Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

malware, rootkit & trojan!!! need removal

Started by Brokenlaptop1 , Apr 26 2012 08:32 AM

This topic is locked

23 replies to this topic

#1 Brokenlaptop1

Member

Members
15 posts

Posted 26 April 2012 - 08:32 AM

http://www.bleepingcomputer.com/forums/topic451500.html/page__gopid__2679226#entry2679226

the above link is my original post.

I have now disabled all CD emulation software.

I cannot enable windows firewall as the virus is not allowing me. (error message pops up)

Download and run DSS - wont work. the download opens up in notepad, unintelligible gobildigook.

here is my log file from AswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-26 12:25:43
-----------------------------
12:25:43.694 OS Version: Windows x64 6.1.7600
12:25:43.694 Number of processors: 2 586 0x170A
12:25:43.694 ComputerName: MARKS-PC UserName: mark's
12:25:48.085 Initialize success
12:30:15.176 AVAST engine defs: 12042600
12:30:32.326 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:30:32.330 Disk 0 Vendor: Hitachi_ PC4O Size: 476940MB BusType: 3
12:30:32.342 Disk 0 MBR read successfully
12:30:32.346 Disk 0 MBR scan
12:30:32.354 Disk 0 unknown MBR code
12:30:32.366 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
12:30:32.377 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 463342 MB offset 409600
12:30:32.405 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13397 MB offset 949334016
12:30:32.443 Disk 0 scanning C:\Windows\system32\drivers
12:30:52.985 Service scanning
12:30:55.740 Service AMService C:\Windows\TEMP\dipbvk\setup.exe **INFECTED** Win32:Zbot-OHK [Trj]
12:31:27.369 Service symids C:\Windows\system32\bh611.dll **INFECTED** Win64:ZAccess-E [Rtk]
12:31:36.645 Modules scanning
12:31:37.048 Disk 0 trace - called modules:
12:31:37.078 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys sphz.sys hal.dll
12:31:37.085 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800590e060]
12:31:37.092 3 CLASSPNP.SYS[fffff88000c4f43f] -> nt!IofCallDriver -> [0xfffffa800590d040]
12:31:37.102 5 hpdskflt.sys[fffff88001e98289] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004bed050]
12:31:43.146 AVAST engine scan C:\Windows
12:31:46.280 AVAST engine scan C:\Windows\system32
12:31:56.709 File: C:\Windows\system32\bh611.dll **INFECTED** Win64:ZAccess-E [Rtk]
12:32:06.811 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
12:34:49.326 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
12:34:52.079 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
12:37:28.977 File: C:\Windows\assembly\temp\U\80000032.$ **INFECTED** Win32:DNSChanger-VJ [Trj]
12:37:29.069 File: C:\Windows\assembly\temp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
12:37:29.158 File: C:\Windows\assembly\temp\U\80000064.@ **INFECTED** Win32:Malware-gen
12:37:30.840 AVAST engine scan C:\Windows\system32\drivers
12:37:56.937 AVAST engine scan C:\Users\mark's
12:48:19.889 File: C:\Users\mark's\AppData\Local\promo.exe **INFECTED** Win32:Malware-gen
13:11:48.723 File: C:\Users\mark's\AppData\Roaming\Headup Games\gameupd.exe **INFECTED** Win32:Malware-gen
13:27:18.140 File: C:\Users\mark's\Downloads\7Zip_Setup.exe **INFECTED** Win32:Adware-gen [Adw]
13:41:14.387 AVAST engine scan C:\ProgramData
13:48:19.656 File: C:\ProgramData\LJOBGq6J.exe **INFECTED** Win32:Downloader-NYN [Trj]
13:50:13.624 Scan finished successfully
13:58:06.756 Disk 0 MBR has been saved successfully to "C:\Users\mark's\Desktop\MBR.dat"
13:58:06.764 The log file has been saved successfully to "C:\Users\mark's\Desktop\aswMBR.txt"

really need some help here. it looks bad!

BC Ads
BleepingComputer.com

#2 gringo_pr

Bleepin Gringo

Malware Response Team
121,033 posts

Gender:Male
Location:Puerto rico

Posted 27 April 2012 - 12:52 AM

Hello and Welcome to Bleeping Computer!!

use link 2 or 3 for dds

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

Please do not run any tools unless instructed to do so.
- We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
Please do not attach logs or use code boxes, just copy and paste the text.
- Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
Please read every post completely before doing anything.
- Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
Please provide feedback about your experience as we go.
- A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

DeFogger:

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear
Click the Disable button to disable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger may ask you to reboot the machine, if it does - click OK

Do not re-enable these drivers until otherwise instructed.

Security Check

Download Security Check by screen317 from here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Download DDS:

Please download DDS by sUBs from one of the links below and save it to your desktop:

Download DDS and save it to your desktop

Link1
Link2
Link3

Please disable any anti-malware program that will block scripts from running before running DDS.
- Double-Click on dds.scr and a command window will appear. This is normal.
- Shortly after two logs will appear:
- DDS.txt
- Attach.txt
A window will open instructing you save & post the logs
Save the logs to a convenient place such as your desktop
Copy the contents of both logs & post in your next reply

information and logs:

In your next post I need the following

.logs from DDS
let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.

#3 Brokenlaptop1

Member

Members
15 posts

Posted 27 April 2012 - 04:45 AM

hi there Gringo,

thankyou for your help!

Here are the logs you rerquested:

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Java™ 6 Update 20
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

***DDS.txt***
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by mark's at 10:36:54 on 2012-04-27
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4063.1351 [GMT 1:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: Virgin Media Security Anti-Virus *Disabled/Outdated* {A61154FD-4365-E00F-9A33-13A09AD54B56}
SP: Virgin Media Security Anti-Spyware *Disabled/Outdated* {1D70B519-655F-EF81-A083-28D2E15201EB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: Virgin Media Security Firewall *Disabled* {9E2AD5D8-090A-E157-B16C-BA9564060C2D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\3\3Connect\AutoUpdateSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_233_ActiveX.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\conhost.exe
C:\Windows\TEMP\dipbvk\setup.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\ProgramData\LJOBGq6J.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\mark's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N8YS1E8Q\SecurityCheck.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Notepad++\notepad++.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\ProgramData\LJOBGq6J.exe
C:\ProgramData\LJOBGq6J.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Vuze_Remote\Vuze_RemoteToolbarHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Vuze_Remote\Vuze_RemoteToolbarHelper.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RewardsArcade: {597a9974-8cb0-4f41-b61f-ed065738a397} - C:\Program Files (x86)\RewardsArcade\RewardsArcade.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre1.6.0_20\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre1.6.0_20\bin\jp2ssv.dll
TB: !{30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "C:\Users\mark's\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [NCsoft]
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [ServiceManager.exe] "C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe" /AUTORUN
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
dRun: [4Y3Y0C3A1F7XWVWEOUTJ] C:\Recycle.Bin\B6232F3A6A9.exe /q
StartupFolder: C:\Users\mark's\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TRIVIA~1.LNK - C:\Users\mark's\AppData\Local\Temp\{F2657087-AF0A-493D-BB1E-3A93922AB727}\{4E61888C-3D42-4691-AD25-E9AF648EAB63}\ATR1.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMERS~1.LNK - C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UPDATE~1.LNK - C:\Program Files (x86)\3\3Connect\AutoUpdateSrv.exe
uPolicies-system: WallpaperStyle = 2
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F50C7354-CFD6-450A-90D7-C1D67F728492} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F50C7354-CFD6-450A-90D7-C1D67F728492}\2456C6B696E6534376 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{F50C7354-CFD6-450A-90D7-C1D67F728492}\5534F6E6E6563647 : DhcpNameServer = 193.60.160.250 193.60.160.84
TCP: Interfaces\{F50C7354-CFD6-450A-90D7-C1D67F728492}\745756374734F6E6E6563647 : DhcpNameServer = 193.60.160.250 193.60.160.84
TCP: Interfaces\{F50C7354-CFD6-450A-90D7-C1D67F728492}\A656373796565303 : DhcpNameServer = 10.0.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
AppInit_DLLs:
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RewardsArcade: {597A9974-8CB0-4f41-B61F-ED065738A397} - C:\Program Files (x86)\RewardsArcade\RewardsArcade.dll
BHO-X64: RewardsArcade - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_20\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO-X64: Vuze Remote - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_20\bin\jp2ssv.dll
TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [ServiceManager.exe] "C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe" /AUTORUN
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
AppInit_DLLs-X64:
SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe [2011-2-16 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-2-2 18656]
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 ServicepointService;ServicepointService;C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe [2011-6-1 689464]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 AMService;AMService;C:\Windows\TEMP\dipbvk\setup.exe run --> C:\Windows\TEMP\dipbvk\setup.exe run [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-26 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-24 253088]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-20 227896]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-5-4 1431888]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-26 116648]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== File Associations ===============
.
regfile="regedit.exe" "%1"
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-04-25 14:52:26 -------- d-----w- C:\ProgramData\Comodo
2012-04-25 14:52:15 -------- d-----w- C:\Program Files\COMODO
2012-04-25 14:52:01 -------- d-----w- C:\Users\mark's\AppData\Local\Comodo
2012-04-25 14:51:31 -------- d-----w- C:\Program Files (x86)\Comodo
2012-04-25 14:10:55 -------- d-----w- C:\ProgramData\AVAST Software
2012-04-25 14:10:55 -------- d-----w- C:\Program Files\AVAST Software
2012-04-24 17:39:31 -------- d-----w- C:\Users\mark's\AppData\Roaming\Malwarebytes
2012-04-24 17:38:56 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-24 17:38:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-24 16:38:20 50000 ----a-w- C:\Windows\System32\drivers\seewqemb.sys
2012-04-24 16:37:40 50000 ----a-w- C:\Windows\System32\drivers\adjdueyx.sys
2012-04-24 16:27:32 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-04-24 12:47:27 -------- d-----w- C:\eb9e8a28380d1f1c67258fc8
2012-04-24 11:34:48 -------- d-----w- C:\Users\mark's\AppData\Roaming\Tific
2012-04-24 11:34:48 -------- d-----w- C:\Users\mark's\AppData\Local\Symantec
2012-04-24 10:31:29 84480 ----a-w- C:\ProgramData\LJOBGq6J.exe
2012-04-24 10:21:24 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-04-24 10:20:15 -------- d-----we C:\Windows\system64
2012-04-24 10:11:50 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-24 10:11:50 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-24 09:26:50 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{67BC5790-5369-478A-AF30-8AEDE805F3D4}\mpengine.dll
2012-04-18 11:49:25 -------- d-----w- C:\ProgramData\CCP
2012-04-17 23:22:41 283416 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-04-17 23:22:38 -------- d-----w- C:\Users\mark's\AppData\Local\PunkBuster
2012-04-17 23:18:19 283416 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-04-17 23:18:19 283416 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-04-17 23:18:14 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-04-17 23:16:36 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2012-04-17 23:16:21 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-04-17 21:07:03 -------- d-----w- C:\Program Files (x86)\CCP
2012-04-17 16:03:20 -------- d-----w- C:\Users\mark's\AppData\Local\GamersFirst LIVE!
2012-04-17 16:02:32 -------- d-----w- C:\Program Files (x86)\GamersFirst
2012-04-17 15:49:09 -------- d-----w- C:\Users\mark's\AppData\Local\CCP
2012-04-17 14:06:43 -------- d-----w- C:\Users\mark's\AppData\Local\NCSoft
2012-04-17 14:03:50 -------- d-----w- C:\AMD
2012-04-17 13:34:01 -------- d-----w- C:\Users\mark's\AppData\Local\assembly
2012-04-17 13:33:12 -------- d-----w- C:\Program Files (x86)\NCSoft
2012-04-14 02:00:52 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-14 02:00:50 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-14 02:00:49 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-13 15:12:34 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-13 15:12:32 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-13 15:12:31 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-13 15:12:28 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-13 15:12:28 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-13 15:12:27 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-13 15:12:27 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-02 12:44:54 -------- d-----w- C:\Mechanical Programs
2012-04-02 12:44:50 -------- d-----w- C:\Program Files (x86)\Wolsink
2012-03-29 19:10:33 -------- d-----w- C:\Users\mark's\AppData\Local\Autodesk, Inc
.
==================== Find3M ====================
.
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 09:18:36 279656 ----a-w- C:\Windows\System32\MpSigStub.exe
2012-02-15 06:27:54 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-15 05:44:57 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-15 04:47:21 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-15 04:46:59 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:18:10 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 06:17:55 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-10 06:17:54 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-10 06:17:54 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-02-10 06:17:54 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-02-10 05:41:38 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-10 05:41:20 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-02-10 05:41:20 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-10 05:41:20 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-10 05:41:19 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-07 10:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:16:03 3143168 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 10:40:44.49 ===============

***attatch.txt***

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 15/04/2010 20:28:46
System Uptime: 26/04/2012 22:06:42 (12 hours ago)
.
Motherboard: Quanta | | 3624
Processor: Intel® Core™2 Duo CPU T6600 @ 2.20GHz | CPU | 1584/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 452 GiB total, 30.806 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 2.147 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Description: HP Integrated Module with Bluetooth 2.0 Wireless Technology
Device ID: USB\VID_03F0&PID_171D\5&22CBA440&0&2
Manufacturer: Broadcom
Name: HP Integrated Module with Bluetooth 2.0 Wireless Technology
PNP Device ID: USB\VID_03F0&PID_171D\5&22CBA440&0&2
Service: BTHUSB
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
3Connect
7-Zip 9.20
Acrobat.com
Activate Norton Online Backup
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.1 MUI
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.6
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
ALWIL Software Security 4.8.1296.0
ANNO 2070
APB Reloaded
Apple Application Support
Apple Software Update
AutoCAD Civil 3D 2012 32 Bit Object Enabler on Autodesk Content Service - Language Neutral
AutoCAD Civil 3D 2012 32 Bit Object Enabler on Autodesk® Storm and Sanitary Analysis 2012 - Language Neutral
Autodesk Content Service
Autodesk Design Review 2012
Autodesk Material Library 2012
Autodesk Material Library Base Resolution Image Library 2012
Autodesk QTO Language Pack - English
Autodesk Quantity Takeoff 2012
Autodesk® Storm and Sanitary Analysis 2012
Avidemux 2.5
BBC Tweenies - Ready to Play
Betfair Poker
Bridge Constructor v1.0
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
City of Heroes (US)
Command & Conquer™ 4 Tiberian Twilight
Company of Heroes
Compatibility Pack for the 2007 Office system
Connect
Create™
Crystal Reports Runtime
CyberLink DVD Suite
DivX Setup
EVE Online (remove only)
FARO LS 1.1.406.58
FL Studio 9
Football Manager 2010
GamersFirst LIVE!
Google Chrome
Google Earth
Google Update Helper
Graboid Video 1.65
HP Advisor
HP Customer Experience Enhancements
HP Deskjet 3050 J610 series Help
HP Games
HP MediaSmart DVD
HP MediaSmart Internet TV
HP MediaSmart Live TV
HP MediaSmart Movie Themes
HP MediaSmart Music/Photo/Video
HP MediaSmart Software Notebook Demo
HP MediaSmart Webcam
HP Photo Creations
HP Quick Launch Buttons
HP Setup
HP Update
HP User Guides 0153
HP Wireless Assistant
Huawei modem
IDT Audio
Internet TV for Windows Media Center
Java Auto Updater
Java™ 6 Update 20
JMicron Flash Media Controller Driver
Junk Mail filter update
JustCamIt 2.1.0
Kidizoom Pro & Plus
kuler
LabelPrint
League of Legends
LightScribe System Software
LogMeIn Hamachi
Magic Desktop
Mechanical programs (incl. Framework)
Media Player Classic - Home Cinema v1.4.2499.0
Microsoft .NET Framework 1.1
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual Basic Power Packs 3.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Minecraft Beta Cracked
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Napoleon - Total War
NCsoft Launcher
Notepad++
NVIDIA PhysX
OJOsoft Total Video Converter
OpenAL
Pando Media Booster
Panzer Corps version 1.0
PDF Settings CS4
Photoshop Camera Raw
Power2Go
PowerDirector
PowerRecover
PunkBuster Services
QLBCASL
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
RIFT
Rome - Total War
RPS CRT
Safari
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Sid Meier's Civilization 4
Sid Meier's Civilization 4 - Beyond the Sword
Sid Meier's Civilization 4 - Warlords
Sins of a Solar Empire Trinity
Skype Click to Call
Skype™ 5.5
Spotify
StarCraft II
Suite Shared Configuration CS4
Surfer 8
Syberia 1 1.00
The Book Of Unwritten Tales version 1.03
Trivial Pursuit Unhinged
Ubisoft Game Launcher
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.17
VideoLAN VLC media player 0.8.6d
Virgin Media Service Manager 3.7.47
Vuze
Vuze Remote Toolbar
WildTangent Games App (HP Games)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinRAR archiver
WinZip 14.5
World of Tanks v.0.6.7
Xfire (remove only)
Xvid 1.2.1 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
27/04/2012 10:41:10, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
26/04/2012 22:37:44, Error: Service Control Manager [7034] - The AMService service terminated unexpectedly. It has done this 1 time(s).
26/04/2012 22:10:51, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
26/04/2012 22:08:10, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
26/04/2012 22:08:09, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
26/04/2012 22:07:39, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
26/04/2012 13:48:41, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
26/04/2012 13:48:41, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
26/04/2012 10:16:20, Error: sptd [4] - Driver detected an internal error in its data structures for .
25/04/2012 15:54:01, Error: Service Control Manager [7030] - The COMODO Internet Security Helper Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
25/04/2012 14:59:09, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Autodesk Content Service service to connect.
25/04/2012 14:59:09, Error: Service Control Manager [7000] - The Autodesk Content Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
25/04/2012 14:49:38, Error: Microsoft Antimalware [3002] -
24/04/2012 20:29:20, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
24/04/2012 20:27:23, Error: Service Control Manager [7023] - The Owstimer service terminated with the following error: Access is denied.
24/04/2012 17:54:40, Error: Service Control Manager [7043] - The Microsoft Antimalware Service service did not shut down properly after receiving a preshutdown control.
24/04/2012 16:21:53, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
24/04/2012 16:21:53, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
24/04/2012 13:39:09, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
24/04/2012 13:39:09, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
24/04/2012 12:15:26, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: StarOpen
24/04/2012 11:31:30, Error: Service Control Manager [7030] - The AMService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
23/04/2012 21:43:57, Error: Service Control Manager [7034] - The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly. It has done this 1 time(s).
23/04/2012 10:43:16, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
23/04/2012 10:43:12, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
22/04/2012 21:51:22, Error: bowser [8003] - The master browser has received a server announcement from the computer JAMIE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CC98E18F-9A79-43D7-AADC-C9D50566CAC9}. The master browser is stopping or an election is being forced.
21/04/2012 23:49:28, Error: bowser [8003] - The master browser has received a server announcement from the computer CURRYS-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F50C7354-CFD6-450A-90D7-C1D67F728492}. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================

#4 Brokenlaptop1

Member

Members
15 posts

Posted 27 April 2012 - 04:51 AM

update: the problematic laptop has booted up and is running at the moment and connected to internet. Random music and adverts still play in backgrouund and CPU usage is totally erratic.

#5 gringo_pr

Bleepin Gringo

Malware Response Team
121,033 posts

Gender:Male
Location:Puerto rico

Posted 27 April 2012 - 07:16 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following
Log from Combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

#6 Brokenlaptop1

Member

Members
15 posts

Posted 27 April 2012 - 08:24 AM

hey Gringo, here is my Combofix log:

ComboFix 12-04-27.01 - mark's 27/04/2012 13:51:49.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4063.2676 [GMT 1:00]
Running from: c:\users\mark's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R5DVJE0U\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: Virgin Media Security Anti-Virus *Disabled/Outdated* {A61154FD-4365-E00F-9A33-13A09AD54B56}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: Virgin Media Security Firewall *Disabled* {9E2AD5D8-090A-E157-B16C-BA9564060C2D}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Virgin Media Security Anti-Spyware *Disabled/Outdated* {1D70B519-655F-EF81-A083-28D2E15201EB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\3
c:\program files (x86)\3\3Connect\3ConnectHelp.chm
c:\program files (x86)\3\3Connect\AceDb.encrypt
c:\program files (x86)\3\3Connect\AutoUpdateSrv.exe
c:\program files (x86)\3\3Connect\BlacklistedProcesses.xml
c:\program files (x86)\3\3Connect\capicom.dll
c:\program files (x86)\3\3Connect\CiscoApiWrapper.dll
c:\program files (x86)\3\3Connect\Config.encrypt
c:\program files (x86)\3\3Connect\Config.xml
c:\program files (x86)\3\3Connect\Config_23420.encrypt
c:\program files (x86)\3\3Connect\Config_23420.xml
c:\program files (x86)\3\3Connect\Config_27205.encrypt
c:\program files (x86)\3\3Connect\Config_27205.xml
c:\program files (x86)\3\3Connect\Config_Default.encrypt
c:\program files (x86)\3\3Connect\Config_Default.xml
c:\program files (x86)\3\3Connect\ConfigAup.encrypt
c:\program files (x86)\3\3Connect\ConfigAup.xml
c:\program files (x86)\3\3Connect\DeviceInstaller.exe
c:\program files (x86)\3\3Connect\Dialog.cfg
c:\program files (x86)\3\3Connect\Flash.ocx
c:\program files (x86)\3\3Connect\HuaweiE220.dll
c:\program files (x86)\3\3Connect\ImportConfiguration.exe
c:\program files (x86)\3\3Connect\InstallHelpers.dll
c:\program files (x86)\3\3Connect\LanDevice.dll
c:\program files (x86)\3\3Connect\Logger.dll
c:\program files (x86)\3\3Connect\mfc80u.dll
c:\program files (x86)\3\3Connect\Microsoft.VC80.CRT.manifest
c:\program files (x86)\3\3Connect\Microsoft.VC80.MFC.manifest
c:\program files (x86)\3\3Connect\modemcust.cfg
c:\program files (x86)\3\3Connect\modeminfo.cfg
c:\program files (x86)\3\3Connect\Modems\Huawei Modems.exe
c:\program files (x86)\3\3Connect\msvcp80.dll
c:\program files (x86)\3\3Connect\msvcr80.dll
c:\program files (x86)\3\3Connect\NetworkCodes.cfg
c:\program files (x86)\3\3Connect\OperatorList.xml
c:\program files (x86)\3\3Connect\OptGlobetrotterGTMax72.dll
c:\program files (x86)\3\3Connect\Res.dll
c:\program files (x86)\3\3Connect\Skins\FlashSkin\gui.swf
c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\account.png
c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\arrow_dwn.png
c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\arrow_up.png
c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\background_history.png
c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\background_main.png
c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\background_rss.png
c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\background_sidebox.png
c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\btn_back.png
c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\btn_connect.png
c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\btn_default.png
c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\btn_disconnect.png
c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\btn_login.png
c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\btn_rssclose.png
c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\btn_rssopen.png
c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\exit.png
c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\globe.png
c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\graph.png
c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\minimize.png
c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\nr_sms.png
c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\rgn_history.png
c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\rgn_main.swf
c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\rgn_rss.swf
c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\roaming.png
c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\signal.png
c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\sms.png
c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\tab_1.png
c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\tab_2.png
c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\settings\constructor.xml
c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\settings\offline.xml
c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\settings\strings.xml
c:\program files (x86)\3\3Connect\Sms.xml
c:\program files (x86)\3\3Connect\SmsApp2.dll
c:\program files (x86)\3\3Connect\SoftOpt.encrypt
c:\program files (x86)\3\3Connect\Strings.txt
c:\program files (x86)\3\3Connect\SysConfig.dat
c:\program files (x86)\3\3Connect\SystemInfo.txt
c:\program files (x86)\3\3Connect\Update\ConfigAup.encrypt
c:\program files (x86)\3\3Connect\Update\ConfigAup.xml
c:\program files (x86)\3\3Connect\Wilog.exe
c:\program files (x86)\3\3Connect\WWanDevice.dll
c:\program files (x86)\3\3Connect\ZTE620.dll
c:\programdata\LJOBGq6J.exe
c:\users\mark's\AppData\Local\assembly\tmp
c:\users\mark's\AppData\Local\promo.exe
c:\users\Public\videos\HP MediaSmart Demo.exe
c:\windows\system32\consrv.dll
c:\windows\System64
c:\windows\SysWow64\Ir5FDD2.tmp
c:\windows\SysWow64\urttemp
c:\windows\SysWow64\urttemp\regtlib.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At15.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AMService
.
.
((((((((((((((((((((((((( Files Created from 2012-03-27 to 2012-04-27 )))))))))))))))))))))))))))))))
.
.
2012-04-27 13:06 . 2012-04-27 13:06 -------- d-----w- c:\users\Mcx1-MARKS-PC\AppData\Local\temp
2012-04-27 13:06 . 2012-04-27 13:06 -------- d-----w- c:\users\MARKS\AppData\Local\temp
2012-04-27 13:06 . 2012-04-27 13:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-25 14:52 . 2012-04-26 18:42 -------- d-----w- c:\programdata\Comodo
2012-04-25 14:52 . 2012-04-25 14:52 -------- d-----w- c:\program files\COMODO
2012-04-25 14:52 . 2012-04-25 14:52 -------- d-----w- c:\users\mark's\AppData\Local\Comodo
2012-04-25 14:51 . 2012-04-25 14:51 -------- d-----w- c:\program files (x86)\Comodo
2012-04-25 14:10 . 2012-04-25 14:10 -------- d-----w- c:\programdata\AVAST Software
2012-04-25 14:10 . 2012-04-25 14:10 -------- d-----w- c:\program files\AVAST Software
2012-04-24 17:39 . 2012-04-24 17:39 -------- d-----w- c:\users\mark's\AppData\Roaming\Malwarebytes
2012-04-24 17:38 . 2012-04-24 17:38 -------- d-----w- c:\programdata\Malwarebytes
2012-04-24 17:38 . 2012-04-25 18:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-24 16:38 . 2012-04-24 16:38 50000 ----a-w- c:\windows\system32\drivers\seewqemb.sys
2012-04-24 16:37 . 2012-04-24 16:37 50000 ----a-w- c:\windows\system32\drivers\adjdueyx.sys
2012-04-24 16:27 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2012-04-24 12:47 . 2012-04-25 18:48 -------- d-----w- C:\eb9e8a28380d1f1c67258fc8
2012-04-24 11:34 . 2012-04-24 11:34 -------- d-----w- c:\users\mark's\AppData\Roaming\Tific
2012-04-24 11:34 . 2012-04-24 11:34 -------- d-----w- c:\users\mark's\AppData\Local\Symantec
2012-04-24 10:21 . 2012-04-27 12:43 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-04-24 10:11 . 2012-04-24 10:22 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-24 10:11 . 2012-04-24 10:22 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-24 10:11 . 2012-04-24 10:11 -------- d-----w- c:\windows\system32\Macromed
2012-04-24 09:26 . 2012-04-18 02:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{67BC5790-5369-478A-AF30-8AEDE805F3D4}\mpengine.dll
2012-04-18 11:49 . 2012-04-18 11:49 -------- d-----w- c:\programdata\CCP
2012-04-17 23:22 . 2012-04-19 17:36 283416 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-04-17 23:22 . 2012-04-17 23:22 -------- d-----w- c:\users\mark's\AppData\Local\PunkBuster
2012-04-17 23:18 . 2012-04-19 17:36 283416 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-04-17 23:18 . 2012-04-18 15:08 283416 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-04-17 23:18 . 2012-04-17 23:18 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-04-17 23:16 . 2012-04-17 23:16 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-04-17 23:16 . 2012-04-17 23:16 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-04-17 21:07 . 2012-04-17 21:07 -------- d-----w- c:\program files (x86)\CCP
2012-04-17 16:03 . 2012-04-17 16:03 -------- d-----w- c:\users\mark's\AppData\Local\GamersFirst LIVE!
2012-04-17 16:02 . 2012-04-17 22:20 -------- d-----w- c:\program files (x86)\GamersFirst
2012-04-17 15:49 . 2012-04-17 15:49 -------- d-----w- c:\users\mark's\AppData\Local\CCP
2012-04-17 14:06 . 2012-04-17 14:06 -------- d-----w- c:\users\mark's\AppData\Local\NCSoft
2012-04-17 14:03 . 2012-04-17 14:03 -------- d-----w- C:\AMD
2012-04-17 13:34 . 2012-04-27 13:06 -------- d-----w- c:\users\mark's\AppData\Local\assembly
2012-04-17 13:33 . 2012-04-17 13:34 -------- d-----w- c:\program files (x86)\NCSoft
2012-04-14 02:00 . 2012-03-06 06:43 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-14 02:00 . 2012-03-06 05:59 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-14 02:00 . 2012-03-06 05:59 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-13 15:12 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-13 15:12 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-13 15:12 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-13 15:12 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-13 15:12 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-13 15:12 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-13 15:12 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-02 12:44 . 2012-04-02 12:44 -------- d-----w- C:\Mechanical Programs
2012-04-02 12:44 . 2012-04-02 12:44 -------- d-----w- c:\program files (x86)\Wolsink
2012-03-29 19:10 . 2012-03-29 19:10 -------- d-----w- c:\users\mark's\AppData\Local\Autodesk, Inc
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-03 03:04 . 2012-03-03 03:04 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-03 03:04 . 2012-03-03 03:04 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-03 03:04 . 2012-03-03 03:04 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-03 03:04 . 2012-03-03 03:04 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-03 03:04 . 2012-03-03 03:04 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-03 03:04 . 2012-03-03 03:04 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-03 03:04 . 2012-03-03 03:04 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-03 03:04 . 2012-03-03 03:04 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-03 03:04 . 2012-03-03 03:04 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-03 03:04 . 2012-03-03 03:04 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-03 03:04 . 2012-03-03 03:04 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-03 03:04 . 2012-03-03 03:04 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-03 03:04 . 2012-03-03 03:04 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-03 03:04 . 2012-03-03 03:04 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-03 03:04 . 2012-03-03 03:04 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-03 03:04 . 2012-03-03 03:04 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-03 03:04 . 2012-03-03 03:04 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-03 03:04 . 2012-03-03 03:04 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-03-03 03:04 . 2012-03-03 03:04 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-03 03:04 . 2012-03-03 03:04 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-03 03:04 . 2012-03-03 03:04 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-03 03:04 . 2012-03-03 03:04 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-03 03:04 . 2012-03-03 03:04 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-03 03:04 . 2012-03-03 03:04 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-03 03:04 . 2012-03-03 03:04 448512 ----a-w- c:\windows\system32\html.iec
2012-03-03 03:04 . 2012-03-03 03:04 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-03 03:04 . 2012-03-03 03:04 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-03 03:04 . 2012-03-03 03:04 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-03 03:04 . 2012-03-03 03:04 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-03 03:04 . 2012-03-03 03:04 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-03 03:04 . 2012-03-03 03:04 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-03 03:04 . 2012-03-03 03:04 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-03 03:04 . 2012-03-03 03:04 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-03 03:04 . 2012-03-03 03:04 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-23 09:18 . 2010-04-15 19:50 279656 ----a-w- c:\windows\system32\MpSigStub.exe
2012-02-15 06:27 . 2012-03-14 09:07 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 05:44 . 2012-03-14 09:07 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-15 04:47 . 2012-03-14 09:07 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:46 . 2012-03-14 09:07 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:18 . 2012-03-14 09:08 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 06:17 . 2012-03-14 09:08 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 06:17 . 2012-03-14 09:08 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-02-10 06:17 . 2012-03-14 09:08 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 06:17 . 2012-03-14 09:08 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41 . 2012-03-14 09:08 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-10 05:41 . 2012-03-14 09:08 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-02-10 05:41 . 2012-03-14 09:08 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-02-10 05:41 . 2012-03-14 09:08 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-02-10 05:41 . 2012-03-14 09:08 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-02-07 10:02 . 2012-02-07 10:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:16 . 2012-03-14 09:08 3143168 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-10-25 1668664]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-03-19 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"ServiceManager.exe"="c:\program files (x86)\Virgin Media\Service Manager\ServiceManager.exe" [2011-03-25 4371768]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
.
c:\users\mark's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Trivial Pursuit_ Unhinged Registration.lnk - c:\users\mark's\AppData\Local\Temp\{F2657087-AF0A-493D-BB1E-3A93922AB727}\{4E61888C-3D42-4691-AD25-E9AF648EAB63}\ATR1.EXE [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-31 1079584]
GamersFirst LIVE!.lnk - c:\program files (x86)\GamersFirst\LIVE!\Live.exe [2011-8-15 2589808]
Update Agent.lnk - c:\program files (x86)\3\3Connect\AutoUpdateSrv.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 ikwtemjp;ikwtemjp;c:\windows\system32\drivers\ikwtemjp.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-26 116648]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 253088]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-01-10 1431888]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-26 116648]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe [2011-02-16 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 ServicepointService;ServicepointService;c:\program files (x86)\Virgin Media\Service Manager\ServicepointService.exe [2011-03-25 689464]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-03-19 10:15 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 10:22]
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-26 18:13]
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-26 18:13]
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2373302188-527143305-3203656255-1001Core.job
- c:\users\mark's\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-10 19:03]
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2373302188-527143305-3203656255-1001UA.job
- c:\users\mark's\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-10 19:03]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-21 610872]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-02-16 456192]
"combofix"="c:\combofix\CF24705.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
symids
sdcplh
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Toolbar-!{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
Wow6432Node-HKCU-Run-NCsoft - (no file)
Wow6432Node-HKU-Default-Run-4Y3Y0C3A1F7XWVWEOUTJ - c:\recycle.bin\B6232F3A6A9.exe
Toolbar-10 - (no file)
Toolbar-!{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"=hex:51,66,7a,6c,4c,1d,38,12,f0,31,07,
be,62,db,e7,0c,cc,e4,d4,72,ec,73,53,d8
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{597A9974-8CB0-4F41-B61F-ED065738A397}"=hex:51,66,7a,6c,4c,1d,38,12,1a,9a,69,
5d,82,c2,2f,0a,c9,09,ae,46,52,66,e7,83
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3f,5a,3c,b3,cd,2f,00,4c,bd,7f,da,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3f,5a,3c,b3,cd,2f,00,4c,bd,7f,da,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\02\19\119+T"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-04-27 14:21:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-27 13:21
.
Pre-Run: 32,946,638,848 bytes free
Post-Run: 34,350,436,352 bytes free
.
- - End Of File - - 8F0470909A94E690F9FE378E4DCD1755

I have not noticed a difference in how the computer is running as yet.

Has combofix removed the bad files?

#7 gringo_pr

Bleepin Gringo

Malware Response Team
121,033 posts

Gender:Male
Location:Puerto rico

Posted 27 April 2012 - 12:16 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

Double click the aswMBR.exe icon to run it
it will ask to download extra definitions - ALLOW IT
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

#8 gringo_pr

Bleepin Gringo

Malware Response Team
121,033 posts

Gender:Male
Location:Puerto rico

Posted 30 April 2012 - 02:57 AM

Hello

Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?

Gringo

#9 Brokenlaptop1

Member

Members
15 posts

Posted 30 April 2012 - 11:05 AM

Hi Gringo

My laptop won't load up windows. It is stuck, I am rebooting and rebooting. Tried numerous restores etc.

I cannot get into the system to carry out the last steps you posted for me.

I am trying an trying to get into windows but with no success at the moment.

Is there something I can do?

Many thanks
(on iPhone ATM)

#10 gringo_pr

Bleepin Gringo

Malware Response Team
121,033 posts

Gender:Male
Location:Puerto rico

Posted 30 April 2012 - 11:19 AM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]

#11 Brokenlaptop1

Member

Members
15 posts

Posted 30 April 2012 - 12:04 PM

Ok Gringo. I only have my broken laptop ATM. I will need to find another comp.

#12 gringo_pr

Bleepin Gringo

Malware Response Team
121,033 posts

Gender:Male
Location:Puerto rico

Posted 30 April 2012 - 12:55 PM

Hello

no problem - I don't think it will be hard to fix but I need to see that report to know what to go after

gringo

#13 Brokenlaptop1

Member

Members
15 posts

Posted 01 May 2012 - 05:48 AM

hi Gringo,

I have managed to get the report you need. Here it is:

Scan result of Farbar Recovery Scan Tool Version: 30-04-2012 02
Ran by SYSTEM at 01-05-2012 11:41:45
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1814312 2010-07-23] (Synaptics Incorporated)
HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [610872 2009-07-21] ()
HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [456192 2011-02-16] (IDT, Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [ServiceManager.exe] "C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe" /AUTORUN [4371768 2011-03-25] (Virgin Media)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1230704 2011-03-21] ()
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-26] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-10-09] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1987976 2012-02-28] (LogMeIn Inc.)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-10-25] (Hewlett-Packard)
HKU\Default\...\Policies\system: [WallpaperStyle] 2
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-10-25] (Hewlett-Packard)
HKU\Default User\...\Policies\system: [WallpaperStyle] 2
HKU\mark's\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW [1668664 2009-10-25] (Hewlett-Packard)
HKU\mark's\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2010-03-19] (Hewlett-Packard Company)
HKU\mark's\...\Policies\system: [DisableLockWorkstation] 0
HKU\mark's\...\Policies\system: [DisableChangePassword] 0
HKU\Mcx1-MARKS-PC\...\Policies\system: [WallpaperStyle] 2
HKU\Mcx1-MARKS-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation)
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe [89600 2011-02-16] (Andrea Electronics Corporation)
2 Autodesk Content Service; "C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe" [18656 2011-02-02] ()
2 ezSharedSvc; C:\Windows\SysWow64\ezsvc7.dll [129584 2009-02-22] (EasyBits Sofware AS)
3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [206072 2010-10-12] (WildTangent, Inc.)
2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2343816 2012-02-28] (LogMeIn Inc.)
2 hpsrv; C:\Windows\System32\Hpservice.exe [30520 2009-07-08] (Hewlett-Packard)
3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [64856 2009-02-26] (Microsoft Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-04-17] ()
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-01-21] ()
2 ServicepointService; "C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe" [689464 2011-03-25] (Radialpoint Inc.)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\STacSV64.exe [240640 2011-02-16] (IDT, Inc.)
2 symids; C:\Windows\System32\bh611.dll [6656 2009-07-13] (Oak Technology Inc.)
3 msiserver; C:\Windows\System32\msiexec.exe .exe /V [x]

========================== Drivers (Whitelisted) =============

3 Accelerometer; C:\Windows\System32\Drivers\Accelerometer.sys [41272 2009-07-08] (Hewlett-Packard)
2 adfs; C:\Windows\System32\Drivers\adfs.sys [88632 2008-06-26] (Adobe Systems, Inc.)
2 adfs; C:\Windows\SysWow64\Drivers\adfs.sys [74720 2008-08-13] (Adobe Systems, Inc.)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
3 enecir; C:\Windows\System32\Drivers\enecir.sys [70656 2009-06-29] (ENE TECHNOLOGY INC.)
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
0 hpdskflt; C:\Windows\System32\Drivers\hpdskflt.sys [30008 2009-07-08] (Hewlett-Packard)
3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [115328 2008-03-17] (Huawei Technologies Co., Ltd.)
4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-04-19] (Duplex Secure Ltd.)
3 StillCam; C:\Windows\System32\DRIVERS\serscan.sys [12288 2009-07-13] (Microsoft Corporation)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
4 eabfiltr; [x]
1 ikwtemjp; \??\C:\Windows\system32\drivers\ikwtemjp.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: symids
NETSVC: sdcplh
NETSVCx32: ezSharedSvc

============ One Month Created Files and Folders ==============

2012-04-27 05:21 - 2012-04-27 05:21 - 0035066 ____A C:\ComboFix.txt
2012-04-27 05:07 - 2012-04-27 05:07 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-04-27 05:07 - 2012-04-27 05:07 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-04-27 05:07 - 2012-04-27 05:07 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-04-27 05:07 - 2012-04-27 05:07 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-04-27 05:07 - 2012-04-27 05:07 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-04-27 05:07 - 2012-04-22 17:52 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-04-27 05:07 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-04-27 05:07 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-04-27 05:07 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-04-27 05:07 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-04-27 04:47 - 2012-04-25 05:54 - 0000000 ____D C:\Windows\ERDNT
2012-04-27 04:47 - 2012-03-01 14:22 - 0000000 ____D C:\ComboFix
2012-04-27 04:47 - 2011-02-16 08:52 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-04-27 04:47 - 2010-04-15 18:03 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-04-27 04:47 - 2009-10-25 13:27 - 0208896 ____A C:\Windows\MBR.exe
2012-04-27 04:47 - 2009-07-13 23:50 - 0080412 ____A C:\Windows\grep.exe
2012-04-27 04:47 - 2009-07-13 21:32 - 0256000 ____A C:\Windows\PEV.exe
2012-04-27 04:47 - 2009-07-13 19:20 - 0098816 ____A C:\Windows\sed.exe
2012-04-27 04:47 - 2009-07-13 17:39 - 0068096 ____A C:\Windows\zip.exe
2012-04-27 04:47 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-04-27 04:46 - 2012-04-27 05:09 - 0000000 ____D C:\Qoobox
2012-04-27 01:31 - 2012-03-08 10:47 - 0003831 ____A C:\Users\mark's\Desktop\laptop repair.txt
2012-04-26 05:24 - 2012-01-18 09:18 - 0607260 ____A (Swearware) C:\Users\mark's\Desktop\dds.scr
2012-04-26 05:20 - 2012-04-26 05:24 - 0000654 ____A C:\Users\mark's\Desktop\defogger_disable.log
2012-04-26 05:20 - 2010-04-15 11:28 - 0000188 ____A C:\Users\mark's\defogger_reenable
2012-04-26 04:58 - 2012-04-17 14:06 - 0003271 ____A C:\Users\mark's\Desktop\aswMBR.txt
2012-04-26 04:58 - 2012-03-21 13:34 - 0000512 ____A C:\Users\mark's\Desktop\MBR.dat
2012-04-25 06:52 - 2012-04-27 05:00 - 0000000 ____D C:\Program Files\COMODO
2012-04-25 06:52 - 2012-04-18 03:49 - 0000000 ____D C:\Users\All Users\Comodo
2012-04-25 06:52 - 2012-04-18 03:49 - 0000000 ____D C:\ProgramData\Comodo
2012-04-25 06:52 - 2011-12-08 13:55 - 0000000 ____D C:\Users\mark's\AppData\Local\Comodo
2012-04-25 06:51 - 2012-04-27 05:00 - 0000000 ____D C:\Program Files (x86)\Comodo
2012-04-25 06:10 - 2012-01-16 14:35 - 0000000 ____D C:\Users\All Users\AVAST Software
2012-04-25 06:10 - 2012-01-16 14:35 - 0000000 ____D C:\ProgramData\AVAST Software
2012-04-25 06:10 - 2012-01-16 14:25 - 0000000 ____D C:\Program Files\AVAST Software
2012-04-25 05:52 - 2012-04-25 05:52 - 2899344 ____A (AVG Technologies CZ, s.r.o.) C:\Users\mark's\Downloads\avg_remover_stf_x64_2012_2125.exe
2012-04-25 05:52 - 2012-01-10 14:06 - 0119456 ____A C:\Users\mark's\Downloads\avgremover.log
2012-04-24 09:39 - 2010-04-15 13:49 - 0000000 ____D C:\Users\mark's\AppData\Roaming\Malwarebytes
2012-04-24 09:38 - 2012-02-29 16:59 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-24 09:38 - 2010-04-22 01:31 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-04-24 09:38 - 2010-04-22 01:31 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-04-24 08:38 - 2009-06-10 12:37 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\seewqemb.sys
2012-04-24 08:37 - 2008-06-26 22:51 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\adjdueyx.sys
2012-04-24 08:29 - 2009-07-13 21:37 - 0001945 ____A C:\Windows\epplauncher.mif
2012-04-24 08:27 - 2009-07-13 15:21 - 0374664 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-04-24 04:47 - 2009-07-13 21:08 - 0000000 ____D C:\eb9e8a28380d1f1c67258fc8
2012-04-24 04:20 - 2010-04-15 13:48 - 0007605 ____A C:\Users\mark's\AppData\Local\Resmon.ResmonCfg
2012-04-24 03:50 - 2011-10-25 11:55 - 1781760 ____A C:\Users\mark's\Downloads\videoplayback
2012-04-24 03:34 - 2012-01-25 15:59 - 0000000 ____D C:\Users\mark's\AppData\Local\Symantec
2012-04-24 03:34 - 2010-04-19 09:00 - 0000000 ____D C:\Users\mark's\AppData\Roaming\Tific
2012-04-24 02:21 - 2009-07-13 17:40 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-24 02:11 - 2012-04-24 02:22 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-04-24 02:11 - 2009-07-13 17:14 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-24 02:11 - 2009-06-10 13:10 - 0000000 ____D C:\Windows\System32\Macromed
2012-04-24 02:11 - - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-23 10:51 - 2010-08-23 08:49 - 0005864 ____A C:\Users\mark's\Downloads\Echo
2012-04-23 10:50 - 2011-06-01 06:15 - 0017164 ____A C:\Users\mark's\Downloads\Roof Truss 2 (1).rwi
2012-04-23 10:45 - 2012-04-23 10:43 - 0017164 ____A C:\Users\mark's\Downloads\Roof Truss 2.rwi
2012-04-23 10:44 - 2011-10-22 02:36 - 0000750 ____A C:\Users\mark's\Downloads\Framework.INI
2012-04-23 10:43 - 2012-04-23 10:50 - 0010187 ____A C:\Users\mark's\Downloads\Roof Truss 2 (1).rwu
2012-04-23 10:43 - 2012-04-23 10:45 - 0010187 ____A C:\Users\mark's\Downloads\Roof Truss 2.rwu
2012-04-23 10:43 - 2010-10-13 06:56 - 0000000 ____A C:\Users\mark's\Downloads\SkinNaam
2012-04-23 09:19 - 2012-04-17 08:02 - 0002172 ____A C:\Users\Public\Desktop\Google Earth.lnk
2012-04-23 05:47 - 2011-12-26 11:26 - 0516105 ____A C:\Users\mark's\Downloads\ship.zip
2012-04-23 02:17 - 2012-01-25 10:43 - 0161792 ____A C:\Users\mark's\Desktop\unicorn robot xyz.rtb
2012-04-21 01:14 - 2011-01-11 05:29 - 0000165 ___AH C:\Users\mark's\Desktop\~$CASH MONEY ME N HANNAH.xlsx
2012-04-18 03:49 - 2010-07-22 01:28 - 0000000 ____D C:\Users\All Users\CCP
2012-04-18 03:49 - 2010-07-22 01:28 - 0000000 ____D C:\ProgramData\CCP
2012-04-18 03:49 - 2010-04-17 12:11 - 0000000 ____D C:\Users\mark's\Documents\EVE
2012-04-18 03:47 - - 0000066 ____A C:\Windows\11338872
2012-04-18 03:41 - 2012-04-23 03:13 - 0001851 ____A C:\Users\mark's\Desktop\EVE.lnk
2012-04-18 03:26 - 2011-10-19 07:57 - 4281944 ____A (CCP hf.) C:\Users\mark's\Downloads\EVE_Online_Installer_360229 (1).exe
2012-04-17 15:22 - 2012-04-19 09:36 - 0283416 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-04-17 15:22 - 2010-04-16 10:16 - 0000000 ____D C:\Users\mark's\AppData\Local\PunkBuster
2012-04-17 15:18 - 2012-04-18 07:08 - 0283416 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-04-17 15:18 - 2012-04-17 15:18 - 0283416 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-04-17 15:18 - 2009-07-13 17:16 - 0076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2012-04-17 15:16 - 2011-10-23 03:59 - 0000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-04-17 13:07 - 2012-03-05 06:02 - 0000000 ____D C:\Program Files (x86)\CCP
2012-04-17 08:04 - 2012-03-21 13:56 - 86405736 ____A (K2 Network, Inc.) C:\Users\mark's\Desktop\APB_Reloaded_Installer.exe
2012-04-17 08:04 - 2012-03-21 13:56 - 3830088838 ____A C:\Users\mark's\Desktop\Client1.5.3.569583.7z
2012-04-17 08:03 - 2010-08-08 06:12 - 0000000 ____D C:\Users\mark's\AppData\Local\GamersFirst LIVE!
2012-04-17 08:02 - 2012-01-16 13:38 - 0001086 ____A C:\Users\Public\Desktop\GamersFirst LIVE!.lnk
2012-04-17 08:02 - 2011-01-23 16:17 - 0000000 ____D C:\Program Files (x86)\GamersFirst
2012-04-17 08:02 - 2009-07-13 20:54 - 0001120 ____A C:\Users\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
2012-04-17 07:58 - 2012-01-16 14:08 - 14988064 ____A (GamersFirst) C:\Users\mark's\Downloads\GamersFirst_LIVE!_Setup_EN.exe
2012-04-17 07:49 - 2010-04-15 13:48 - 0000000 ____D C:\Users\mark's\AppData\Local\CCP
2012-04-17 07:48 - 2012-04-18 03:26 - 4281944 ____A (CCP hf.) C:\Users\mark's\Downloads\EVE_Online_Installer_360229.exe
2012-04-17 06:06 - 2010-12-02 14:34 - 0000000 ____D C:\Users\mark's\AppData\Local\NCSoft
2012-04-17 06:03 - 2012-03-31 08:11 - 1173904 ____A (AMD Inc.) C:\Users\mark's\Downloads\catalyst_mobility_64-bit_util.exe
2012-04-17 06:03 - - 0000000 ____D C:\AMD
2012-04-17 05:34 - 2012-03-22 14:09 - 0002108 ____A C:\Users\mark's\Desktop\City of Heroes.lnk
2012-04-17 05:33 - 2010-04-19 08:58 - 0000000 ____D C:\Program Files (x86)\NCSoft
2012-04-17 05:33 - 2009-08-19 20:51 - 0001988 ____A C:\Users\Public\Desktop\NCsoft Launcher.lnk
2012-04-17 05:31 - 2012-03-01 14:21 - 0421200 ____A (NCsoft) C:\Users\mark's\Downloads\COH_Installer.exe
2012-04-17 03:06 - 2012-03-14 09:33 - 0316015 ____A C:\Users\mark's\Downloads\Linlathen Bridge Event Flyer.pdf
2012-04-17 03:03 - 2012-04-17 03:03 - 0018784 ____A C:\Users\mark's\Desktop\Placement Appendix 4.docx
2012-04-17 03:03 - 2012-04-17 03:02 - 0017888 ____A C:\Users\mark's\Desktop\Placement Appendix 3.docx
2012-04-17 03:02 - 2011-02-02 15:44 - 0018007 ____A C:\Users\mark's\Desktop\Placement Appendix 2.docx
2012-04-17 02:43 - 2011-10-24 01:35 - 0188416 ____A C:\Users\mark's\Downloads\BN0913A11 Industrial Supervisors Handbook.doc
2012-04-17 02:38 - 2012-04-03 04:36 - 0027651 ____A C:\Users\mark's\Desktop\Working Version 15.rar
2012-04-13 18:02 - 2012-03-02 19:04 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-13 18:02 - 2012-03-02 19:04 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-13 18:02 - 2012-03-02 19:04 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-13 18:02 - 2012-03-02 19:04 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-13 18:02 - 2012-03-02 19:04 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-13 18:02 - 2012-03-02 19:04 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-13 18:02 - 2012-03-02 19:04 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-13 18:02 - 2012-03-02 19:04 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-13 18:02 - 2012-02-27 23:34 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-13 18:02 - 2012-02-27 22:56 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-13 18:02 - 2012-02-27 22:48 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-13 18:02 - 2012-02-27 22:45 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-13 18:02 - 2012-02-27 22:42 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-13 18:02 - 2012-02-27 17:52 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-13 18:02 - 2012-02-27 17:18 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-13 18:02 - 2012-02-27 17:09 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-13 18:02 - 2012-02-27 17:06 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-04-13 18:02 - 2012-02-27 17:03 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-13 18:02 - 2011-05-02 21:21 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-13 18:02 - 2011-05-02 20:50 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-04-13 18:02 - 2010-12-20 22:16 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-13 18:02 - 2010-12-20 21:38 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-13 18:02 - 2009-07-13 17:41 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-13 18:02 - 2009-07-13 17:38 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-13 18:02 - 2009-07-13 17:16 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-13 18:02 - 2009-07-13 17:14 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-13 18:00 - 2009-07-13 17:41 - 5504880 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-13 18:00 - 2009-07-13 17:16 - 3958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-04-13 18:00 - 2009-07-13 17:16 - 3902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-13 07:30 - 2011-06-01 05:32 - 0000141 ____A C:\Users\mark's\Downloads\Digitally Imported - Vocal Trance.pls
2012-04-13 07:12 - 2009-07-13 17:47 - 0022896 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-04-13 07:12 - 2009-07-13 17:41 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-04-13 07:12 - 2009-07-13 17:38 - 0080896 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-04-13 07:12 - 2009-07-13 17:33 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-04-13 07:12 - 2009-07-13 17:16 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-04-13 07:12 - 2009-07-13 17:14 - 0158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-04-13 07:12 - 2009-07-13 17:11 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-04-05 10:10 - 2012-03-14 09:23 - 0012823 ____A C:\Users\mark's\Downloads\EN_2601_2602_Patch.exe.torrent
2012-04-05 08:12 - 2012-04-23 03:24 - 0859136 ____A C:\Users\mark's\Desktop\3D member types.xls
2012-04-04 12:47 - 2012-04-23 03:37 - 0830976 ____A C:\Users\mark's\Desktop\unicorn robot xyz.rtd
2012-04-03 05:44 - 2010-07-22 01:33 - 0777284 ____A C:\Users\mark's\Desktop\Echo
2012-04-03 04:36 - 2012-04-17 02:38 - 0673194 ____A C:\Users\mark's\Desktop\Working Version 153.WMF
2012-04-03 04:36 - 2012-04-03 03:50 - 2102750 ____A C:\Users\mark's\Desktop\Working Version 15.r3i
2012-04-03 04:36 - 2011-02-19 08:43 - 0837632 ____A C:\Users\mark's\Desktop\3D member types ( MARK - WI COMPLETE).xls
2012-04-03 04:27 - 2012-04-17 14:06 - 0828416 ____A C:\Users\mark's\Desktop\Copy of 3D member types MARK.xls
2012-04-03 04:26 - 2012-03-19 13:53 - 0048501 ____A C:\Users\mark's\Desktop\framework wrought iron MARK.xlsx
2012-04-03 03:50 - 2012-04-03 03:50 - 0673194 ____A C:\Users\mark's\Desktop\working version 143.WMF
2012-04-03 03:50 - 2010-04-25 11:40 - 2102755 ____A C:\Users\mark's\Desktop\working version 14.r3i
2012-04-02 04:44 - 2012-04-03 04:26 - 0002087 ____A C:\Users\mark's\Desktop\Framework.lnk
2012-04-02 04:44 - 2010-10-15 02:19 - 0000000 ____D C:\Mechanical Programs
2012-04-02 04:44 - 2010-08-06 13:44 - 0000000 ____D C:\Program Files (x86)\Wolsink
2012-04-01 16:13 - 2012-01-31 12:07 - 0040885 ____A C:\Users\mark's\Desktop\win.jpg
2012-04-01 14:21 - 2012-04-02 04:44 - 1116005 ____A C:\Users\mark's\Desktop\gaga fail.gif

============ 3 Months Modified Files and Folders =============

2012-05-01 11:42 - 2012-05-01 11:41 - 0000000 ____D C:\FRST
2012-05-01 02:36 - 2010-04-15 18:27 - 3195420672 __ASH C:\hiberfil.sys
2012-04-30 18:15 - 2010-04-15 18:38 - 0000000 ____D C:\Users\All Users\Recovery
2012-04-30 18:15 - 2010-04-15 18:38 - 0000000 ____D C:\ProgramData\Recovery
2012-04-30 17:26 - 2011-03-08 11:17 - 0000000 ____D C:\users\Mcx1-MARKS-PC
2012-04-30 17:26 - 2010-04-15 11:28 - 0000000 ____D C:\users\mark's
2012-04-30 17:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-04-30 08:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-04-27 15:35 - 2010-07-10 11:03 - 0000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2373302188-527143305-3203656255-1001UA.job
2012-04-27 15:32 - 2012-04-24 02:11 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-27 15:18 - 2012-03-26 10:13 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-27 15:12 - 2009-07-13 20:51 - 0450993 ____A C:\Windows\setupact.log
2012-04-27 10:18 - 2012-03-26 10:13 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-04-27 05:52 - 2010-04-15 18:36 - 2041760 ____A C:\Windows\WindowsUpdate.log
2012-04-27 05:25 - 2012-04-24 02:21 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-27 05:21 - 2012-04-27 05:21 - 0035066 ____A C:\ComboFix.txt
2012-04-27 05:21 - 2012-04-27 04:47 - 0000000 ____D C:\ComboFix
2012-04-27 05:21 - 2012-04-27 04:46 - 0000000 ____D C:\Qoobox
2012-04-27 05:21 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Default
2012-04-27 05:21 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-04-27 05:18 - 2012-04-27 04:47 - 0000000 ____D C:\Windows\ERDNT
2012-04-27 05:16 - 2009-07-13 20:45 - 0023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-27 05:16 - 2009-07-13 20:45 - 0023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-27 05:12 - 2011-10-10 04:05 - 0000000 ____D C:\Users\mark's\AppData\Local\LogMeIn Hamachi
2012-04-27 05:12 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
2012-04-27 05:09 - 2011-03-08 11:16 - 0000258 _RASH C:\Users\All Users\ntuser.pol
2012-04-27 05:09 - 2011-03-08 11:16 - 0000258 _RASH C:\ProgramData\ntuser.pol
2012-04-27 05:08 - 2010-04-15 18:40 - 0285158 ____A C:\Windows\PFRO.log
2012-04-27 05:08 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-27 05:07 - 2012-04-27 05:07 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-04-27 05:07 - 2012-04-27 05:07 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-04-27 05:07 - 2012-04-27 05:07 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-04-27 05:07 - 2012-04-27 05:07 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-04-27 05:07 - 2012-04-27 05:07 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-04-27 05:07 - 2012-04-27 05:07 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-04-27 05:07 - 2012-04-27 05:07 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-04-27 05:07 - 2012-04-27 05:07 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-04-27 05:07 - 2012-04-27 05:07 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-04-27 05:07 - 2012-04-27 05:07 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-04-27 05:07 - 2009-07-13 18:34 - 22806528 ____A C:\Windows\System32\config\system.bak
2012-04-27 05:07 - 2009-07-13 18:34 - 114032640 ____A C:\Windows\System32\config\software.bak
2012-04-27 05:07 - 2009-07-13 18:34 - 0786432 ____A C:\Windows\System32\config\default.bak
2012-04-27 05:07 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\security.bak
2012-04-27 05:07 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\sam.bak
2012-04-27 04:43 - 2010-04-15 21:34 - 0000000 ____D C:\Users\mark's\Tracing
2012-04-27 01:35 - 2010-07-10 11:03 - 0000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2373302188-527143305-3203656255-1001Core.job
2012-04-27 01:31 - 2012-04-27 01:31 - 0003831 ____A C:\Users\mark's\Desktop\laptop repair.txt
2012-04-27 01:29 - 2010-05-01 06:25 - 0000000 ____D C:\Program Files\horn
2012-04-26 10:42 - 2012-04-25 06:52 - 0000000 ____D C:\Users\All Users\Comodo
2012-04-26 10:42 - 2012-04-25 06:52 - 0000000 ____D C:\ProgramData\Comodo
2012-04-26 05:24 - 2012-04-26 05:24 - 0607260 ____A (Swearware) C:\Users\mark's\Desktop\dds.scr
2012-04-26 05:20 - 2012-04-26 05:20 - 0000654 ____A C:\Users\mark's\Desktop\defogger_disable.log
2012-04-26 05:20 - 2012-04-26 05:20 - 0000188 ____A C:\Users\mark's\defogger_reenable
2012-04-26 04:58 - 2012-04-26 04:58 - 0003271 ____A C:\Users\mark's\Desktop\aswMBR.txt
2012-04-26 04:58 - 2012-04-26 04:58 - 0000512 ____A C:\Users\mark's\Desktop\MBR.dat
2012-04-26 02:44 - 2009-07-13 21:13 - 0006404 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-25 10:49 - 2009-08-19 19:36 - 0000000 ____D C:\Program Files (x86)\Microsoft Works
2012-04-25 10:49 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2012-04-25 10:49 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2012-04-25 10:49 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Defender
2012-04-25 10:49 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\DVD Maker
2012-04-25 10:49 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-04-25 10:49 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Defender
2012-04-25 10:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Setup
2012-04-25 10:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\com
2012-04-25 10:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2012-04-25 10:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Setup
2012-04-25 10:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\servicing
2012-04-25 10:48 - 2012-04-24 09:38 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-25 10:48 - 2012-04-24 04:47 - 0000000 ____D C:\eb9e8a28380d1f1c67258fc8
2012-04-25 10:48 - 2011-06-27 18:06 - 0000000 ____D C:\Program Files (x86)\Norton Internet Security
2012-04-25 10:48 - 2010-05-29 00:07 - 0000000 ____D C:\Users\mark's\AppData\Roaming\MozillaControl
2012-04-25 10:48 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Speech
2012-04-25 10:48 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Speech
2012-04-25 06:52 - 2012-04-25 06:52 - 0000000 ____D C:\Users\mark's\AppData\Local\Comodo
2012-04-25 06:52 - 2012-04-25 06:52 - 0000000 ____D C:\Program Files\COMODO
2012-04-25 06:51 - 2012-04-25 06:51 - 0000000 ____D C:\Program Files (x86)\Comodo
2012-04-25 06:10 - 2012-04-25 06:10 - 0000000 ____D C:\Users\All Users\AVAST Software
2012-04-25 06:10 - 2012-04-25 06:10 - 0000000 ____D C:\ProgramData\AVAST Software
2012-04-25 06:10 - 2012-04-25 06:10 - 0000000 ____D C:\Program Files\AVAST Software
2012-04-25 05:54 - 2012-04-24 08:29 - 0001945 ____A C:\Windows\epplauncher.mif
2012-04-25 05:52 - 2012-04-25 05:52 - 2899344 ____A (AVG Technologies CZ, s.r.o.) C:\Users\mark's\Downloads\avg_remover_stf_x64_2012_2125.exe
2012-04-25 05:52 - 2012-04-25 05:52 - 0119456 ____A C:\Users\mark's\Downloads\avgremover.log
2012-04-24 16:05 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-04-24 16:05 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\com
2012-04-24 09:39 - 2012-04-24 09:39 - 0000000 ____D C:\Users\mark's\AppData\Roaming\Malwarebytes
2012-04-24 09:38 - 2012-04-24 09:38 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-04-24 09:38 - 2012-04-24 09:38 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-04-24 08:38 - 2012-04-24 08:38 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\seewqemb.sys
2012-04-24 08:37 - 2012-04-24 08:37 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\adjdueyx.sys
2012-04-24 08:30 - 2009-07-13 20:51 - 0449201 ____A C:\Windows\setupact(3877).log
2012-04-24 08:28 - 2010-08-07 14:34 - 0006594 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-04-24 04:36 - 2010-08-06 02:09 - 0382333 ____A C:\Windows\FreedomInstallScript.log
2012-04-24 04:34 - 2010-08-06 00:21 - 0000000 ____D C:\Users\mark's\AppData\Roaming\Virgin Media
2012-04-24 04:34 - 2010-08-06 00:21 - 0000000 ____D C:\Users\All Users\Virgin Media
2012-04-24 04:34 - 2010-08-06 00:21 - 0000000 ____D C:\ProgramData\Virgin Media
2012-04-24 04:34 - 2010-08-06 00:21 - 0000000 ____D C:\Program Files (x86)\Virgin Media
2012-04-24 04:20 - 2012-04-24 04:20 - 0007605 ____A C:\Users\mark's\AppData\Local\Resmon.ResmonCfg
2012-04-24 03:50 - 2012-04-24 03:50 - 1781760 ____A C:\Users\mark's\Downloads\videoplayback
2012-04-24 03:34 - 2012-04-24 03:34 - 0000000 ____D C:\Users\mark's\AppData\Roaming\Tific
2012-04-24 03:34 - 2012-04-24 03:34 - 0000000 ____D C:\Users\mark's\AppData\Local\Symantec
2012-04-24 02:43 - 2010-04-17 03:45 - 0000000 ____D C:\Users\mark's\AppData\Roaming\Azureus
2012-04-24 02:22 - 2012-04-24 02:11 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-24 02:22 - 2012-04-24 02:11 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-04-24 02:11 - 2012-04-24 02:11 - 0000000 ____D C:\Windows\System32\Macromed
2012-04-23 10:52 - 2012-04-23 10:44 - 0000750 ____A C:\Users\mark's\Downloads\Framework.INI
2012-04-23 10:51 - 2012-04-23 10:51 - 0005864 ____A C:\Users\mark's\Downloads\Echo
2012-04-23 10:50 - 2012-04-23 10:50 - 0017164 ____A C:\Users\mark's\Downloads\Roof Truss 2 (1).rwi
2012-04-23 10:50 - 2012-04-23 10:43 - 0000000 ____A C:\Users\mark's\Downloads\SkinNaam
2012-04-23 10:45 - 2012-04-23 10:45 - 0017164 ____A C:\Users\mark's\Downloads\Roof Truss 2.rwi
2012-04-23 10:43 - 2012-04-23 10:43 - 0010187 ____A C:\Users\mark's\Downloads\Roof Truss 2.rwu
2012-04-23 10:43 - 2012-04-23 10:43 - 0010187 ____A C:\Users\mark's\Downloads\Roof Truss 2 (1).rwu
2012-04-23 10:17 - 2010-08-09 09:03 - 0000000 ____D C:\Users\mark's\Documents\StarCraft II
2012-04-23 09:19 - 2012-04-23 09:19 - 0002172 ____A C:\Users\Public\Desktop\Google Earth.lnk
2012-04-23 09:19 - 2012-03-26 10:13 - 0000000 ____D C:\Program Files (x86)\Google
2012-04-23 05:47 - 2012-04-23 05:47 - 0516105 ____A C:\Users\mark's\Downloads\ship.zip
2012-04-23 03:37 - 2012-04-23 02:17 - 0161792 ____A C:\Users\mark's\Desktop\unicorn robot xyz.rtb
2012-04-23 03:24 - 2012-04-03 04:36 - 0837632 ____A C:\Users\mark's\Desktop\3D member types ( MARK - WI COMPLETE).xls
2012-04-23 03:13 - 2012-04-03 05:44 - 0777284 ____A C:\Users\mark's\Desktop\Echo
2012-04-22 17:56 - 2010-04-15 19:25 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-04-22 17:56 - 2009-08-19 19:03 - 0000000 ____D C:\Users\All Users\Norton
2012-04-22 17:56 - 2009-08-19 19:03 - 0000000 ____D C:\ProgramData\Norton
2012-04-21 01:14 - 2012-04-21 01:14 - 0000165 ___AH C:\Users\mark's\Desktop\~$CASH MONEY ME N HANNAH.xlsx
2012-04-20 12:39 - 2011-03-09 17:17 - 0957952 __ASH C:\Users\mark's\Desktop\Thumbs.db
2012-04-19 16:41 - 2012-01-12 09:32 - 0000000 ____D C:\Users\mark's\AppData\Local\PMB Files
2012-04-19 09:59 - 2012-01-12 09:31 - 0000000 ____D C:\Users\All Users\PMB Files
2012-04-19 09:59 - 2012-01-12 09:31 - 0000000 ____D C:\ProgramData\PMB Files
2012-04-19 09:36 - 2012-04-17 15:22 - 0283416 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-04-19 09:36 - 2012-04-17 15:18 - 0283416 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-04-19 05:43 - 2012-01-10 07:52 - 0000000 ____D C:\Users\mark's\Desktop\placement paperwork
2012-04-19 04:32 - 2010-08-06 00:21 - 0000000 ____D C:\Users\All Users\Radialpoint
2012-04-19 04:32 - 2010-08-06 00:21 - 0000000 ____D C:\ProgramData\Radialpoint
2012-04-19 04:32 - 2009-07-13 21:08 - 0032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-18 07:08 - 2012-04-17 15:18 - 0283416 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-04-18 03:49 - 2012-04-18 03:49 - 0000000 ____D C:\Users\mark's\Documents\EVE
2012-04-18 03:49 - 2012-04-18 03:49 - 0000000 ____D C:\Users\All Users\CCP
2012-04-18 03:49 - 2012-04-18 03:49 - 0000000 ____D C:\ProgramData\CCP
2012-04-18 03:47 - 2012-04-18 03:47 - 0000066 ____A C:\Windows\11338872
2012-04-18 03:41 - 2012-04-18 03:41 - 0001851 ____A C:\Users\mark's\Desktop\EVE.lnk
2012-04-18 03:26 - 2012-04-18 03:26 - 4281944 ____A (CCP hf.) C:\Users\mark's\Downloads\EVE_Online_Installer_360229 (1).exe
2012-04-17 15:22 - 2012-04-17 15:22 - 0000000 ____D C:\Users\mark's\AppData\Local\PunkBuster
2012-04-17 15:18 - 2012-04-17 15:18 - 0076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2012-04-17 15:18 - 2010-05-03 12:02 - 0388244 ____A C:\Windows\DirectX.log
2012-04-17 15:16 - 2012-04-17 15:16 - 0000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-04-17 14:20 - 2012-04-17 08:02 - 0000000 ____D C:\Program Files (x86)\GamersFirst
2012-04-17 14:06 - 2012-04-17 08:04 - 86405736 ____A (K2 Network, Inc.) C:\Users\mark's\Desktop\APB_Reloaded_Installer.exe
2012-04-17 14:06 - 2012-04-17 08:04 - 3830088838 ____A C:\Users\mark's\Desktop\Client1.5.3.569583.7z
2012-04-17 13:07 - 2012-04-17 13:07 - 0000000 ____D C:\Program Files (x86)\CCP
2012-04-17 08:22 - 2010-06-24 11:18 - 0000000 ____D C:\Users\mark's\AppData\Roaming\Skype
2012-04-17 08:03 - 2012-04-17 08:03 - 0000000 ____D C:\Users\mark's\AppData\Local\GamersFirst LIVE!
2012-04-17 08:02 - 2012-04-17 08:02 - 0001120 ____A C:\Users\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
2012-04-17 08:02 - 2012-04-17 08:02 - 0001086 ____A C:\Users\Public\Desktop\GamersFirst LIVE!.lnk
2012-04-17 08:00 - 2012-04-17 07:58 - 14988064 ____A (GamersFirst) C:\Users\mark's\Downloads\GamersFirst_LIVE!_Setup_EN.exe
2012-04-17 07:49 - 2012-04-17 07:49 - 0000000 ____D C:\Users\mark's\AppData\Local\CCP
2012-04-17 07:48 - 2012-04-17 07:48 - 4281944 ____A (CCP hf.) C:\Users\mark's\Downloads\EVE_Online_Installer_360229.exe
2012-04-17 06:06 - 2012-04-17 06:06 - 0000000 ____D C:\Users\mark's\AppData\Local\NCSoft
2012-04-17 06:03 - 2012-04-17 06:03 - 1173904 ____A (AMD Inc.) C:\Users\mark's\Downloads\catalyst_mobility_64-bit_util.exe
2012-04-17 06:03 - 2012-04-17 06:03 - 0000000 ____D C:\AMD
2012-04-17 05:34 - 2012-04-17 05:34 - 0002108 ____A C:\Users\mark's\Desktop\City of Heroes.lnk
2012-04-17 05:34 - 2012-04-17 05:33 - 0000000 ____D C:\Program Files (x86)\NCSoft
2012-04-17 05:34 - 2011-01-08 10:00 - 0000000 ____D C:\Users\mark's\AppData\Roaming\GetRightToGo
2012-04-17 05:33 - 2012-04-17 05:33 - 0001988 ____A C:\Users\Public\Desktop\NCsoft Launcher.lnk
2012-04-17 05:33 - 2009-08-19 18:49 - 0000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2012-04-17 05:31 - 2012-04-17 05:31 - 0421200 ____A (NCsoft) C:\Users\mark's\Downloads\COH_Installer.exe
2012-04-17 03:06 - 2012-04-17 03:06 - 0316015 ____A C:\Users\mark's\Downloads\Linlathen Bridge Event Flyer.pdf
2012-04-17 03:03 - 2012-04-17 03:03 - 0018784 ____A C:\Users\mark's\Desktop\Placement Appendix 4.docx
2012-04-17 03:03 - 2012-04-17 03:03 - 0017888 ____A C:\Users\mark's\Desktop\Placement Appendix 3.docx
2012-04-17 03:02 - 2012-04-17 03:02 - 0018007 ____A C:\Users\mark's\Desktop\Placement Appendix 2.docx
2012-04-17 03:00 - 2012-04-17 02:43 - 0188416 ____A C:\Users\mark's\Downloads\BN0913A11 Industrial Supervisors Handbook.doc
2012-04-17 02:38 - 2012-04-17 02:38 - 0027651 ____A C:\Users\mark's\Desktop\Working Version 15.rar
2012-04-16 09:36 - 2010-04-17 03:53 - 0000000 ____D C:\Users\mark's\Documents\Vuze Downloads
2012-04-13 22:36 - 2010-07-10 11:05 - 0002402 ____A C:\Users\mark's\Desktop\Google Chrome.lnk
2012-04-13 18:05 - 2009-08-19 19:58 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-04-13 18:05 - 2009-08-19 19:58 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-04-13 07:30 - 2012-04-13 07:30 - 0000141 ____A C:\Users\mark's\Downloads\Digitally Imported - Vocal Trance.pls
2012-04-06 12:45 - 2011-10-09 06:43 - 0000000 ____D C:\Users\mark's\AppData\Roaming\.minecraft
2012-04-05 10:10 - 2012-04-05 10:10 - 0012823 ____A C:\Users\mark's\Downloads\EN_2601_2602_Patch.exe.torrent
2012-04-05 08:12 - 2012-04-05 08:12 - 0859136 ____A C:\Users\mark's\Desktop\3D member types.xls
2012-04-04 12:47 - 2012-04-04 12:47 - 0830976 ____A C:\Users\mark's\Desktop\unicorn robot xyz.rtd
2012-04-03 04:36 - 2012-04-03 04:36 - 2102750 ____A C:\Users\mark's\Desktop\Working Version 15.r3i
2012-04-03 04:36 - 2012-04-03 04:36 - 0673194 ____A C:\Users\mark's\Desktop\Working Version 153.WMF
2012-04-03 04:27 - 2012-04-03 04:27 - 0828416 ____A C:\Users\mark's\Desktop\Copy of 3D member types MARK.xls
2012-04-03 04:26 - 2012-04-03 04:26 - 0048501 ____A C:\Users\mark's\Desktop\framework wrought iron MARK.xlsx
2012-04-03 03:50 - 2012-04-03 03:50 - 2102755 ____A C:\Users\mark's\Desktop\working version 14.r3i
2012-04-03 03:50 - 2012-04-03 03:50 - 0673194 ____A C:\Users\mark's\Desktop\working version 143.WMF
2012-04-02 04:44 - 2012-04-02 04:44 - 0002087 ____A C:\Users\mark's\Desktop\Framework.lnk
2012-04-02 04:44 - 2012-04-02 04:44 - 0000000 ____D C:\Program Files (x86)\Wolsink
2012-04-02 04:44 - 2012-04-02 04:44 - 0000000 ____D C:\Mechanical Programs
2012-04-01 16:13 - 2012-04-01 16:13 - 0040885 ____A C:\Users\mark's\Desktop\win.jpg
2012-04-01 14:21 - 2012-04-01 14:21 - 1116005 ____A C:\Users\mark's\Desktop\gaga fail.gif
2012-03-31 08:11 - 2012-03-31 08:11 - 3583728 ____A C:\Users\mark's\Downloads\Cascada - truly madly deeply.mp3
2012-03-31 08:11 - 2012-03-31 08:11 - 3263427 ____A C:\Users\mark's\Downloads\Cascada_A Neverending Dream.mp3
2012-03-31 08:10 - 2012-03-31 08:10 - 5234688 ____A C:\Users\mark's\Downloads\Cascada - Miracle.mp3
2012-03-31 08:10 - 2012-03-31 08:10 - 2876356 ____A C:\Users\mark's\Downloads\09 Kids in America.m4a
2012-03-31 08:09 - 2012-03-31 08:09 - 4607144 ____A C:\Users\mark's\Downloads\Cascada - Bad Boy.mp3
2012-03-31 08:09 - 2012-03-31 08:09 - 1582453 ____A C:\Users\mark's\Downloads\Cascada - Everytime We Touch.mp3
2012-03-31 08:09 - 2012-03-31 08:09 - 0885140 ____A C:\Users\mark's\Downloads\01 What Hurts The Most.mp3
2012-03-31 08:08 - 2012-03-31 08:08 - 7596719 ____A C:\Users\mark's\Downloads\Levels-Avicii.mp3
2012-03-31 08:02 - 2012-03-31 08:02 - 7270240 ____A C:\Users\mark's\Downloads\Kanye West ft. Jay Z - Otis (1).mp3
2012-03-31 07:34 - 2012-03-31 07:34 - 7270240 ____A C:\Users\mark's\Downloads\Kanye West ft. Jay Z - Otis.mp3
2012-03-31 07:34 - 2012-03-31 07:34 - 3411093 ____A C:\Users\mark's\Downloads\Tulisa-Young.mp3
2012-03-31 07:33 - 2012-03-31 07:33 - 4509846 ____A C:\Users\mark's\Downloads\Nicki Minaj - Marilyn Monroe (1).mp3
2012-03-31 07:33 - 2012-03-31 07:33 - 3466918 ____A C:\Users\mark's\Downloads\Katy Perry - Part Of Me.mp3
2012-03-31 07:33 - 2012-03-31 07:32 - 4509846 ____A C:\Users\mark's\Downloads\Nicki Minaj - Marilyn Monroe.mp3
2012-03-31 07:31 - 2012-03-31 07:31 - 7296209 ____A C:\Users\mark's\Downloads\Alexandra Burke - Elephant ft. Erick Morillo.mp3
2012-03-30 07:38 - 2012-03-30 07:38 - 40864401 ____A C:\Users\mark's\Downloads\MECHANIC.zip
2012-03-30 07:38 - 2012-03-30 07:38 - 0065536 __ASH C:\Windows\System32\config\COMPONENTS{64249b13-2bbb-11e1-8fc9-b1c8e5e1dee9}.TxR.blf
2012-03-29 11:10 - 2012-03-29 11:10 - 0000000 ____D C:\Users\mark's\AppData\Local\Autodesk, Inc
2012-03-29 11:02 - 2010-05-24 10:22 - 0000000 ____D C:\Users\mark's\AppData\Roaming\Autodesk
2012-03-28 08:24 - 2012-03-28 08:15 - 609756587 ____A C:\Users\mark's\Downloads\Horizon_2011-2012_Episode_12_b01f88jj_1332704523.wmv
2012-03-26 10:14 - 2010-07-10 11:03 - 0000000 ____D C:\Users\mark's\AppData\Local\Google
2012-03-26 10:14 - 2010-04-15 11:28 - 0000000 ____D C:\Users\mark's\AppData\LocalLow
2012-03-26 10:13 - 2012-03-26 10:13 - 0739824 ____A (Google Inc.) C:\Users\mark's\Downloads\GoogleEarthSetup.exe
2012-03-22 14:09 - 2012-03-22 14:09 - 0010246 ____A C:\Users\mark's\Desktop\CASH MONEY ME N HANNAH.xlsx
2012-03-22 10:42 - 2012-03-22 10:42 - 0296624 ____A C:\Windows\Panzer Corps Uninstall Log.txt
2012-03-22 10:07 - 2012-03-22 10:07 - 0040960 ____A C:\Users\mark's\Downloads\publication_1010.xls
2012-03-21 14:11 - 2012-03-21 14:00 - 0063488 ____A C:\Users\mark's\Desktop\Mark Thomas Lawlor New CV March 2012.doc
2012-03-21 13:57 - 2012-03-21 13:57 - 0024730 ____A C:\Users\mark's\Desktop\ANGUS COUNCIL APPLICATION.docx
2012-03-21 13:56 - 2012-03-21 13:56 - 0031531 ____A C:\Users\mark's\Desktop\ANGUS COUNCIL APPLICATION.htm
2012-03-21 13:56 - 2011-02-03 04:30 - 0000000 ____D C:\Users\mark's\Desktop\CIVIL ENG UNI
2012-03-21 13:34 - 2012-03-21 12:51 - 0018974 ____A C:\Users\mark's\Desktop\Mark Thomas Lawlor New CV March 2012.docx
2012-03-21 12:10 - 2012-03-21 12:10 - 0035840 ____A C:\Users\mark's\Downloads\ecip-resume-project-focused-one-address.doc
2012-03-21 08:03 - 2012-03-21 08:03 - 0054784 ____A C:\Users\mark's\Downloads\StudentPlacementRoads.doc
2012-03-21 07:15 - 2011-10-12 10:08 - 0000000 ____D C:\Users\mark's\AppData\Local\CrashDumps
2012-03-19 13:53 - 2012-01-16 13:13 - 0000000 ____D C:\Users\mark's\Desktop\games
2012-03-19 13:53 - 2012-01-09 04:13 - 0000000 ____D C:\Users\mark's\Desktop\fluids report pics
2012-03-14 19:20 - 2009-07-13 20:45 - 3139824 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-14 13:27 - 2012-03-14 13:27 - 3381411 ____A C:\Users\mark's\Downloads\Sum 41 - Heart Attack.mp3
2012-03-14 13:27 - 2012-03-14 13:26 - 4370432 ____A C:\Users\mark's\Downloads\Sum 41-Nothing On My Back.mp3
2012-03-14 13:26 - 2012-03-14 13:26 - 4344951 ____A C:\Users\mark's\Downloads\09 Handle This 1.mp3
2012-03-14 13:25 - 2012-03-14 13:25 - 3403497 ____A C:\Users\mark's\Downloads\06 Motivation 1.mp3
2012-03-14 13:25 - 2012-03-14 13:24 - 3580604 ____A C:\Users\mark's\Downloads\05 Rhythms 1.mp3
2012-03-14 13:24 - 2012-03-14 13:24 - 3391476 ____A C:\Users\mark's\Downloads\08 Summer 1.mp3
2012-03-14 13:24 - 2012-03-14 13:24 - 1001279 ____A C:\Users\mark's\Downloads\03 Never Wake Up 1.mp3
2012-03-14 13:23 - 2012-03-14 13:23 - 2842913 ____A C:\Users\mark's\Downloads\11 All She's Got 1.mp3
2012-03-14 13:23 - 2012-03-14 13:22 - 2069693 ____A C:\Users\mark's\Downloads\13 Pain For Pleasure 1.mp3
2012-03-14 13:22 - 2012-03-14 13:22 - 4761728 ____A C:\Users\mark's\Downloads\12 - Sum 41 - There's No Solution.mp3
2012-03-14 13:21 - 2012-03-14 13:21 - 2715966 ____A C:\Users\mark's\Downloads\10 Crazy Amanda Bunkface 1.mp3
2012-03-14 13:20 - 2012-03-14 13:20 - 4145898 ____A C:\Users\mark's\Downloads\07 In Too Deep 1.mp3
2012-03-14 13:20 - 2012-03-14 13:19 - 4428639 ____A C:\Users\mark's\Downloads\sum41 02 no reason.mp3
2012-03-14 13:18 - 2012-03-14 13:18 - 2855040 ____A C:\Users\mark's\Downloads\Sum41 - Fat Lip.mp3
2012-03-14 13:18 - 2012-03-14 13:18 - 2541568 ____A C:\Users\mark's\Downloads\Sum 41 - Still Waiting.mp3
2012-03-14 13:16 - 2012-03-14 13:16 - 4373534 ____A C:\Users\mark's\Downloads\Sum 41 - Pieces.mp3
2012-03-14 13:16 - 2012-03-14 13:15 - 7871155 ____A C:\Users\mark's\Downloads\Sum 41 - With me.mp3
2012-03-14 13:16 - 2012-03-14 13:15 - 3973342 ____A C:\Users\mark's\Downloads\Sum 41 - The Hell Song.mp3
2012-03-14 13:15 - 2012-03-14 13:14 - 4143200 ____A C:\Users\mark's\Downloads\Shwayze - Buzzin.mp3
2012-03-14 12:55 - 2012-03-14 12:54 - 8351954 ____A C:\Users\mark's\Downloads\18 Lady Gaga - Paparazzi.mp3
2012-03-14 12:19 - 2012-03-14 12:18 - 9368202 ____A C:\Users\mark's\Downloads\10. Kelly Rowland - Down for Whatever (The WAV.s).mp3
2012-03-14 12:17 - 2012-03-14 12:17 - 4672334 ____A C:\Users\mark's\Downloads\Nelly - Ride With Me.mp3
2012-03-14 09:54 - 2012-03-14 09:54 - 2903626 ____A C:\Users\mark's\Downloads\28. Professor Green Ft. Lily Allen - Just Be Good To Green (CDQ) [www.BestVideoRap.com].mp3
2012-03-14 09:54 - 2012-03-14 09:53 - 9563525 ____A C:\Users\mark's\Downloads\01 Everyone's At It.m4a
2012-03-14 09:53 - 2012-03-14 09:53 - 7386469 ____A C:\Users\mark's\Downloads\14 Lily Allen - 22.mp3
2012-03-14 09:45 - 2012-03-14 09:45 - 9027846 ____A C:\Users\mark's\Downloads\Jay-Z and Kanye West ft. T.I. - bleeps In Paris (Remix).mp3
2012-03-14 09:45 - 2012-03-14 09:45 - 2893824 ____A C:\Users\mark's\Downloads\otis jay-z and kanye west.mp3
2012-03-14 09:36 - 2012-03-14 09:36 - 9242228 ____A C:\Users\mark's\Downloads\Who'd Have Known.mp3
2012-03-14 09:36 - 2012-03-14 09:36 - 1632716 ____A C:\Users\mark's\Downloads\Lily Allen - Not Fair.mp3
2012-03-14 09:34 - 2012-03-14 09:34 - 5685698 ____A C:\Users\mark's\Downloads\T-Pain - 5 O'Clock (Feat. Wiz Khalifa & Lily Allen).mp3
2012-03-14 09:34 - 2012-03-14 09:34 - 1816869 ____A C:\Users\mark's\Downloads\Lily Allen - bleep You.mp3
2012-03-14 09:33 - 2012-03-14 09:33 - 1645046 ____A C:\Users\mark's\Downloads\Lily Allen - The Fear.mp3
2012-03-14 09:32 - 2012-03-14 09:32 - 3078112 ____A C:\Users\mark's\Downloads\Stooshe_ft_Travie_McCoy_-_Love_Me.mp3
2012-03-14 09:31 - 2012-03-14 09:31 - 7605460 ____A C:\Users\mark's\Downloads\Jessie J - Domino (1).mp3
2012-03-14 09:29 - 2012-03-14 09:29 - 4710037 ____A C:\Users\mark's\Downloads\Nicki Minaj Feat. Lil Wayne-Roman Reloaded.mp3
2012-03-14 09:28 - 2012-03-14 09:28 - 3269240 ____A C:\Users\mark's\Downloads\Nicki Minaj - Stupid Hoe.mp3
2012-03-14 09:27 - 2012-03-14 09:27 - 3384576 ____A C:\Users\mark's\Downloads\Nicki Minaj - Starships.mp3
2012-03-14 09:26 - 2012-03-14 09:26 - 9893194 ____A C:\Users\mark's\Downloads\David Guetta - Titanium feat. Sia - Original Mix.mp3
2012-03-14 09:25 - 2012-03-14 09:25 - 6707784 ____A C:\Users\mark's\Downloads\03-David Guetta - Turn Me On (Feat. Nicki Minaj).mp3
2012-03-14 09:23 - 2012-03-14 09:23 - 20190976 ____A C:\Users\mark's\Downloads\Enrique Iglesias feat. Pitbull - I Like It (Avicii Remix).mp3
2012-03-14 09:22 - 2012-03-14 09:21 - 5697059 ____A C:\Users\mark's\Downloads\Elevator.mp3
2012-03-14 09:17 - 2012-03-14 09:17 - 7486007 ____A C:\Users\mark's\Downloads\Flo Rida - Wild Ones ft. Sia.mp3
2012-03-11 11:00 - 2012-03-11 11:00 - 2081080 ____A (Bandoo Media Inc. ) C:\Users\mark's\Downloads\iLividSetupV1 (4).exe
2012-03-10 16:38 - 2012-03-10 16:38 - 2081080 ____A (Bandoo Media Inc. ) C:\Users\mark's\Downloads\iLividSetupV1 (3).exe
2012-03-08 11:04 - 2012-03-08 11:04 - 0164408 ____A C:\Users\mark's\Desktop\KONY 7.png
2012-03-08 10:55 - 2012-03-08 10:55 - 0453983 ____A C:\Users\mark's\Desktop\kony 6.png
2012-03-08 10:49 - 2012-03-08 10:49 - 0370183 ____A C:\Users\mark's\Desktop\KONY 5.png
2012-03-08 10:48 - 2012-03-08 10:48 - 0049226 ____A C:\Users\mark's\Downloads\download
2012-03-08 10:47 - 2012-03-08 10:47 - 1172987 ____A C:\Users\mark's\Desktop\KONY4.png
2012-03-08 10:42 - 2012-03-08 10:42 - 0323932 ____A C:\Users\mark's\Desktop\KONY3.png
2012-03-08 10:23 - 2012-03-08 07:49 - 0669002 ____A C:\Users\mark's\Desktop\KONY2.png
2012-03-08 07:44 - 2012-03-08 07:44 - 0290649 ____A C:\Users\mark's\Desktop\KONY.png
2012-03-06 19:03 - 2009-07-13 18:34 - 0000478 ____A C:\Windows\win.ini
2012-03-05 22:43 - 2012-04-13 18:00 - 5504880 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-05 21:59 - 2012-04-13 18:00 - 3958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-05 21:59 - 2012-04-13 18:00 - 3902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-05 06:12 - 2012-03-05 06:12 - 0000000 ____D C:\Users\mark's\AppData\Roaming\.mono
2012-03-05 06:04 - 2012-03-05 06:01 - 0000000 ____D C:\Users\mark's\AppData\Roaming\Headup Games
2012-03-05 06:02 - 2012-03-05 06:02 - 0001082 ____A C:\Users\Public\Desktop\Bridge Constructor.lnk
2012-03-05 06:02 - 2012-03-05 06:02 - 0000000 ____D C:\Program Files (x86)\Bridge Constructor
2012-03-05 02:22 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2012-03-02 19:20 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-03-02 19:05 - 2012-03-02 19:00 - 0003900 ____A C:\Windows\IE9_main.log
2012-03-02 19:04 - 2012-03-02 19:04 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-03-02 19:04 - 2012-03-02 19:04 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-03-02 19:04 - 2012-03-02 19:04 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-03-02 19:04 - 2012-03-02 19:04 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-03-02 19:04 - 2012-03-02 19:04 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-03-02 19:04 - 2012-03-02 19:04 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-03-02 19:04 - 2012-03-02 19:04 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-03-02 19:04 - 2012-03-02 19:04 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-03-02 19:04 - 2012-03-02 19:04 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-03-02 19:04 - 2012-03-02 19:04 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-03-02 19:04 - 2012-03-02 19:04 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-03-02 19:04 - 2012-03-02 19:04 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-03-02 19:04 - 2012-03-02 19:04 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-03-02 19:04 - 2012-03-02 19:04 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-03-02 19:04 - 2012-03-02 19:04 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-03-02 19:04 - 2012-03-02 19:04 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-03-02 19:04 - 2012-03-02 19:04 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-03-02 19:04 - 2012-03-02 19:04 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-03-02 19:04 - 2012-03-02 19:04 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-03-02 19:04 - 2012-03-02 19:04 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-03-02 19:04 - 2012-03-02 19:04 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-03-02 19:04 - 2012-03-02 19:04 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-03-02 19:04 - 2012-03-02 19:04 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-03-02 19:04 - 2012-03-02 19:04 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-03-02 19:04 - 2012-03-02 19:04 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-03-01 14:22 - 2012-03-01 14:22 - 0000050 ____A C:\user.js
2012-03-01 14:22 - 2012-03-01 14:22 - 0000000 ____D C:\Users\All Users\Premium
2012-03-01 14:22 - 2012-03-01 14:22 - 0000000 ____D C:\ProgramData\Premium
2012-03-01 14:22 - 2012-03-01 14:22 - 0000000 ____D C:\codec-info
2012-03-01 14:22 - 2012-03-01 14:21 - 0000000 ____D C:\Users\All Users\InstallMate
2012-03-01 14:22 - 2012-03-01 14:21 - 0000000 ____D C:\ProgramData\InstallMate
2012-03-01 14:22 - 2011-10-10 05:40 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-03-01 14:21 - 2012-03-01 14:21 - 0260160 ____A (Premium) C:\Users\mark's\Downloads\Codec-C.exe
2012-02-29 22:54 - 2012-04-13 07:12 - 0022896 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-29 22:45 - 2012-04-13 07:12 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 22:40 - 2012-04-13 07:12 - 0080896 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 22:35 - 2012-04-13 07:12 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 21:49 - 2012-04-13 07:12 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-02-29 21:45 - 2012-04-13 07:12 - 0158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-02-29 21:40 - 2012-04-13 07:12 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-29 16:59 - 2012-02-29 16:59 - 0000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2012-02-29 16:59 - 2011-10-10 04:04 - 0000886 ____A C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2012-02-29 13:21 - 2012-02-29 13:21 - 2063040 ____A (Bandoo Media Inc. ) C:\Users\mark's\Downloads\iLividSetupV1 (2).exe
2012-02-28 12:50 - 2012-02-28 12:50 - 1014272 ____A C:\Users\mark's\Downloads\Funding Booklet 2009 for web pages.doc
2012-02-27 23:34 - 2012-04-13 18:02 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-27 23:02 - 2012-04-13 18:02 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 22:56 - 2012-04-13 18:02 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-27 22:50 - 2012-04-13 18:02 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 22:49 - 2012-04-13 18:02 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 22:48 - 2012-04-13 18:02 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-27 22:48 - 2012-04-13 18:02 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 22:47 - 2012-04-13 18:02 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 22:45 - 2012-04-13 18:02 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-27 22:43 - 2012-04-13 18:02 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 22:43 - 2012-04-13 18:02 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 22:42 - 2012-04-13 18:02 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 22:39 - 2012-04-13 18:02 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-27 17:52 - 2012-04-13 18:02 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-27 17:27 - 2012-04-13 18:02 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-27 17:18 - 2012-04-13 18:02 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-27 17:12 - 2012-04-13 18:02 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-27 17:11 - 2012-04-13 18:02 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-27 17:11 - 2012-04-13 18:02 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-27 17:09 - 2012-04-13 18:02 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-27 17:08 - 2012-04-13 18:02 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-27 17:06 - 2012-04-13 18:02 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-27 17:04 - 2012-04-13 18:02 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-27 17:03 - 2012-04-13 18:02 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-27 17:03 - 2012-04-13 18:02 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-27 16:59 - 2012-04-13 18:02 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-27 08:01 - 2012-02-27 08:01 - 0187904 ____A C:\Users\mark's\Desktop\Stratfor Intelligence Glossary Wikileaked.doc
2012-02-27 08:01 - 2012-02-27 08:01 - 0000162 ___AH C:\Users\mark's\Desktop\~$ratfor Intelligence Glossary Wikileaked.doc
2012-02-27 07:52 - 2012-02-27 07:52 - 0199680 ____A C:\Users\mark's\Downloads\107978_Intelligence Glossary.doc
2012-02-27 07:52 - 2012-02-27 07:52 - 0000162 ___AH C:\Users\mark's\Downloads\~$7978_Intelligence Glossary.doc
2012-02-27 07:36 - 2012-02-27 07:36 - 1177088 ____A C:\Users\mark's\Downloads\1785_GV MASTER Client List 3-15-07.xls
2012-02-27 06:10 - 2012-02-27 06:10 - 0029184 ____A C:\Users\mark's\Downloads\37035_client list.xls
2012-02-24 23:18 - 2012-02-24 23:18 - 0000000 ____D C:\found.000
2012-02-23 01:18 - 2010-04-15 11:50 - 0279656 ____A (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-21 10:10 - 2011-11-04 07:39 - 2016355 ____A C:\Users\mark's\Desktop\hggh 095.JPG
2012-02-16 02:28 - 2009-08-19 18:52 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-15 02:50 - 2010-04-15 13:47 - 0000174 ___SH C:\Users\mark's\Start Menu\Programs\Startup\desktop.ini
2012-02-15 02:50 - 2010-04-15 13:47 - 0000174 ___SH C:\Users\mark's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-14 22:27 - 2012-03-14 01:07 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-14 21:44 - 2012-03-14 01:07 - 0826368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-14 20:47 - 2012-03-14 01:07 - 0204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-14 20:46 - 2012-03-14 01:07 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-09 22:18 - 2012-03-14 01:08 - 1541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 22:17 - 2012-03-14 01:08 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-02-09 22:17 - 2012-03-14 01:08 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-02-09 22:17 - 2012-03-14 01:08 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-02-09 22:17 - 2012-03-14 01:08 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-02-09 21:41 - 2012-03-14 01:08 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-02-09 21:41 - 2012-03-14 01:08 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-09 21:41 - 2012-03-14 01:08 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-02-09 21:41 - 2012-03-14 01:08 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-02-09 21:41 - 2012-03-14 01:08 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-02-09 10:15 - 2010-04-15 15:21 - 0000000 ____D C:\Users\mark's\Documents\Webcam
2012-02-09 10:13 - 2012-02-09 10:13 - 0002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-02-09 10:13 - 2010-06-24 11:18 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-02-09 10:13 - 2010-06-24 11:18 - 0000000 ____D C:\Users\All Users\Skype
2012-02-09 10:13 - 2010-06-24 11:18 - 0000000 ____D C:\ProgramData\Skype
2012-02-08 12:47 - 2012-02-08 12:47 - 0162816 ____A C:\Users\mark's\Desktop\unicorn levelling 5.xls
2012-02-08 12:47 - 2012-02-08 09:51 - 0162816 ____A C:\Users\mark's\Downloads\unicorn levelling 4.xls
2012-02-07 02:02 - 2012-02-07 02:02 - 1070352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2012-02-06 14:56 - 2012-02-06 14:25 - 89907200 ____A C:\Users\mark's\Desktop\Sucker Punch TS V2 XViD - IMAGiNE.avi
2012-02-06 14:20 - 2012-02-06 12:00 - 732572432 ____A C:\Users\mark's\Desktop\Super.8.2011.BluRay.720p[AhangFA].mkv
2012-02-06 11:14 - 2012-02-06 11:14 - 0008464 ____A C:\Users\mark's\Desktop\evil dead.jpg
2012-02-06 09:57 - 2012-02-06 09:57 - 0073728 ____A C:\Users\mark's\Downloads\EPO_revised_Generic_Summary_April2011.doc
2012-02-06 09:56 - 2012-02-06 09:56 - 0015988 ____A C:\Users\mark's\Downloads\supplementary_job_summary_information_form_EPO_Fife.docx
2012-02-06 09:55 - 2012-02-06 09:55 - 0113152 ____A C:\Users\mark's\Downloads\Specialist_II_OP09023_120127.doc
2012-02-02 20:16 - 2012-03-14 01:08 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-02 11:06 - 2012-01-10 13:03 - 0000193 ___AH C:\Users\mark's\Documents\Drawing1.dwl2
2012-02-02 11:06 - 2012-01-10 13:03 - 0000043 ___AH C:\Users\mark's\Documents\Drawing1.dwl
2012-02-02 10:55 - 2012-02-02 10:55 - 0000193 ___AH C:\Users\mark's\Desktop\Upper Deck Jan2012.dwl2
2012-02-02 10:55 - 2012-02-02 10:55 - 0000043 ___AH C:\Users\mark's\Desktop\Upper Deck Jan2012.dwl

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 18%
Total physical RAM: 4063.19 MB
Available physical RAM: 3298.88 MB
Total Pagefile: 4061.34 MB
Available Pagefile: 3291.69 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:452.48 GB) (Free:34.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:13.08 GB) (Free:2.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: () (Removable) (Total:3.73 GB) (Free:1.57 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.13 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 3819 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 452 GB 200 MB
Partition 3 Primary 13 GB 452 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 452 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 13 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3818 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 3818 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-04-19 03:51

======================= End Of Log ==========================

#14 Brokenlaptop1

Member

Members
15 posts

Posted 01 May 2012 - 08:33 AM

hey Gringo.

leaving uni now..laptop still not loading windows. I can jump into the library to do any more steps of the repair when you recieve log

#15 gringo_pr

Bleepin Gringo

Malware Response Team
121,033 posts

Gender:Male
Location:Puerto rico

Posted 01 May 2012 - 08:29 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

SubSystems: [Windows] ==> ZeroAccess
2 symids; C:\Windows\System32\bh611.dll [6656 2009-07-13] (Oak Technology Inc.)
C:\Windows\System32\bh611.dll
NETSVC: symids
1 ikwtemjp; \??\C:\Windows\system32\drivers\ikwtemjp.sys [x]

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo[/b]