Possible infection?

cgull · July 28, 2012

My computer (Windows 7 64bit) has started BSODing recently and after looking at the Event Viewer saw many 'Critical' notifications in the System Log. After searching for what it could be I turned up many posts about viruses with the error message: "DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server".

I'm paranoid about viruses so if you could help I would greatly appreciate!

I will follow-up with the 'Attach.txt' and 'DDS.txt' log files.

cgull · July 28, 2012

DDS.txt ------>

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Glenn at 22:52:23 on 2012-07-27

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8190.6165 [GMT -4:00]

.

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe

C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

C:\Windows\SysWOW64\vmnat.exe

C:\Windows\system32\svchost.exe -k iissvcs

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

C:\Windows\SysWOW64\vmnetdhcp.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe

C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe

C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

C:\Users\Glenn\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Windows\system32\conhost.exe

C:\Users\Glenn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe

C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\SSDriver\fi5110\SsWiaChecker.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Users\Glenn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Users\Glenn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Users\Glenn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll

uRun: [Google Update] "C:\Users\Glenn\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe

uRun: [spotify] "C:\Users\Glenn\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart

uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

uRun: [skyDrive] "C:\Users\Glenn\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background

uRun: [spotify Web Helper] "C:\Users\Glenn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet

uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

mRun: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [scanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

StartupFolder: C:\Users\Glenn\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANSN~1.LNK - C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

LSP: %SystemRoot%\system32\vsocklib.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://192.168.1.141/codebase/DVM_IPCam2.ocx

DPF: {C32FE9F1-A857-48B0-B7BF-065B5792F28D} - hxxp://192.168.1.205/activex/decoder/intel_mpeg4_dec.cab

DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://192.168.1.205/activex/AMC.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1

TCP: Interfaces\{83F532C3-E49A-44D9-B3F5-E5D3A9E86A5D} : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll

BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll

BHO-X64: Norton Identity Protection - No File

BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL

BHO-X64: Norton Vulnerability Protection - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll

TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

mRun-x64: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [scanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-7-12 1161376]

R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120725.001\IDSviA64.sys [2012-7-25 509088]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1307010.005\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1307010.005\SYMNETS.SYS [?]

R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccsvchst.exe [2012-6-9 138232]

R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-6-15 548264]

R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-3-15 370504]

R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-29 846448]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-6-13 138912]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-9 250056]

S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

.

=============== Created Last 30 ================

.

2012-07-25 05:15:27 -------- d-----w- C:\Users\Glenn\AppData\Local\ATI

2012-07-25 04:21:12 -------- d-----w- C:\ProgramData\AMD

2012-07-25 04:21:11 -------- d-----w- C:\Program Files (x86)\AMD AVT

2012-07-25 04:21:10 -------- d-----w- C:\Program Files (x86)\AMD APP

2012-07-25 04:21:07 -------- d-----w- C:\Program Files\Common Files\ATI Technologies

2012-07-25 04:21:07 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies

2012-07-25 04:20:25 -------- d-----w- C:\Program Files (x86)\ATI Technologies

2012-07-24 03:01:16 -------- d-----w- C:\Program Files\ATI Technologies

2012-07-24 03:01:13 -------- d-----w- C:\Program Files\ATI

2012-07-24 02:55:51 -------- d-----w- C:\AMD

2012-07-24 01:46:22 -------- d-----w- C:\Users\Glenn\AppData\Local\ElevatedDiagnostics

2012-07-20 20:40:24 -------- d--h--w- C:\SkyDriveTemp

2012-07-16 01:37:51 -------- d-----w- C:\Windows\System32\appmgmt

2012-07-11 07:02:14 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-11 00:25:47 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-07-11 00:25:46 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll

2012-07-11 00:25:46 2048 ----a-w- C:\Windows\System32\msxml3r.dll

2012-07-11 00:25:46 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-07-11 00:25:46 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-07-11 00:25:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-07-10 23:51:21 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-07-10 23:51:21 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-07-10 23:51:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-07-10 23:51:21 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-07-10 23:51:20 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-07-10 23:51:20 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-07-10 23:51:20 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-07-10 23:51:20 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-07-10 23:51:20 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-07-02 04:24:37 -------- d-----w- C:\Users\Glenn\AppData\Local\{BD52D38F-4F0D-4325-BB9E-32223CCB54AA}

2012-07-01 04:06:01 -------- d-----w- C:\db

2012-06-28 03:48:57 -------- d-----w- C:\Users\Glenn\AppData\Roaming\MySQL

2012-06-28 03:46:18 -------- d-----w- C:\Program Files (x86)\MySQL

.

==================== Find3M ====================

.

2012-07-12 01:53:16 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-12 01:53:16 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-21 02:50:59 476936 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2012-06-21 02:50:59 472840 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-06-18 05:11:34 544008 ----a-w- C:\Windows\System32\npdeployJava1.dll

2012-06-18 05:11:34 525576 ----a-w- C:\Windows\System32\deployJava1.dll

2012-06-11 18:59:38 10248192 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2012-06-11 18:35:48 70144 ----a-w- C:\Windows\System32\coinst_8.98.dll

2012-06-11 18:29:34 24826368 ----a-w- C:\Windows\System32\atio6axx.dll

2012-06-11 18:00:32 20467712 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2012-06-11 17:50:46 187392 ----a-w- C:\Windows\System32\clinfo.exe

2012-06-11 17:50:30 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll

2012-06-11 17:50:24 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2012-06-11 17:50:18 63488 ----a-w- C:\Windows\System32\OVDecode64.dll

2012-06-11 17:50:14 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2012-06-11 17:50:06 16457728 ----a-w- C:\Windows\System32\amdocl64.dll

2012-06-11 17:49:22 13008896 ----a-w- C:\Windows\SysWow64\amdocl.dll

2012-06-11 17:48:34 54784 ----a-w- C:\Windows\System32\OpenCL.dll

2012-06-11 17:48:30 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2012-06-11 17:25:06 163840 ----a-w- C:\Windows\System32\atiapfxx.exe

2012-06-11 17:24:58 924160 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2012-06-11 17:23:12 1090560 ----a-w- C:\Windows\System32\aticfx64.dll

2012-06-11 17:20:02 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2012-06-11 17:19:58 532992 ----a-w- C:\Windows\System32\atieclxx.exe

2012-06-11 17:19:14 239616 ----a-w- C:\Windows\System32\atiesrxx.exe

2012-06-11 17:17:56 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2012-06-11 17:17:42 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2012-06-11 17:17:38 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2012-06-11 17:17:32 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2012-06-11 17:16:48 6301696 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2012-06-11 17:01:56 6914560 ----a-w- C:\Windows\System32\atidxx64.dll

2012-06-11 16:51:54 4246528 ----a-w- C:\Windows\System32\atiumd6a.dll

2012-06-11 16:45:48 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2012-06-11 16:45:46 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2012-06-11 16:45:44 5480448 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2012-06-11 16:45:40 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2012-06-11 16:45:38 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2012-06-11 16:45:26 15703040 ----a-w- C:\Windows\System32\aticaldd64.dll

2012-06-11 16:43:18 4729344 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2012-06-11 16:40:58 13277696 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2012-06-11 16:36:56 6605824 ----a-w- C:\Windows\System32\atiumd64.dll

2012-06-11 16:27:02 539136 ----a-w- C:\Windows\System32\atiadlxx.dll

2012-06-11 16:26:52 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2012-06-11 16:26:40 17920 ----a-w- C:\Windows\System32\atig6pxx.dll

2012-06-11 16:26:36 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2012-06-11 16:26:36 14848 ----a-w- C:\Windows\System32\atiglpxx.dll

2012-06-11 16:26:30 41984 ----a-w- C:\Windows\System32\atig6txx.dll

2012-06-11 16:26:22 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2012-06-11 16:26:14 367616 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2012-06-11 16:25:20 54784 ----a-w- C:\Windows\System32\atiuxp64.dll

2012-06-11 16:25:12 42496 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2012-06-11 16:25:06 45056 ----a-w- C:\Windows\System32\atiu9p64.dll

2012-06-11 16:24:58 32768 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2012-06-11 16:24:24 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\atimpc64.dll

2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\amdpcom64.dll

2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2012-06-09 06:37:32 942744 ----a-w- C:\Windows\System32\vnetlib64.dll

2012-06-09 06:37:26 63128 ----a-w- C:\Windows\System32\drivers\vmx86.sys

2012-06-09 06:37:04 433816 ----a-w- C:\Windows\SysWow64\vmnat.exe

2012-06-09 06:36:36 354456 ----a-w- C:\Windows\SysWow64\vmnetdhcp.exe

2012-06-09 06:36:16 32920 ----a-w- C:\Windows\System32\drivers\VMkbd.sys

2012-06-09 06:35:38 30360 ----a-w- C:\Windows\System32\drivers\vmnetuserif.sys

2012-06-09 04:29:42 252056 ----a-w- C:\Windows\SysWow64\vmnc.dll

2012-06-09 03:52:20 62064 ----a-w- C:\Windows\System32\vmnetbridge.dll

2012-06-09 03:52:20 48752 ----a-w- C:\Windows\System32\vnetinst.dll

2012-06-09 03:52:20 45680 ----a-w- C:\Windows\System32\drivers\vmnetbridge.sys

2012-06-09 03:52:20 24176 ----a-w- C:\Windows\System32\drivers\vmnet.sys

2012-06-09 03:52:20 20080 ----a-w- C:\Windows\System32\drivers\vmnetadapter.sys

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-05-10 20:35:16 43520 ----a-w- C:\Windows\System32\kdbsdk64.dll

2012-05-10 20:35:16 29184 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

.

============= FINISH: 22:52:43.85 ===============

Attach.txt --------->

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 12/31/2011 3:07:08 AM

System Uptime: 7/27/2012 10:40:11 PM (0 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | G41MT-S2P

Processor: Intel® Core2 Quad CPU Q9450 @ 2.66GHz | Socket 775 | 2667/333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 119 GiB total, 22.937 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 1397 GiB total, 558.494 GiB free.

F: is Removable

G: is Removable

H: is Removable

I: is Removable

J: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Description: Photosmart D110 series

Device ID: ROOT\IMAGE\0000

Manufacturer: HP

Name: Photosmart D110 series

PNP Device ID: ROOT\IMAGE\0000

Service: StillCam

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart D110 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Photosmart D110 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

==== System Restore Points ===================

.

RP59: 7/16/2012 2:57:39 AM - Scheduled Checkpoint

RP60: 7/25/2012 1:12:25 AM - Windows Update

.

==== Installed Programs ======================

.

7-Zip 9.20

Adobe AIR

Adobe Community Help

Adobe Flash Player 11 ActiveX

Adobe Photoshop Elements 9

Adobe Photoshop.com Inspiration Browser

Adobe Reader X (10.1.3)

AnyDVD

Apple Application Support

Apple Software Update

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

AXIS Media Control Embedded

Balsamiq Mockups For Desktop

Blue Iris 3

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Cisco Network Magic

CloneDVDmobile

Crystal Reports Basic Runtime for Visual Studio 2008

CrystalDiskInfo 4.1.4

CyberView X - SF v1.18c

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Elements 9 Organizer

Elements STI Installer

ElkRP2

Evernote v. 4.5.6

Google Chrome

IntelliJ IDEA 11.1.2

Java Auto Updater

Java 6 Update 33

Java SE Development Kit 6 Update 33

Media Center Master v1.33

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft SkyDrive

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_CRT_x86

Mp3tag v2.49a

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MySQL Workbench 5.2 CE

Network Magic

Norton Internet Security

Picasa 3

PS_AIO_07_D110_SW_Min

Pure Networks Platform

Scan

ScanSnap

ScanSnap Manager

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition

Sonos Desktop Controller

Splashtop Streamer

Spotify

The Dude

Toolbox

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

VirtualCloneDrive

VMware Player

WinPcap 4.1.2

Wireshark 1.6.5

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

7/27/2012 7:28:08 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

7/27/2012 6:59:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

7/27/2012 6:54:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

7/27/2012 6:54:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

7/27/2012 6:52:12 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

7/27/2012 6:51:01 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

7/27/2012 6:51:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

7/27/2012 6:51:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

7/27/2012 6:50:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

7/27/2012 6:50:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

7/27/2012 6:50:12 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_NIS discache eeCtrl ElbyCDIO IDSVia64 spldr SRTSP SRTSPX SymIRON SymNetS Wanarpv6

7/25/2012 1:12:39 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070103: ATI Technologies Inc. - Display - AMD Radeon HD 6800 Series.

7/24/2012 9:39:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

7/23/2012 10:45:17 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR6.

.

==== End Of File ===========================

cgull · July 28, 2012

And here is the RogueKiller report:

RogueKiller V7.6.4 [07/17/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Glenn [Admin rights]

Mode: Scan -- Date: 07/27/2012 22:54:57

¤¤¤ Bad processes: 1 ¤¤¤

[sUSP PATH] SkyDrive.exe -- C:\Users\Glenn\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 5 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : SkyDrive ("C:\Users\Glenn\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-3353782647-3817036229-1744754506-1000[...]\Run : SkyDrive ("C:\Users\Glenn\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: M4-CT128M4SSD2 ATA Device +++++

--- User ---

[MBR] c164bb220e557c3eb44a408f57558592

[bSP] 1f84c67221b92aca5df6298102f997ff : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 122002 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD1502FAEX-007BA0 ATA Device +++++

--- User ---

[MBR] f1a626ceac5b5542d89a7184c1c3a4d3

[bSP] 6e37f9cf43490f99f11f5ef7f0fc8457 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1430797 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

-----------------------------------------------------------------------------

Here is the 'QuarantineReport.txt':

Time : 27/07/2012 22:54:57

--------------------------

[skyDrive.exe.vir] -> C:\Users\Glenn\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

cgull · July 29, 2012

I will definitely donate if an official member can help me either determine that I have a virus or rule out that I don't have a virus. I really need to be sure otherwise the worst case is I'll reformat. Thanks!

screen317 · July 30, 2012

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

When the tool is finished, it will produce a report for you.
Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

cgull · August 2, 2012

I'm on travel and away from the computer that has the issue. I will return late Thursday night so should be able to post the results around midnight Thursday (8/2) or on Friday. Thanks for the response and will get the info posted soon!!!

screen317 · August 2, 2012

No problem. Have a good time.

cgull · August 3, 2012

MalwareBytes quickscan log file (will run Combofix and followup with another post):

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.03.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Glenn :: GLENN-MAIN [administrator]

Protection: Enabled

8/2/2012 10:30:11 PM

mbam-log-2012-08-02 (22-30-11).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 214470

Time elapsed: 1 minute(s), 18 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

cgull · August 3, 2012

ComboFix log file:

ComboFix 12-07-31.04 - Glenn 08/02/2012 22:37:55.1.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8190.6213 [GMT -4:00]

Running from: c:\users\Glenn\Downloads\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\SysWow64\aosmtp.dll

.

((((((((((((((((((((((((( Files Created from 2012-07-03 to 2012-08-03 )))))))))))))))))))))))))))))))

.

2012-08-03 02:42 . 2012-08-03 02:42 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp

2012-08-03 02:42 . 2012-08-03 02:42 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-29 05:04 . 2012-07-29 05:04 -------- d-----w- c:\users\Glenn\AppData\Roaming\Malwarebytes

2012-07-29 05:04 . 2012-07-29 05:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-07-29 05:04 . 2012-07-29 05:04 -------- d-----w- c:\programdata\Malwarebytes

2012-07-29 05:04 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-25 05:15 . 2012-07-25 05:15 -------- d-----w- c:\users\Glenn\AppData\Roaming\ATI

2012-07-25 05:15 . 2012-07-25 05:15 -------- d-----w- c:\users\Glenn\AppData\Local\ATI

2012-07-25 05:15 . 2012-07-25 05:15 -------- d-----w- c:\programdata\ATI

2012-07-25 04:21 . 2012-07-25 04:21 -------- d-----w- c:\programdata\AMD

2012-07-25 04:21 . 2012-07-25 04:21 -------- d-----w- c:\program files (x86)\AMD AVT

2012-07-25 04:21 . 2012-07-25 04:21 -------- d-----w- c:\program files (x86)\AMD APP

2012-07-25 04:21 . 2012-07-25 04:21 -------- d-----w- c:\program files\Common Files\ATI Technologies

2012-07-25 04:21 . 2012-07-25 04:21 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies

2012-07-25 04:20 . 2012-07-25 04:20 -------- d-----w- c:\program files (x86)\ATI Technologies

2012-07-24 03:01 . 2012-07-25 04:20 -------- d-----w- c:\program files\ATI Technologies

2012-07-24 03:01 . 2012-07-24 03:01 -------- d-----w- c:\program files\ATI

2012-07-24 02:55 . 2012-07-24 02:55 -------- d-----w- C:\AMD

2012-07-24 01:46 . 2012-07-24 01:46 -------- d-----w- c:\users\Glenn\AppData\Local\ElevatedDiagnostics

2012-07-20 20:40 . 2012-07-20 20:40 -------- d-----w- C:\SkyDriveTemp

2012-07-16 01:37 . 2012-07-16 01:37 -------- d-----w- c:\windows\system32\appmgmt

2012-07-11 07:02 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 00:44 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll

2012-07-11 00:25 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-07-11 00:25 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll

2012-07-11 00:25 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-07-11 00:25 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-07-11 00:25 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll

2012-07-11 00:25 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll

2012-07-10 23:51 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys

2012-07-10 23:51 . 2012-06-02 05:48 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-07-10 23:51 . 2012-06-02 05:45 340992 ----a-w- c:\windows\system32\schannel.dll

2012-07-10 23:51 . 2012-06-02 05:44 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-07-10 23:51 . 2012-06-02 05:48 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-07-10 23:51 . 2012-06-02 04:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-07-10 23:51 . 2012-06-02 04:40 225280 ----a-w- c:\windows\SysWow64\schannel.dll

2012-07-10 23:51 . 2012-06-02 04:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-07-10 23:51 . 2012-06-02 04:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-29 05:53 . 2012-05-09 21:40 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-29 05:53 . 2012-01-01 16:15 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-11 07:00 . 2012-04-27 04:25 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-06-21 02:50 . 2012-06-21 02:51 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-06-21 02:50 . 2012-06-21 02:51 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-06-18 05:11 . 2012-06-18 05:11 544008 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-06-18 05:11 . 2012-06-18 05:11 525576 ----a-w- c:\windows\system32\deployJava1.dll

2012-06-18 05:11 . 2012-06-18 05:11 191240 ----a-w- c:\windows\system32\javaws.exe

2012-06-18 05:11 . 2012-06-18 05:11 172296 ----a-w- c:\windows\system32\javaw.exe

2012-06-18 05:11 . 2012-06-18 05:11 172296 ----a-w- c:\windows\system32\java.exe

2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll

2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll

2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll

2012-06-11 17:50 . 2012-06-11 17:50 187392 ----a-w- c:\windows\system32\clinfo.exe

2012-06-11 17:50 . 2012-06-11 17:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll

2012-06-11 17:50 . 2012-06-11 17:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2012-06-11 17:50 . 2012-06-11 17:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll

2012-06-11 17:50 . 2012-06-11 17:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll

2012-06-11 17:50 . 2012-06-11 17:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll

2012-06-11 17:49 . 2012-06-11 17:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll

2012-06-11 17:48 . 2012-06-11 17:48 54784 ----a-w- c:\windows\system32\OpenCL.dll

2012-06-11 17:48 . 2012-06-11 17:48 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe

2012-06-11 17:24 . 2012-06-11 17:24 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-06-11 17:23 . 2012-06-11 17:23 1090560 ----a-w- c:\windows\system32\aticfx64.dll

2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll

2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe

2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe

2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll

2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll

2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll

2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2012-06-11 17:16 . 2012-06-11 17:16 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll

2012-06-11 17:01 . 2012-06-11 17:01 6914560 ----a-w- c:\windows\system32\atidxx64.dll

2012-06-11 16:51 . 2012-06-11 16:51 4246528 ----a-w- c:\windows\system32\atiumd6a.dll

2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2012-06-11 16:45 . 2012-06-11 16:45 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll

2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll

2012-06-11 16:43 . 2012-06-11 16:43 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll

2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll

2012-06-11 16:36 . 2012-06-11 16:36 6605824 ----a-w- c:\windows\system32\atiumd64.dll

2012-06-11 16:27 . 2012-06-11 16:27 539136 ----a-w- c:\windows\system32\atiadlxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll

2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-06-11 16:25 . 2012-06-11 16:25 54784 ----a-w- c:\windows\system32\atiuxp64.dll

2012-06-11 16:25 . 2012-06-11 16:25 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-06-11 16:25 . 2012-06-11 16:25 45056 ----a-w- c:\windows\system32\atiu9p64.dll

2012-06-11 16:24 . 2012-06-11 16:24 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll

2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll

2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll

2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2012-06-09 06:37 . 2012-06-16 02:15 942744 ----a-w- c:\windows\system32\vnetlib64.dll

2012-06-09 06:37 . 2012-06-16 02:15 63128 ----a-w- c:\windows\system32\drivers\vmx86.sys

2012-06-09 06:37 . 2012-06-16 02:15 433816 ----a-w- c:\windows\SysWow64\vmnat.exe

2012-06-09 06:36 . 2012-06-16 02:15 354456 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe

2012-06-09 06:36 . 2012-06-16 02:15 32920 ----a-w- c:\windows\system32\drivers\VMkbd.sys

2012-06-09 06:35 . 2012-06-16 02:15 30360 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys

2012-06-09 04:29 . 2012-06-09 04:29 252056 ----a-w- c:\windows\SysWow64\vmnc.dll

2012-06-09 03:52 . 2012-06-09 03:52 62064 ----a-w- c:\windows\system32\vmnetbridge.dll

2012-06-09 03:52 . 2012-06-09 03:52 48752 ----a-w- c:\windows\system32\vnetinst.dll

2012-06-09 03:52 . 2012-06-09 03:52 45680 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys

2012-06-09 03:52 . 2012-06-09 03:52 24176 ----a-w- c:\windows\system32\drivers\vmnet.sys

2012-06-09 03:52 . 2012-06-09 03:52 20080 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys

2012-06-02 22:19 . 2012-06-24 15:36 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-24 15:36 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-24 15:36 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-24 15:36 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-24 15:36 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-24 15:36 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-24 15:36 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 19:19 . 2012-06-24 15:36 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 19:15 . 2012-06-24 15:36 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-05-10 20:35 . 2012-05-10 20:35 43520 ----a-w- c:\windows\system32\kdbsdk64.dll

2012-05-10 20:35 . 2012-05-10 20:35 29184 ----a-w- c:\windows\SysWow64\kdbsdk32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2012-07-20 03:24 220624 ----a-w- c:\users\Glenn\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2012-07-20 03:24 220624 ----a-w- c:\users\Glenn\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2012-07-20 03:24 220624 ----a-w- c:\users\Glenn\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\SkyDriveShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2012-04-19 6033016]

"Spotify"="c:\users\Glenn\AppData\Roaming\Spotify\Spotify.exe" [2012-07-29 7601880]

"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]

"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]

"SkyDrive"="c:\users\Glenn\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2012-07-20 238544]

"Spotify Web Helper"="c:\users\Glenn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-29 1193176]

"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]

"nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"ScanSnap WIA Service Checker"="c:\windows\SSDriver\fi5110\SsWiaChecker.exe" [2009-09-30 86016]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

c:\users\Glenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-5-9 1014112]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

ScanSnap Manager.lnk - c:\program files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe [2012-6-21 1163264]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-29 250056]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-02 1255736]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [2011-07-26 451192]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [2012-03-29 1092728]

S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-06-19 1161376]

S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [2011-11-29 167048]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120727.001\IDSvia64.sys [2012-06-14 509088]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [2012-03-29 190072]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [2012-03-29 405624]

S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]

S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-06-15 548264]

S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504]

S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-30 846448]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 52584]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-07-30 138912]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-03-23 77936]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

iissvcs REG_MULTI_SZ w3svc was

apphost REG_MULTI_SZ apphostsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-09 05:53]

.

2012-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3353782647-3817036229-1744754506-1000Core.job

- c:\users\Glenn\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-02 02:01]

.

2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3353782647-3817036229-1744754506-1000UA.job

- c:\users\Glenn\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-02 02:01]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2012-07-20 03:24 244688 ----a-w- c:\users\Glenn\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2012-07-20 03:24 244688 ----a-w- c:\users\Glenn\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2012-07-20 03:24 244688 ----a-w- c:\users\Glenn\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

LSP: %SystemRoot%\system32\vsocklib.dll

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1

DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://192.168.1.141/codebase/DVM_IPCam2.ocx

DPF: {C32FE9F1-A857-48B0-B7BF-065B5792F28D} - hxxp://192.168.1.205/activex/decoder/intel_mpeg4_dec.cab

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://192.168.1.205/activex/AMC.cab

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.032"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.apd"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.bay"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.bw"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.cs1"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.dcx"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.djv"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.djvu"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.eps"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.fff"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.fpx"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.hdr"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.icn"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.iff"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.ilbm"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.int"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.inta"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.iw4"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.j2c"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.j2k"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.jbr"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.jif"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.jp2"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.jpc"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.jpk"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.jpx"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.lbm"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.mef"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.mos"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.pbm"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.pbr"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.pcd"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.pcx"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.pgm"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.pict"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.pix"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.ppm"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.pspbrush"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.pspimage"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.ras"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.rgb"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.rgba"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.rsb"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.rwl"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.sgi"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.srw"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.THM\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.thm"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v14o\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.v14o"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v14p\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.v14p"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v14pf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.v14pf"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.wbm"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.wbmp"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.xbm"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.xif"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.xmp"

.

[HKEY_USERS\S-1-5-21-3353782647-3817036229-1744754506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 14.xpm"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-08-02 22:44:02

ComboFix-quarantined-files.txt 2012-08-03 02:44

.

Pre-Run: 31,995,715,584 bytes free

Post-Run: 33,752,293,376 bytes free

.

- - End Of File - - C544047EF8F232D270E730A6C90B9B9B

cgull · August 3, 2012

DDS.txt after running ComboFix:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Glenn at 22:54:08 on 2012-08-02

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8190.5696 [GMT -4:00]

.

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\atieclxx.exe

C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe

C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

C:\Windows\SysWOW64\vmnat.exe

C:\Windows\system32\svchost.exe -k iissvcs

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

C:\Windows\SysWOW64\vmnetdhcp.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe

C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe

C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe

C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\SSDriver\fi5110\SsWiaChecker.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\notepad.exe

C:\Windows\system32\notepad.exe

C:\Users\Glenn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe