U-Kash Partial Removal

Good morning,

I was infected with a U-Kash virus last week which had my desktop completely locked.

I managed to remove the offending files by looking for the culprit in the registry.

Once removed, some of the effects remained, like task manager being disabled. I did manage to enable it again.

I discovered today that my control panel is not fully functional. For example, when I click on the Mouse icon, I get there an error window called "Explorer.exe", displaying the message "Application not found". My calculator has also been renamed and a few other accessories are missing, I think.

Other than that, everything seems functional. The PC is not slow and doesn't exhibit any strange behavior.

Thank you for your time,

- William

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Nekurahn at 9:26:06 on 2012-05-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.6135.3737 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\OEM\USBDECTION\USBS3S4Detection.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Druide\Antidote\Gestionnaire Antidote.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Nekurahn\Local Settings\Apps\F.lux\flux.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoCast.exe
C:\Windows\system32\conhost.exe
C:\Users\Nekurahn\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uSearch Bar = Preserve
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=dx4840&r=17360910a506p04d5v135k4631r376
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=dx4840&r=17360910a506p04d5v135k4631r376
uInternet Settings,ProxyOverride = 192.168.*.*;127.0.0.1:9421;*.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Gestionnaire Antidote.exe] C:\Program Files (x86)\Druide\Antidote\Gestionnaire Antidote.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [F.lux] "C:\Users\Nekurahn\Local Settings\Apps\F.lux\flux.exe" /noshow
uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
uRun: [MotoCast] "C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\Nekurahn\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Nekurahn\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://www.ma-config.com/plugins/MaConfig_5_2_2_0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{11CACD81-9DBA-4D58-AD70-0D3ACD74B255} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{83263FF3-588E-4C3D-B10F-E5DFBD7033AB} : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nekurahn\AppData\Roaming\Mozilla\Firefox\Profiles\w7uy1egc.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\My Apps\Mozilla Plugins\npitunes.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-3-10 490840]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-4-29 40384]
R2 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-2-16 87368]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-9-2 13592]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2012-2-1 214896]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-11-17 255744]
R2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-2-11 172328]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-4-12 243232]
R2 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2009-12-13 76320]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-4-29 40384]
R3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-4-29 40384]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-1 136176]
S2 KMService;KMService;C:\Windows\System32\srvany.exe [2010-11-15 8192]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys --> C:\Windows\system32\DRIVERS\motfilt.sys [?]
S3 driverhardwarev2x64;driverhardwarev2x64;C:\Program Files (x86)\ma-config.com\Drivers\driverhardwarev2x64.sys [2011-7-21 16640]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-5-9 1038088]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-1 136176]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;\??\C:\Windows\system32\drivers\hitmanpro36.sys --> C:\Windows\system32\drivers\hitmanpro36.sys [?]
S3 maconfservice;Ma-Config Service;C:\Program Files (x86)\ma-config.com\maconfservice.exe [2011-11-25 311928]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys --> C:\Windows\system32\DRIVERS\Motousbnet.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\system32\DRIVERS\motusbdevice.sys --> C:\Windows\system32\DRIVERS\motusbdevice.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-24 129976]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== Created Last 30 ================
.
2012-05-02 12:41:27 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{83B365D7-38E8-4408-BDB1-6972DDBD0C23}
2012-05-02 12:41:16 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{AEDEF0BE-1CB1-4A41-B712-295229A77CA2}
2012-05-02 12:19:55 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-05-02 12:19:55 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-05-01 19:23:57 -------- d-----w- C:\Program Files\iTunes
2012-05-01 19:23:57 -------- d-----w- C:\Program Files\iPod
2012-05-01 19:22:28 -------- d-----w- C:\Program Files\Bonjour
2012-05-01 19:22:28 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-05-01 19:15:54 -------- d-----w- C:\Users\Nekurahn\AppData\Local\Apple
2012-05-01 19:15:23 -------- d-----w- C:\Users\Nekurahn\AppData\Local\Apple Computer
2012-05-01 13:11:32 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{B7745F7E-6DC7-4329-B313-4CBD413A1E3A}
2012-05-01 13:11:21 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{163DD986-B80F-4065-8ACF-D9D1D515F8EF}
2012-05-01 01:11:06 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{10401077-875C-44D5-BF29-F4DDAE9F173F}
2012-05-01 01:10:53 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{600B1943-7DB6-4E41-BC85-7BE2AD392553}
2012-04-30 13:10:41 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{B196BE31-12FD-4DE2-A8ED-231F08CBE5AC}
2012-04-30 13:10:30 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{B2E568B3-31A1-4EE1-8500-D4E028559186}
2012-04-30 01:10:17 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{04E33E54-C658-44B6-9E02-FDB358700CF2}
2012-04-30 01:10:06 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{A90F07B8-3ED2-4039-B03A-DAB503702D2F}
2012-04-29 13:09:49 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{5DA54BF0-906C-4CE9-B3BE-DB9C0E0570EC}
2012-04-29 13:09:37 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{BC618ECD-77A6-4A99-A077-2BCF6DE9CCBA}
2012-04-29 10:15:40 61008 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-04-29 10:15:22 38848 ----a-w- C:\Windows\avastSS.scr
2012-04-29 10:14:49 -------- d-----w- C:\Users\Nekurahn\AppData\Roaming\JavaUpdater
2012-04-28 19:26:00 21840 ----atw- C:\Windows\SysWow64\SIntfNT.dll
2012-04-28 19:26:00 17212 ----atw- C:\Windows\SysWow64\SIntf32.dll
2012-04-28 19:26:00 12067 ----atw- C:\Windows\SysWow64\SIntf16.dll
2012-04-28 19:13:41 94208 ----a-w- C:\Windows\DIIUnin.exe
2012-04-28 19:13:41 2829 ----a-w- C:\Windows\DIIUnin.pif
2012-04-28 12:41:22 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{F27690F5-5C12-4DD8-BB18-3928E80B42DB}
2012-04-28 12:41:12 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{79FE890E-D0E3-420F-B821-08AA3E8F5FCF}
2012-04-28 00:40:58 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{505871B6-D6F3-45F0-B484-1ACC22F2B4D9}
2012-04-28 00:40:47 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{D2A1C59A-7D5E-429D-8069-F96DE73CCD66}
2012-04-27 12:40:35 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{6F195832-627B-4075-8004-DCCBD6A72DDA}
2012-04-27 12:40:24 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{410C66BB-D36B-450D-A268-9D16534F4714}
2012-04-27 00:40:10 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{B71889E5-4CFF-4CB3-B549-34F4A5BE33D1}
2012-04-27 00:39:59 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{51876F1D-AEC1-4FE3-BF70-D69D8639BB5E}
2012-04-27 00:32:00 72192 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\LMABBM4C.DLL
2012-04-26 12:39:34 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{E4126C4D-E13C-4CE7-9F75-4912F0D6B29E}
2012-04-26 12:39:23 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{673CD850-B9C2-4C26-BF5E-8F5E62EB5449}
2012-04-26 00:39:07 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{ECC205B9-6DAD-4317-9C9A-98AA022D9153}
2012-04-26 00:38:56 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{1BA36F0A-B0A2-45E5-BFCF-DCEF9552E42F}
2012-04-25 16:07:58 -------- d-----w- C:\Windows\en
2012-04-25 16:05:03 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2c7323f41cd22fd01\DSETUP.dll
2012-04-25 16:05:03 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2c7323f41cd22fd01\DXSETUP.exe
2012-04-25 16:05:03 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2c7323f41cd22fd01\dsetup32.dll
2012-04-25 16:03:40 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{A85865DF-6A0C-4C9F-8B6E-FDF4C96D66A3}
2012-04-25 16:03:29 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{7F182AB3-FFE6-4888-82BD-2E77FDBD88B2}
2012-04-25 02:44:00 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{04D90B48-51C3-4333-8B6F-F3CFB5298180}
2012-04-25 02:43:49 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{602B183D-368C-4D6D-9CC0-0B859F6C7754}
2012-04-24 23:26:55 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-04-24 23:25:42 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{F86DAFA3-DA1C-43C5-8C3A-684FD4C3C3E0}
2012-04-24 23:25:30 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{0E75BD77-72FD-4638-973C-D1F7674A3885}
2012-04-24 23:24:49 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-04-24 23:23:58 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2012-04-24 23:11:29 -------- d-----w- C:\Windows\pss
2012-04-24 20:09:28 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-04-24 20:09:27 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-24 20:09:27 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-21 15:40:17 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{C18ACB94-185F-425C-A6C0-84FC60B41D10}
2012-04-21 15:40:06 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{7672820A-4633-4FE9-A843-2B6B425431E4}
2012-04-21 12:34:55 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5468D766-E204-4BA0-B0B8-75F4EB8AF9AD}\mpengine.dll
2012-04-20 12:19:35 -------- d-----w- C:\ProgramData\Battle.net
2012-04-19 20:12:39 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{B4311349-AD4D-4C3B-900B-BF54C0941AA1}
2012-04-19 20:12:28 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{567A6096-9122-4FF0-A52E-6972B8D13FFF}
2012-04-17 22:15:05 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{F9CD3CB9-CBBB-473E-BF7E-314C6D8F3B83}
2012-04-17 21:50:50 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{C1711CFC-0307-4BB3-92AC-B7054449476C}
2012-04-17 21:44:49 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{79C770F3-27E4-40D3-935E-3394FA4E91BA}
2012-04-13 11:01:33 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{24BA114C-A377-48BE-A202-0E2FFBCC57CB}
2012-04-13 11:01:22 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{093F10F3-7D0E-4CB5-A972-ED93F3E32DAA}
2012-04-13 02:18:07 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{71E7554E-358E-403F-8935-E3059D92065F}
2012-04-12 14:17:56 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{721F5899-302E-49F0-8B7C-B2CB7E6254C6}
2012-04-12 03:05:59 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-12 03:05:58 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-12 03:05:58 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-12 03:03:32 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-12 03:03:32 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-12 03:03:32 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-12 03:03:31 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-12 03:03:30 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-12 03:03:30 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-12 03:03:29 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-12 02:17:33 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{D9158E98-91B0-4014-B693-BEB521FE0F58}
2012-04-11 20:09:25 -------- d-----w- C:\Users\Nekurahn\AppData\Local\FeedDemon
2012-04-11 20:09:18 -------- d-----w- C:\Program Files (x86)\FeedDemon
2012-04-11 14:17:08 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{935ED1B8-E234-4E5F-9F75-DADD9186E069}
2012-04-11 02:16:57 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{D855FCDC-0E72-42DA-896F-66BD6632E838}
2012-04-10 14:16:45 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{B844E518-86C9-4A04-BE50-1E33D2EB46E2}
2012-04-10 02:16:34 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{FE0A1F5A-EA88-4F64-99DD-FA314B24246A}
2012-04-09 14:16:23 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{DB101AB7-43F6-4C41-AA7D-78F9A9A16D71}
2012-04-09 02:16:11 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{095E2D86-FE78-4EE5-90C2-70A80FACBC08}
2012-04-08 14:15:59 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{AAB4458A-255E-4C4F-B206-2DC5CEC6BE26}
2012-04-08 02:15:36 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{6C5B86EC-48DB-423B-BD65-C18786983CEA}
2012-04-07 14:15:11 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{A0F351AE-C9DA-41B4-A2F5-45FE5958B7BC}
2012-04-07 02:14:49 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{E021FF2F-2B04-40B1-A071-D908710FE1F6}
2012-04-07 00:40:47 175616 ----a-w- C:\Windows\SysWow64\unrar.dll
2012-04-07 00:40:44 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2012-04-06 14:14:25 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{90E81482-E9C1-4DBC-B346-5C8138A83BF3}
2012-04-06 02:14:13 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{D7A23B72-775F-4B06-8B6B-8445490F1269}
2012-04-06 02:07:03 -------- d-----w- C:\Users\Nekurahn\AppData\Local\Adobe
2012-04-06 01:52:40 27936 ----a-w- C:\Windows\System32\drivers\hitmanpro36.sys
2012-04-06 01:23:28 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-05 17:49:29 -------- d-----w- C:\ProgramData\AMD
2012-04-05 17:49:27 -------- d-----w- C:\Program Files (x86)\AMD AVT
2012-04-05 17:49:25 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-04-05 12:00:15 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{0D1CAF8F-819A-4AB2-A697-7EE49011BA84}
2012-04-05 11:35:04 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2012-04-05 11:17:16 -------- d-----w- C:\ProgramData\HitmanPro
2012-04-05 02:23:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-04 12:36:51 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{9499206C-7C1E-494C-9C0A-4557AC5BBC0D}
2012-04-04 00:36:40 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{E30FD3CB-D627-42B5-8385-59E66C79295A}
2012-04-03 12:36:28 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{CEABBED2-7843-4A31-920B-86B4286B59E4}
2012-04-03 00:36:17 -------- d-----w- C:\Users\Nekurahn\AppData\Local\{272DD863-3A76-40C9-9470-237384713CBA}
.
==================== Find3M ====================
.
2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-18 22:25:42 5 ----a-w- C:\Windows\SysWow64\lMMLDeleteUserData42107612FX.tmp
2012-03-09 06:28:08 10857984 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-03-09 05:26:42 74752 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-03-09 05:26:32 64512 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-03-09 05:26:24 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-03-09 05:26:20 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-03-09 05:26:10 16507392 ----a-w- C:\Windows\System32\amdocl64.dll
2012-03-09 05:25:16 13238272 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-03-09 05:24:22 54272 ----a-w- C:\Windows\System32\OpenCL.dll
2012-03-09 05:24:14 48128 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-03-09 05:16:44 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-03-09 05:16:28 791552 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-03-09 05:14:42 958464 ----a-w- C:\Windows\System32\aticfx64.dll
2012-03-09 05:11:24 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-03-09 05:11:16 496128 ----a-w- C:\Windows\System32\atieclxx.exe
2012-03-09 05:10:20 235520 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-03-09 05:08:50 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-03-09 05:08:02 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-03-09 05:07:56 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-03-09 05:07:50 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-03-09 05:04:18 6200320 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-03-09 05:03:40 26166784 ----a-w- C:\Windows\System32\atio6axx.dll
2012-03-09 04:45:00 7646208 ----a-w- C:\Windows\System32\atidxx64.dll
2012-03-09 04:39:20 19739136 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-03-09 04:36:40 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2012-03-09 04:36:10 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2012-03-09 04:35:54 4958208 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-03-09 04:23:44 5062656 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-03-09 04:23:16 5954048 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-03-09 04:18:30 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-03-09 04:18:26 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-03-09 04:18:14 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-03-09 04:18:12 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-03-09 04:17:54 16069632 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-03-09 04:12:38 13715968 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-03-09 04:11:52 7552000 ----a-w- C:\Windows\System32\atiumd64.dll
2012-03-09 04:05:20 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2012-03-09 04:05:20 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-03-09 04:05:12 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-03-09 04:05:12 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-03-09 03:58:54 512000 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-03-09 03:58:44 356352 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-03-09 03:58:30 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-03-09 03:58:26 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-03-09 03:58:26 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-03-09 03:58:20 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2012-03-09 03:58:10 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-03-09 03:58:02 328704 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-03-09 03:57:04 43008 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-03-09 03:56:56 33280 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-03-09 03:56:48 39936 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-03-09 03:56:38 30208 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-03-09 03:55:58 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-03-09 03:47:22 58880 ----a-w- C:\Windows\System32\coinst.dll
2012-03-08 22:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-03-08 22:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-24 19:20:06 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-15 15:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 15:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-02-14 16:09:44 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 9:27:43.92 ===============


EDIT: Just noticed that some other icons in Control Panel have other messages like "Windows cannot find 'C/Windows/system32/rundll32.exe'. Make sure you typed the name correctly, then try again".

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.

How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt

Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

===

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.

Please post the logs for my review.

Greetings,

Here is the requested information.

Your ComboFix log is clean.

HijackThis is not ready for the 64bit operating system.
I suggest your remove HijackThis 1.99.1 using the Add/Remove programs list.

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 29
Java™ 6 Update 7


===

I discovered today that my control panel is not fully functional. For example, when I click on the Mouse icon, I get there an error window called "Explorer.exe", displaying the message "Application not found". My calculator has also been renamed and a few other accessories are missing, I think.

This is not my domain. I suggest your start a new topic in this Windows 7 forum
http://www.bleepingcomputer.com/forums/forum167.html

First you may find a solution on Google concerning the missing accessories.
Search for this string windows 7 accessories missing from start menu

===

When all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.