Jump to content

Moneypak/FBI Virus


Recommended Posts

My husband has this virus on his laptop. I've downloaded and run the FARBR. Log files are listed. I'm not sure what to do next, so any help is appreciated.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-06-2013

Ran by SYSTEM on 17-06-2013 11:29:19

Running from F:\

Windows 7 Home Premium (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Recovery

The current controlset is ControlSet001

ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [VizorHtmlDialog.exe] "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\Installer.cmpt\resources\preinstall_01_welcome_trial.html" "DEF" "DEF" "DEF" [x]

HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [192520 2010-10-12] (Trend Micro Inc.)

HKLM\...\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe -ReFlush "none" "none" [322384 2010-09-17] (Trend Micro Inc.)

HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)

HKLM\...\Run: [synAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)

HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)

HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 [2226280 2011-06-02] (Realtek Semiconductor)

HKLM\...\Run: [setwallpaper] c:\programdata\SetWallpaper.cmd [x]

HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)

HKLM-x32\...\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" [328992 2008-11-03] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" [2018032 2011-04-01] (ASUSTek Computer Inc.)

HKLM-x32\...\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S [731472 2011-02-23] (ecareme)

HKLM-x32\...\Run: [sonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)

HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)

HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)

HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)

HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()

HKLM-x32\...\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)

HKLM-x32\...\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)

HKLM-x32\...\Run: [MyFunCards Search Scope Monitor] "C:\PROGRA~2\MYFUNC~2\bar\1.bin\5msrchmn.exe" /m=2 /w /h [42552 2012-05-13] (MindSpark)

HKLM-x32\...\Run: [MyFunCards_5m Browser Plugin Loader] C:\PROGRA~2\MYFUNC~2\bar\1.bin\5mbrmon.exe [30096 2012-05-13] (VER_COMPANY_NAME)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1561768 2012-05-04] (Ask)

HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)

HKLM-x32\...\Run: [] [x]

HKLM-x32\...\Run: [GamingWonderland Search Scope Monitor] "C:\PROGRA~2\GAMING~2\bar\1.bin\gtsrchmn.exe" /m=2 /w /h [42536 2012-08-19] (MindSpark)

HKLM-x32\...\Run: [GamingWonderland Browser Plugin Loader] C:\PROGRA~2\GAMING~2\bar\1.bin\gtbrmon.exe [30096 2012-08-19] (VER_COMPANY_NAME)

HKU\John Manypenny\...\Run: [Google Update] "C:\Users\John Manypenny\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-12-25] (Google Inc.)

HKU\John Manypenny\...\Run: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN246BS1BB05KC:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1 [2676584 2011-09-09] (Hewlett-Packard Co.)

HKU\John Manypenny\...\Winlogon: [shell] explorer.exe,C:\Users\John Manypenny\AppData\Roaming\skype.dat [117248 2011-11-16] (PremiumSoft CyberTech Ltd.) <==== ATTENTION

Startup: C:\ProgramData\Start Menu\Programs\Startup\AsusVibeLauncher.lnk

ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)

Startup: C:\ProgramData\Start Menu\Programs\Startup\FancyStart daemon.lnk

ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe ()

==================== Services (Whitelisted) =================

S2 GamingWonderlandService; C:\PROGRA~2\GAMING~2\bar\1.bin\gtbarsvc.exe [42504 2012-08-19] (COMPANYVERS_NAME)

S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)

S2 MyFunCards_5mService; C:\PROGRA~2\MYFUNC~2\bar\1.bin\5mbarsvc.exe [42528 2012-05-13] (COMPANYVERS_NAME)

S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)

S2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [132504 2013-04-03] (Symantec Corporation)

S2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe [126392 2011-09-29] (Symantec Corporation)

S2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [241488 2010-09-17] (Trend Micro Inc.)

S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]

==================== Drivers (Whitelisted) ====================

S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )

S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)

S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)

S2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.)

S2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.)

S2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.)

S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.)

S2 X5XSEx; C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [55400 2010-11-22] (Exent Technologies Ltd.)

S2 X5XSEx; C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [55400 2010-11-22] (Exent Technologies Ltd.)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-17 11:29 - 2013-06-17 11:29 - 00000000 ____D C:\FRST

2013-06-13 13:02 - 2013-06-17 08:13 - 00000004 ____A C:\Users\John Manypenny\AppData\Roaming\skype.ini

2013-06-11 08:48 - 2013-06-11 08:48 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-06-11 08:48 - 2013-06-11 08:48 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-06-11 08:48 - 2013-06-11 08:48 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-06-11 08:48 - 2013-06-11 08:48 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-06-11 08:48 - 2013-06-11 08:48 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat

2013-06-11 08:48 - 2013-06-11 08:48 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat

2013-06-11 08:48 - 2013-06-11 08:48 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

2013-06-11 08:48 - 2013-06-11 08:48 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec

2013-06-11 08:48 - 2013-06-11 08:48 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2013-06-11 08:48 - 2013-06-11 08:48 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-06-11 08:48 - 2013-06-11 08:48 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe

2013-06-11 08:48 - 2013-06-11 08:48 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe

2013-06-11 08:48 - 2013-06-11 08:48 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe

2013-06-11 08:48 - 2013-06-11 08:48 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe

2013-06-11 08:48 - 2013-06-11 08:48 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-06-11 08:48 - 2013-06-11 08:48 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe

2013-06-11 08:48 - 2013-06-11 08:48 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe

2013-06-11 08:48 - 2013-06-11 08:48 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx

2013-06-11 08:48 - 2013-06-11 08:48 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe

2013-06-11 08:48 - 2013-06-11 08:48 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-06-11 08:48 - 2013-06-11 08:48 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2013-06-11 08:48 - 2013-06-11 08:48 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2013-06-11 08:48 - 2013-06-11 08:48 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe

2013-06-11 08:48 - 2013-06-11 08:48 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2013-06-11 08:48 - 2013-06-11 08:48 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe

2013-06-11 08:48 - 2013-06-11 08:48 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2013-06-11 08:45 - 2013-06-11 08:45 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-06-11 08:41 - 2013-06-11 08:51 - 00007985 ____A C:\Windows\IE10_main.log

2013-05-30 12:45 - 2013-05-30 12:45 - 00000000 ____D C:\Windows\SysWOW64\Adobe

2013-05-25 14:54 - 2013-05-25 14:54 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

==================== One Month Modified Files and Folders =======

2013-06-17 11:29 - 2013-06-17 11:29 - 00000000 ____D C:\FRST

2013-06-17 08:23 - 2011-10-29 15:55 - 01116945 ____A C:\Windows\WindowsUpdate.log

2013-06-17 08:23 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-06-17 08:23 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-06-17 08:15 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-06-17 08:15 - 2009-07-13 20:51 - 00056520 ____A C:\Windows\setupact.log

2013-06-17 08:13 - 2013-06-13 13:02 - 00000004 ____A C:\Users\John Manypenny\AppData\Roaming\skype.ini

2013-06-17 08:12 - 2012-01-09 12:33 - 00000914 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-06-17 08:12 - 2011-12-25 18:11 - 00000944 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-441713544-2149509061-1724629917-1000UA.job

2013-06-13 13:19 - 2012-01-09 12:33 - 00000910 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-06-13 13:19 - 2011-12-16 11:26 - 00000000 ___HD C:\ASUS.DAT

2013-06-13 13:05 - 2011-12-16 11:26 - 00045056 ____A C:\Windows\System32\acovcnt.exe

2013-06-13 11:10 - 2011-12-25 18:11 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-441713544-2149509061-1724629917-1000Core.job

2013-06-11 09:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK

2013-06-11 09:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR

2013-06-11 09:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\zh-HK

2013-06-11 09:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\tr-TR

2013-06-11 09:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2013-06-11 08:51 - 2013-06-11 08:41 - 00007985 ____A C:\Windows\IE10_main.log

2013-06-11 08:48 - 2013-06-11 08:48 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-06-11 08:48 - 2013-06-11 08:48 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-06-11 08:48 - 2013-06-11 08:48 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-06-11 08:48 - 2013-06-11 08:48 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-06-11 08:48 - 2013-06-11 08:48 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat

2013-06-11 08:48 - 2013-06-11 08:48 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat

2013-06-11 08:48 - 2013-06-11 08:48 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

2013-06-11 08:48 - 2013-06-11 08:48 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec

2013-06-11 08:48 - 2013-06-11 08:48 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2013-06-11 08:48 - 2013-06-11 08:48 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-06-11 08:48 - 2013-06-11 08:48 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe

2013-06-11 08:48 - 2013-06-11 08:48 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe

2013-06-11 08:48 - 2013-06-11 08:48 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe

2013-06-11 08:48 - 2013-06-11 08:48 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe

2013-06-11 08:48 - 2013-06-11 08:48 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-06-11 08:48 - 2013-06-11 08:48 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe

2013-06-11 08:48 - 2013-06-11 08:48 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe

2013-06-11 08:48 - 2013-06-11 08:48 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx

2013-06-11 08:48 - 2013-06-11 08:48 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe

2013-06-11 08:48 - 2013-06-11 08:48 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-06-11 08:48 - 2013-06-11 08:48 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2013-06-11 08:48 - 2013-06-11 08:48 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2013-06-11 08:48 - 2013-06-11 08:48 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll

2013-06-11 08:48 - 2013-06-11 08:48 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe

2013-06-11 08:48 - 2013-06-11 08:48 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2013-06-11 08:48 - 2013-06-11 08:48 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe

2013-06-11 08:48 - 2013-06-11 08:48 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2013-06-11 08:45 - 2013-06-11 08:45 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-06-11 08:45 - 2013-06-11 08:45 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-06-06 10:24 - 2011-12-25 18:13 - 00002418 ____A C:\Users\John Manypenny\Desktop\Google Chrome.lnk

2013-06-01 16:02 - 2011-04-01 20:17 - 00134150 ____A C:\Windows\PFRO.log

2013-05-30 12:46 - 2011-12-16 11:41 - 00000000 ____D C:\ProgramData\Google

2013-05-30 12:46 - 2011-04-01 20:36 - 00000000 ____D C:\Program Files\Google

2013-05-30 12:46 - 2011-04-01 20:36 - 00000000 ____D C:\Program Files (x86)\Google

2013-05-30 12:45 - 2013-05-30 12:45 - 00000000 ____D C:\Windows\SysWOW64\Adobe

2013-05-25 14:54 - 2013-05-25 14:54 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2013-05-23 03:58 - 2009-07-13 20:45 - 00268856 ____A C:\Windows\System32\FNTCACHE.DAT

2013-05-19 04:39 - 2009-07-13 21:13 - 00757328 ____A C:\Windows\System32\PerfStringBackup.INI

Files to move or delete:

====================

C:\Users\John Manypenny\AppData\Roaming\skype.dat

C:\Users\John Manypenny\AppData\Roaming\skype.ini

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-05-03 06:22:48

Restore point made on: 2013-05-07 07:20:14

Restore point made on: 2013-05-11 10:49:24

Restore point made on: 2013-05-16 06:04:56

Restore point made on: 2013-05-19 04:33:50

Restore point made on: 2013-05-23 03:06:29

Restore point made on: 2013-05-26 14:34:27

Restore point made on: 2013-05-30 11:45:58

Restore point made on: 2013-06-02 13:27:18

Restore point made on: 2013-06-06 06:03:47

Restore point made on: 2013-06-09 11:31:50

Restore point made on: 2013-06-11 08:40:53

==================== Memory info ===========================

Percentage of memory in use: 14%

Total physical RAM: 4000.13 MB

Available physical RAM: 3427.05 MB

Total Pagefile: 3998.27 MB

Available Pagefile: 3423.51 MB

Total Virtual: 8192 MB

Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:138.63 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)]

Drive d: (DATA) (Fixed) (Total:254.46 GB) (Free:254.34 GB) NTFS (Disk=0 Partition=3)

Drive f: () (Removable) (Total:14.9 GB) (Free:14.77 GB) FAT32 (Disk=1 Partition=1)

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 496B9619)

Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)

Partition 2: (Active) - (Size=186 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=254 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (Size: 15 GB) (Disk ID: 00000000)

Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)

LastRegBack: 2013-04-17 17:30

==================== End Of Log ============================

Link to post
Share on other sites

Hello tmanyp40 and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Open Notepad (Start => All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open Notepad and select Paste). Save it on the flashdrive as fixlist.txt

HKLM\...\Run: [setwallpaper] c:\programdata\SetWallpaper.cmd [x]

HKLM-x32\...\Run: [] [x]

HKU\John Manypenny\...\Winlogon: [shell] explorer.exe,C:\Users\John Manypenny\AppData\Roaming\skype.dat [117248 2011-11-16] (PremiumSoft CyberTech Ltd.) <==== ATTENTION

2013-06-13 13:02 - 2013-06-17 08:13 - 00000004 ____A C:\Users\John Manypenny\AppData\Roaming\skype.ini

C:\Users\John Manypenny\AppData\Roaming\skype.dat

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.

Link to post
Share on other sites

Here's the log. It rebooted normally!

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-06-2013

Ran by SYSTEM at 2013-06-17 11:58:45 Run:1

Running from F:\

Boot Mode: Recovery

==============================================

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Setwallpaper => Value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.

HKU\John Manypenny\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.

C:\Users\John Manypenny\AppData\Roaming\skype.ini => Moved successfully.

C:\Users\John Manypenny\AppData\Roaming\skype.dat => Moved successfully.

==== End of Fixlog ====

Link to post
Share on other sites

Good, we have made some progress. :)

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

Sorry for the delay.  Here are the combofix logs.

 

ComboFix 13-06-18.02 - John Manypenny 06/19/2013  20:55:01.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4000.2909 [GMT -5:00]
Running from: c:\users\John Manypenny\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\TotalRecipeSearch_14EI
c:\program files (x86)\TotalRecipeSearch_14EI\Installr\1.bin\14EIPlug.dll
c:\program files (x86)\TotalRecipeSearch_14EI\Installr\1.bin\14EZSETP.dll
c:\program files (x86)\TotalRecipeSearch_14EI\Installr\1.bin\NP14EISb.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-20 to 2013-06-20  )))))))))))))))))))))))))))))))
.
.
2013-06-20 02:01 . 2013-06-20 02:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-20 01:42 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{675DCD72-752F-4A34-95B1-7FED474F3E64}\mpengine.dll
2013-06-20 01:40 . 2013-06-20 01:41 -------- d-----w- C:\rei
2013-06-20 01:40 . 2013-06-20 01:40 -------- d-----w- c:\program files\Reimage
2013-06-20 01:39 . 2013-06-20 01:39 -------- d--h--w- c:\programdata\Common Files
2013-06-18 21:05 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-17 19:29 . 2013-06-17 19:29 -------- d-----w- C:\FRST
2013-06-17 17:13 . 2013-05-23 12:54 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7ABD350D-4D8F-4D28-A32F-7335B5430895}\gapaengine.dll
2013-06-11 16:45 . 2013-06-11 16:45 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-30 20:45 . 2013-05-30 20:45 -------- d-----w- c:\windows\SysWow64\Adobe
2013-05-23 12:57 . 2013-05-23 12:54 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E3A5DEDB-E9FC-4F0B-8D47-1F912FFA845F}\gapaengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-17 17:01 . 2011-12-16 19:26 45056 ----a-w- c:\windows\system32\acovcnt.exe
2013-05-23 12:54 . 2012-02-29 22:53 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-19 12:56 . 2010-06-24 18:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 15:29 . 2011-12-17 00:09 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-16 20:01 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 20:01 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 20:01 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 20:01 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 20:01 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 20:01 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-25 15:40 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-16 20:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-16 20:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-16 20:01 3153920 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7c8f8fe5-9785-4f74-bcf8-895ef9752d97}]
2012-08-19 20:43 699536 ----a-w- c:\progra~2\GAMING~2\bar\1.bin\gtbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ab5d199e-9659-47a2-930b-fc3b69061353}]
2012-08-19 20:43 62864 ----a-w- c:\program files (x86)\GamingWonderland\bar\1.bin\gtSrcAs.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{c4b22c87-45ef-4f43-89f2-40db2078864e}]
2012-05-13 16:52 66960 ----a-w- c:\program files (x86)\MyFunCards_5m\bar\1.bin\5mSrcAs.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-05-04 20:43 1519272 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{da71fd14-5f7b-46ae-b8b1-44074a38f331}]
2012-05-13 16:52 693648 ----a-w- c:\progra~2\MYFUNC~2\bar\1.bin\5mbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{210f1b36-3b7f-41a4-b5da-3eb87f5a56c2}"= "c:\program files (x86)\MyFunCards_5m\bar\1.bin\5mbar.dll" [2012-05-13 693648]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
"{a899079d-206f-43a6-be6a-07e0fa648ea0}"= "c:\program files (x86)\GamingWonderland\bar\1.bin\gtbar.dll" [2012-08-19 699536]
.
[HKEY_CLASSES_ROOT\clsid\{210f1b36-3b7f-41a4-b5da-3eb87f5a56c2}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{a899079d-206f-43a6-be6a-07e0fa648ea0}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2011-09-09 2676584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-02 2018032]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"MyFunCards Search Scope Monitor"="c:\progra~2\MYFUNC~2\bar\1.bin\5msrchmn.exe" [2012-05-13 42552]
"MyFunCards_5m Browser Plugin Loader"="c:\progra~2\MYFUNC~2\bar\1.bin\5mbrmon.exe" [2012-05-13 30096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-05-04 1561768]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"GamingWonderland Search Scope Monitor"="c:\progra~2\GAMING~2\bar\1.bin\gtsrchmn.exe" [2012-08-19 42536]
"GamingWonderland Browser Plugin Loader"="c:\progra~2\GAMING~2\bar\1.bin\gtbrmon.exe" [2012-08-19 30096]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-4-1 549040]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe -d [2011-10-29 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 GamingWonderlandService;GamingWonderlandService;c:\progra~2\GAMING~2\bar\1.bin\gtbarsvc.exe;c:\progra~2\GAMING~2\bar\1.bin\gtbarsvc.exe [x]
S2 MyFunCards_5mService;MyFunCardsService;c:\progra~2\MYFUNC~2\bar\1.bin\5mbarsvc.exe;c:\progra~2\MYFUNC~2\bar\1.bin\5mbarsvc.exe [x]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe;c:\program files\Trend Micro\Titanium\TiMiniService.exe [x]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 X5XSEx;X5XSEx;c:\program files (x86)\Free Ride Games\X5XSEx.Sys;c:\program files (x86)\Free Ride Games\X5XSEx.Sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]
S3 cpuz134;cpuz134;c:\users\JOHNMA~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\JOHNMA~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - CPUZ134
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-09 20:33]
.
2013-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-09 20:33]
.
2013-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-441713544-2149509061-1724629917-1000Core.job
- c:\users\John Manypenny\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 02:11]
.
2013-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-441713544-2149509061-1724629917-1000UA.job
- c:\users\John Manypenny\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 02:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2010-10-08 1123664]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2010-09-17 322384]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-12 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-12 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-12 416024]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.91\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-19  21:04:42
ComboFix-quarantined-files.txt  2013-06-20 02:04
.
Pre-Run: 150,079,774,720 bytes free
Post-Run: 150,520,348,672 bytes free
.
- - End Of File - - 2657EEBACAC950E2421547D1282D4A1A
D41D8CD98F00B204E9800998ECF8427E
Link to post
Share on other sites

??????? Windows Live Mesh ActiveX ??(????)

??????? Windows Live Mesh ActiveX ???

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Shockwave Player 12.0

Alcor Micro USB Card Reader

Ask Toolbar

Ask Toolbar Updater

Asmedia ASM104x USB 3.0 Host Controller Driver

ASUS AI Recovery

ASUS FancyStart

ASUS LifeFrame3

ASUS Live Update

ASUS SmartLogon

ASUS Splendid Video Enhancement Technology

ASUS Virtual Camera

ASUS WebStorage

ASUS_Screensaver

AsusVibe2.0

Atheros Driver Installation Program

ATK Package

Bing Bar

Cisco Connect

Contrôle ActiveX Windows Live Mesh pour connexions à distance

Control ActiveX de Windows Live Mesh para conexiones remotas

Controlo ActiveX do Windows Live Mesh para Ligações Remotas

CyberLink LabelPrint

CyberLink Power2Go

D3DX10

Free Ride Games Player

Galeria de Fotografias do Windows Live

Galerie de photos Windows Live

Galería fotográfica de Windows Live

GamingWonderland Toolbar

Google Chrome

Google Earth Plug-in

Google Toolbar for Internet Explorer

Google Update Helper

HP FWUpdateEDO2

HP Officejet Pro 8600 Help

HP Update

I.R.I.S. OCR

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Java Auto Updater

Java 6 Update 33

Junk Mail filter update

Mesh Runtime

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

MSVCRT

MSVCRT_amd64

MyFunCards Toolbar

Norton PC Checkup

Nuance PDF Reader

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Sonic Focus

swMSM

syncables desktop SE

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Windows Live

Windows Live ???

Windows Live ????

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinFlash

Wireless Console 3
Link to post
Share on other sites

Trend Micro looks like damaged to me. If you still want to use it I suggest you after we are done here to re-install it.

Step 1

Please uninstall the following applications:

Ask Toolbar

Ask Toolbar Updater

GamingWonderland Toolbar

MyFunCards Toolbar

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
Step 4

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

SecCenter::

AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • ComboFix log
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.