:09 . 2012-04-08 10:39 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-04 23:09 . 2011-10-23 12:09 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-04 23:09 . 2012-04-13 23:10 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-03-20 16:11 . 2011-10-23 12:54 162192 ----a-w- c:\windows\system32\mfevtps.exe

2012-03-08 21:50 . 2012-03-08 21:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll

2012-03-08 21:37 . 2012-03-08 21:37 302448 ----a-w- c:\windows\WLXPGSS.SCR

2012-03-05 22:18 . 2011-10-23 12:25 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-03-01 14:31 . 2012-03-01 14:31 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin

2012-03-01 06:46 . 2012-04-12 02:02 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-03-01 06:38 . 2012-04-12 02:02 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-03-01 06:33 . 2012-04-12 02:02 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-03-01 06:28 . 2012-04-12 02:02 5120 ----a-w- c:\windows\system32\wmi.dll

2012-03-01 05:37 . 2012-04-12 02:02 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-03-01 05:33 . 2012-04-12 02:02 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-03-01 05:29 . 2012-04-12 02:02 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-02-28 06:56 . 2012-04-12 02:04 2311168 ----a-w- c:\windows\system32\jscript9.dll

2012-02-28 06:49 . 2012-04-12 02:04 1390080 ----a-w- c:\windows\system32\wininet.dll

2012-02-28 06:48 . 2012-04-12 02:04 1493504 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-28 06:42 . 2012-04-12 02:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-02-28 01:18 . 2012-04-12 02:04 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-02-28 01:11 . 2012-04-12 02:04 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-02-28 01:11 . 2012-04-12 02:04 1127424 ----a-w- c:\windows\SysWow64\wininet.dll

2012-02-28 01:03 . 2012-04-12 02:04 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"mau"="c:\users\Gruchy\AppData\Roaming\mau" [X]

"Audio Driver"="c:\users\Gruchy\AppData\Roaming\system\config.exe" [2012-05-21 671744]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"DELLOSD"="c:\program files (x86)\DELL\DELLOSD\FastUserSwitching.exe" [2010-12-06 49152]

"Chicony_OSD"="c:\program files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe" [2011-01-13 53248]

"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]

"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]

"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2010-10-27 75048]

"StickyNotesWidget"="c:\program files (x86)\Dell Touch Software Suite\StickyNotes\notes_startup_widgets.exe" [2011-03-18 666344]

"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-11-02 93832]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]

"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]

"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-02-06 66872]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-12-16 5953992]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]

2010-11-02 03:40 147080 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli FAPassSync

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/10/23 07:39;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-26 236016]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 Dell WMI Service;Dell WMI Service;c:\program files (x86)\DELL\DELLOSD\DellOSDService.exe [2011-05-27 98304]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]

R2 zproty;Common Integration Service;c:\windows\system32\zproty.exe [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]

R3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]

R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]

R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-08 224704]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [x]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]

R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [x]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [x]

S0 vidsflt61;Acronis Disk Storage Filter (61);c:\windows\system32\DRIVERS\vsflt61.sys [x]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]

S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-01-07 3450832]

S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-04-21 1136640]

S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-03-30 923984]

S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-03-30 1001808]

S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-04-21 134928]

S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-04-10 166912]

S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-11-02 2428552]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]

S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]

S2 OSDSvc;ChiconyOSDService;c:\program files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [2010-12-01 176128]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]

S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2011-12-16 5881952]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]

S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]

S3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]

S3 AVer7231_x64;AVerMedia 7231 capture service;c:\windows\system32\DRIVERS\AVer7231_x64.sys [x]

S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-03-30 1321296]

S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]

S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]

S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]

S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - CLKMDRV10_9EC60124

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-23 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 23:09]

.

2012-05-18 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-03-28 23:04]

.

2012-05-23 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-03-28 23:04]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-05-25 7214696]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-22 168216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-22 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-22 416024]

"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]

"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]

"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-12-16 403096]

"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://msn.ca/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 24.222.0.94 24.222.0.95

Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files (x86)\TurboTax 2011\ic2011pp.dll

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-HD Audio Service - c:\users\Gruchy\AppData\Local\HDAudio.exe

Wow6432Node-HKCU-Run-Nzk3M0RGNTYxODgzNTkzNU - c:\programdata\evbzkmjw.exe

Wow6432Node-HKCU-Run-MUNDNTJFNjBCMEJBNThFOD - c:\programdata\qqapqnej.exe

Wow6432Node-HKLM-Run-FAStartup - (no file)

Toolbar-Locked - (no file)

ShellIconOverlayIdentifiers- - (no file)

AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-05-23 18:31:37

ComboFix-quarantined-files.txt 2012-05-23 21:31

.

Pre-Run: 874,782,076,928 bytes free

Post-Run: 874,986,434,560 bytes free

.

- - End Of File - - 7A9EC5E35F12EB9CD769F3A5DF4C4CDD

LDTate · May 23, 2012

You have some new ones I haven't seen before but they might just be random ones that we need to have a look at.

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

http://forums.malwarebytes.org/index.php?showtopic=110199&hl=&fromsearch=1
KillAll::

Collect::
c:\users\Gruchy\AppData\Roaming\xwxpor.exe_yoiov
c:\users\Gruchy\AppData\Roaming\teqgxt.exe_pemil
c:\users\Gruchy\AppData\Roaming\vwtrjl.exe_xiqnh
c:\windows\system32\zproty.exe
c:\users\Gruchy\AppData\Roaming\Mjdnmdnoql.exe_yqcra
c:\users\Gruchy\AppData\Roaming\Rndqqjwocr.exe_eggug

ClearJavaCache::

Driver::
zproty

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

philns · May 23, 2012

The computer is running fine. Other than some strange notices, it was running ok. Here is the last log:

ComboFix 12-05-23.05 - Gruchy 23/05/2012 19:11:53.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.6049.4231 [GMT -3:00]

Running from: c:\users\Gruchy\Desktop\ComboFix.exe

Command switches used :: c:\users\Gruchy\Desktop\CFScript.txt