Persistent Trojan.Gen

caseyjmorton · March 27, 2013

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16521 BrowserJavaVersion: 10.17.2

Run by 601292 at 22:22:33 on 2013-03-26

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.7338.4096 [GMT -4:00]

.

AV: Lavasoft Ad-Aware *Disabled/Outdated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}

AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Lavasoft Ad-Aware *Disabled/Outdated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}

SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\Sandboxie\SbieSvc.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Symantec\pcAnywhere\awhost32.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files (x86)\Symantec\pcAnywhere\AWHPROBE.EXE

C:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\ShrewSoft\VPN Client\dtpd.exe

C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files\ShrewSoft\VPN Client\iked.exe

C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe

C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe

C:\Windows\system32\mqsvc.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

C:\Program Files\Logitech\FlowScroll\KhalScroll.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe

C:\Users\601292\AppData\Roaming\Google\Google Talk\googletalk.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe

C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe

C:\Windows\system32\DRIVERS\o2flash.exe

C:\Users\601292\AppData\Local\Programs\Google\MusicManager\MusicManager.exe

C:\Program Files (x86)\Novation\Automap\AutomapServer.exe

C:\Program Files (x86)\InstantEyedropper\InstantEyedropper.exe

C:\Windows\SysWOW64\srvany.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Windows\sysWOW64\SDIOAssist.exe

C:\Program Files (x86)\PuTTY\pageant.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files (x86)\Microsoft Lync\communicator.exe

C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe

C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe

C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Program Files (x86)\GoZone\GoZone_iSync.exe

C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe

C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe

C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

C:\Windows\SysWOW64\vmnat.exe

C:\Windows\system32\svchost.exe -k iissvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe

C:\Users\601292\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe

C:\Users\601292\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe

C:\Windows\SysWOW64\vmnetdhcp.exe

C:\Users\601292\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Program Files\Altiris\Altiris Agent\x86\AeXNSAgentHostSurrogate32.exe

C:\Users\601292\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe

C:\Program Files (x86)\Symantec\pcAnywhere\pcaEvents.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Novation\Automap\MidiAutomapClient.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Users\601292\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://bluroom.luxottica.com/en/

uDefault_Page_URL = hxxp://bluroom.luxottica.com/en/

uProxyOverride = <-loopback>

mWinlogon: Userinit = userinit.exe,

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll

BHO: Logitech Flow Scroll: {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\FlowScroll\32-bit\LogiSmooth.dll

BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files (x86)\CA\ERwin Data Modeler r9\JRE\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

EB: Web Test Recorder 10.0: {5802D092-1784-4908-8CDB-99B6842D353D} -

uRun: [safeBootTokWatch] "C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe"

uRun: [googletalk] C:\Users\601292\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart

uRun: [Google Update] "C:\Users\601292\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [iSUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler

uRun: [MusicManager] "C:\Users\601292\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"

uRun: [Novation Automap Server] "C:\Program Files (x86)\Novation\Automap\AutomapServer.exe"

uRun: [instanteyedropper] "C:\Program Files (x86)\InstantEyedropper\InstantEyedropper.exe"

mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey

mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"

mRun: [safeBootTrayManager] "C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe"

mRun: [safeBootTokenWatcher] "C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe"

mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

mRun: [ArcSoft MediaImpression Monitor] C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"

mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run

mRun: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"

mRun: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe

mRun: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\Users\601292\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GOZONE~1.LNK - C:\Program Files (x86)\GoZone\GoZone_iSync.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Pageant.lnk - C:\Program Files (x86)\PuTTY\pageant.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-System: NoDispScrSavPage = dword:1

uPolicies-System: SB_NoDispScrSavPage = dword:1

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

mPolicies-System: DisableCAD = dword:1

mPolicies-System: NoDispScrSavPage = dword:1

mPolicies-System: SB_NoDispScrSavPage = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

LSP: %SystemRoot%\system32\vsocklib.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab

DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} - hxxps://alliances.trizetto.com/InternalSite/WhlCompMgr.cab

DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab

DPF: {FCADE536-93F5-4577-80A3-E7C32FAC4C7D} - hxxp://atl-hpqsapp01.lenscrafters.com:8080/qcbin/Spider10.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{36D985EE-299C-4F92-B0C6-598BFA1558CA} : NameServer = 10.80.179.20,10.80.224.20

TCP: Interfaces\{DB5E60B8-ABCA-483E-B143-E903F4ED0CA3} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{DB5E60B8-ABCA-483E-B143-E903F4ED0CA3}\2457379744F66756D27657563747 : DHCPNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{DB5E60B8-ABCA-483E-B143-E903F4ED0CA3}\3554657455543545 : DHCPNameServer = 10.100.111.10 172.19.142.10

TCP: Interfaces\{DB5E60B8-ABCA-483E-B143-E903F4ED0CA3}\D4F62747F6E6D4F62696C656 : DHCPNameServer = 192.168.2.254

TCP: Interfaces\{DB5E60B8-ABCA-483E-B143-E903F4ED0CA3}\D4F6E676F602D416769636 : DHCPNameServer = 192.168.200.1

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Notify: PCANotify - PCANotify.dll

Notify: SDWinLogon - SDWinLogon.dll

AppInit_DLLs= AMINIT32.DLL

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

IFEO: taskmgr.exe - "C:\PROGRAM FILES (X86)\SYSINTERNALS\PROCEXP.EXE"

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll

x64-BHO: Logitech Flow Scroll: {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\FlowScroll\LogiSmooth.dll

x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

x64-Run: [LogiScrollApp] C:\Program Files\Logitech\FlowScroll\KhalScroll.exe

x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-Run: [TortoiseHgOverlayIconServer] C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"

.

INFO: x64-HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

x64-DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

x64-DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Notify: igfxcui - igfxdev.dll

x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-IFEO: taskmgr.exe - "C:\PROGRAM FILES (X86)\SYSINTERNALS\PROCEXP.EXE"

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\601292\AppData\Roaming\Mozilla\Firefox\Profiles\22akjndi.default\

FF - prefs.js: browser.search.selectedEngine - Claro Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll

FF - plugin: C:\Users\601292\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Users\601292\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\601292\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Users\601292\AppData\Roaming\Mozilla\plugins\npo1d.dll

FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: !HIDDEN! 2012-03-11 10:40; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.BabylonToolbar_i.id - b6293aa40000000000006480994c9ec0

FF - user.js: extensions.BabylonToolbar_i.hardId - b6293aa40000000000006480994c9ec0

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15542

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

FF - user.js: extensions.BabylonToolbar.autoRvrt - false

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=b6293aa40000000000006480994c9ec0&q=

FF - user.js: extensions.BabylonToolbar.id - b6293aa40000000000006480994c9ec0

FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}

FF - user.js: extensions.BabylonToolbar.instlDay - 15603

FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12

FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1216:00:58

FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar.tlbrId - base

FF - user.js: extensions.BabylonToolbar.instlRef - sst

FF - user.js: extensions.BabylonToolbar.dfltLng - en

FF - user.js: extensions.BabylonToolbar.excTlbr - false

FF - user.js: extensions.BabylonToolbar.admin - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110195&tt=120912_nocpc_3812_2

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.claro.tlbrSrchUrl -

FF - user.js: extensions.claro.id - b6293aa40000000000006480994c9ec1

FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062}

FF - user.js: extensions.claro.instlDay - 15646

FF - user.js: extensions.claro.vrsn - 1.8.3.10

FF - user.js: extensions.claro.vrsni - 1.8.3.10

FF - user.js: extensions.claro_i.vrsnTs - 1.8.3.109:52:34

FF - user.js: extensions.claro.prtnrId - claro

FF - user.js: extensions.claro.prdct - claro

FF - user.js: extensions.claro.aflt - babsst

FF - user.js: extensions.claro_i.smplGrp - none

FF - user.js: extensions.claro.tlbrId - claro

FF - user.js: extensions.claro.instlRef - sst

FF - user.js: extensions.claro.dfltLng - en

FF - user.js: extensions.claro.excTlbr - false

FF - user.js: extensions.claro.admin - false

.

============= SERVICES / DRIVERS ===============

.

R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2012-11-26 14456]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-7-10 56208]

R0 SBAlg;SBAlg;C:\Windows\System32\drivers\sbalg.sys [2012-2-13 60128]

R0 SbFsLock;SbFsLock;C:\Windows\System32\drivers\sbfslock.sys [2012-2-13 15616]

R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2012-2-13 21616]

R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2012-5-17 93272]

R1 RsvLock;RsvLock;C:\Windows\System32\drivers\rsvlock.sys [2012-2-13 58112]

R1 SbFlop;SbFlop;C:\Windows\System32\drivers\sbflop.sys [2012-2-13 23296]

R1 SbRegFlt;SbRegFlt;C:\Windows\System32\drivers\sbregflt.sys [2012-2-13 15616]

R1 vflt;Shrew Soft Lightweight Filter;C:\Windows\System32\drivers\vfilter.sys [2010-9-2 21504]

R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-11-21 1236368]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-2-7 89600]

R2 CodeMeter.exe;CodeMeter Runtime Server;C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2012-12-19 2571704]

R2 dtpd;ShrewSoft DNS Proxy Daemon;C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -service --> C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -service [?]

R2 HerculesDJControlMP3;Hercules DJ Control MP3;C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE [2013-2-17 18944]

R2 iked;ShrewSoft IKE Daemon;C:\Program Files\ShrewSoft\VPN Client\iked.exe -service --> C:\Program Files\ShrewSoft\VPN Client\iked.exe -service [?]

R2 ipsecd;ShrewSoft IPSEC Daemon;C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service --> C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service [?]

R2 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-4-1 67400]

R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2012-10-4 6371192]

R2 O2SDIOAssist;O2SDIOAssist;C:\Windows\SysWOW64\srvany.exe [2012-2-7 8192]

R2 SafeBootClientManager;SafeBoot Client Manager;C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe [2009-4-23 380988]

R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2010-12-20 1831024]

R2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2012-5-17 149904]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-2-7 2656280]

R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-29 846448]

R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2012-2-13 27760]

R3 AeXAgentSrvHost;AeXAgentSrvHost;C:\Program Files\Altiris\Altiris Agent\x86\AeXNSAgentHostSurrogate32.exe [2012-10-12 317312]

R3 automap;Automap MIDI Driver;C:\Windows\System32\drivers\automap.sys [2012-11-23 18776]

R3 bpenum;Intel® Centrino® WiMAX Enumerator;C:\Windows\System32\drivers\bpenum.sys [2012-2-7 75264]

R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2012-2-7 173568]

R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;C:\Windows\System32\drivers\bpusb.sys [2012-2-7 81408]

R3 cvusbdrv;Dell ControlVault;C:\Windows\System32\drivers\cvusbdrv.sys [2012-2-7 38440]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-14 138912]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-10-17 317440]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2011-9-2 76056]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2011-9-2 15128]

R3 O2SDJRDR;O2SDJRDR;C:\Windows\System32\drivers\o2sdjw7x64.sys [2011-3-23 83560]

R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-6-17 166576]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-9 123856]

S2 DisplayFusionService;DisplayFusionService;C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [2013-2-12 1243024]

S2 IBMWAS80Service - L07-FPYLFS1Node01;IBM WebSphere Application Server V8.0 - L07-FPYLFS1Node01;"C:\Program Files (x86)\IBM\WebSphere\AppServer\bin\wasservice.exe" "IBMWAS80Service - L07-FPYLFS1Node01" --> C:\Program Files (x86)\IBM\WebSphere\AppServer\bin\wasservice.exe [?]

S2 MouseWithoutBordersSvc;Mouse without Borders Service;C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [2012-10-24 27872]

S2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-9-20 3677000]

S3 AltirisAgentProvider;AltirisAgentProvider;C:\Program Files\Altiris\Altiris Agent\Agents\WMIProviderAgent\AltirisAgentProvider.exe [2012-10-12 408448]

S3 Bulk;HDJBulk;C:\Windows\System32\drivers\HDJBulk.sys [2012-12-10 238960]

S3 ConfigService;Altiris Deployment Solution - System Configuration;C:\Program Files\Altiris\Altiris Agent\Agents\Deployment\Agent\ConfigService.exe [2011-8-12 267368]

S3 DMService;Microsoft Forefront UAG Endpoint Component Manager;C:\Windows\DOWNLO~1\DMService.exe [2012-5-17 468368]

S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]

S3 HDJAsioK;HDJAsioK;C:\Windows\System32\drivers\HDJAsioK.sys [2012-12-10 306032]

S3 HDJMidi;Hercules DJ Console 4-Mx MIDI;C:\Windows\System32\drivers\HDJMidi.sys [2012-12-10 271216]

S3 ipMIDI;nerds.de ipMIDI - Ethernet Midi Ports SvcDesc(WDM);C:\Windows\System32\drivers\ipmidi.sys [2011-5-15 23040]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-11-19 80384]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-11-19 181248]

S3 NvnUsbAudio;Novation USB Audio Driver;C:\Windows\System32\drivers\nvnusbaudio.sys [2012-8-10 53080]

S3 O2MDFRDR;O2MDFRDR;C:\Windows\System32\drivers\o2mdfw7x64.sys [2011-1-3 72808]

S3 O2MDRRDR;O2MDRRDR;C:\Windows\System32\drivers\O2MDRw7x64.sys [2011-1-3 74984]

S3 PVIS9;Pervasive Integration Server 9;C:\Program Files (x86)\Pervasive\Cosmos9\IntegrationServer\nt-service\bin\Wrapper.exe [2010-11-5 110592]

S3 PVIS9_64;Pervasive Integration Server 9 (64-bit);C:\Program Files\Pervasive\Cosmos9 (64-bit)\IntegrationServer\nt-service\bin\Wrapper.exe [2010-11-5 110592]

S3 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-12-3 1103392]

S3 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-12-3 1369624]

S3 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-12-3 168384]

S3 SophosVirusRemovalTool;Sophos Virus Removal Tool;C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [2013-1-17 153080]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 teVirtualMIDI64;teVirtualMIDI - Virtual MIDI Driver x64;C:\Windows\System32\drivers\teVirtualMIDI64.sys [2011-6-26 28160]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]

S3 vnet;Shrew Soft Virtual Adapter;C:\Windows\System32\drivers\virtualnet.sys [2010-9-2 17408]

S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-18 68440]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-7 1255736]

S4 Artifactory;Artifactory;C:\Program Files (x86)\artifactory\bin\wrapper.exe [2012-5-6 217088]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]

S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]

.

=============== File Associations ===============

.

FileExt: .ini: Notepad++_file="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1"

FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\Dreamweaver.exe","%1"

ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\dreamweaver.exe", "%1"

.

=============== Created Last 30 ================

.

2013-03-25 17:14:23 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-03-20 17:29:24 -------- d-----w- C:\Users\601292\AppData\Local\Telerik_AD

2013-03-19 15:16:03 -------- d-----w- C:\logs

2013-03-18 15:07:46 -------- d-----w- C:\Users\601292\Lync Recordings

2013-03-18 12:56:54 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys

2013-03-18 07:07:44 -------- d-sh--w- C:\Windows\System32\%APPDATA%

2013-03-14 17:43:20 -------- d-----w- C:\Program Files (x86)\code4ward.net

2013-03-14 17:38:17 -------- d-----w- C:\Program Files (x86)\Microsoft WebMatrix

2013-03-14 17:37:16 -------- d-----w- C:\Program Files (x86)\MySQL

2013-03-14 17:00:39 -------- d-----w- C:\Program Files\Microsoft

2013-03-13 13:29:10 16486616 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2013-03-11 18:05:09 -------- d-----w- C:\Users\601292\.ApacheDirectoryStudio

2013-03-11 18:02:50 -------- d-----w- C:\Program Files\Apache Directory Studio

2013-03-07 17:58:08 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-05 20:35:36 -------- d-----w- C:\Program Files\Common Files\PACE Anti-Piracy

2013-03-05 19:08:57 -------- d-----w- C:\Program Files\iPod

2013-03-05 19:08:56 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-03-05 19:08:56 -------- d-----w- C:\Program Files\iTunes

2013-03-05 19:08:56 -------- d-----w- C:\Program Files (x86)\iTunes

2013-03-04 20:50:39 -------- d-----w- C:\Program Files (x86)\InstantEyedropper

2013-03-04 15:46:36 -------- d-----w- C:\Users\601292\AppData\Roaming\app.Crunch

2013-03-04 15:44:37 -------- d-----w- C:\Program Files (x86)\Crunch

2013-03-04 14:55:48 -------- d-----w- C:\ProgramData\Sophos

2013-03-04 14:55:17 73728 ----a-r- C:\Users\601292\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2013-03-04 14:55:17 73728 ----a-r- C:\Users\601292\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2013-03-04 14:55:17 73728 ----a-r- C:\Users\601292\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe

2013-03-04 14:54:42 -------- d-----w- C:\Program Files (x86)\Sophos

2013-03-01 09:53:54 50688 ------w- C:\Users\601292\AppData\Roaming\Microsoft\VWDExpress\11.0\ProjectTemplatesCache\Visual Web Developer\DotNetNuke.zip\bin\DotNetNuke.HttpModules.dll

2013-03-01 09:51:34 13824 ------w- C:\Users\601292\AppData\Roaming\Microsoft\VWDExpress\11.0\ProjectTemplatesCache\Visual Web Developer\DotNetNuke.zip\bin\HtmlDiff.dll

2013-03-01 09:51:34 13824 ------w- C:\Users\601292\AppData\Roaming\Microsoft\VisualStudio\10.0\ProjectTemplatesCache\Visual Web Developer\CSharp\DotNetNuke.zip\bin\HtmlDiff.dll

2013-03-01 09:51:08 74752 ------w- C:\Users\601292\AppData\Roaming\Microsoft\VWDExpress\11.0\ProjectTemplatesCache\Visual Web Developer\DotNetNuke.zip\bin\WebFormsMvp.dll

2013-03-01 09:51:08 74752 ------w- C:\Users\601292\AppData\Roaming\Microsoft\VisualStudio\10.0\ProjectTemplatesCache\Visual Web Developer\CSharp\DotNetNuke.zip\bin\WebFormsMvp.dll

.

==================== Find3M ====================

.

2013-03-25 17:14:23 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-03-13 13:29:19 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-13 13:29:19 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-03-07 17:57:22 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2013-03-07 17:57:22 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-02-13 19:56:22 60304 ----a-w- C:\Users\601292\g2mdlhlpx.exe

2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-01-28 17:59:24 0 ----a-w- C:\Users\601292\DesktopFiddler2Upgrade.exe

2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

.

============= FINISH: 22:25:59.89 ===============

attach.zip

Tomk1 · March 27, 2013

Hi caseyjmorton,

Welcome to Malwarebytes Forum

My name is Tomk1. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.

The fixes are specific to your problem and should only be used for the issues on this machine.

Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.

It's often worth reading through these instructions and printing them for ease of reference.

If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.

Please reply to this thread. Do not start a new topic.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

As we work through your logs. Please remember to run any tools by Right-clicking on the icon and selecting Run As Administrator....

AdwCleaner

Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[s1].txt as well.

caseyjmorton · March 27, 2013

<p>Thanks, Here is the log.</p>

<div># AdwCleaner v2.115 - Logfile created 03/27/2013 at 14:59:10</div>

<div># Updated 17/03/2013 by Xplode</div>

<div># Operating system : Windows 7 Professional Service Pack 1 (64 bits)</div>

<div># User : 601292 - L07-5YNHLV1</div>

<div># Boot Mode : Normal</div>

<div># Running from : C:\Users\601292\Downloads\AdwCleaner.exe</div>

<div># Option [Delete]</div>

<div>***** [services] *****</div>

<div>***** [Files / Folders] *****</div>

<div>File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml</div>

<div>File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml</div>

<div>File Deleted : C:\user.js</div>

<div>Folder Deleted : C:\Program Files (x86)\adawaretb</div>

<div>Folder Deleted : C:\ProgramData\blekko toolbars</div>

<div>Folder Deleted : C:\Users\601292\AppData\LocalLow\adawaretb</div>

<div>Folder Deleted : C:\Users\601292\AppData\LocalLow\BabylonToolbar</div>

<div>Folder Deleted : C:\Users\601292\AppData\Roaming\Mozilla\Firefox\Profiles\22akjndi.default\adawaretb</div>

<div>***** [Registry] *****</div>

<div>Key Deleted : HKCU\Software\BabylonToolbar</div>

<div>Key Deleted : HKCU\Software\Conduit</div>

<div>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}</div>

<div>Key Deleted : HKCU\Software\Softonic</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\b</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}</div>

<div>Key Deleted : HKLM\Software\Conduit</div>

<div>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32</div>

<div>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{16466D47-74A8-4928-B8B2-07CD79ABFC9F}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{26D5CC0A-7A46-4D86-AF45-2EFA320B0C54}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D13AC8F-037E-40C5-ADA6-231BA74EA2F4}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{322EDCF5-9E7D-4021-8C67-F3FFE4961A38}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E254398-828F-4D51-A39E-3F6B6D96A12C}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{442DAF0C-7EAD-48D9-ABEA-E0036470D6D5}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{58EB187D-24F8-4423-BD6C-655CE4C416BD}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6BEB066C-A791-4A21-B934-7783533FE888}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A07612DF-B1DD-484F-A1C3-36CA4CE919D2}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A76F97B2-2C56-456A-A29E-72741595C2E8}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B19D9D96-E59C-4936-B283-8A831CDB3A53}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC8AAABA-3F8B-4866-8B3A-D9368133A478}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E15519AE-99BE-42DD-BE60-FFC3C183F443}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}</div>

<div>Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]</div>

<div>***** [internet Browsers] *****</div>

<div>-\\ Internet Explorer v10.0.9200.16521</div>

<div>[OK] Registry is clean.</div>

<div>-\\ Mozilla Firefox v12.0 (en-US)</div>

<div>File : C:\Users\601292\AppData\Roaming\Mozilla\Firefox\Profiles\22akjndi.default\prefs.js</div>

<div>C:\Users\601292\AppData\Roaming\Mozilla\Firefox\Profiles\22akjndi.default\user.js ... Deleted !</div>

<div>Deleted : user_pref("browser.BabylonToolbar_i.newTab", "");</div>

<div>Deleted : user_pref("browser.BabylonToolbar_i.newTabUrl", "");</div>

<div>Deleted : user_pref("browser.babylon.HPOnNewTab", "");</div>

<div>Deleted : user_pref("browser.search.selectedEngine", "Claro Search");</div>

<div>Deleted : user_pref("extensions.BabylonToolbar.admin", false);</div>

<div>Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");</div>

<div>Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");</div>

<div>Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");</div>

<div>Deleted : user_pref("extensions.BabylonToolbar.babExt", "");</div>

<div>Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=110195&tt=120912_nocpc_3812_2");</div>

<div>Deleted : user_pref("extensions.BabylonToolbar.bbDpng", "26");</div>

<div>Deleted : user_pref("extensions.BabylonToolbar.cntry", "US");</div>

<div>Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");</div>

<div>Deleted : user_pref("extensions.BabylonToolbar.dpk", "");</div>

<div>Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);</div>

<div>Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "EEE1E403CC0F75181E4F48967AD05967");</div>

<div>Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);</div>

<div>Deleted : user_pref("extensions.BabylonToolbar.id", "b6293aa40000000000006480994c9ec0");</div>

<div>Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15603");</div>

<div>Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");</div>

<div>Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1216:00:58");</div>

<div>Deleted : user_pref("extensions.BabylonToolbar.newTab", false);</div>

<div>Deleted : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"68\",\"lastVrsn\":\"68\",\"vrsnLoad\[...]</div>

<div>Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");</div>

<div>Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");</div>

<div>Deleted : user_pref("extensions.BabylonToolbar.sg", "azb");</div>

<div>Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "azb");</div>

<div>Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");</div>

<div>Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");</div>

<div>Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]</div>

<div>Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");</div>

<div>Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1216:00:58");</div>

<div>Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");</div>

<div>Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");</div>

<div>Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");</div>

<div>Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110195&tt=120912_nocpc_3812_2");</div>

<div>Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "b6293aa40000000000006480994c9ec0");</div>

<div>Deleted : user_pref("extensions.BabylonToolbar_i.id", "b6293aa40000000000006480994c9ec0");</div>

<div>Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15542");</div>

<div>Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");</div>

<div>Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);</div>

<div>Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-search.com/?affID=116690&tt=441[...]</div>

<div>Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");</div>

<div>Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");</div>

<div>Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");</div>

<div>Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");</div>

<div>Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");</div>

<div>Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");</div>

<div>Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1216:00:58");</div>

<div>Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");</div>

<div>Deleted : user_pref("extensions.claro.admin", false);</div>

<div>Deleted : user_pref("extensions.claro.aflt", "babsst");</div>

<div>Deleted : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");</div>

<div>Deleted : user_pref("extensions.claro.dfltLng", "en");</div>

<div>Deleted : user_pref("extensions.claro.excTlbr", false);</div>

<div>Deleted : user_pref("extensions.claro.id", "b6293aa40000000000006480994c9ec1");</div>

<div>Deleted : user_pref("extensions.claro.instlDay", "15646");</div>

<div>Deleted : user_pref("extensions.claro.instlRef", "sst");</div>

<div>Deleted : user_pref("extensions.claro.prdct", "claro");</div>

<div>Deleted : user_pref("extensions.claro.prtnrId", "claro");</div>

<div>Deleted : user_pref("extensions.claro.tlbrId", "claro");</div>

<div>Deleted : user_pref("extensions.claro.tlbrSrchUrl", "");</div>

<div>Deleted : user_pref("extensions.claro.vrsn", "1.8.3.10");</div>

<div>Deleted : user_pref("extensions.claro.vrsni", "1.8.3.10");</div>

<div>Deleted : user_pref("extensions.claro_i.smplGrp", "none");</div>

<div>Deleted : user_pref("extensions.claro_i.vrsnTs", "1.8.3.109:52:34");</div>

<div>-\\ Google Chrome v25.0.1364.172</div>

<div>File : C:\Users\601292\AppData\Local\Google\Chrome\User Data\Default\Preferences</div>

<div>Deleted [l.4192] : urls_to_restore_on_startup = [ "hxxps://www.luxotticaretail.com/", "hxxp://search.babylon.com[...]</div>

<div>AdwCleaner[R1].txt - [13298 octets] - [27/03/2013 14:57:55]</div>

<div>AdwCleaner[s1].txt - [13317 octets] - [27/03/2013 14:59:10]</div>

<div>########## EOF - C:\AdwCleaner[s1].txt - [13378 octets] ##########</div>

Tomk1 · March 29, 2013

caseyjmorton,

I am so sorry.

I lost track of your thread.

Hopefully you are still with me.

Download ComboFix from here: http://download.blee...Bs/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatth...ams_t96260.html
Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

caseyjmorton · March 30, 2013

No worries. Here is the log. Also for what its worth, I am still getting the following virus notifications about once every 10 seconds:

Scan type: Auto-Protect Scan

Event: Risk Found!

Security risk detected: Trojan.Gen

File: C:\Users\601292\AppData\Local\Temp\DWH1BC0.tmp

Location: C:\Users\601292\AppData\Local\Temp

Computer: L07-5YNHLV1

User: 601292

Action taken: Pending Side Effects Analysis : Access denied

Date found: Friday, March 29, 2013 9:45:50 PM

Here is the log:

ComboFix 13-03-28.01 - 601292 03/29/2013 21:04:57.1.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.7338.4357 [GMT -4:00]

Running from: c:\users\601292\Desktop\ComboFix.exe

AV: Lavasoft Ad-Aware *Disabled/Outdated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}

AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}

SP: Lavasoft Ad-Aware *Disabled/Outdated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}

SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk

c:\users\601292\AppData\Local\assembly\tmp

c:\users\601292\AppData\Local\Temp\DWHD12A.tmp

c:\users\601292\DesktopFiddler2Upgrade.exe

c:\users\601292\g2mdlhlpx.exe

.

((((((((((((((((((((((((( Files Created from 2013-02-28 to 2013-03-30 )))))))))))))))))))))))))))))))

.

2013-03-30 01:36 . 2013-03-30 01:36 -------- d-----w- c:\users\HydraApplicationPool\AppData\Local\temp

2013-03-30 01:36 . 2013-03-30 01:36 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp

2013-03-27 19:18 . 2013-03-27 19:18 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS

2013-03-27 19:18 . 2013-03-27 19:18 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS

2013-03-27 19:18 . 2013-03-27 19:18 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS

2013-03-27 19:18 . 2013-03-27 19:18 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS

2013-03-27 19:18 . 2013-03-27 19:18 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS

2013-03-27 19:18 . 2013-03-27 19:18 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS

2013-03-27 19:18 . 2013-03-27 19:18 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS

2013-03-27 19:18 . 2013-03-27 19:18 1651 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS

2013-03-27 19:18 . 2013-03-27 19:18 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS

2013-03-27 19:17 . 2013-03-27 19:17 18541 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS

2013-03-27 19:17 . 2013-03-27 19:17 6208 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS

2013-03-27 19:17 . 2013-03-27 19:17 8288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS

2013-03-27 19:16 . 2013-03-27 19:16 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS

2013-03-27 19:16 . 2013-03-27 19:16 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS

2013-03-27 19:16 . 2013-03-27 19:16 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS

2013-03-27 19:16 . 2013-03-27 19:16 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS

2013-03-27 19:16 . 2013-03-27 19:16 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS

2013-03-27 16:53 . 2013-03-27 16:53 -------- d-----w- c:\users\ASP.NET v4.0\AppData\Local\CrashDumps

2013-03-25 18:20 . 2013-03-25 18:20 -------- d-----w- c:\users\601292\AppData\Roaming\HPAppData

2013-03-25 17:21 . 2013-02-17 05:40 28672 ----a-w- c:\windows\system32\IEUDINIT.EXE

2013-03-25 17:14 . 2013-03-25 17:14 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-03-20 17:29 . 2013-03-20 17:29 -------- d-----w- c:\users\601292\AppData\Local\Telerik_AD

2013-03-19 15:16 . 2013-03-28 19:51 -------- d-----w- C:\logs

2013-03-18 15:07 . 2013-03-18 15:07 -------- d-----w- c:\users\601292\Lync Recordings

2013-03-18 12:56 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-03-18 07:07 . 2013-03-18 07:07 -------- d-sh--w- c:\windows\system32\%APPDATA%

2013-03-14 17:43 . 2013-03-14 17:43 -------- d-----w- c:\program files (x86)\code4ward.net

2013-03-14 17:38 . 2013-03-14 17:38 -------- d-----w- c:\program files (x86)\Microsoft WebMatrix

2013-03-14 17:37 . 2013-03-14 17:37 -------- d-----w- c:\program files (x86)\MySQL

2013-03-14 17:00 . 2013-03-14 17:00 -------- d-----w- c:\program files\Microsoft

2013-03-13 13:29 . 2013-03-13 13:29 16486616 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2013-03-11 18:05 . 2013-03-11 18:05 -------- d-----w- c:\users\601292\.ApacheDirectoryStudio

2013-03-11 18:02 . 2013-03-12 13:39 -------- d-----w- c:\program files\Apache Directory Studio

2013-03-07 17:58 . 2013-03-07 17:57 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-05 20:35 . 2013-03-05 20:35 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy

2013-03-05 19:08 . 2013-03-05 19:08 -------- d-----w- c:\program files\iPod

2013-03-05 19:08 . 2013-03-05 19:09 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-03-05 19:08 . 2013-03-05 19:09 -------- d-----w- c:\program files\iTunes

2013-03-05 19:08 . 2013-03-05 19:09 -------- d-----w- c:\program files (x86)\iTunes

2013-03-04 20:50 . 2013-03-04 20:50 -------- d-----w- c:\program files (x86)\InstantEyedropper

2013-03-04 15:46 . 2013-03-04 15:46 -------- d-----w- c:\users\601292\AppData\Roaming\app.Crunch

2013-03-04 15:44 . 2013-03-04 15:45 -------- d-----w- c:\program files (x86)\Crunch

2013-03-04 14:55 . 2013-03-04 14:55 -------- d-----w- c:\programdata\Sophos

2013-03-04 14:55 . 2013-03-04 14:55 73728 ----a-r- c:\users\601292\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2013-03-04 14:55 . 2013-03-04 14:55 73728 ----a-r- c:\users\601292\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2013-03-04 14:55 . 2013-03-04 14:55 73728 ----a-r- c:\users\601292\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe

2013-03-04 14:54 . 2013-03-04 14:54 -------- d-----w- c:\program files (x86)\Sophos

2013-03-01 09:53 . 2013-03-01 09:53 50688 ------w- c:\users\601292\AppData\Roaming\Microsoft\VWDExpress\11.0\ProjectTemplatesCache\Visual Web Developer\DotNetNuke.zip\bin\DotNetNuke.HttpModules.dll

2013-03-01 09:52 . 2013-03-01 09:52 9913 ------w- c:\users\601292\AppData\Roaming\Microsoft\VisualStudio\10.0\ProjectTemplatesCache\Visual Web Developer\CSharp\DotNetNuke.zip\Resources\TabStrip\scripts\tabstrip.js

2013-03-01 09:51 . 2013-03-01 09:51 26565 ------w- c:\users\601292\AppData\Roaming\Microsoft\VisualStudio\10.0\ProjectTemplatesCache\Visual Web Developer\CSharp\DotNetNuke.zip\DesktopModules\Admin\Extensions\scripts\Gallery.js

2013-03-01 09:50 . 2013-03-01 09:50 11517952 ------w- c:\users\601292\AppData\Roaming\Microsoft\VWDExpress\11.0\ProjectTemplatesCache\Visual Web Developer\DotNetNuke.zip\bin\Telerik.Web.UI.Skins.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-03-27 19:14 . 2012-03-31 02:41 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin

2013-03-18 08:05 . 2012-02-07 17:45 72013344 ----a-w- c:\windows\system32\MRT.exe

2013-03-18 07:58 . 2013-01-09 18:33 3091488 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll

2013-03-18 07:38 . 2012-06-11 12:29 603552 ----a-w- c:\programdata\Microsoft\VWDExpress\10.0\1033\ResourceCache.dll

2013-03-13 13:29 . 2012-05-16 14:22 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-13 13:29 . 2012-05-16 14:22 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-03-07 17:57 . 2012-05-17 20:16 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2013-03-07 17:57 . 2012-02-21 20:25 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-03-01 09:54 . 2013-03-01 09:54 65024 ------w- c:\users\601292\AppData\Roaming\Microsoft\VWDExpress\11.0\ProjectTemplatesCache\Visual Web Developer\DotNetNuke.zip\bin\Providers\DotNetNuke.Professional.Authentication.ActiveDirectory.dll

2013-03-01 09:54 . 2013-03-01 09:54 26112 ------w- c:\users\601292\AppData\Roaming\Microsoft\VWDExpress\11.0\ProjectTemplatesCache\Visual Web Developer\DotNetNuke.zip\bin\Providers\DotNetNuke.Providers.FiftyOneClientCapabilityProvider.dll

2013-03-01 09:54 . 2013-03-01 09:54 5632 ------w- c:\users\601292\AppData\Roaming\Microsoft\VWDExpress\11.0\ProjectTemplatesCache\Visual Web Developer\DotNetNuke.zip\bin\Providers\DotNetNuke.Sitemap.BigSitemapProvider.dll

2013-03-01 09:54 . 2013-03-01 09:54 28160 ------w- c:\users\601292\AppData\Roaming\Microsoft\VWDExpress\11.0\ProjectTemplatesCache\Visual Web Developer\DotNetNuke.zip\bin\Providers\DotNetNuke.SolpartMenuNavigationProvider.dll

2013-03-01 09:50 . 2013-03-01 09:50 229376 ------w- c:\users\601292\AppData\Roaming\Microsoft\VWDExpress\11.0\ProjectTemplatesCache\Visual Web Developer\DotNetNuke.zip\bin\Providers\SolpartWebControls.dll

2013-02-12 05:45 . 2013-03-16 14:25 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45 . 2013-03-16 14:25 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45 . 2013-03-16 14:25 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45 . 2013-03-16 14:25 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48 . 2013-03-16 14:25 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-02-12 04:48 . 2013-03-16 14:25 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-02-08 03:20 . 2013-02-01 04:57 1133088 ----a-w- c:\programdata\Microsoft\VWDExpress\11.0\1033\ResourceCache.dll

2013-01-05 05:53 . 2013-02-13 01:52 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-01-05 05:00 . 2013-02-13 01:52 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-01-05 05:00 . 2013-02-13 01:52 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-01-04 05:46 . 2013-02-13 01:51 215040 ----a-w- c:\windows\system32\winsrv.dll

2013-01-04 04:51 . 2013-02-13 01:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2013-01-04 04:43 . 2013-02-13 01:51 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-01-04 03:26 . 2013-02-13 01:52 3153408 ----a-w- c:\windows\system32\win32k.sys

2013-01-04 02:47 . 2013-02-13 01:51 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2013-01-04 02:47 . 2013-02-13 01:51 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2013-01-04 02:47 . 2013-02-13 01:51 2048 ----a-w- c:\windows\SysWow64\user.exe

2013-01-04 02:47 . 2013-02-13 01:51 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2013-01-03 06:00 . 2013-02-13 01:51 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-01-03 06:00 . 2013-02-13 01:51 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"googletalk"="c:\users\601292\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2013-02-11 7203712]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-07-12 226904]

"MusicManager"="c:\users\601292\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-10-22 7356928]

"Novation Automap Server"="c:\program files (x86)\Novation\Automap\AutomapServer.exe" [2012-11-15 3129344]

"instanteyedropper"="c:\program files (x86)\InstantEyedropper\InstantEyedropper.exe" [2007-10-17 352256]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]

"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2012-09-29 12105344]

"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2010-12-20 115560]

"SafeBootTrayManager"="c:\program files (x86)\SafeBoot Tray Manager\SbTrayManager.exe" [2012-09-11 69632]

"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-05-23 371896]

"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

"ArcSoft MediaImpression Monitor"="c:\program files (x86)\Kodak\MediaImpression\ArcMonitor.exe" [2010-11-12 73728]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]

"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-11-16 542104]

"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]

"AgentMonitor"="c:\program files (x86)\VTech\DownloadManager\System\AgentMonitor.exe" [2012-11-05 377800]

"Hercules DJ Series"="c:\program files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe" [2012-11-26 3413912]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]

.

c:\users\601292\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

GoZone iSync.lnk - c:\program files (x86)\GoZone\GoZone_iSync.exe [2012-8-28 436848]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]

Pageant.lnk - c:\program files (x86)\PuTTY\pageant.exe [2012-2-14 139264]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

"DisableCAD"= 1 (0x1)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"SB_NoDispScrSavPage"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]

2012-04-02 11:49 18824 ----a-w- c:\windows\System32\PCANotify.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"midi1"=myokent.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1340456155-3394922107-2961774907-286358\Scripts\Logon\0\0]

"Script"=login.bat

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]

@="Ad-Aware Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-09 123856]

R2 DisplayFusionService;DisplayFusionService;c:\program files (x86)\DisplayFusion\DisplayFusionService.exe [2013-02-11 1243024]

R2 IBMWAS80Service - L07-FPYLFS1Node01;IBM WebSphere Application Server V8.0 - L07-FPYLFS1Node01;c:\program files (x86)\IBM\WebSphere\AppServer\bin\wasservice.exe IBMWAS80Service - L07-FPYLFS1Node01 [x]

R2 MouseWithoutBordersSvc;Mouse without Borders Service;c:\program files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [2012-10-24 27872]

R2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe [2003-04-18 8192]

R3 AltirisAgentProvider;AltirisAgentProvider;c:\program files\Altiris\Altiris Agent\Agents\WMIProviderAgent\AltirisAgentProvider.exe [2012-10-01 408448]

R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys [2012-10-30 238960]

R3 ConfigService;Altiris Deployment Solution - System Configuration;c:\program files\Altiris\Altiris Agent\Agents\Deployment\Agent\ConfigService.exe [2011-08-13 267368]

R3 DMService;Microsoft Forefront UAG Endpoint Component Manager;c:\windows\DOWNLO~1\DMService.exe [2012-05-17 468368]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]

R3 HDJAsioK;HDJAsioK;c:\windows\system32\Drivers\HDJAsioK.sys [2012-10-30 306032]

R3 HDJMidi;Hercules DJ Console 4-Mx MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [2012-10-30 271216]

R3 ipMIDI;nerds.de ipMIDI - Ethernet Midi Ports SvcDesc(WDM);c:\windows\system32\drivers\ipmidi.sys [2011-05-15 23040]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-11-19 80384]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-11-19 181248]

R3 NvnUsbAudio;Novation USB Audio Driver;c:\windows\system32\DRIVERS\nvnusbaudio.sys [2011-10-05 53080]

R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys [2011-01-03 72808]

R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7x64.sys [2011-01-03 74984]

R3 PVIS9;Pervasive Integration Server 9;c:\program files (x86)\Pervasive\Cosmos9\IntegrationServer\nt-service\bin\Wrapper.exe [2010-11-06 110592]

R3 PVIS9_64;Pervasive Integration Server 9 (64-bit);c:\program files\Pervasive\Cosmos9 (64-bit)\IntegrationServer\nt-service\bin\Wrapper.exe [2010-11-06 110592]

R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]

R3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]

R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]

R3 SophosVirusRemovalTool;Sophos Virus Removal Tool;c:\program files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [2013-01-17 153080]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 teVirtualMIDI64;teVirtualMIDI - Virtual MIDI Driver x64;c:\windows\system32\DRIVERS\teVirtualMIDI64.sys [2011-06-27 28160]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]

R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [2010-09-02 17408]

R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-07 1255736]

R4 Artifactory;Artifactory;c:\program files (x86)\artifactory\bin\wrapper.exe [2012-05-08 217088]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]

R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-23 311144]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464]

S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2012-11-26 14456]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]

S0 SafeBoot;SafeBoot; [x]

S0 SBAlg;SBAlg; [x]

S0 SbFsLock;SbFsLock; [x]

S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]

S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2012-05-17 93272]

S1 RsvLock;RsvLock; [x]

S1 SbFlop;SbFlop; [x]

S1 SbRegFlt;SbRegFlt; [x]

S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [2010-09-02 21504]

S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-11-22 1236368]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]

S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2012-12-03 2571704]

S2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe [2010-10-08 56592]

S2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE [2012-09-06 18944]

S2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe [2010-10-08 957712]

S2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [2010-10-08 697616]

S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-02 67400]

S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2012-10-04 6371192]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]

S2 SafeBootClientManager;SafeBoot Client Manager;c:\program files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe [2009-04-23 380988]

S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-09-20 3677000]

S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2010-04-09 149904]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]

S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-30 846448]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]

S3 AeXAgentSrvHost;AeXAgentSrvHost;c:\program files\Altiris\Altiris Agent\x86\AeXNSAgentHostSurrogate32.exe [2012-10-01 317312]

S3 automap;Automap MIDI Driver;c:\windows\system32\DRIVERS\automap.sys [2012-04-19 18776]

S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2011-07-08 75264]

S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2011-07-08 173568]

S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2011-07-08 81408]

S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2011-07-08 38440]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056]

S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128]

S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys [2011-03-23 83560]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

iissvcs REG_MULTI_SZ w3svc was

apphost REG_MULTI_SZ apphostsvc

.

Contents of the 'Scheduled Tasks' folder

.

2013-03-30 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-02 13:29]

.

2013-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1340456155-3394922107-2961774907-286358Core.job

- c:\users\601292\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-14 15:57]

.

2013-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1340456155-3394922107-2961774907-286358UA.job

- c:\users\601292\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-14 15:57]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-07-20 611192]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]

"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]

"LogiScrollApp"="c:\program files\Logitech\FlowScroll\KhalScroll.exe" [2012-02-08 166680]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]

"TortoiseHgOverlayIconServer"="c:\program files\TortoiseHg\TortoiseHgOverlayServer.exe" [2012-06-09 47616]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-28 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-28 416024]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://bluroom.luxottica.com/en/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <-loopback>

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

LSP: %SystemRoot%\system32\vsocklib.dll

Trusted Zone: dell.com

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{36D985EE-299C-4F92-B0C6-598BFA1558CA}: NameServer = 10.80.179.20,10.80.224.20

DPF: {FCADE536-93F5-4577-80A3-E7C32FAC4C7D} - hxxp://atl-hpqsapp01.lenscrafters.com:8080/qcbin/Spider10.cab

FF - ProfilePath - c:\users\601292\AppData\Roaming\Mozilla\Firefox\Profiles\22akjndi.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - ExtSQL: !HIDDEN! 2012-03-11 10:40; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-SafeBootTokWatch - c:\program files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe

Wow6432Node-HKLM-Run-SafeBootTokenWatcher - c:\program files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe

Notify-SDWinLogon - SDWinLogon.dll

SafeBoot-Symantec Antvirus

AddRemove-AltirisAgent - c:\program files (x86)\Altiris\Altiris Agent\aexnsagent.exe

AddRemove-{92F2A534-C3E4-4B18-BEBD-329F5E848C8B} - c:\program files (x86)\Altiris\Altiris Agent\aexnsagent.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsDepSvc]

"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\Altiris Agent]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\Communications]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\eXpress\NS Client]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]

"Version"=hex:6b,91,29,0e,8a,96,47,2c,b3,aa,10,a5,bf,a9,3e,3d,77,b4,0e,bb,07,

f0,33,66,56,0e,43,54,6e,ed,1c,13,56,a8,fb,59,4e,10,54,01,84,4d,73,53,30,a2,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-03-29 21:43:39

ComboFix-quarantined-files.txt 2013-03-30 01:43

.

Pre-Run: 19,645,554,688 bytes free

Post-Run: 19,327,090,688 bytes free

.

- - End Of File - - 8795E9A2182068F794CAEB591712A3BE

Tomk1 · March 30, 2013

That error should have stopped now. Be sure and let me know if it didn't.

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot (shut down your computer then restart it).

caseyjmorton · April 1, 2013

<div>Malwarebytes Anti-Malware 1.70.0.1100</div>

<div>www.malwarebytes.org</div>

<div>Database version: v2013.03.27.02</div>

<div>Windows 7 Service Pack 1 x64 NTFS</div>

<div>Internet Explorer 10.0.9200.16521</div>

<div>601292 :: L07-5YNHLV1 [administrator]</div>

<div>Scan type: Quick scan</div>

<div>Scan options disabled: P2P</div>

<div>Objects scanned: 369169</div>

<div>Time elapsed: 9 minute(s), </div>

<div>Memory Processes Detected: 0</div>

<div>(No malicious items detected)</div>

<div>Memory Modules Detected: 0</div>

<div>(No malicious items detected)</div>

<div>Registry Keys Detected: 0</div>

<div>(No malicious items detected)</div>

<div>Registry Values Detected: 0</div>

<div>(No malicious items detected)</div>

<div>Registry Data Items Detected: 0</div>

<div>(No malicious items detected)</div>

<div>Folders Detected: 0</div>

<div>(No malicious items detected)</div>

<div>Files Detected: 0</div>

<div>(No malicious items detected)</div>

caseyjmorton · April 1, 2013

<div>Sorry for the terrible formatting on the last couple posts, Heres a better copy:</div>

<div>Malwarebytes Anti-Malware 1.70.0.1100</div>

<div>www.malwarebytes.org</div>

<div>Database version: v2013.03.27.02</div>

<div>Windows 7 Service Pack 1 x64 NTFS</div>

<div>Internet Explorer 10.0.9200.16521</div>

<div>601292 :: L07-5YNHLV1 [administrator]</div>

<div>Scan type: Quick scan</div>

<div>Scan options disabled: P2P</div>

<div>Objects scanned: 369169</div>

<div>Time elapsed: 9 minute(s), </div>

<div>Memory Processes Detected: 0</div>

<div>(No malicious items detected)</div>

<div>Memory Modules Detected: 0</div>

<div>(No malicious items detected)</div>

<div>Registry Keys Detected: 0</div>

<div>(No malicious items detected)</div>

<div>Registry Values Detected: 0</div>

<div>(No malicious items detected)</div>

<div>Registry Data Items Detected: 0</div>

<div>(No malicious items detected)</div>

<div>Folders Detected: 0</div>

<div>(No malicious items detected)</div>

<div>Files Detected: 0</div>

<div>(No malicious items detected)</div>

caseyjmorton · April 1, 2013

<p>And still getting the risk notifications from SEP:</p>

<div>Scan type: Auto-Protect Scan</div>

<div>Event: Risk Found!</div>

<div>Security risk detected: Trojan.Gen</div>

<div>File: C:\Users\601292\AppData\Local\Temp\DWH63AB.tmp</div>

<div>Location: C:\Users\601292\AppData\Local\Temp</div>

<div>Computer: L07-5YNHLV1</div>

<div>Action taken: Pending Side Effects Analysis : Access denied</div>

<div>Date found: Monday, April 01, 2013 9:46:17 AM</div>

Tomk1 · April 1, 2013

Ok... it's rebuilding under a modified name.

Download RogueKiller and save it to your desktop.
Quit all other programs
Start RogueKiller.exe
Wait until the Prescan has finished ...
Click on Scan
Wait for the end of the scan
A report will be created on your desktop.
Click on the Delete button
Next click on the ShortcutsFix
another report will be created on your desktop.

Please post: All RKreport.txt text files located on your desktop.

caseyjmorton · April 3, 2013

Here are the logs

RKreport1_S_04032013_02d1008.txt

RKreport2_D_04032013_02d1011.txt

RKreport3_SC_04032013_02d1027.txt

Tomk1 · April 3, 2013

COMBOFIX-Script

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
```
ClearJavaCache::
```
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

caseyjmorton · April 3, 2013

ComboFix 13-04-02.01 - 601292 04/03/2013 11:11:17.2.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.7338.4486 [GMT -4:00]

Running from: c:\users\601292\Desktop\ComboFix.exe

Command switches used :: c:\users\601292\Desktop\CFScript.txt

AV: Lavasoft Ad-Aware *Disabled/Outdated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}

AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}

SP: Lavasoft Ad-Aware *Disabled/Outdated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}

SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2013-03-03 to 2013-04-03 )))))))))))))))))))))))))))))))

.

2013-04-03 15:19 . 2013-04-03 15:19 -------- d-----w- c:\users\TEMP\AppData\Local\temp

2013-04-03 15:19 . 2013-04-03 15:19 -------- d-----w- c:\users\HydraApplicationPool\AppData\Local\temp

2013-04-03 15:19 . 2013-04-03 15:19 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp

2013-04-03 15:19 . 2013-04-03 15:19 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-04-03 15:19 . 2013-04-03 15:19 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp

2013-04-03 15:19 . 2013-04-03 15:19 -------- d-----w- c:\users\ASP.NET v4.0\AppData\Local\temp

2013-04-03 15:19 . 2013-04-03 15:19 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2013-04-02 18:15 . 2013-04-02 18:15 -------- d-----w- C:\SyncMyRide

2013-04-02 02:18 . 2013-04-02 02:18 -------- d-----w- c:\windows\LastGood

2013-04-02 02:00 . 2013-04-02 02:00 -------- d-----w- c:\users\601292\AppData\Roaming\com.adobe.DC3Module.AdobeADC

2013-04-01 18:02 . 2013-04-01 18:02 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS

2013-04-01 18:02 . 2013-04-01 18:02 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS

2013-04-01 18:02 . 2013-04-01 18:02 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS

2013-04-01 18:02 . 2013-04-01 18:02 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS

2013-04-01 18:02 . 2013-04-01 18:02 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS

2013-04-01 18:02 . 2013-04-01 18:02 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS

2013-04-01 18:02 . 2013-04-01 18:02 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS

2013-04-01 18:02 . 2013-04-01 18:02 1651 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS

2013-04-01 18:02 . 2013-04-01 18:02 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS

2013-04-01 18:02 . 2013-04-01 18:02 6208 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS

2013-04-01 18:02 . 2013-04-01 18:02 18541 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS

2013-04-01 18:02 . 2013-04-01 18:02 8288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS

2013-04-01 18:01 . 2013-04-01 18:01 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS

2013-04-01 18:01 . 2013-04-01 18:01 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS

2013-04-01 18:01 . 2013-04-01 18:01 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS

2013-04-01 18:01 . 2013-04-01 18:01 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS

2013-04-01 18:01 . 2013-04-01 18:01 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS

2013-03-27 16:53 . 2013-03-27 16:53 -------- d-----w- c:\users\ASP.NET v4.0\AppData\Local\CrashDumps

2013-03-25 18:20 . 2013-03-25 18:20 -------- d-----w- c:\users\601292\AppData\Roaming\HPAppData

2013-03-25 17:21 . 2013-02-17 05:40 28672 ----a-w- c:\windows\system32\IEUDINIT.EXE

2013-03-25 17:14 . 2013-03-25 17:14 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-03-20 17:29 . 2013-03-20 17:29 -------- d-----w- c:\users\601292\AppData\Local\Telerik_AD

2013-03-19 15:16 . 2013-04-01 18:58 -------- d-----w- C:\logs