Problems after Live Security Platinum removal

[blantonr]

Recently I was infected with Live Security Platinum and many trojans. I was able to get rid of it, however some issues still linger. I have Avira for an antivirus and Malwarebytes professional, the MB was not on at the time of the infection. Here are the issues I am having:

Unable to update Windows: Windows Update cannot currently check for updates, because the service is not running. You may need to restart your computer.

On reboot: Disk error, press any key to restart

Unable to reset IE to default: Before you can reset Internet Explorer settings, you must first close al other open windows and programs.

Intermittently searches take me to pages that are obviously hijack pages and not where I intended.

Malwarebytes periodically alerts me it is blocking attempts to communicate with IP addresses.

Thank you for taking time to assist.

I have windows 7 home premium on a Lenovo box.

DDS.txt

Attach.txt

[Maniac]

Hello blantonr! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  

Step 1

Please download one of the following and run it:

http://download.bleepingcomputer.com/FixExec/32-bit/FixExec.com

http://download.bleepingcomputer.com/FixExec/32-bit/FixExec.pif

http://download.bleepingcomputer.com/FixExec/32-bit/FixExec.scr

When FixExec has finished running it will create a log on your Windows desktop called FixExec.txt. This log will contain a list of the items that were repaired on your computer. Post it in your next reply.

Step 2

• Launch Malwarebytes' Anti-Malware
  
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

• FixExec log
  
• Malwarebytes' Anti-Malware log
  
• a new fresh DDS log

[blantonr]

As requested:

FixExec by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2012 BleepingComputer.com

More Information about FixExec can be found at this link:

http://www.bleepingcomputer.com/download/windows/utilities/fixexec

Program started at: 09/11/2012 10:58:41 AM in x64 mode.

Windows Version: Windows 7

Checking for processes to terminate before fixing executable associations.

* No processes found to kill.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Program finished at: 09/11/2012 10:58:43 AM

Execution time: 0 hours(s), 0 minute(s), and 1 seconds(s)

Malwarebytes Anti-Malware (PRO) 1.65.0.1400

www.malwarebytes.org

Database version: v2012.09.07.13

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Dad's :: DADS-PC [administrator]

Protection: Enabled

9/11/2012 11:31:56 AM

mbam-log-2012-09-11 (11-31-56).txt

Scan type: Full scan (C:\|D:\|E:\|J:\|Q:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 959497

Time elapsed: 3 hour(s), 23 minute(s), 9 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1

Run by Dad's at 21:37:14 on 2012-09-11

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6109.3110 [GMT -4:00]

.

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Windows\jmesoft\Service.exe

C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

C:\Windows\SysWOW64\nlssrv32.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\System32\snmp.exe

C:\Windows\system32\Wacom_Tablet.exe

C:\Windows\system32\svchost.exe -k iissvcs

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler64.exe

C:\Windows\system32\WTablet\Wacom_TabletUser.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\Wacom_Tablet.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe

C:\Windows\jmesoft\hotkey.exe

C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe

C:\Windows\jmesoft\JME_LOAD.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files\Lenovo\LVT\LVT.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\taskhost.exe

C:\Windows\notepad.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\system32\notepad.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uDefault_Page_URL = hxxp://www.lenovo.com

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

uRun: [omsie] "C:\Windows\System32\rundll32.exe" "C:\Users\Dad's\AppData\Roaming\omsie.dll",AcquireLock

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [RUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe"

mRun: [jmekey] C:\Windows\jmesoft\hotkey.exe

mRun: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe

mRun: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"

mRun: [LVT] C:\Program Files\Lenovo\LVT\LJYZ.exe 1

mRun: [CLMLServer] "C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"

mRun: [updateP2GoShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

mRun: [<NO NAME>]

mRun: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{33528216-F323-4DE3-941C-A59FDB6341CB} : DhcpNameServer = 192.168.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

EB-X64: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [RUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe"

mRun-x64: [jmekey] C:\Windows\jmesoft\hotkey.exe

mRun-x64: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe

mRun-x64: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"

mRun-x64: [LVT] C:\Program Files\Lenovo\LVT\LJYZ.exe 1

mRun-x64: [CLMLServer] "C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"

mRun-x64: [updateP2GoShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

mRun-x64: [(Default)]

mRun-x64: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Dad's\AppData\Roaming\Mozilla\Firefox\Profiles\s5mgfb9m.default\

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll

FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - plugin: C:\Windows\SysWOW64\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]

R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-9-6 86224]

R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-9-6 110032]

R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-12 13592]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-5-12 161560]

R2 JME Keyboard;JME Keyboard Driver;C:\Windows\jmesoft\Service.exe [2012-5-12 32768]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-11 399432]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-11 676936]

R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2012-8-22 66560]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-8-12 1262400]

R2 PSI_SVC_2_x64;Protexis Licensing V2 x64;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]

R2 TabletServiceWacom;TabletServiceWacom;C:\Windows\system32\Wacom_Tablet.exe --> C:\Windows\system32\Wacom_Tablet.exe [?]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-5-12 363800]

R2 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 RDPDISPM;RDPDISPM;C:\Windows\system32\DRIVERS\rdpdispm.sys --> C:\Windows\system32\DRIVERS\rdpdispm.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);C:\Windows\system32\DRIVERS\rusb3hub.sys --> C:\Windows\system32\DRIVERS\rusb3hub.sys [?]

R3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);C:\Windows\system32\DRIVERS\rusb3xhc.sys --> C:\Windows\system32\DRIVERS\rusb3xhc.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-19 116648]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-15 250568]

S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2011-12-23 274200]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-19 116648]

S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-27 31124344]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-19 113120]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 wsvd;wsvd;C:\Windows\system32\DRIVERS\wsvd.sys --> C:\Windows\system32\DRIVERS\wsvd.sys [?]

.

=============== Created Last 30 ================

.

2012-09-11 14:35:24 711240 ----a-w- C:\Windows\isRS-000.tmp

2012-09-10 15:15:45 -------- d-----w- C:\Users\Dad's\AppData\Local\ElevatedDiagnostics

2012-09-10 14:46:54 35928 ----a-w- C:\Windows\System32\AdobePDF64.dll

2012-09-10 14:37:43 -------- d-----w- C:\Windows\SysWow64\BestPractices

2012-09-10 14:37:43 -------- d-----w- C:\Windows\System32\BestPractices

2012-09-10 14:37:42 -------- d-----w- C:\inetpub

2012-09-08 21:56:13 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services

2012-09-08 21:54:00 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8

2012-09-08 21:53:41 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services

2012-09-08 21:53:32 -------- d-----w- C:\Users\Dad's\AppData\Local\Microsoft Help

2012-09-08 21:24:32 -------- d-----w- C:\Downloads

2012-09-06 06:27:18 -------- d-----w- C:\ProgramData\Corel Painter 12

2012-09-06 06:09:27 -------- d-----w- C:\Users\Dad's\AppData\Roaming\Avira

2012-09-06 06:03:48 98848 ----a-w- C:\Windows\System32\drivers\avgntflt.sys

2012-09-06 06:03:48 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys

2012-09-06 06:03:48 -------- d-----w- C:\ProgramData\Avira

2012-09-06 06:03:48 -------- d-----w- C:\Program Files (x86)\Avira

2012-09-06 02:08:18 -------- d-----w- C:\Users\Dad's\AppData\Roaming\Malwarebytes

2012-09-06 02:08:16 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-06 02:08:16 -------- d-----w- C:\ProgramData\Malwarebytes

2012-09-06 02:08:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-09-06 01:47:47 102400 ----a-w- C:\Windows\RegBootClean.exe

2012-09-06 01:43:53 256904 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys

2012-09-05 15:47:52 -------- d-----w- C:\ProgramData\7531CCA90048280B0269C95CF875F002

2012-09-05 15:47:27 -------- d-----w- C:\Users\Dad's\AppData\Local\{FDA88BDF-F770-11E1-8270-B8AC6F996F26}

2012-09-05 15:47:19 1611776 ----a-w- C:\Users\Dad's\AppData\Roaming\omsie.dll

2012-09-05 15:46:26 -------- d-----w- C:\Users\Dad's\AppData\Roaming\xsecva

2012-09-04 08:34:07 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0C96BA8A-FA3A-4528-B244-796EFE025C28}\mpengine.dll

2012-09-01 15:42:04 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared

2012-08-25 19:55:42 -------- d-----w- C:\Users\Dad's\AppData\Local\Apple Computer

2012-08-25 19:53:55 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-08-25 19:53:55 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-08-25 19:53:55 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-08-25 19:53:55 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-08-25 19:53:55 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-08-25 19:53:55 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-08-25 19:53:55 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-08-25 19:53:18 -------- d-----w- C:\Users\Dad's\AppData\Local\Apple

2012-08-24 14:49:44 -------- d-----w- C:\DigitalImpressions

2012-08-24 12:52:17 -------- dc-h--w- C:\ProgramData\{774331FE-B8E8-4A4B-AFDF-F018F99FB73A}

2012-08-24 12:52:17 -------- d-----w- C:\Program Files\Common Files\Topaz Labs

2012-08-24 12:52:14 -------- dc-h--w- C:\ProgramData\{6B992C6A-E6B0-418F-9B21-FE4BF85AD3BE}

2012-08-24 12:52:14 -------- d-----w- C:\Program Files (x86)\Topaz Labs

2012-08-24 12:52:14 -------- d-----w- C:\Program Files (x86)\Common Files\Topaz Labs

2012-08-24 12:51:12 -------- d-----w- C:\Users\Dad's\AppData\Local\PackageAware

2012-08-22 05:54:26 -------- d-----w- C:\Users\Dad's\AppData\Roaming\onOne Software

2012-08-22 05:46:46 -------- d-----w- C:\Users\Dad's\Pro Suite

2012-08-22 05:39:47 -------- d-----w- C:\Program Files\onOne Software

2012-08-22 05:39:44 66560 ----a-w- C:\Windows\SysWow64\nlssrv32.exe

2012-08-22 05:39:44 66560 ----a-w- C:\Windows\System32\nlssrv32.exe

2012-08-22 05:39:44 -------- d-----w- C:\Program Files (x86)\onOne Software

2012-08-22 05:39:37 -------- d-----w- C:\ProgramData\onOne Software

2012-08-20 05:18:16 -------- d-----w- C:\Program Files (x86)\Common Files\Corel

2012-08-20 05:18:02 -------- d-----w- C:\ProgramData\Corel

2012-08-20 05:18:02 -------- d-----w- C:\Program Files\Common Files\Protexis

2012-08-20 05:17:07 -------- d-----w- C:\Program Files\Corel

2012-08-20 04:28:59 -------- d-----w- C:\Users\Dad's\AppData\Roaming\WTablet

2012-08-20 04:28:55 -------- d-----w- C:\Program Files (x86)\TabletPlugins

2012-08-20 04:28:45 9056624 ------w- C:\Windows\System32\WacomTablet.cpl

2012-08-20 04:28:43 12848 ----a-w- C:\Windows\System32\drivers\wacommousefilter.sys

2012-08-20 04:28:39 16168 ----a-w- C:\Windows\System32\drivers\wacomvhid.sys

2012-08-20 04:28:38 18216 ----a-w- C:\Windows\System32\drivers\wacmoumonitor.sys

2012-08-20 04:28:36 -------- d-----w- C:\Windows\System32\WTablet

2012-08-20 04:28:33 415600 ------w- C:\Windows\SysWow64\Wacom_Tablet.dll

2012-08-20 04:28:33 294400 ------w- C:\Windows\SysWow64\Wintab32.dll

2012-08-20 04:28:32 488816 ------w- C:\Windows\System32\Wacom_Tablet.dll

2012-08-20 04:28:31 6245744 ------w- C:\Windows\System32\Wacom_Tablet.exe

2012-08-20 04:28:25 -------- d-----w- C:\Program Files (x86)\Tablet

2012-08-20 03:23:03 -------- d-----w- C:\Program Files (x86)\Common Files\Control Panels

2012-08-20 03:21:56 -------- d-----w- C:\ProgramData\ALM

2012-08-20 02:46:33 2463976 ----a-w- C:\Windows\SysWow64\NPSWF32.dll

2012-08-20 02:46:33 190696 ----a-w- C:\Windows\SysWow64\NPSWF32_FlashUtil.exe

2012-08-20 02:44:43 -------- d-----w- C:\Windows\SysWow64\spool

2012-08-20 02:44:36 -------- d-----w- C:\Program Files (x86)\Bonjour

2012-08-20 02:43:01 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared

2012-08-20 00:30:28 -------- d-----w- C:\Users\Dad's\AppData\Local\Diagnostics

2012-08-19 15:28:37 -------- d-s---w- C:\Users\Dad's\Google Drive

2012-08-19 15:27:33 -------- d-----w- C:\Users\Dad's\AppData\Local\Google

2012-08-19 15:20:49 -------- d-----w- C:\Users\Dad's\AppData\Local\Macromedia

2012-08-19 15:15:23 -------- d-----w- C:\Users\Dad's\AppData\Local\Adobe

2012-08-15 15:17:34 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-08-14 22:26:12 751104 ----a-w- C:\Windows\System32\win32spl.dll

2012-08-14 22:26:12 67072 ----a-w- C:\Windows\splwow64.exe

2012-08-14 22:26:12 559104 ----a-w- C:\Windows\System32\spoolsv.exe

2012-08-14 22:26:12 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll

2012-08-14 07:13:50 -------- d-----w- C:\ProgramData\VirtualizedApplications

2012-08-14 04:46:54 -------- d-----r- C:\Program Files (x86)\Skype

2012-08-14 04:12:34 -------- d-----w- C:\Users\Dad's\AppData\Roaming\SoftGrid Client

2012-08-14 04:12:34 -------- d-----w- C:\Users\Dad's\AppData\Local\SoftGrid Client

2012-08-14 04:11:53 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client

2012-08-14 04:11:46 -------- d-----w- C:\Users\Dad's\AppData\Roaming\TP

2012-08-13 03:53:33 -------- d-----w- C:\Users\Dad's\AppData\Roaming\NVIDIA

.

==================== Find3M ====================

.

2012-09-01 15:42:00 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2012-09-01 15:42:00 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2012-08-25 01:28:34 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-06 02:06:30 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-07-06 02:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll

2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll

2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll

2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

.

============= FINISH: 21:37:57.74 ===============

[Maniac]

Your Malwarebytes' Anti-Malware database version is very old. Please update it and repeat your scans again.

[blantonr]

Malwarebytes Anti-Malware (PRO) 1.65.0.1400

www.malwarebytes.org

Database version: v2012.09.12.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Dad's :: DADS-PC [administrator]

Protection: Enabled

9/12/2012 11:45:52 AM

mbam-log-2012-09-12 (11-45-52).txt

Scan type: Full scan (C:\|D:\|E:\|J:\|Q:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 960209

Time elapsed: 3 hour(s), 29 minute(s), 17 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[Maniac]

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

[blantonr]

ComboFix 12-09-13.03 - Dad's 09/13/2012 22:24:28.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6109.2898 [GMT -4:00]

Running from: c:\downloads\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Dad's\AppData\Local\Temp\_MEI61402\_ctypes.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI61402\_elementtree.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI61402\_hashlib.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI61402\_socket.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI61402\_ssl.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI61402\pyexpat.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI61402\pysqlite2._sqlite.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI61402\python26.dll

c:\users\Dad's\AppData\Local\Temp\_MEI61402\pythoncom26.dll

c:\users\Dad's\AppData\Local\Temp\_MEI61402\PyWinTypes26.dll

c:\users\Dad's\AppData\Local\Temp\_MEI61402\select.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI61402\unicodedata.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI61402\win32api.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI61402\win32com.shell.shell.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI61402\win32crypt.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI61402\win32event.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI61402\win32file.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI61402\win32inet.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI61402\win32pdh.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI61402\win32process.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI61402\windows._cacheinvalidation.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI61402\wx._controls_.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI61402\wx._core_.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI61402\wx._gdi_.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI61402\wx._html2.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI61402\wx._misc_.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI61402\wx._windows_.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI61402\wx._wizard.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI61402\wxbase293u_net_vc.dll

c:\users\Dad's\AppData\Local\Temp\_MEI61402\wxbase293u_vc.dll

c:\users\Dad's\AppData\Local\Temp\_MEI61402\wxmsw293u_adv_vc.dll

c:\users\Dad's\AppData\Local\Temp\_MEI61402\wxmsw293u_core_vc.dll

c:\users\Dad's\AppData\Local\Temp\_MEI61402\wxmsw293u_html_vc.dll

c:\users\Dad's\AppData\Local\Temp\_MEI61402\wxmsw293u_webview_vc.dll

c:\users\Dad's\AppData\Roaming\omsie.dll

c:\windows\.log

c:\windows\isRS-000.tmp

J:\install.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-08-14 to 2012-09-14 )))))))))))))))))))))))))))))))

.

.

2012-09-14 02:32 . 2012-09-14 02:32 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-09-14 02:32 . 2012-09-14 02:32 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-09-06 06:27 . 2012-09-06 06:40 -------- d-----w- c:\programdata\Corel Painter 12

2012-09-06 06:09 . 2012-09-06 06:09 -------- d-----w- c:\users\Dad's\AppData\Roaming\Avira

2012-09-06 06:03 . 2012-09-06 06:03 -------- d-----w- c:\programdata\Avira

2012-09-06 06:03 . 2012-09-06 06:03 -------- d-----w- c:\program files (x86)\Avira

2012-09-06 06:03 . 2012-07-18 22:05 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2012-09-06 06:03 . 2012-07-18 22:05 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2012-09-06 06:03 . 2012-07-18 22:05 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys

2012-09-06 02:08 . 2012-09-06 02:08 -------- d-----w- c:\users\Dad's\AppData\Roaming\Malwarebytes

2012-09-06 02:08 . 2012-09-11 14:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-09-06 02:08 . 2012-09-07 21:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-06 02:08 . 2012-09-06 02:08 -------- d-----w- c:\programdata\Malwarebytes

2012-09-06 01:47 . 2012-09-06 01:47 102400 ----a-w- c:\windows\RegBootClean.exe

2012-09-06 01:43 . 2012-06-05 07:37 256904 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys

2012-09-05 15:47 . 2012-09-06 02:16 -------- d-----w- c:\programdata\7531CCA90048280B0269C95CF875F002

2012-09-05 15:47 . 2012-09-05 15:47 -------- d-----w- c:\users\Dad's\AppData\Local\{FDA88BDF-F770-11E1-8270-B8AC6F996F26}

2012-09-05 15:46 . 2012-09-06 01:47 -------- d-----w- c:\users\Dad's\AppData\Roaming\xsecva

2012-09-04 08:34 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0C96BA8A-FA3A-4528-B244-796EFE025C28}\mpengine.dll

2012-09-01 15:42 . 2012-09-01 15:42 -------- d-----w- c:\program files (x86)\Common Files\xing shared

2012-09-01 15:41 . 2012-09-01 15:42 -------- d-----w- c:\program files (x86)\Real

2012-08-25 19:56 . 2012-09-06 02:17 -------- d-----w- c:\users\Dad's\AppData\Roaming\Apple Computer

2012-08-25 19:55 . 2012-08-25 19:55 -------- d-----w- c:\users\Dad's\AppData\Local\Apple Computer

2012-08-25 19:53 . 2012-08-25 19:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-08-25 19:53 . 2012-08-25 19:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-08-25 19:53 . 2012-08-25 19:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-08-25 19:53 . 2012-08-25 19:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-08-25 19:53 . 2012-08-25 19:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-08-25 19:53 . 2012-08-25 19:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-08-25 19:53 . 2012-08-25 19:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-08-25 19:53 . 2012-08-25 19:53 -------- d-----w- c:\programdata\Apple Computer

2012-08-25 19:53 . 2012-08-25 19:53 -------- d-----w- c:\program files (x86)\Common Files\Apple

2012-08-25 19:53 . 2012-08-25 19:53 -------- d-----w- c:\users\Dad's\AppData\Local\Apple

2012-08-25 19:53 . 2012-08-25 19:53 -------- d-----w- c:\programdata\Apple

2012-08-25 19:53 . 2012-08-25 19:53 -------- d-----w- c:\program files (x86)\Apple Software Update

2012-08-24 14:49 . 2012-08-24 14:50 -------- d-----w- C:\DigitalImpressions

2012-08-24 12:52 . 2012-08-24 12:52 -------- dc-h--w- c:\programdata\{774331FE-B8E8-4A4B-AFDF-F018F99FB73A}

2012-08-24 12:52 . 2012-08-24 12:52 -------- d-----w- c:\program files\Common Files\Topaz Labs

2012-08-24 12:52 . 2012-08-24 12:52 -------- dc-h--w- c:\programdata\{6B992C6A-E6B0-418F-9B21-FE4BF85AD3BE}

2012-08-24 12:52 . 2012-08-24 12:52 -------- d-----w- c:\program files (x86)\Topaz Labs

2012-08-24 12:52 . 2012-08-24 12:52 -------- d-----w- c:\program files (x86)\Common Files\Topaz Labs

2012-08-24 12:51 . 2012-08-24 12:51 -------- d-----w- c:\users\Dad's\AppData\Local\PackageAware

2012-08-22 05:54 . 2012-08-22 05:54 -------- d-----w- c:\users\UpdatusUser\AppData\Roaming\onOne Software

2012-08-22 05:54 . 2012-08-22 05:54 -------- d-----w- c:\users\Default\AppData\Roaming\onOne Software

2012-08-22 05:54 . 2012-09-03 05:48 -------- d-----w- c:\users\Dad's\AppData\Roaming\onOne Software

2012-08-22 05:46 . 2012-08-22 05:47 -------- d-----w- c:\users\Dad's\Pro Suite

2012-08-22 05:39 . 2012-08-22 05:54 -------- d-----w- c:\program files\onOne Software

2012-08-22 05:39 . 2012-08-22 05:54 -------- d-----w- c:\program files (x86)\onOne Software

2012-08-22 05:39 . 2012-03-29 01:42 66560 ----a-w- c:\windows\SysWow64\nlssrv32.exe

2012-08-22 05:39 . 2012-03-29 01:42 66560 ----a-w- c:\windows\system32\nlssrv32.exe

2012-08-22 05:39 . 2012-08-22 05:52 -------- d-----w- c:\programdata\onOne Software

2012-08-20 17:34 . 2012-08-20 17:34 -------- d-----w- c:\program files\Google

2012-08-20 05:26 . 2012-08-20 05:26 -------- d-----w- c:\users\Dad's\AppData\Roaming\Corel

2012-08-20 05:18 . 2012-08-20 05:18 -------- d-----w- c:\program files (x86)\Common Files\Corel

2012-08-20 05:18 . 2012-08-20 05:26 -------- d-----w- c:\programdata\Corel

2012-08-20 05:18 . 2012-08-20 05:18 -------- d-----w- c:\program files\Common Files\Protexis

2012-08-20 05:17 . 2012-08-20 05:17 -------- d-----w- c:\program files\Corel

2012-08-20 04:28 . 2012-09-14 02:34 -------- d-----w- c:\users\Dad's\AppData\Roaming\WTablet

2012-08-20 04:28 . 2010-03-09 00:47 9056624 ------w- c:\windows\system32\WacomTablet.cpl

2012-08-20 04:28 . 2007-02-16 19:12 12848 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys

2012-08-20 04:28 . 2009-09-21 23:29 16168 ----a-w- c:\windows\system32\drivers\wacomvhid.sys

2012-08-20 04:28 . 2010-01-24 23:32 18216 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys

2012-08-20 04:28 . 2012-08-20 04:28 -------- d-----w- c:\windows\system32\WTablet

2012-08-20 04:28 . 2010-03-09 00:47 415600 ------w- c:\windows\SysWow64\Wacom_Tablet.dll

2012-08-20 04:28 . 2010-03-09 00:40 294400 ------w- c:\windows\SysWow64\Wintab32.dll

2012-08-20 04:28 . 2010-03-09 00:47 488816 ------w- c:\windows\system32\Wacom_Tablet.dll

2012-08-20 04:28 . 2010-03-09 00:47 6245744 ------w- c:\windows\system32\Wacom_Tablet.exe

2012-08-20 04:28 . 2012-08-20 04:28 -------- d-----w- c:\program files (x86)\Tablet

2012-08-20 03:26 . 2012-09-06 15:38 -------- d-----w- c:\programdata\FLEXnet

2012-08-20 03:23 . 2012-08-20 03:23 -------- d-----w- c:\program files (x86)\Common Files\Control Panels

2012-08-20 03:21 . 2012-08-20 03:21 -------- d-----w- c:\programdata\ALM

2012-08-20 03:19 . 2012-08-25 19:53 -------- d-----w- c:\program files (x86)\QuickTime

2012-08-20 02:46 . 2007-02-20 20:04 190696 ----a-w- c:\windows\SysWow64\NPSWF32_FlashUtil.exe

2012-08-20 02:46 . 2007-02-20 20:04 2463976 ----a-w- c:\windows\SysWow64\NPSWF32.dll

2012-08-20 02:44 . 2012-08-20 02:44 -------- d-----w- c:\windows\SysWow64\spool

2012-08-20 02:44 . 2012-08-20 02:44 -------- d-----w- c:\program files (x86)\Bonjour

2012-08-20 02:43 . 2012-08-20 02:43 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared

2012-08-20 00:30 . 2012-08-20 00:30 -------- d-----w- c:\users\Dad's\AppData\Local\Diagnostics

2012-08-19 15:28 . 2012-09-11 15:02 -------- d-s---w- c:\users\Dad's\Google Drive

2012-08-19 15:27 . 2012-08-20 17:34 -------- d-----w- c:\program files (x86)\Google

2012-08-19 15:27 . 2012-08-20 19:07 -------- d-----w- c:\users\Dad's\AppData\Local\Google

2012-08-19 15:20 . 2012-08-19 15:20 -------- d-----w- c:\users\Dad's\AppData\Local\Macromedia

2012-08-19 15:15 . 2012-08-24 13:06 -------- d-----w- c:\users\Dad's\AppData\Local\Adobe

2012-08-19 04:02 . 2012-08-19 04:02 -------- d-----w- c:\users\Dad's\AppData\Local\Mozilla

2012-08-19 04:02 . 2012-08-19 04:02 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2012-08-17 14:57 . 2012-08-17 14:57 -------- d-----r- C:\MSOCache

2012-08-17 01:43 . 2012-08-03 08:27 62134624 ----a-w- c:\windows\system32\MRT.exe

2012-08-15 15:17 . 2012-08-25 01:28 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-01 15:42 . 2003-10-17 16:44 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

2012-09-01 15:42 . 2003-10-17 16:44 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2012-08-25 01:28 . 2012-05-13 03:22 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-05 07:05 . 2012-08-05 07:05 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-08-05 07:05 . 2012-08-05 07:05 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-08-05 07:05 . 2012-08-05 07:05 89088 ----a-w- c:\windows\system32\ie4uinit.exe

2012-08-05 07:05 . 2012-08-05 07:05 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2012-08-05 07:05 . 2012-08-05 07:05 85504 ----a-w- c:\windows\system32\iesetup.dll

2012-08-05 07:05 . 2012-08-05 07:05 82432 ----a-w- c:\windows\system32\icardie.dll

2012-08-05 07:05 . 2012-08-05 07:05 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2012-08-05 07:05 . 2012-08-05 07:05 76800 ----a-w- c:\windows\system32\tdc.ocx

2012-08-05 07:05 . 2012-08-05 07:05 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-08-05 07:05 . 2012-08-05 07:05 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2012-08-05 07:05 . 2012-08-05 07:05 697344 ----a-w- c:\windows\system32\msfeeds.dll

2012-08-05 07:05 . 2012-08-05 07:05 65024 ----a-w- c:\windows\system32\pngfilt.dll

2012-08-05 07:05 . 2012-08-05 07:05 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2012-08-05 07:05 . 2012-08-05 07:05 603648 ----a-w- c:\windows\system32\vbscript.dll

2012-08-05 07:05 . 2012-08-05 07:05 55296 ----a-w- c:\windows\system32\msfeedsbs.dll

2012-08-05 07:05 . 2012-08-05 07:05 534528 ----a-w- c:\windows\system32\ieapfltr.dll

2012-08-05 07:05 . 2012-08-05 07:05 49664 ----a-w- c:\windows\system32\imgutil.dll

2012-08-05 07:05 . 2012-08-05 07:05 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2012-08-05 07:05 . 2012-08-05 07:05 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-08-05 07:05 . 2012-08-05 07:05 452608 ----a-w- c:\windows\system32\dxtmsft.dll

2012-08-05 07:05 . 2012-08-05 07:05 448512 ----a-w- c:\windows\system32\html.iec

2012-08-05 07:05 . 2012-08-05 07:05 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-08-05 07:05 . 2012-08-05 07:05 403248 ----a-w- c:\windows\system32\iedkcs32.dll

2012-08-05 07:05 . 2012-08-05 07:05 39936 ----a-w- c:\windows\system32\iernonce.dll

2012-08-05 07:05 . 2012-08-05 07:05 3695416 ----a-w- c:\windows\system32\ieapfltr.dat

2012-08-05 07:05 . 2012-08-05 07:05 367104 ----a-w- c:\windows\SysWow64\html.iec

2012-08-05 07:05 . 2012-08-05 07:05 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2012-08-05 07:05 . 2012-08-05 07:05 30720 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-05 07:05 . 2012-08-05 07:05 282112 ----a-w- c:\windows\system32\dxtrans.dll

2012-08-05 07:05 . 2012-08-05 07:05 267776 ----a-w- c:\windows\system32\ieaksie.dll

2012-08-05 07:05 . 2012-08-05 07:05 249344 ----a-w- c:\windows\system32\webcheck.dll

2012-08-05 07:05 . 2012-08-05 07:05 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-08-05 07:05 . 2012-08-05 07:05 222208 ----a-w- c:\windows\system32\msls31.dll

2012-08-05 07:05 . 2012-08-05 07:05 197120 ----a-w- c:\windows\system32\msrating.dll

2012-08-05 07:05 . 2012-08-05 07:05 165888 ----a-w- c:\windows\system32\iexpress.exe

2012-08-05 07:05 . 2012-08-05 07:05 163840 ----a-w- c:\windows\system32\ieakui.dll

2012-08-05 07:05 . 2012-08-05 07:05 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2012-08-05 07:05 . 2012-08-05 07:05 160256 ----a-w- c:\windows\system32\wextract.exe

2012-08-05 07:05 . 2012-08-05 07:05 160256 ----a-w- c:\windows\system32\ieakeng.dll

2012-08-05 07:05 . 2012-08-05 07:05 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2012-08-05 07:05 . 2012-08-05 07:05 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2012-08-05 07:05 . 2012-08-05 07:05 149504 ----a-w- c:\windows\system32\occache.dll

2012-08-05 07:05 . 2012-08-05 07:05 145920 ----a-w- c:\windows\system32\iepeers.dll

2012-08-05 07:05 . 2012-08-05 07:05 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-08-05 07:05 . 2012-08-05 07:05 12288 ----a-w- c:\windows\system32\mshta.exe

2012-08-05 07:05 . 2012-08-05 07:05 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2012-08-05 07:05 . 2012-08-05 07:05 114176 ----a-w- c:\windows\system32\admparse.dll

2012-08-05 07:05 . 2012-08-05 07:05 111616 ----a-w- c:\windows\system32\iesysprep.dll

2012-08-05 07:05 . 2012-08-05 07:05 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2012-08-05 07:05 . 2012-08-05 07:05 10752 ----a-w- c:\windows\system32\msfeedssync.exe

2012-08-05 07:05 . 2012-08-05 07:05 103936 ----a-w- c:\windows\system32\inseng.dll

2012-08-05 07:05 . 2012-08-05 07:05 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2012-08-04 14:40 . 2010-06-24 18:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-07-18 18:15 . 2012-08-14 19:36 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-06 02:06 . 2012-08-04 03:09 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-07-06 02:06 . 2012-08-04 03:09 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-07-04 22:16 . 2012-08-14 19:36 73216 ----a-w- c:\windows\system32\netapi32.dll

2012-07-04 22:13 . 2012-08-14 19:36 59392 ----a-w- c:\windows\system32\browcli.dll

2012-07-04 22:13 . 2012-08-14 19:36 136704 ----a-w- c:\windows\system32\browser.dll

2012-07-04 21:14 . 2012-08-14 19:36 41984 ----a-w- c:\windows\SysWow64\browcli.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]

"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-07-20 12218904]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]

"RUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe" [2011-09-20 115048]

"jmekey"="c:\windows\jmesoft\hotkey.exe" [2011-06-08 118784]

"jmesoft"="c:\windows\jmesoft\ServiceLoader.exe" [2011-03-16 28672]

"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" [2011-12-07 214312]

"LVT"="c:\program files\Lenovo\LVT\LJYZ.exe" [2011-11-24 886112]

"CLMLServer"="c:\program files (x86)\Lenovo\Power2Go\CLMLSvc.exe" [2009-12-04 103720]

"UpdateP2GoShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2011-12-07 214312]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-08-30 624056]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-09-01 296096]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-19 116648]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-25 250568]

R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2011-12-21 274200]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-19 116648]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-05 331264]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-28 31124344]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-05 1255736]

R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-07-18 27760]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-07-18 86224]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]

S2 JME Keyboard;JME Keyboard Driver;c:\windows\jmesoft\Service.exe [2011-03-16 32768]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]

S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2012-03-29 66560]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]

S2 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]

S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2010-03-09 6245744]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-16 363800]

S2 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]

S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-09 60184]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]

S3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [2010-08-31 10752]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]

S3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3hub.sys [2011-11-21 101376]

S3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3xhc.sys [2011-11-21 217088]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-01-24 18216]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

iissvcs REG_MULTI_SZ w3svc was

apphost REG_MULTI_SZ apphostsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-09-14 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 01:28]

.

2012-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-19 15:27]

.

2012-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-19 15:27]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2012-07-20 19:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2012-07-20 19:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2012-07-20 19:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2012-07-20 19:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-12-21 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-12-21 398104]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-12-21 440600]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-09-05 12850792]

"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" [2011-12-07 214312]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Dad's\AppData\Roaming\Mozilla\Firefox\Profiles\s5mgfb9m.default\

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-omsie - c:\users\Dad's\AppData\Roaming\omsie.dll

HKLM-Run-omsie - c:\users\Dad's\AppData\Roaming\omsie.dll

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

c:\program files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2012-09-13 22:37:49 - machine was rebooted

ComboFix-quarantined-files.txt 2012-09-14 02:37

.

Pre-Run: 897,715,011,584 bytes free

Post-Run: 899,636,482,048 bytes free

.

- - End Of File - - 560EC427A8D206901B7F13EAB50F0517

[Maniac]

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\users\Dad's\AppData\Roaming\xsecva

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

[blantonr]

ComboFix 12-09-14.03 - Dad's 09/14/2012 10:51:47.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6109.3764 [GMT -4:00]

Running from: c:\users\Dad's\Desktop\ComboFix.exe

Command switches used :: c:\users\Dad's\Desktop\CFScript.txt

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Dad's\AppData\Local\Temp\_MEI46282\_ctypes.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI46282\_elementtree.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI46282\_hashlib.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI46282\_socket.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI46282\_ssl.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI46282\pyexpat.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI46282\pysqlite2._sqlite.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI46282\python26.dll

c:\users\Dad's\AppData\Local\Temp\_MEI46282\pythoncom26.dll

c:\users\Dad's\AppData\Local\Temp\_MEI46282\PyWinTypes26.dll

c:\users\Dad's\AppData\Local\Temp\_MEI46282\select.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI46282\unicodedata.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI46282\win32api.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI46282\win32com.shell.shell.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI46282\win32crypt.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI46282\win32event.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI46282\win32file.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI46282\win32inet.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI46282\win32pdh.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI46282\win32process.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI46282\windows._cacheinvalidation.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI46282\wx._controls_.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI46282\wx._core_.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI46282\wx._gdi_.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI46282\wx._html2.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI46282\wx._misc_.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI46282\wx._windows_.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI46282\wx._wizard.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI46282\wxbase293u_net_vc.dll

c:\users\Dad's\AppData\Local\Temp\_MEI46282\wxbase293u_vc.dll

c:\users\Dad's\AppData\Local\Temp\_MEI46282\wxmsw293u_adv_vc.dll

c:\users\Dad's\AppData\Local\Temp\_MEI46282\wxmsw293u_core_vc.dll

c:\users\Dad's\AppData\Local\Temp\_MEI46282\wxmsw293u_html_vc.dll

c:\users\Dad's\AppData\Local\Temp\_MEI46282\wxmsw293u_webview_vc.dll

c:\users\Dad's\AppData\Roaming\xsecva

.

.

((((((((((((((((((((((((( Files Created from 2012-08-14 to 2012-09-14 )))))))))))))))))))))))))))))))

.

.

2012-09-14 14:59 . 2012-09-14 14:59 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-09-14 14:59 . 2012-09-14 14:59 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-09-14 02:42 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E8E3BAF8-1924-4447-9138-BDD28646D080}\mpengine.dll

2012-09-10 15:15 . 2012-09-11 15:00 -------- d-----w- c:\users\Dad's\AppData\Local\ElevatedDiagnostics

2012-09-10 14:46 . 2007-03-23 20:55 35928 ----a-w- c:\windows\system32\AdobePDF64.dll

2012-09-10 14:37 . 2012-09-10 14:37 -------- d-----w- c:\windows\SysWow64\BestPractices

2012-09-10 14:37 . 2012-09-10 14:37 -------- d-----w- c:\windows\system32\BestPractices

2012-09-10 14:37 . 2012-09-10 14:37 -------- d-----w- C:\inetpub

2012-09-08 21:56 . 2012-09-08 21:56 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services

2012-09-08 21:56 . 2012-09-08 21:56 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework

2012-09-08 21:54 . 2012-09-08 21:54 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8

2012-09-08 21:53 . 2012-09-08 21:53 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services

2012-09-08 21:53 . 2012-09-08 21:53 -------- d-----w- c:\users\Dad's\AppData\Local\Microsoft Help

2012-09-08 21:53 . 2012-09-14 02:43 -------- d-----w- c:\programdata\Microsoft Help

2012-09-08 21:24 . 2012-09-14 14:48 -------- d-----w- C:\Downloads

2012-09-06 06:27 . 2012-09-06 06:40 -------- d-----w- c:\programdata\Corel Painter 12

2012-09-06 06:09 . 2012-09-06 06:09 -------- d-----w- c:\users\Dad's\AppData\Roaming\Avira

2012-09-06 06:03 . 2012-09-06 06:03 -------- d-----w- c:\programdata\Avira

2012-09-06 06:03 . 2012-09-06 06:03 -------- d-----w- c:\program files (x86)\Avira

2012-09-06 06:03 . 2012-07-18 22:05 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2012-09-06 06:03 . 2012-07-18 22:05 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2012-09-06 06:03 . 2012-07-18 22:05 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys

2012-09-06 02:08 . 2012-09-06 02:08 -------- d-----w- c:\users\Dad's\AppData\Roaming\Malwarebytes

2012-09-06 02:08 . 2012-09-11 14:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-09-06 02:08 . 2012-09-07 21:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-06 02:08 . 2012-09-06 02:08 -------- d-----w- c:\programdata\Malwarebytes

2012-09-06 01:47 . 2012-09-06 01:47 102400 ----a-w- c:\windows\RegBootClean.exe

2012-09-06 01:43 . 2012-06-05 07:37 256904 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys

2012-09-05 15:47 . 2012-09-06 02:16 -------- d-----w- c:\programdata\7531CCA90048280B0269C95CF875F002

2012-09-05 15:47 . 2012-09-05 15:47 -------- d-----w- c:\users\Dad's\AppData\Local\{FDA88BDF-F770-11E1-8270-B8AC6F996F26}

2012-09-01 15:42 . 2012-09-01 15:42 -------- d-----w- c:\program files (x86)\Common Files\xing shared

2012-09-01 15:41 . 2012-09-01 15:42 -------- d-----w- c:\program files (x86)\Real

2012-08-25 19:56 . 2012-09-06 02:17 -------- d-----w- c:\users\Dad's\AppData\Roaming\Apple Computer

2012-08-25 19:55 . 2012-08-25 19:55 -------- d-----w- c:\users\Dad's\AppData\Local\Apple Computer

2012-08-25 19:53 . 2012-08-25 19:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-08-25 19:53 . 2012-08-25 19:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-08-25 19:53 . 2012-08-25 19:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-08-25 19:53 . 2012-08-25 19:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-08-25 19:53 . 2012-08-25 19:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-08-25 19:53 . 2012-08-25 19:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-08-25 19:53 . 2012-08-25 19:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-08-25 19:53 . 2012-08-25 19:53 -------- d-----w- c:\programdata\Apple Computer

2012-08-25 19:53 . 2012-08-25 19:53 -------- d-----w- c:\program files (x86)\Common Files\Apple

2012-08-25 19:53 . 2012-08-25 19:53 -------- d-----w- c:\users\Dad's\AppData\Local\Apple

2012-08-25 19:53 . 2012-08-25 19:53 -------- d-----w- c:\programdata\Apple

2012-08-25 19:53 . 2012-08-25 19:53 -------- d-----w- c:\program files (x86)\Apple Software Update

2012-08-24 14:49 . 2012-08-24 14:50 -------- d-----w- C:\DigitalImpressions

2012-08-24 12:52 . 2012-08-24 12:52 -------- dc-h--w- c:\programdata\{774331FE-B8E8-4A4B-AFDF-F018F99FB73A}

2012-08-24 12:52 . 2012-08-24 12:52 -------- d-----w- c:\program files\Common Files\Topaz Labs

2012-08-24 12:52 . 2012-08-24 12:52 -------- dc-h--w- c:\programdata\{6B992C6A-E6B0-418F-9B21-FE4BF85AD3BE}

2012-08-24 12:52 . 2012-08-24 12:52 -------- d-----w- c:\program files (x86)\Topaz Labs

2012-08-24 12:52 . 2012-08-24 12:52 -------- d-----w- c:\program files (x86)\Common Files\Topaz Labs

2012-08-24 12:51 . 2012-08-24 12:51 -------- d-----w- c:\users\Dad's\AppData\Local\PackageAware

2012-08-22 05:54 . 2012-08-22 05:54 -------- d-----w- c:\users\UpdatusUser\AppData\Roaming\onOne Software

2012-08-22 05:54 . 2012-08-22 05:54 -------- d-----w- c:\users\Default\AppData\Roaming\onOne Software

2012-08-22 05:54 . 2012-09-03 05:48 -------- d-----w- c:\users\Dad's\AppData\Roaming\onOne Software

2012-08-22 05:46 . 2012-08-22 05:47 -------- d-----w- c:\users\Dad's\Pro Suite

2012-08-22 05:39 . 2012-08-22 05:54 -------- d-----w- c:\program files\onOne Software

2012-08-22 05:39 . 2012-08-22 05:54 -------- d-----w- c:\program files (x86)\onOne Software

2012-08-22 05:39 . 2012-03-29 01:42 66560 ----a-w- c:\windows\SysWow64\nlssrv32.exe

2012-08-22 05:39 . 2012-03-29 01:42 66560 ----a-w- c:\windows\system32\nlssrv32.exe

2012-08-22 05:39 . 2012-08-22 05:52 -------- d-----w- c:\programdata\onOne Software

2012-08-20 17:34 . 2012-08-20 17:34 -------- d-----w- c:\program files\Google

2012-08-20 05:26 . 2012-08-20 05:26 -------- d-----w- c:\users\Dad's\AppData\Roaming\Corel

2012-08-20 05:18 . 2012-08-20 05:18 -------- d-----w- c:\program files (x86)\Common Files\Corel

2012-08-20 05:18 . 2012-08-20 05:26 -------- d-----w- c:\programdata\Corel

2012-08-20 05:18 . 2012-08-20 05:18 -------- d-----w- c:\program files\Common Files\Protexis

2012-08-20 05:17 . 2012-08-20 05:17 -------- d-----w- c:\program files\Corel

2012-08-20 04:28 . 2012-09-14 15:00 -------- d-----w- c:\users\Dad's\AppData\Roaming\WTablet

2012-08-20 04:28 . 2010-03-09 00:47 9056624 ------w- c:\windows\system32\WacomTablet.cpl

2012-08-20 04:28 . 2007-02-16 19:12 12848 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys

2012-08-20 04:28 . 2009-09-21 23:29 16168 ----a-w- c:\windows\system32\drivers\wacomvhid.sys

2012-08-20 04:28 . 2010-01-24 23:32 18216 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys

2012-08-20 04:28 . 2012-08-20 04:28 -------- d-----w- c:\windows\system32\WTablet

2012-08-20 04:28 . 2010-03-09 00:47 415600 ------w- c:\windows\SysWow64\Wacom_Tablet.dll

2012-08-20 04:28 . 2010-03-09 00:40 294400 ------w- c:\windows\SysWow64\Wintab32.dll

2012-08-20 04:28 . 2010-03-09 00:47 488816 ------w- c:\windows\system32\Wacom_Tablet.dll

2012-08-20 04:28 . 2010-03-09 00:47 6245744 ------w- c:\windows\system32\Wacom_Tablet.exe

2012-08-20 04:28 . 2012-08-20 04:28 -------- d-----w- c:\program files (x86)\Tablet

2012-08-20 03:26 . 2012-09-06 15:38 -------- d-----w- c:\programdata\FLEXnet

2012-08-20 03:23 . 2012-08-20 03:23 -------- d-----w- c:\program files (x86)\Common Files\Control Panels

2012-08-20 03:21 . 2012-08-20 03:21 -------- d-----w- c:\programdata\ALM

2012-08-20 03:19 . 2012-08-25 19:53 -------- d-----w- c:\program files (x86)\QuickTime

2012-08-20 02:46 . 2007-02-20 20:04 190696 ----a-w- c:\windows\SysWow64\NPSWF32_FlashUtil.exe

2012-08-20 02:46 . 2007-02-20 20:04 2463976 ----a-w- c:\windows\SysWow64\NPSWF32.dll

2012-08-20 02:44 . 2012-08-20 02:44 -------- d-----w- c:\windows\SysWow64\spool

2012-08-20 02:44 . 2012-08-20 02:44 -------- d-----w- c:\program files (x86)\Bonjour

2012-08-20 02:43 . 2012-08-20 02:43 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared

2012-08-20 00:30 . 2012-08-20 00:30 -------- d-----w- c:\users\Dad's\AppData\Local\Diagnostics

2012-08-19 15:28 . 2012-09-14 02:45 -------- d-s---w- c:\users\Dad's\Google Drive

2012-08-19 15:27 . 2012-08-20 17:34 -------- d-----w- c:\program files (x86)\Google

2012-08-19 15:27 . 2012-08-20 19:07 -------- d-----w- c:\users\Dad's\AppData\Local\Google

2012-08-19 15:20 . 2012-08-19 15:20 -------- d-----w- c:\users\Dad's\AppData\Local\Macromedia

2012-08-19 15:15 . 2012-08-24 13:06 -------- d-----w- c:\users\Dad's\AppData\Local\Adobe

2012-08-19 04:02 . 2012-08-19 04:02 -------- d-----w- c:\users\Dad's\AppData\Local\Mozilla

2012-08-19 04:02 . 2012-08-19 04:02 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2012-08-17 14:57 . 2012-08-17 14:57 -------- d-----r- C:\MSOCache

2012-08-17 01:43 . 2012-08-03 08:27 62134624 ----a-w- c:\windows\system32\MRT.exe

2012-08-15 15:17 . 2012-08-25 01:28 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-01 15:42 . 2003-10-17 16:44 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

2012-09-01 15:42 . 2003-10-17 16:44 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2012-08-25 01:28 . 2012-05-13 03:22 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-05 07:05 . 2012-08-05 07:05 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-08-05 07:05 . 2012-08-05 07:05 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-08-05 07:05 . 2012-08-05 07:05 89088 ----a-w- c:\windows\system32\ie4uinit.exe

2012-08-05 07:05 . 2012-08-05 07:05 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2012-08-05 07:05 . 2012-08-05 07:05 85504 ----a-w- c:\windows\system32\iesetup.dll

2012-08-05 07:05 . 2012-08-05 07:05 82432 ----a-w- c:\windows\system32\icardie.dll

2012-08-05 07:05 . 2012-08-05 07:05 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2012-08-05 07:05 . 2012-08-05 07:05 76800 ----a-w- c:\windows\system32\tdc.ocx

2012-08-05 07:05 . 2012-08-05 07:05 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-08-05 07:05 . 2012-08-05 07:05 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2012-08-05 07:05 . 2012-08-05 07:05 697344 ----a-w- c:\windows\system32\msfeeds.dll

2012-08-05 07:05 . 2012-08-05 07:05 65024 ----a-w- c:\windows\system32\pngfilt.dll

2012-08-05 07:05 . 2012-08-05 07:05 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2012-08-05 07:05 . 2012-08-05 07:05 603648 ----a-w- c:\windows\system32\vbscript.dll

2012-08-05 07:05 . 2012-08-05 07:05 55296 ----a-w- c:\windows\system32\msfeedsbs.dll

2012-08-05 07:05 . 2012-08-05 07:05 534528 ----a-w- c:\windows\system32\ieapfltr.dll

2012-08-05 07:05 . 2012-08-05 07:05 49664 ----a-w- c:\windows\system32\imgutil.dll

2012-08-05 07:05 . 2012-08-05 07:05 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2012-08-05 07:05 . 2012-08-05 07:05 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-08-05 07:05 . 2012-08-05 07:05 452608 ----a-w- c:\windows\system32\dxtmsft.dll

2012-08-05 07:05 . 2012-08-05 07:05 448512 ----a-w- c:\windows\system32\html.iec

2012-08-05 07:05 . 2012-08-05 07:05 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-08-05 07:05 . 2012-08-05 07:05 403248 ----a-w- c:\windows\system32\iedkcs32.dll

2012-08-05 07:05 . 2012-08-05 07:05 39936 ----a-w- c:\windows\system32\iernonce.dll

2012-08-05 07:05 . 2012-08-05 07:05 3695416 ----a-w- c:\windows\system32\ieapfltr.dat

2012-08-05 07:05 . 2012-08-05 07:05 367104 ----a-w- c:\windows\SysWow64\html.iec

2012-08-05 07:05 . 2012-08-05 07:05 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2012-08-05 07:05 . 2012-08-05 07:05 30720 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-05 07:05 . 2012-08-05 07:05 282112 ----a-w- c:\windows\system32\dxtrans.dll

2012-08-05 07:05 . 2012-08-05 07:05 267776 ----a-w- c:\windows\system32\ieaksie.dll

2012-08-05 07:05 . 2012-08-05 07:05 249344 ----a-w- c:\windows\system32\webcheck.dll

2012-08-05 07:05 . 2012-08-05 07:05 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-08-05 07:05 . 2012-08-05 07:05 222208 ----a-w- c:\windows\system32\msls31.dll

2012-08-05 07:05 . 2012-08-05 07:05 197120 ----a-w- c:\windows\system32\msrating.dll

2012-08-05 07:05 . 2012-08-05 07:05 165888 ----a-w- c:\windows\system32\iexpress.exe

2012-08-05 07:05 . 2012-08-05 07:05 163840 ----a-w- c:\windows\system32\ieakui.dll

2012-08-05 07:05 . 2012-08-05 07:05 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2012-08-05 07:05 . 2012-08-05 07:05 160256 ----a-w- c:\windows\system32\wextract.exe

2012-08-05 07:05 . 2012-08-05 07:05 160256 ----a-w- c:\windows\system32\ieakeng.dll

2012-08-05 07:05 . 2012-08-05 07:05 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2012-08-05 07:05 . 2012-08-05 07:05 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2012-08-05 07:05 . 2012-08-05 07:05 149504 ----a-w- c:\windows\system32\occache.dll

2012-08-05 07:05 . 2012-08-05 07:05 145920 ----a-w- c:\windows\system32\iepeers.dll

2012-08-05 07:05 . 2012-08-05 07:05 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-08-05 07:05 . 2012-08-05 07:05 12288 ----a-w- c:\windows\system32\mshta.exe

2012-08-05 07:05 . 2012-08-05 07:05 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2012-08-05 07:05 . 2012-08-05 07:05 114176 ----a-w- c:\windows\system32\admparse.dll

2012-08-05 07:05 . 2012-08-05 07:05 111616 ----a-w- c:\windows\system32\iesysprep.dll

2012-08-05 07:05 . 2012-08-05 07:05 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2012-08-05 07:05 . 2012-08-05 07:05 10752 ----a-w- c:\windows\system32\msfeedssync.exe

2012-08-05 07:05 . 2012-08-05 07:05 103936 ----a-w- c:\windows\system32\inseng.dll

2012-08-05 07:05 . 2012-08-05 07:05 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2012-08-04 14:40 . 2010-06-24 18:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-07-18 18:15 . 2012-08-14 19:36 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-06 02:06 . 2012-08-04 03:09 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-07-06 02:06 . 2012-08-04 03:09 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-07-04 22:16 . 2012-08-14 19:36 73216 ----a-w- c:\windows\system32\netapi32.dll

2012-07-04 22:13 . 2012-08-14 19:36 59392 ----a-w- c:\windows\system32\browcli.dll

2012-07-04 22:13 . 2012-08-14 19:36 136704 ----a-w- c:\windows\system32\browser.dll

2012-07-04 21:14 . 2012-08-14 19:36 41984 ----a-w- c:\windows\SysWow64\browcli.dll

2012-06-29 04:55 . 2012-08-15 07:01 17809920 ----a-w- c:\windows\system32\mshtml.dll

2012-06-29 04:09 . 2012-08-15 07:01 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-06-29 03:56 . 2012-08-15 07:01 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-06-29 03:49 . 2012-08-15 07:01 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-06-29 03:49 . 2012-08-15 07:01 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-06-29 03:48 . 2012-08-15 07:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-29 03:47 . 2012-08-15 07:01 237056 ----a-w- c:\windows\system32\url.dll

2012-06-29 03:45 . 2012-08-15 07:01 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-06-29 03:44 . 2012-08-15 07:01 816640 ----a-w- c:\windows\system32\jscript.dll

2012-06-29 03:43 . 2012-08-15 07:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-29 03:42 . 2012-08-15 07:01 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-06-29 03:40 . 2012-08-15 07:01 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-06-29 03:39 . 2012-08-15 07:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-29 03:35 . 2012-08-15 07:01 248320 ----a-w- c:\windows\system32\ieui.dll

2012-06-29 00:16 . 2012-08-15 07:01 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-06-29 00:09 . 2012-08-15 07:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-06-29 00:08 . 2012-08-15 07:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-06-29 00:04 . 2012-08-15 07:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-06-29 00:00 . 2012-08-15 07:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

.

.

((((((((((((((((((((((((((((( SnapShot@2012-09-14_02.34.53 )))))))))))))))))))))))))))))))))))))))))

.

- 2012-09-14 02:32 . 2012-09-14 02:32 13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat

+ 2012-09-14 14:59 . 2012-09-14 14:59 13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat

+ 2010-11-21 03:09 . 2012-09-14 02:46 47856 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-09-14 02:46 39120 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 04:46 . 2012-09-14 02:38 99336 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2012-09-08 21:56 . 2012-09-14 02:43 34144 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\oisicon.exe

- 2012-09-08 21:56 . 2012-09-08 21:59 34144 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\oisicon.exe

- 2012-09-08 21:56 . 2012-09-08 21:59 42848 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\msouc.exe

+ 2012-09-08 21:56 . 2012-09-14 02:43 42848 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\msouc.exe

+ 2012-09-08 21:56 . 2012-09-14 02:43 19296 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\cagicon.exe

- 2012-09-08 21:56 . 2012-09-08 21:59 19296 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\cagicon.exe

+ 2010-10-20 20:32 . 2010-10-20 20:32 32160 c:\windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.6029\SOCIALPROVIDER.DLL

+ 2012-08-04 02:47 . 2012-09-14 02:46 7456 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2398400545-2579640428-1289850962-1001_UserData.bin

- 2011-09-01 13:23 . 2012-09-14 02:34 3699 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Wacom_Tablet.dat

+ 2011-09-01 13:23 . 2012-09-14 02:44 3699 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Wacom_Tablet.dat

- 2012-09-14 02:34 . 2012-09-14 02:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-09-14 15:00 . 2012-09-14 15:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-09-14 02:34 . 2012-09-14 02:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-09-14 15:00 . 2012-09-14 15:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-08-04 04:49 . 2012-09-14 14:41 290492 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2009-07-14 02:36 . 2012-09-14 02:51 652444 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-09-11 14:43 652444 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-09-11 14:43 113866 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2012-09-14 02:51 113866 c:\windows\system32\perfc009.dat

- 2009-07-14 05:01 . 2012-09-14 02:32 468328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-09-14 14:59 468328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-07-04 11:59 . 2012-07-04 11:59 261120 c:\windows\Installer\770f4.msp

+ 2012-03-21 09:58 . 2012-03-21 09:58 133120 c:\windows\Installer\770da.msp

+ 2012-09-08 21:56 . 2012-09-14 02:43 415584 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pubs.exe

- 2012-09-08 21:56 . 2012-09-08 21:59 415584 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pubs.exe

+ 2012-09-08 21:56 . 2012-09-14 02:43 303456 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\outicon.exe

- 2012-09-08 21:56 . 2012-09-08 21:59 303456 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\outicon.exe

- 2012-09-08 21:56 . 2012-09-08 21:59 571232 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\misc.exe

+ 2012-09-08 21:56 . 2012-09-14 02:43 571232 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\misc.exe

+ 2012-09-08 21:56 . 2012-09-14 02:43 326496 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\joticon.exe

- 2012-09-08 21:56 . 2012-09-08 21:59 326496 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\joticon.exe

- 2012-09-08 21:56 . 2012-09-08 21:59 469856 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\inficon.exe

+ 2012-09-08 21:56 . 2012-09-14 02:43 469856 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\inficon.exe

- 2012-09-08 21:56 . 2012-09-08 21:59 178528 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\grvicons.exe

+ 2012-09-08 21:56 . 2012-09-14 02:43 178528 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\grvicons.exe

+ 2011-01-07 14:38 . 2011-01-07 14:38 121208 c:\windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.6029\MSCONV97.DLL

+ 2012-03-15 17:11 . 2012-03-15 17:11 1989632 c:\windows\Installer\77142.msp

+ 2012-06-20 06:06 . 2012-06-20 06:06 1839104 c:\windows\Installer\77128.msp

+ 2012-03-21 09:57 . 2012-03-21 09:57 1591808 c:\windows\Installer\770d0.msp

+ 2012-09-08 21:56 . 2012-09-14 02:43 1479520 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\xlicons.exe

- 2012-09-08 21:56 . 2012-09-08 21:59 1479520 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\xlicons.exe

+ 2012-09-08 21:56 . 2012-09-14 02:43 1858400 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe

- 2012-09-08 21:56 . 2012-09-08 21:59 1858400 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe

- 2012-09-08 21:56 . 2012-09-08 21:59 3792736 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pptico.exe

+ 2012-09-08 21:56 . 2012-09-14 02:43 3792736 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pptico.exe

+ 2012-09-08 21:56 . 2012-09-14 02:43 1449312 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\accicons.exe

- 2012-09-08 21:56 . 2012-09-08 21:59 1449312 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\accicons.exe

+ 2010-10-20 17:35 . 2010-10-20 17:35 1479520 c:\windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.6029\XLICONS.EXE

+ 2011-02-04 17:41 . 2011-02-04 17:41 2672456 c:\windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.6029\VBE7.DLL

+ 2011-03-02 13:15 . 2011-03-02 13:15 2473344 c:\windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.6029\SOCIALCONNECTOR.DLL

+ 2010-10-20 17:35 . 2010-10-20 17:35 3792736 c:\windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.6029\PPTICO.EXE

+ 2011-04-07 01:09 . 2011-04-07 01:09 9701736 c:\windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.6029\PPCORE.DLL

+ 2010-10-22 18:55 . 2010-10-22 18:55 2162024 c:\windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.6029\POWERPNT.EXE

+ 2011-03-17 05:22 . 2011-03-17 05:22 4301184 c:\windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.6029\GRAPH.EXE

+ 2012-08-04 03:12 . 2012-09-14 14:59 10285256 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2398400545-2579640428-1289850962-1001-8192.dat

+ 2012-08-05 07:40 . 2012-09-14 14:59 11860236 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2398400545-2579640428-1289850962-1001-4096.dat

+ 2012-03-15 17:11 . 2012-03-15 17:11 66812928 c:\windows\Installer\7715d.msp

+ 2011-10-27 02:46 . 2011-10-27 02:46 11580928 c:\windows\Installer\7710e.msp

+ 2011-03-18 09:55 . 2011-03-18 09:55 17812320 c:\windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.6029\XL12CNV.EXE

+ 2011-04-07 00:53 . 2011-04-07 00:53 72521600 c:\windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.6029\MSORES.DLL

+ 2011-03-19 03:10 . 2011-03-19 03:10 20767072 c:\windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.6029\EXCEL.EXE

+ 2011-10-16 18:38 . 2011-10-16 18:38 100966912 c:\windows\Installer\770b5.msp

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]

"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-07-20 12218904]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]

"RUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe" [2011-09-20 115048]

"jmekey"="c:\windows\jmesoft\hotkey.exe" [2011-06-08 118784]

"jmesoft"="c:\windows\jmesoft\ServiceLoader.exe" [2011-03-16 28672]

"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" [2011-12-07 214312]

"LVT"="c:\program files\Lenovo\LVT\LJYZ.exe" [2011-11-24 886112]

"CLMLServer"="c:\program files (x86)\Lenovo\Power2Go\CLMLSvc.exe" [2009-12-04 103720]

"UpdateP2GoShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2011-12-07 214312]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-08-30 624056]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-09-01 296096]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-19 116648]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-16 363800]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-25 250568]

R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2011-12-21 274200]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-19 116648]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-05 331264]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-28 31124344]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-05 1255736]

R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-07-18 27760]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-07-18 86224]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]

S2 JME Keyboard;JME Keyboard Driver;c:\windows\jmesoft\Service.exe [2011-03-16 32768]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]

S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2012-03-29 66560]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]

S2 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]

S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2010-03-09 6245744]

S2 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]

S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-09 60184]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]

S3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [2010-08-31 10752]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]

S3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3hub.sys [2011-11-21 101376]

S3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3xhc.sys [2011-11-21 217088]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-01-24 18216]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

iissvcs REG_MULTI_SZ w3svc was

apphost REG_MULTI_SZ apphostsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-09-14 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 01:28]

.

2012-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-19 15:27]

.

2012-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-19 15:27]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2012-07-20 19:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2012-07-20 19:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2012-07-20 19:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2012-07-20 19:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-12-21 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-12-21 398104]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-12-21 440600]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-09-05 12850792]

"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" [2011-12-07 214312]

"omsie"="c:\users\Dad's\AppData\Roaming\omsie.dll" [bU]

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Dad's\AppData\Roaming\Mozilla\Firefox\Profiles\s5mgfb9m.default\

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

c:\program files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2012-09-14 11:03:42 - machine was rebooted

ComboFix-quarantined-files.txt 2012-09-14 15:03

ComboFix2.txt 2012-09-14 02:37

.

Pre-Run: 900,830,875,648 bytes free

Post-Run: 900,406,009,856 bytes free

.

- - End Of File - - 6E1E3993D7D0E7074546D3449DFC79C2

[Maniac]

Good!

Could you please compress for me the following folder: C:\Qoobox\Quarantine and then to upload it somewhere, for example in www.rapidshare.com . Next, send me a download link via PM.

http://windows.microsoft.com/en-US/windows7/Compress-and-uncompress-files-zip-files

Thanks in advance!

[blantonr]

Done, link sent.

[Maniac]

Thanks!

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

[blantonr]

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

[Maniac]

How are things now?

[blantonr]

Very good, no further issues that were reported. The disk error was being caused

by the USB key being set to the first boot device in BIOS. I changed that order

back to the HD after checking google to see what could cause it. All is back to normal

other than screen that pops up when I reboot. See below.

I am currently getting a RunDLL error on boot up:

There was a problem starting C:\\Users\Dad's\AppData\Roaming\omsie.dll

The specified module could not be found.

This was removed in one of the sweeps we did. I just click ok on the box which

gives that alert and all is fine. No idea what omsie.dll is or was.

[Maniac]

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"omsie"=-

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

[blantonr]

The first time I ran it, combofix updated, and the same thing occured, so I repeated and the message no longer appears. Here is the log.

ComboFix 12-09-16.01 - Dad's 09/17/2012 10:04:33.4.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6109.4231 [GMT -4:00]

Running from: c:\users\Dad's\Desktop\ComboFix.exe

Command switches used :: c:\users\Dad's\Desktop\CFScript.txt

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Dad's\AppData\Local\Temp\_MEI51282\_ctypes.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI51282\_elementtree.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI51282\_hashlib.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI51282\_socket.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI51282\_ssl.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI51282\pyexpat.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI51282\pysqlite2._sqlite.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI51282\python26.dll

c:\users\Dad's\AppData\Local\Temp\_MEI51282\pythoncom26.dll

c:\users\Dad's\AppData\Local\Temp\_MEI51282\PyWinTypes26.dll

c:\users\Dad's\AppData\Local\Temp\_MEI51282\select.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI51282\unicodedata.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI51282\win32api.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI51282\win32com.shell.shell.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI51282\win32crypt.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI51282\win32event.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI51282\win32file.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI51282\win32inet.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI51282\win32pdh.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI51282\win32process.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI51282\windows._cacheinvalidation.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI51282\wx._controls_.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI51282\wx._core_.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI51282\wx._gdi_.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI51282\wx._html2.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI51282\wx._misc_.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI51282\wx._windows_.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI51282\wx._wizard.pyd

c:\users\Dad's\AppData\Local\Temp\_MEI51282\wxbase293u_net_vc.dll

c:\users\Dad's\AppData\Local\Temp\_MEI51282\wxbase293u_vc.dll

c:\users\Dad's\AppData\Local\Temp\_MEI51282\wxmsw293u_adv_vc.dll

c:\users\Dad's\AppData\Local\Temp\_MEI51282\wxmsw293u_core_vc.dll

c:\users\Dad's\AppData\Local\Temp\_MEI51282\wxmsw293u_html_vc.dll

c:\users\Dad's\AppData\Local\Temp\_MEI51282\wxmsw293u_webview_vc.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-08-17 to 2012-09-17 )))))))))))))))))))))))))))))))

.

.

2012-09-17 14:11 . 2012-09-17 14:11 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-09-17 14:11 . 2012-09-17 14:11 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-09-16 21:45 . 2012-09-16 21:46 -------- d-----w- c:\users\DefaultAppPool

2012-09-16 21:41 . 2012-09-16 21:41 -------- d-----w- c:\users\Dad's\AppData\Local\Microsoft Games

2012-09-16 21:21 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0C5D9D4E-09B2-4411-B2D7-6950BB8BE118}\mpengine.dll

2012-09-15 22:09 . 2012-09-15 22:09 -------- d-----w- c:\program files\Microsoft Silverlight

2012-09-15 22:09 . 2012-09-15 22:09 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2012-09-15 15:11 . 2012-09-15 15:11 -------- d-----w- c:\program files (x86)\ESET

2012-09-14 02:49 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-09-14 02:49 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll

2012-09-14 02:49 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2012-09-14 02:49 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys

2012-09-14 02:49 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-09-14 02:49 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-09-14 02:49 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-09-10 15:15 . 2012-09-11 15:00 -------- d-----w- c:\users\Dad's\AppData\Local\ElevatedDiagnostics

2012-09-10 14:46 . 2007-03-23 20:55 35928 ----a-w- c:\windows\system32\AdobePDF64.dll

2012-09-10 14:37 . 2012-09-10 14:37 -------- d-----w- c:\windows\SysWow64\BestPractices

2012-09-10 14:37 . 2012-09-10 14:37 -------- d-----w- c:\windows\system32\BestPractices

2012-09-10 14:37 . 2012-09-10 14:37 -------- d-----w- C:\inetpub

2012-09-08 21:56 . 2012-09-08 21:56 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services

2012-09-08 21:56 . 2012-09-08 21:56 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework

2012-09-08 21:54 . 2012-09-08 21:54 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8

2012-09-08 21:53 . 2012-09-08 21:53 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services

2012-09-08 21:53 . 2012-09-08 21:53 -------- d-----w- c:\users\Dad's\AppData\Local\Microsoft Help

2012-09-08 21:53 . 2012-09-16 21:23 -------- d-----w- c:\programdata\Microsoft Help

2012-09-08 21:24 . 2012-09-15 16:06 -------- d-----w- C:\Downloads

2012-09-06 06:27 . 2012-09-06 06:40 -------- d-----w- c:\programdata\Corel Painter 12

2012-09-06 06:09 . 2012-09-06 06:09 -------- d-----w- c:\users\Dad's\AppData\Roaming\Avira

2012-09-06 06:03 . 2012-09-06 06:03 -------- d-----w- c:\programdata\Avira

2012-09-06 06:03 . 2012-09-06 06:03 -------- d-----w- c:\program files (x86)\Avira

2012-09-06 06:03 . 2012-07-18 22:05 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2012-09-06 06:03 . 2012-07-18 22:05 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2012-09-06 06:03 . 2012-07-18 22:05 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys

2012-09-06 02:08 . 2012-09-06 02:08 -------- d-----w- c:\users\Dad's\AppData\Roaming\Malwarebytes

2012-09-06 02:08 . 2012-09-11 14:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-09-06 02:08 . 2012-09-07 21:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-06 02:08 . 2012-09-06 02:08 -------- d-----w- c:\programdata\Malwarebytes

2012-09-06 01:47 . 2012-09-06 01:47 102400 ----a-w- c:\windows\RegBootClean.exe

2012-09-06 01:43 . 2012-06-05 07:37 256904 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys

2012-09-05 15:47 . 2012-09-06 02:16 -------- d-----w- c:\programdata\7531CCA90048280B0269C95CF875F002

2012-09-05 15:47 . 2012-09-05 15:47 -------- d-----w- c:\users\Dad's\AppData\Local\{FDA88BDF-F770-11E1-8270-B8AC6F996F26}

2012-09-01 15:42 . 2012-09-01 15:42 -------- d-----w- c:\program files (x86)\Common Files\xing shared

2012-09-01 15:41 . 2012-09-01 15:42 -------- d-----w- c:\program files (x86)\Real

2012-08-25 19:56 . 2012-09-06 02:17 -------- d-----w- c:\users\Dad's\AppData\Roaming\Apple Computer

2012-08-25 19:55 . 2012-08-25 19:55 -------- d-----w- c:\users\Dad's\AppData\Local\Apple Computer

2012-08-25 19:53 . 2012-08-25 19:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-08-25 19:53 . 2012-08-25 19:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-08-25 19:53 . 2012-08-25 19:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-08-25 19:53 . 2012-08-25 19:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-08-25 19:53 . 2012-08-25 19:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-08-25 19:53 . 2012-08-25 19:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-08-25 19:53 . 2012-08-25 19:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-08-25 19:53 . 2012-08-25 19:53 -------- d-----w- c:\programdata\Apple Computer

2012-08-25 19:53 . 2012-08-25 19:53 -------- d-----w- c:\program files (x86)\Common Files\Apple

2012-08-25 19:53 . 2012-08-25 19:53 -------- d-----w- c:\users\Dad's\AppData\Local\Apple

2012-08-25 19:53 . 2012-08-25 19:53 -------- d-----w- c:\programdata\Apple

2012-08-25 19:53 . 2012-08-25 19:53 -------- d-----w- c:\program files (x86)\Apple Software Update

2012-08-24 14:49 . 2012-08-24 14:50 -------- d-----w- C:\DigitalImpressions

2012-08-24 12:52 . 2012-08-24 12:52 -------- dc-h--w- c:\programdata\{774331FE-B8E8-4A4B-AFDF-F018F99FB73A}

2012-08-24 12:52 . 2012-08-24 12:52 -------- d-----w- c:\program files\Common Files\Topaz Labs

2012-08-24 12:52 . 2012-08-24 12:52 -------- dc-h--w- c:\programdata\{6B992C6A-E6B0-418F-9B21-FE4BF85AD3BE}

2012-08-24 12:52 . 2012-08-24 12:52 -------- d-----w- c:\program files (x86)\Topaz Labs

2012-08-24 12:52 . 2012-08-24 12:52 -------- d-----w- c:\program files (x86)\Common Files\Topaz Labs

2012-08-24 12:51 . 2012-08-24 12:51 -------- d-----w- c:\users\Dad's\AppData\Local\PackageAware

2012-08-22 05:54 . 2012-08-22 05:54 -------- d-----w- c:\users\UpdatusUser\AppData\Roaming\onOne Software

2012-08-22 05:54 . 2012-08-22 05:54 -------- d-----w- c:\users\Default\AppData\Roaming\onOne Software

2012-08-22 05:54 . 2012-09-03 05:48 -------- d-----w- c:\users\Dad's\AppData\Roaming\onOne Software

2012-08-22 05:46 . 2012-08-22 05:47 -------- d-----w- c:\users\Dad's\Pro Suite

2012-08-22 05:39 . 2012-08-22 05:54 -------- d-----w- c:\program files\onOne Software

2012-08-22 05:39 . 2012-08-22 05:54 -------- d-----w- c:\program files (x86)\onOne Software

2012-08-22 05:39 . 2012-03-29 01:42 66560 ----a-w- c:\windows\SysWow64\nlssrv32.exe

2012-08-22 05:39 . 2012-03-29 01:42 66560 ----a-w- c:\windows\system32\nlssrv32.exe

2012-08-22 05:39 . 2012-08-22 05:52 -------- d-----w- c:\programdata\onOne Software

2012-08-20 17:34 . 2012-08-20 17:34 -------- d-----w- c:\program files\Google

2012-08-20 05:26 . 2012-08-20 05:26 -------- d-----w- c:\users\Dad's\AppData\Roaming\Corel

2012-08-20 05:18 . 2012-08-20 05:18 -------- d-----w- c:\program files (x86)\Common Files\Corel

2012-08-20 05:18 . 2012-08-20 05:26 -------- d-----w- c:\programdata\Corel

2012-08-20 05:18 . 2012-08-20 05:18 -------- d-----w- c:\program files\Common Files\Protexis

2012-08-20 05:17 . 2012-08-20 05:17 -------- d-----w- c:\program files\Corel

2012-08-20 04:28 . 2012-09-17 14:12 -------- d-----w- c:\users\Dad's\AppData\Roaming\WTablet

2012-08-20 04:28 . 2010-03-09 00:47 9056624 ------w- c:\windows\system32\WacomTablet.cpl

2012-08-20 04:28 . 2007-02-16 19:12 12848 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys

2012-08-20 04:28 . 2009-09-21 23:29 16168 ----a-w- c:\windows\system32\drivers\wacomvhid.sys

2012-08-20 04:28 . 2010-01-24 23:32 18216 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys

2012-08-20 04:28 . 2012-08-20 04:28 -------- d-----w- c:\windows\system32\WTablet

2012-08-20 04:28 . 2010-03-09 00:47 415600 ------w- c:\windows\SysWow64\Wacom_Tablet.dll

2012-08-20 04:28 . 2010-03-09 00:40 294400 ------w- c:\windows\SysWow64\Wintab32.dll

2012-08-20 04:28 . 2010-03-09 00:47 488816 ------w- c:\windows\system32\Wacom_Tablet.dll

2012-08-20 04:28 . 2010-03-09 00:47 6245744 ------w- c:\windows\system32\Wacom_Tablet.exe

2012-08-20 04:28 . 2012-08-20 04:28 -------- d-----w- c:\program files (x86)\Tablet

2012-08-20 03:26 . 2012-09-06 15:38 -------- d-----w- c:\programdata\FLEXnet

2012-08-20 03:23 . 2012-08-20 03:23 -------- d-----w- c:\program files (x86)\Common Files\Control Panels

2012-08-20 03:21 . 2012-08-20 03:21 -------- d-----w- c:\programdata\ALM

2012-08-20 03:19 . 2012-08-25 19:53 -------- d-----w- c:\program files (x86)\QuickTime

2012-08-20 02:46 . 2007-02-20 20:04 190696 ----a-w- c:\windows\SysWow64\NPSWF32_FlashUtil.exe

2012-08-20 02:46 . 2007-02-20 20:04 2463976 ----a-w- c:\windows\SysWow64\NPSWF32.dll

2012-08-20 02:44 . 2012-08-20 02:44 -------- d-----w- c:\windows\SysWow64\spool

2012-08-20 02:44 . 2012-08-20 02:44 -------- d-----w- c:\program files (x86)\Bonjour

2012-08-20 02:43 . 2012-08-20 02:43 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared

2012-08-20 00:30 . 2012-08-20 00:30 -------- d-----w- c:\users\Dad's\AppData\Local\Diagnostics

2012-08-19 15:28 . 2012-09-17 07:37 -------- d-s---w- c:\users\Dad's\Google Drive

2012-08-19 15:27 . 2012-08-20 17:34 -------- d-----w- c:\program files (x86)\Google

2012-08-19 15:27 . 2012-08-20 19:07 -------- d-----w- c:\users\Dad's\AppData\Local\Google

2012-08-19 15:20 . 2012-08-19 15:20 -------- d-----w- c:\users\Dad's\AppData\Local\Macromedia

2012-08-19 15:15 . 2012-08-24 13:06 -------- d-----w- c:\users\Dad's\AppData\Local\Adobe

2012-08-19 04:02 . 2012-08-19 04:02 -------- d-----w- c:\users\Dad's\AppData\Local\Mozilla

2012-08-19 04:02 . 2012-08-19 04:02 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-16 21:20 . 2012-08-17 01:43 64462936 ----a-w- c:\windows\system32\MRT.exe

2012-09-01 15:42 . 2003-10-17 16:44 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

2012-09-01 15:42 . 2003-10-17 16:44 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2012-08-25 01:28 . 2012-08-15 15:17 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-25 01:28 . 2012-05-13 03:22 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-05 07:05 . 2012-08-05 07:05 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-08-05 07:05 . 2012-08-05 07:05 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-08-05 07:05 . 2012-08-05 07:05 89088 ----a-w- c:\windows\system32\ie4uinit.exe

2012-08-05 07:05 . 2012-08-05 07:05 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2012-08-05 07:05 . 2012-08-05 07:05 85504 ----a-w- c:\windows\system32\iesetup.dll

2012-08-05 07:05 . 2012-08-05 07:05 82432 ----a-w- c:\windows\system32\icardie.dll

2012-08-05 07:05 . 2012-08-05 07:05 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2012-08-05 07:05 . 2012-08-05 07:05 76800 ----a-w- c:\windows\system32\tdc.ocx

2012-08-05 07:05 . 2012-08-05 07:05 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-08-05 07:05 . 2012-08-05 07:05 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2012-08-05 07:05 . 2012-08-05 07:05 697344 ----a-w- c:\windows\system32\msfeeds.dll

2012-08-05 07:05 . 2012-08-05 07:05 65024 ----a-w- c:\windows\system32\pngfilt.dll

2012-08-05 07:05 . 2012-08-05 07:05 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2012-08-05 07:05 . 2012-08-05 07:05 603648 ----a-w- c:\windows\system32\vbscript.dll

2012-08-05 07:05 . 2012-08-05 07:05 55296 ----a-w- c:\windows\system32\msfeedsbs.dll

2012-08-05 07:05 . 2012-08-05 07:05 534528 ----a-w- c:\windows\system32\ieapfltr.dll

2012-08-05 07:05 . 2012-08-05 07:05 49664 ----a-w- c:\windows\system32\imgutil.dll

2012-08-05 07:05 . 2012-08-05 07:05 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2012-08-05 07:05 . 2012-08-05 07:05 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-08-05 07:05 . 2012-08-05 07:05 452608 ----a-w- c:\windows\system32\dxtmsft.dll

2012-08-05 07:05 . 2012-08-05 07:05 448512 ----a-w- c:\windows\system32\html.iec

2012-08-05 07:05 . 2012-08-05 07:05 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-08-05 07:05 . 2012-08-05 07:05 403248 ----a-w- c:\windows\system32\iedkcs32.dll

2012-08-05 07:05 . 2012-08-05 07:05 39936 ----a-w- c:\windows\system32\iernonce.dll

2012-08-05 07:05 . 2012-08-05 07:05 3695416 ----a-w- c:\windows\system32\ieapfltr.dat

2012-08-05 07:05 . 2012-08-05 07:05 367104 ----a-w- c:\windows\SysWow64\html.iec

2012-08-05 07:05 . 2012-08-05 07:05 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2012-08-05 07:05 . 2012-08-05 07:05 30720 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-05 07:05 . 2012-08-05 07:05 282112 ----a-w- c:\windows\system32\dxtrans.dll

2012-08-05 07:05 . 2012-08-05 07:05 267776 ----a-w- c:\windows\system32\ieaksie.dll

2012-08-05 07:05 . 2012-08-05 07:05 249344 ----a-w- c:\windows\system32\webcheck.dll

2012-08-05 07:05 . 2012-08-05 07:05 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-08-05 07:05 . 2012-08-05 07:05 222208 ----a-w- c:\windows\system32\msls31.dll

2012-08-05 07:05 . 2012-08-05 07:05 197120 ----a-w- c:\windows\system32\msrating.dll

2012-08-05 07:05 . 2012-08-05 07:05 165888 ----a-w- c:\windows\system32\iexpress.exe

2012-08-05 07:05 . 2012-08-05 07:05 163840 ----a-w- c:\windows\system32\ieakui.dll

2012-08-05 07:05 . 2012-08-05 07:05 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2012-08-05 07:05 . 2012-08-05 07:05 160256 ----a-w- c:\windows\system32\wextract.exe

2012-08-05 07:05 . 2012-08-05 07:05 160256 ----a-w- c:\windows\system32\ieakeng.dll

2012-08-05 07:05 . 2012-08-05 07:05 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2012-08-05 07:05 . 2012-08-05 07:05 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2012-08-05 07:05 . 2012-08-05 07:05 149504 ----a-w- c:\windows\system32\occache.dll

2012-08-05 07:05 . 2012-08-05 07:05 145920 ----a-w- c:\windows\system32\iepeers.dll

2012-08-05 07:05 . 2012-08-05 07:05 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-08-05 07:05 . 2012-08-05 07:05 12288 ----a-w- c:\windows\system32\mshta.exe

2012-08-05 07:05 . 2012-08-05 07:05 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2012-08-05 07:05 . 2012-08-05 07:05 114176 ----a-w- c:\windows\system32\admparse.dll

2012-08-05 07:05 . 2012-08-05 07:05 111616 ----a-w- c:\windows\system32\iesysprep.dll

2012-08-05 07:05 . 2012-08-05 07:05 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2012-08-05 07:05 . 2012-08-05 07:05 10752 ----a-w- c:\windows\system32\msfeedssync.exe

2012-08-05 07:05 . 2012-08-05 07:05 103936 ----a-w- c:\windows\system32\inseng.dll

2012-08-05 07:05 . 2012-08-05 07:05 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2012-08-04 14:40 . 2010-06-24 18:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-07-18 18:15 . 2012-08-14 19:36 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-06 02:06 . 2012-08-04 03:09 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-07-06 02:06 . 2012-08-04 03:09 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-07-04 22:16 . 2012-08-14 19:36 73216 ----a-w- c:\windows\system32\netapi32.dll

2012-07-04 22:13 . 2012-08-14 19:36 59392 ----a-w- c:\windows\system32\browcli.dll

2012-07-04 22:13 . 2012-08-14 19:36 136704 ----a-w- c:\windows\system32\browser.dll

2012-07-04 21:14 . 2012-08-14 19:36 41984 ----a-w- c:\windows\SysWow64\browcli.dll

2012-06-29 04:55 . 2012-08-15 07:01 17809920 ----a-w- c:\windows\system32\mshtml.dll

2012-06-29 04:09 . 2012-08-15 07:01 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-06-29 03:56 . 2012-08-15 07:01 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-06-29 03:49 . 2012-08-15 07:01 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-06-29 03:49 . 2012-08-15 07:01 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-06-29 03:48 . 2012-08-15 07:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-29 03:47 . 2012-08-15 07:01 237056 ----a-w- c:\windows\system32\url.dll

2012-06-29 03:45 . 2012-08-15 07:01 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-06-29 03:44 . 2012-08-15 07:01 816640 ----a-w- c:\windows\system32\jscript.dll

2012-06-29 03:43 . 2012-08-15 07:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-29 03:42 . 2012-08-15 07:01 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-06-29 03:40 . 2012-08-15 07:01 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-06-29 03:39 . 2012-08-15 07:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-29 03:35 . 2012-08-15 07:01 248320 ----a-w- c:\windows\system32\ieui.dll

2012-06-29 00:16 . 2012-08-15 07:01 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-06-29 00:09 . 2012-08-15 07:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-06-29 00:08 . 2012-08-15 07:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-06-29 00:04 . 2012-08-15 07:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-06-29 00:00 . 2012-08-15 07:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

.

.

((((((((((((((((((((((((((((( SnapShot_2012-09-17_07.32.08 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-09-17 14:11 . 2012-09-17 14:11 13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat

- 2012-09-17 07:30 . 2012-09-17 07:30 13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat

+ 2010-11-21 03:09 . 2012-09-17 07:38 49958 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-09-17 07:38 39788 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 04:46 . 2012-09-17 07:36 97224 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2012-08-04 02:47 . 2012-09-17 07:38 8250 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2398400545-2579640428-1289850962-1001_UserData.bin

+ 2011-09-01 13:23 . 2012-09-17 07:36 3699 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Wacom_Tablet.dat

- 2011-09-01 13:23 . 2012-09-17 07:31 3699 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Wacom_Tablet.dat

- 2012-09-17 07:31 . 2012-09-17 07:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-09-17 14:12 . 2012-09-17 14:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-09-17 14:12 . 2012-09-17 14:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-09-17 07:31 . 2012-09-17 07:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-08-04 04:49 . 2012-09-17 13:59 292626 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

- 2009-07-14 02:36 . 2012-09-16 21:32 652444 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-09-17 07:41 652444 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-09-17 07:41 113866 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-09-16 21:32 113866 c:\windows\system32\perfc009.dat

- 2009-07-14 05:01 . 2012-09-17 07:30 468328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-09-17 14:11 468328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2012-08-04 03:12 . 2012-09-17 07:30 10359484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2398400545-2579640428-1289850962-1001-8192.dat

+ 2012-08-04 03:12 . 2012-09-17 14:11 10359484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2398400545-2579640428-1289850962-1001-8192.dat

- 2012-08-05 07:40 . 2012-09-17 07:30 12934588 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2398400545-2579640428-1289850962-1001-4096.dat

+ 2012-08-05 07:40 . 2012-09-17 14:11 12934588 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2398400545-2579640428-1289850962-1001-4096.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]

"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-07-20 12218904]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]

"RUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe" [2011-09-20 115048]

"jmekey"="c:\windows\jmesoft\hotkey.exe" [2011-06-08 118784]

"jmesoft"="c:\windows\jmesoft\ServiceLoader.exe" [2011-03-16 28672]

"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" [2011-12-07 214312]

"LVT"="c:\program files\Lenovo\LVT\LJYZ.exe" [2011-11-24 886112]

"CLMLServer"="c:\program files (x86)\Lenovo\Power2Go\CLMLSvc.exe" [2009-12-04 103720]

"UpdateP2GoShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2011-12-07 214312]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-08-30 624056]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-09-01 296096]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-19 116648]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-25 250568]

R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2011-12-21 274200]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-19 116648]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-05 331264]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-05 1255736]

R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-07-18 27760]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-07-18 86224]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]

S2 JME Keyboard;JME Keyboard Driver;c:\windows\jmesoft\Service.exe [2011-03-16 32768]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]

S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2012-03-29 66560]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]

S2 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]

S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2010-03-09 6245744]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-16 363800]

S2 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]

S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-09 60184]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]

S3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [2010-08-31 10752]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]

S3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3hub.sys [2011-11-21 101376]

S3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3xhc.sys [2011-11-21 217088]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-01-24 18216]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

iissvcs REG_MULTI_SZ w3svc was

apphost REG_MULTI_SZ apphostsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-09-17 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 01:28]

.

2012-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-19 15:27]

.

2012-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-19 15:27]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2012-07-20 19:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2012-07-20 19:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2012-07-20 19:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2012-07-20 19:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-12-21 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-12-21 398104]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-12-21 440600]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-09-05 12850792]

"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" [2011-12-07 214312]

"omsie"="c:\users\Dad's\AppData\Roaming\omsie.dll" [bU]

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Dad's\AppData\Roaming\Mozilla\Firefox\Profiles\s5mgfb9m.default\

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

c:\program files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2012-09-17 10:15:40 - machine was rebooted

ComboFix-quarantined-files.txt 2012-09-17 14:15

ComboFix2.txt 2012-09-17 07:34

ComboFix3.txt 2012-09-14 15:03

ComboFix4.txt 2012-09-14 02:37

.

Pre-Run: 899,992,059,904 bytes free

Post-Run: 899,552,047,104 bytes free

.

- - End Of File - - B62F3971631275E18C62C4F6040AABAF

[Maniac]

So everything is fine now, right?

[blantonr]

All is well in computer city, thank you for your help.

[Maniac]

Glad I could help!

Please uninstall ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix#uninstall

Next, uninstall ESET Online Scanner and then manually delete DDS and FixExec.

Some malware prevention tips:

http://www.users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing!

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!