Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slower computer and google redirect


  • This topic is locked This topic is locked
35 replies to this topic

#1 aupperk24

aupperk24

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 14 May 2012 - 10:37 PM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Archie at 20:13:25 on 2012-05-14
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4096.1676 [GMT -7:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe
C:\Program Files (x86)\Fawkes Engineering\AccuRIP\RipCore.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtWlan.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\Explorer.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Archie\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Logitech\SetPointP\LBTWiz.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Users\Archie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Archie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Archie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Archie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Archie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Archie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Archie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Archie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Archie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Archie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Archie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Archie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Archie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Archie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Archie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Archie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Archie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Archie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Archie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Archie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Archie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Archie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Archie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Archie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Archie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Archie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Archie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Archie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Archie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Archie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Archie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Archie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Archie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Archie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Archie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Archie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Archie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Archie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Archie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Archie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Archie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Archie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Archie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://eweb4.laccd.edu/WebStudent/signon.asp
uInternet Settings,ProxyOverride = *.local
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [F.lux] "C:\Users\Archie\Local Settings\Apps\F.lux\flux.exe" /noshow
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"
mRun: [Bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [<NO NAME>]
StartupFolder: C:\Users\Archie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://C:\Program Files (x86)\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://C:\Program Files (x86)\ieSpell\wikipedia.HTM
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{837629D1-8269-4A7D-8942-BF43294878C7} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{837629D1-8269-4A7D-8942-BF43294878C7}\7435949437B69727F636B65647F513333363 : DhcpNameServer = 192.168.43.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: navnet - {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - C:\Program Files (x86)\NavNetApp\ComUtilities.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun-x64: [Bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [(Default)]
IE-X64: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE-X64: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Archie\AppData\Roaming\Mozilla\Firefox\Profiles\n5jasqfs.default\
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
FF - plugin: C:\Users\Archie\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-13 654408]
R2 Realtek87B;Realtek87B;C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe [2012-2-18 40960]
R2 RipCore;RipCore;C:\Program Files (x86)\Fawkes Engineering\AccuRIP\RipCore.exe [2012-3-26 2107800]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\rtl8187.sys --> C:\Windows\system32\DRIVERS\rtl8187.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-5 257696]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-12-28 51727736]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-13 129976]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
.
=============== Created Last 30 ================
.
2012-05-14 00:04:58 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-14 00:04:54 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-14 00:04:54 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-10 05:44:09 -------- d-----w- C:\Users\Archie\AppData\Roaming\ieSpell
2012-05-10 05:42:31 -------- d-----w- C:\Program Files (x86)\ieSpell
2012-05-09 22:14:13 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-08 13:21:09 78848 ----a-w- C:\Windows\KMSEmulator.exe
2012-05-03 22:31:08 -------- d-----w- C:\Program Files (x86)\AMD AVT
2012-05-03 22:31:05 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-04-29 03:32:36 -------- d-----w- C:\Program Files\BreakPoint Software
2012-04-25 23:03:31 -------- d-----w- C:\Users\Archie\AppData\Local\Navnet_Solutions
2012-04-25 22:25:20 -------- d-----w- C:\Users\Archie\AppData\Roaming\NavNet Solutions
2012-04-25 22:25:20 -------- d-----w- C:\Program Files (x86)\NavNetApp
2012-04-25 22:23:29 -------- d-----w- C:\Program Files (x86)\NavNet
2012-04-25 22:16:59 -------- d-----w- C:\Users\Archie\Photobleepet
2012-04-25 21:55:31 -------- d-----w- C:\Program Files (x86)\Photobleepet
2012-04-21 00:37:02 -------- d-----w- C:\Python27
2012-04-20 22:50:47 -------- d-----w- C:\Users\Archie\AppData\Roaming\Barnes & Noble
2012-04-20 22:50:20 -------- d-----w- C:\NookBooks
2012-04-20 22:49:43 -------- d-----w- C:\Program Files (x86)\Barnes & Noble
2012-04-20 20:20:13 -------- d-----w- C:\Windows\SysWow64\Adobe
.
==================== Find3M ====================
.
2012-05-05 10:10:13 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 10:10:13 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-05 10:10:11 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-06 05:34:26 187392 ----a-w- C:\Windows\System32\clinfo.exe
2012-04-06 05:34:10 74752 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-04-06 05:34:04 64512 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-04-06 05:33:56 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-04-06 05:33:52 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-04-06 05:33:44 16457216 ----a-w- C:\Windows\System32\amdocl64.dll
2012-04-06 05:32:56 13007872 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-04-06 05:22:40 11174400 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-04-06 02:22:00 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-04-06 02:21:52 909312 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-04-06 02:20:04 1067520 ----a-w- C:\Windows\System32\aticfx64.dll
2012-04-06 02:16:52 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-04-06 02:16:46 503808 ----a-w- C:\Windows\System32\atieclxx.exe
2012-04-06 02:16:02 236544 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-04-06 02:14:44 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-04-06 02:14:30 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-04-06 02:14:26 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-04-06 02:14:20 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-04-06 02:13:42 6800896 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-04-06 02:10:50 26181632 ----a-w- C:\Windows\System32\atio6axx.dll
2012-04-06 02:00:10 64000 ----a-w- C:\Windows\System32\coinst.dll
2012-04-06 01:54:46 7479296 ----a-w- C:\Windows\System32\atidxx64.dll
2012-04-06 01:50:56 19753984 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-04-06 01:35:24 1120768 ----a-w- C:\Windows\System32\atiumd6v.dll
2012-04-06 01:34:50 1831424 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2012-04-06 01:34:34 4731904 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-04-06 01:34:04 6203392 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-04-06 01:30:16 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-04-06 01:30:14 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-04-06 01:30:08 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-04-06 01:30:06 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-04-06 01:29:54 16090624 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-04-06 01:25:30 13764096 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-04-06 01:23:24 7431680 ----a-w- C:\Windows\System32\atiumd64.dll
2012-04-06 01:22:54 4795904 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-04-06 01:11:28 514560 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-04-06 01:11:20 360448 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-04-06 01:11:06 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-04-06 01:11:04 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-04-06 01:11:04 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-04-06 01:11:00 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-04-06 01:10:52 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-04-06 01:10:44 343040 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-04-06 01:09:56 54784 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-04-06 01:09:48 41984 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-04-06 01:09:42 44544 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-04-06 01:09:34 32256 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-04-06 01:09:02 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-04-04 22:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-04 05:53:58 53656 ----a-w- C:\Windows\System32\AdobePDF.dll
2012-04-04 05:53:56 24984 ----a-w- C:\Windows\System32\AdobePDFUI.dll
2012-03-27 06:38:25 647168 ----a-w- C:\Windows\AutoKMS.exe
2012-03-25 21:02:20 3998 ----a-w- C:\STF9EBC.tmp
2012-03-25 20:50:59 4238 ----a-w- C:\STF3915.tmp
2012-03-25 19:49:26 4238 ----a-w- C:\STFDF60.tmp
2012-03-25 19:45:01 4238 ----a-w- C:\STFD448.tmp
2012-03-25 10:38:39 4238 ----a-w- C:\STF9CC8.tmp
2012-03-25 10:27:51 4238 ----a-w- C:\STFBBBC.tmp
2012-03-25 10:16:41 4238 ----a-w- C:\STF81F6.tmp
2012-03-25 10:05:21 4238 ----a-w- C:\STF22B6.tmp
2012-03-24 23:10:34 4238 ----a-w- C:\STFCE14.tmp
2012-03-24 23:01:13 4238 ----a-w- C:\STF3FE8.tmp
2012-03-24 08:43:16 4070 ----a-w- C:\STFB776.tmp
2012-03-24 08:30:46 4070 ----a-w- C:\STF4745.tmp
2012-03-23 23:20:22 4070 ----a-w- C:\STF3649.tmp
2012-03-23 23:02:13 4070 ----a-w- C:\STF9910.tmp
2012-03-23 22:48:56 4070 ----a-w- C:\STF70A7.tmp
2012-03-23 22:31:25 4070 ----a-w- C:\STF6457.tmp
2012-03-23 22:19:38 4070 ----a-w- C:\STF9BF9.tmp
2012-03-23 22:06:09 4070 ----a-w- C:\STF4512.tmp
2012-03-23 21:41:26 4070 ----a-w- C:\STFA24C.tmp
2012-03-23 21:09:24 4168 ----a-w- C:\STF4E23.tmp
2012-03-18 09:44:26 139264 --sha-r- C:\Windows\SysWow64\storage4.dll
2012-03-09 21:07:04 29184 ----a-w- C:\Windows\System32\kdbsdk64.dll
2012-03-09 21:06:14 24576 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
2012-03-05 23:15:19 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-02-23 12:32:04 95760 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
2012-02-21 08:05:15 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-18 20:24:17 0 ----a-w- C:\Windows\ativpsrm.bin
2012-02-18 20:10:15 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2012-02-15 18:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 18:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-02-15 05:03:44 54272 ----a-w- C:\Windows\System32\OpenCL.dll
2012-02-15 05:03:38 48128 ----a-w- C:\Windows\SysWow64\OpenCL.dll
.
============= FINISH: 20:13:48.13 ===============


I couldn't get the GMER to work, most of the slots to check was grayed out and it didn't list anything after the scan.

here's the topic
http://www.bleepingcomputer.com/forums/topic453647.html

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:50 AM

Posted 15 May 2012 - 05:10 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:50 AM

Posted 17 May 2012 - 11:56 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 aupperk24

aupperk24
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 18 May 2012 - 03:09 AM

Results of screen317's Security Check version 0.99.32
Windows 7 x64
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 31
Mozilla Firefox (12.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````

Edited by aupperk24, 18 May 2012 - 03:09 AM.


#5 aupperk24

aupperk24
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 18 May 2012 - 03:13 AM

I'm in the process of backing up right now. I will post combofix log asap

I'm in the process of backing up right now. I will post combofix log asap

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:50 AM

Posted 18 May 2012 - 03:14 AM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 aupperk24

aupperk24
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 19 May 2012 - 01:09 AM

:thumbup2:

:dance:
Here's the log from combofix!

ComboFix 12-05-19.01 - Archie 05/18/2012 22:48:18.8.2 - x64
Running from: c:\users\Archie\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-04-19 to 2012-05-19 )))))))))))))))))))))))))))))))
.
.
2012-05-19 05:52 . 2012-05-19 05:52 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-19 05:52 . 2012-05-19 05:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-17 03:29 . 2012-05-17 03:29 -------- d-----w- c:\users\Archie\AppData\Roaming\Research In Motion
2012-05-17 03:29 . 2009-01-09 22:02 31744 ----a-w- c:\windows\system32\drivers\RimSerial_AMD64.sys
2012-05-17 03:28 . 2012-05-17 03:28 -------- d-----w- c:\program files (x86)\Common Files\Research In Motion
2012-05-15 15:38 . 2012-05-15 16:10 -------- d-----w- c:\program files (x86)\Diablo III
2012-05-15 15:38 . 2012-05-15 15:38 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-05-15 15:38 . 2012-05-15 15:38 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-05-15 15:36 . 2012-05-15 15:36 -------- d-----w- c:\programdata\Battle.net
2012-05-14 00:04 . 2012-05-14 00:04 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-14 00:04 . 2012-05-14 00:04 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-14 00:04 . 2012-05-14 00:04 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-10 05:44 . 2012-05-10 05:44 -------- d-----w- c:\users\Archie\AppData\Roaming\ieSpell
2012-05-08 13:21 . 2012-05-19 05:53 78848 ----a-w- c:\windows\KMSEmulator.exe
2012-05-03 22:31 . 2012-05-03 22:31 -------- d-----w- c:\programdata\ATI
2012-05-03 22:31 . 2012-05-03 22:31 -------- d-----w- c:\program files (x86)\AMD AVT
2012-05-03 22:31 . 2012-05-03 22:31 -------- d-----w- c:\program files (x86)\AMD APP
2012-04-29 03:32 . 2012-04-29 03:32 -------- d-----w- c:\program files\BreakPoint Software
2012-04-25 23:03 . 2012-04-25 23:03 -------- d-----w- c:\users\Archie\AppData\Local\Navnet_Solutions
2012-04-25 22:25 . 2012-04-25 22:25 -------- d-----w- c:\users\Archie\AppData\Roaming\NavNet Solutions
2012-04-25 22:23 . 2012-04-25 22:24 -------- d-----w- c:\program files (x86)\NavNet
2012-04-25 22:16 . 2012-04-25 22:16 -------- d-----w- c:\users\Archie\Photobleepet
2012-04-25 21:55 . 2012-04-25 22:23 -------- d-----w- c:\program files (x86)\Photobleepet
2012-04-21 00:37 . 2012-04-21 00:37 -------- d-----w- C:\Python27
2012-04-20 22:50 . 2012-04-20 22:50 -------- d-----w- c:\users\Archie\AppData\Roaming\Barnes & Noble
2012-04-20 22:50 . 2012-04-21 00:37 -------- d-----w- C:\NookBooks
2012-04-20 22:49 . 2012-04-20 22:49 -------- d-----w- c:\program files (x86)\Barnes & Noble
2012-04-20 20:20 . 2012-04-20 20:22 -------- d-----w- c:\windows\SysWow64\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 10:10 . 2012-04-05 16:43 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 10:10 . 2012-03-07 04:18 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 10:10 . 2012-04-05 17:10 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-06 08:58 . 2009-08-18 20:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-04-06 08:58 . 2009-08-18 19:24 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-06 05:34 . 2012-04-06 05:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-06 05:34 . 2012-04-06 05:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-06 05:34 . 2012-04-06 05:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-06 05:33 . 2012-04-06 05:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-06 05:33 . 2012-04-06 05:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-06 05:33 . 2012-04-06 05:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-06 05:32 . 2012-04-06 05:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2012-04-06 02:21 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2011-12-06 03:16 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-04-06 02:13 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2011-12-06 02:18 64000 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2011-12-06 02:51 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-04-06 01:34 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23 7431680 ----a-w- c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-04-06 01:22 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2011-12-06 02:11 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-04-06 01:09 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:09 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2011-12-06 02:11 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-04-04 22:56 . 2012-04-06 08:24 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-04 05:53 . 2012-04-04 05:53 53656 ----a-w- c:\windows\system32\AdobePDF.dll
2012-04-04 05:53 . 2012-04-04 05:53 24984 ----a-w- c:\windows\system32\AdobePDFUI.dll
2012-03-27 06:38 . 2012-03-27 06:38 647168 ----a-w- c:\windows\AutoKMS.exe
2012-03-25 21:02 . 2012-03-25 21:02 3998 ----a-w- C:\STF9EBC.tmp
2012-03-25 20:50 . 2012-03-25 20:50 4238 ----a-w- C:\STF3915.tmp
2012-03-25 19:49 . 2012-03-25 19:49 4238 ----a-w- C:\STFDF60.tmp
2012-03-25 19:45 . 2012-03-25 19:45 4238 ----a-w- C:\STFD448.tmp
2012-03-25 10:38 . 2012-03-25 10:38 4238 ----a-w- C:\STF9CC8.tmp
2012-03-25 10:27 . 2012-03-25 10:27 4238 ----a-w- C:\STFBBBC.tmp
2012-03-25 10:16 . 2012-03-25 10:16 4238 ----a-w- C:\STF81F6.tmp
2012-03-25 10:05 . 2012-03-25 10:05 4238 ----a-w- C:\STF22B6.tmp
2012-03-24 23:10 . 2012-03-24 23:10 4238 ----a-w- C:\STFCE14.tmp
2012-03-24 23:01 . 2012-03-24 23:01 4238 ----a-w- C:\STF3FE8.tmp
2012-03-24 08:43 . 2012-03-24 08:43 4070 ----a-w- C:\STFB776.tmp
2012-03-24 08:30 . 2012-03-24 08:30 4070 ----a-w- C:\STF4745.tmp
2012-03-23 23:20 . 2012-03-23 23:20 4070 ----a-w- C:\STF3649.tmp
2012-03-23 23:02 . 2012-03-23 23:02 4070 ----a-w- C:\STF9910.tmp
2012-03-23 22:48 . 2012-03-23 22:48 4070 ----a-w- C:\STF70A7.tmp
2012-03-23 22:31 . 2012-03-23 22:31 4070 ----a-w- C:\STF6457.tmp
2012-03-23 22:19 . 2012-03-23 22:19 4070 ----a-w- C:\STF9BF9.tmp
2012-03-23 22:06 . 2012-03-23 22:06 4070 ----a-w- C:\STF4512.tmp
2012-03-23 21:41 . 2012-03-23 21:41 4070 ----a-w- C:\STFA24C.tmp
2012-03-23 21:09 . 2012-03-23 21:09 4168 ----a-w- C:\STF4E23.tmp
2012-03-09 21:07 . 2012-03-09 21:07 29184 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-03-09 21:06 . 2012-03-09 21:06 24576 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-03-05 23:15 . 2012-03-05 23:15 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-24 19:14 . 2012-02-24 19:14 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-02-24 19:13 . 2012-02-24 19:13 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-02-24 19:13 . 2012-02-24 19:13 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-02-24 19:13 . 2012-02-24 19:13 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-02-23 12:32 . 2012-02-23 12:32 95760 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2012-02-21 08:05 . 2012-02-21 08:05 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-05-09_22.13.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-05-15 02:52 36200 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-05-04 07:46 36200 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-25 23:13 . 2012-04-04 05:53 37264 c:\windows\system32\spool\drivers\x64\3\ADREGP.DLL
+ 2010-10-25 23:13 . 2012-04-04 05:53 24984 c:\windows\system32\spool\drivers\x64\3\AdobePDFUI.dll
- 2010-10-25 23:13 . 2010-10-25 23:13 24984 c:\windows\system32\spool\drivers\x64\3\AdobePDFUI.dll
+ 2010-10-25 23:13 . 2012-04-04 05:53 53656 c:\windows\system32\spool\drivers\x64\3\AdobePdf.dll
- 2010-10-25 23:13 . 2010-10-25 23:13 53656 c:\windows\system32\spool\drivers\x64\3\AdobePdf.dll
- 2009-07-14 05:30 . 2012-05-03 22:30 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-05-17 03:30 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-02-17 01:23 . 2011-02-17 01:23 74240 c:\windows\system32\DriverStore\FileRepository\rimusbnt.inf_amd64_neutral_ed29477b60e43669\RimUsb_AMD64.sys
+ 2012-05-17 03:29 . 2009-01-09 22:02 31744 c:\windows\system32\DriverStore\FileRepository\rimserial.inf_amd64_neutral_095f8f326d5d196a\RimSerial_AMD64.sys
+ 2012-04-04 05:53 . 2012-04-04 05:53 24984 c:\windows\system32\DriverStore\FileRepository\adobepdf.inf_amd64_neutral_37dec03d80533e59\Amd64Vista\AdobePDFUI.dll
+ 2012-04-04 05:53 . 2012-04-04 05:53 53656 c:\windows\system32\DriverStore\FileRepository\adobepdf.inf_amd64_neutral_37dec03d80533e59\Amd64Vista\AdobePdf.dll
+ 2012-04-04 05:53 . 2012-04-04 05:53 37264 c:\windows\system32\DriverStore\FileRepository\adobepdf.inf_amd64_neutral_37dec03d80533e59\Amd64\ADREGP.DLL
+ 2011-02-17 01:23 . 2011-02-17 01:23 74240 c:\windows\system32\drivers\RimUsb_AMD64.sys
+ 2012-02-18 19:44 . 2012-05-15 15:41 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-02-18 19:44 . 2012-05-05 10:10 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-02-18 19:44 . 2012-05-15 15:41 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-02-18 19:44 . 2012-05-05 10:10 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-15 15:41 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-05 10:10 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-02-18 20:03 . 2012-05-09 22:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-02-18 20:03 . 2012-05-19 05:55 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2012-05-19 05:55 71736 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2012-02-18 20:03 . 2012-05-09 22:09 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-02-18 20:03 . 2012-05-19 05:55 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-02-18 20:03 . 2012-05-09 22:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-18 20:03 . 2012-05-19 05:55 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-18 20:03 . 2012-05-19 05:55 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-02-18 20:03 . 2012-05-09 22:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-02-18 20:03 . 2012-05-09 22:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-18 20:03 . 2012-05-19 05:55 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-25 23:13 . 2010-10-25 23:13 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\ViewerPS.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\PrintInf64.exe
+ 2010-10-25 23:13 . 2010-10-25 23:13 16808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\piaglbreakfinder.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 84896 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\PDFPrevHndlr.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 28568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\FileDlgExt.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 17816 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\Exch_AcrobatInfo.exe
+ 2010-10-25 23:13 . 2010-10-25 23:13 70584 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\adobeextractfiles.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\acrotextextractor.exe
+ 2010-10-25 23:13 . 2010-10-25 23:13 97168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\AcroIF.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 62376 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\acroiehelpershim.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\AcroIEHelper.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\Acrofx32.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 36760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\acrobat_sl.exe
+ 2012-03-12 18:40 . 2012-05-19 05:53 3538 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-03-12 18:40 . 2012-05-09 22:06 3538 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-02-18 20:26 . 2012-05-15 02:52 6528 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3356171485-3904491640-1079932676-1000_UserData.bin
- 2012-05-09 22:06 . 2012-05-09 22:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-19 05:53 . 2012-05-19 05:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-09 22:06 . 2012-05-09 22:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-19 05:53 . 2012-05-19 05:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-03-07 22:55 . 2011-03-07 22:55 507904 c:\windows\SysWOW64\btwapi.dll
+ 2012-02-19 07:49 . 2012-05-14 00:04 242066 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2010-10-25 23:13 . 2012-04-04 05:54 464272 c:\windows\system32\spool\drivers\x64\3\ADUIGP.DLL
- 2010-10-25 23:13 . 2010-10-25 23:13 464272 c:\windows\system32\spool\drivers\x64\3\ADUIGP.DLL
+ 2009-07-14 02:36 . 2012-05-17 03:47 618026 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-09 22:11 618026 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-17 03:47 104340 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-05-09 22:11 104340 c:\windows\system32\perfc009.dat
- 2009-07-14 05:30 . 2012-05-03 22:30 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-05-17 03:30 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-05-03 22:30 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-05-17 03:29 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2012-04-04 05:54 . 2012-04-04 05:54 464272 c:\windows\system32\DriverStore\FileRepository\adobepdf.inf_amd64_neutral_37dec03d80533e59\Amd64\ADUIGP.DLL
- 2009-07-14 05:01 . 2012-05-09 22:06 486568 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-05-19 05:53 486568 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2008-08-08 21:11 . 2008-08-08 21:11 232960 c:\windows\Installer\2bee303.msi
+ 2012-05-17 03:28 . 2012-05-17 03:28 413696 c:\windows\Installer\{BAAA065C-6A5F-4BE1-9D9F-F3235EA13D5C}\BlackBerry.exe
- 2012-02-19 00:59 . 2012-02-19 00:59 335872 c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000005}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe
+ 2012-02-19 00:59 . 2012-05-10 02:10 335872 c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000005}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe
+ 2010-10-25 23:13 . 2010-10-25 23:13 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\sqlite.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 108864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\spal.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 905536 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\solidcore.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 133440 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\solid_wxbase_xml.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 404800 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\securepdfsdk.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 147776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\scpdfbridge.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 338856 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\readerupdater.exe
+ 2010-10-25 23:13 . 2010-10-25 23:13 457120 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\PDFMPublisher.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 106904 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\PDFMProject.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 641440 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\PDFMPowerPoint.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 385952 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\PDFMOfficeAddin.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 319808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\pdfmeta.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 528792 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\PDFMEngine.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 221592 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\PDFMakerAPI.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 217496 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\PDFMAccess.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 435520 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\ocr.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 135568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\nppdf32.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 344480 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\MDKitAdapter.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 316824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\ImpCommWord.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 858944 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\imagetool.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 681872 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\Exch_JP2KLib.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 329104 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\Exch_Acrobat.exe
+ 2010-10-25 23:13 . 2010-10-25 23:13 709528 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\Dist_adistres.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 821144 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\Dist_acrotray.exe
+ 2010-10-25 23:13 . 2010-10-25 23:13 405912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\Dist_acrodist.exe
+ 2010-10-25 23:13 . 2010-10-25 23:13 143168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\dbcore.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 170816 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\convertercorelight.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 685464 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\ContextMenu.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 148880 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\Aiod.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 222920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\ahclient.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 952728 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\aecfilter.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 226200 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\adobeafp.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 116624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\Adist64.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 110480 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\Adist.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 203680 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\acroscanbroker.exe
+ 2010-10-25 23:13 . 2010-10-25 23:13 702352 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\AcroPDF.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 340384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\AcroIEFavClient.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 294808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\acrobroker.exe
+ 2010-10-25 23:13 . 2010-10-25 23:13 338856 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\acrobatupdater.exe
+ 2010-10-25 23:13 . 2010-10-25 23:13 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\a3dutils.dll
+ 2011-02-17 01:23 . 2011-02-17 01:23 1721576 c:\windows\system32\WdfCoInstaller01009.dll
+ 2009-07-14 02:34 . 2012-05-15 15:38 9437184 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-04-21 00:11 9437184 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-02-17 01:23 . 2011-02-17 01:23 1721576 c:\windows\system32\DriverStore\FileRepository\rimusbnt.inf_amd64_neutral_ed29477b60e43669\WdfCoInstaller01009.dll
+ 2009-07-14 04:45 . 2012-05-19 05:55 3607895 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-04-29 03:22 3607895 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-02-18 20:23 . 2012-05-19 05:53 1489792 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-02-18 20:23 . 2012-05-09 22:06 1489792 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-02-28 03:48 . 2012-05-19 05:53 8379477 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3356171485-3904491640-1079932676-1000-12288.dat
+ 2010-10-25 23:13 . 2010-10-25 23:13 1876288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\solid_wxbase.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 2207632 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\rt3d.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 1054096 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\pdfport.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 1270680 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\PDFMWord.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 2739608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\PDFMOutlook.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 2070432 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\PDFMLotus_PDFMLotusNotes.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 1300888 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\PDFMExcel.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 6445376 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\pdflibtool.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 1753504 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\OCRLibraryInf.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 5002632 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\MPS.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 2795928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\Exch_cooltype.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 4728216 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\Dist_acrodistdll.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 1591712 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\ContextMenu64.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 6222744 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\authplay.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 2893216 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\AdobePDFMakerX.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 6654360 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\AdobePDFL.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 1216416 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\AdobeCollabSync.exe
+ 2010-10-25 23:13 . 2010-10-25 23:13 2572712 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\Acrobat_Elements.exe
+ 2012-04-04 13:17 . 2012-04-04 13:17 99008512 c:\windows\Installer\ded646.msp
+ 2012-05-10 15:25 . 2012-05-10 15:25 49614848 c:\windows\Installer\3b6ca33.msi
+ 2010-10-25 23:13 . 2010-10-25 23:13 17201560 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\webkitag.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 51284384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\PreflightLib.dll
+ 2010-10-25 23:13 . 2010-10-25 23:13 28406160 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\Acrobat.dll
+ 2012-05-17 03:28 . 2012-05-17 03:28 208759296 c:\windows\Installer\a6fe808.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-18 399736]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-02-25 1242448]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"F.lux"="c:\users\Archie\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2012-04-04 1261472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
.
c:\users\Archie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-5-9 1014112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-12-28 51727736]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-14 129976]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 Realtek87B;Realtek87B;c:\program files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe [2009-12-07 40960]
S2 RipCore;RipCore;c:\program files (x86)\Fawkes Engineering\AccuRIP\RipCore.exe [2012-03-27 2107800]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 10:10]
.
2012-05-19 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS.exe [2012-03-27 06:38]
.
2012-05-19 c:\windows\Tasks\AutoKMSDaily.job
- c:\windows\AutoKMS.exe [2012-03-27 06:38]
.
2012-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3356171485-3904491640-1079932676-1000Core.job
- c:\users\Archie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-18 20:03]
.
2012-05-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3356171485-3904491640-1079932676-1000UA.job
- c:\users\Archie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-18 20:03]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://eweb4.laccd.edu/WebStudent/signon.asp
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Lookup on Merriam Webster
IE: Lookup on Wikipedia
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Archie\AppData\Roaming\Mozilla\Firefox\Profiles\n5jasqfs.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3356171485-3904491640-1079932676-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*A*OQ%]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3356171485-3904491640-1079932676-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*A*OQ%\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3356171485-3904491640-1079932676-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*F*VTD]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3356171485-3904491640-1079932676-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*F*VTD\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3356171485-3904491640-1079932676-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*F*U]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3356171485-3904491640-1079932676-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*F*U\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3356171485-3904491640-1079932676-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*L*e*n*TD\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3356171485-3904491640-1079932676-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*L*i*n*9O\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3356171485-3904491640-1079932676-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R*o*x*gO\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3356171485-3904491640-1079932676-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*A*OQ%]
@Allowed: (Read) (RestrictedCode)
"0"=hex:66,69,6c,65,3a,2f,2f,2f,44,3a,2f,50,6f,72,6e,2f,46,4f,4f,48,2f,45,64,
65,6e,2e,41,64,61,6d,73,2e,77,6d,76,00,2e,00,41,00,4f,c8,51,25,00,00,a6,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-3356171485-3904491640-1079932676-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*F*VTD]
@Allowed: (Read) (RestrictedCode)
"0"=hex:66,69,6c,65,3a,2f,2f,2f,44,3a,2f,50,6f,72,6e,2f,46,4f,4f,48,2f,53,63,
61,72,6c,65,74,74,2e,46,61,79,2e,77,6d,76,00,65,00,74,00,74,00,2e,00,46,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-3356171485-3904491640-1079932676-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*F*U]
@Allowed: (Read) (RestrictedCode)
"0"=hex:66,69,6c,65,3a,2f,2f,2f,44,3a,2f,50,6f,72,6e,2f,46,4f,4f,48,2f,53,63,
61,72,6c,65,74,74,2e,46,61,79,2e,77,6d,76,00,65,00,74,00,74,00,2e,00,46,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtWlan.exe
.
**************************************************************************
.
Completion time: 2012-05-18 22:58:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-19 05:58
ComboFix2.txt 2012-05-09 22:15
ComboFix3.txt 2012-04-19 06:04
ComboFix4.txt 2012-04-06 08:16
ComboFix5.txt 2012-05-19 05:47
.
Pre-Run: 34,133,118,976 bytes free
Post-Run: 35,915,657,216 bytes free
.
- - End Of File - - 075F48E0EB939ACF57BAE6CB1C8D3EBC

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:50 AM

Posted 19 May 2012 - 01:17 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 aupperk24

aupperk24
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 19 May 2012 - 01:47 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo


TDSSKiller found nothing,

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:50 AM

Posted 19 May 2012 - 01:58 AM

did you run the aswMBR report?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 aupperk24

aupperk24
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 19 May 2012 - 02:00 AM

did you run the aswMBR report?


gringo


sorry about that, forgot to paste it

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-18 23:47:06
-----------------------------
23:47:06.676 OS Version: Windows x64 6.1.7600
23:47:06.676 Number of processors: 2 586 0xF06
23:47:06.676 ComputerName: ARCHIE-PC UserName: Archie
23:47:06.886 Initialize success
23:51:13.080 AVAST engine defs: 12051801
23:51:19.072 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005d
23:51:19.074 Disk 0 Vendor: M4-CT128 0009 Size: 122104MB BusType: 3
23:51:19.076 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000005e
23:51:19.078 Disk 1 Vendor: ST350063 3.AA Size: 476940MB BusType: 3
23:51:19.081 Disk 0 MBR read successfully
23:51:19.084 Disk 0 MBR scan
23:51:19.088 Disk 0 Windows 7 default MBR code
23:51:19.091 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 100 MB offset 2048
23:51:19.097 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 122002 MB offset 206848
23:51:19.104 Disk 0 scanning C:\Windows\system32\drivers
23:51:22.343 Service scanning
23:51:34.815 Modules scanning
23:51:34.824 Disk 0 trace - called modules:
23:51:35.166 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor.sys
23:51:35.175 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004541060]
23:51:35.180 3 CLASSPNP.SYS[fffff8800197643f] -> nt!IofCallDriver -> [0xfffffa80043e2650]
23:51:35.185 5 ACPI.sys[fffff88000f1d781] -> nt!IofCallDriver -> \Device\0000005d[0xfffffa80043e99d0]
23:51:35.351 AVAST engine scan C:\Windows
23:51:36.777 AVAST engine scan C:\Windows\system32
23:52:59.894 AVAST engine scan C:\Windows\system32\drivers
23:53:04.766 AVAST engine scan C:\Users\Archie
23:53:59.251 AVAST engine scan C:\ProgramData
23:54:30.005 Scan finished successfully
23:58:41.183 Disk 0 MBR has been saved successfully to "C:\Users\Archie\Desktop\MBR.dat"
23:58:41.193 The log file has been saved successfully to "C:\Users\Archie\Desktop\aswMBR.txt"

Edited by aupperk24, 19 May 2012 - 02:01 AM.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:50 AM

Posted 19 May 2012 - 02:09 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 aupperk24

aupperk24
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 19 May 2012 - 02:22 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo


ComboFix 12-05-19.01 - Archie 05/19/2012 0:11.9.2 - x64
Running from: c:\users\Archie\Desktop\ComboFix.exe
Command switches used :: c:\users\Archie\Desktop\CFScript.txt.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-04-19 to 2012-05-19 )))))))))))))))))))))))))))))))
.
.
2012-05-19 07:16 . 2012-05-19 07:16 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-19 07:16 . 2012-05-19 07:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-19 07:06 . 2011-02-18 05:40 19520 ----a-w- c:\windows\system32\drivers\ssudnflt.sys
2012-05-19 07:06 . 2011-02-18 04:47 82112 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-05-19 07:06 . 2011-02-18 04:47 202560 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-05-19 07:06 . 2012-05-19 07:06 -------- d-----w- c:\program files\SAMSUNG
2012-05-19 07:05 . 2012-05-19 07:05 -------- d-----w- c:\programdata\Samsung
2012-05-17 03:29 . 2012-05-17 03:29 -------- d-----w- c:\users\Archie\AppData\Roaming\Research In Motion
2012-05-17 03:29 . 2009-01-09 22:02 31744 ----a-w- c:\windows\system32\drivers\RimSerial_AMD64.sys
2012-05-17 03:28 . 2012-05-17 03:28 -------- d-----w- c:\program files (x86)\Common Files\Research In Motion
2012-05-15 15:38 . 2012-05-15 16:10 -------- d-----w- c:\program files (x86)\Diablo III
2012-05-15 15:38 . 2012-05-15 15:38 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-05-15 15:38 . 2012-05-15 15:38 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-05-15 15:36 . 2012-05-15 15:36 -------- d-----w- c:\programdata\Battle.net
2012-05-14 00:04 . 2012-05-14 00:04 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-14 00:04 . 2012-05-14 00:04 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-14 00:04 . 2012-05-14 00:04 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-10 05:44 . 2012-05-10 05:44 -------- d-----w- c:\users\Archie\AppData\Roaming\ieSpell
2012-05-08 13:21 . 2012-05-19 05:53 78848 ----a-w- c:\windows\KMSEmulator.exe
2012-05-03 22:31 . 2012-05-03 22:31 -------- d-----w- c:\programdata\ATI
2012-05-03 22:31 . 2012-05-03 22:31 -------- d-----w- c:\program files (x86)\AMD AVT
2012-05-03 22:31 . 2012-05-03 22:31 -------- d-----w- c:\program files (x86)\AMD APP
2012-04-29 03:32 . 2012-04-29 03:32 -------- d-----w- c:\program files\BreakPoint Software
2012-04-25 23:03 . 2012-04-25 23:03 -------- d-----w- c:\users\Archie\AppData\Local\Navnet_Solutions
2012-04-25 22:25 . 2012-04-25 22:25 -------- d-----w- c:\users\Archie\AppData\Roaming\NavNet Solutions
2012-04-25 22:23 . 2012-04-25 22:24 -------- d-----w- c:\program files (x86)\NavNet
2012-04-25 22:16 . 2012-04-25 22:16 -------- d-----w- c:\users\Archie\Photobleepet
2012-04-25 21:55 . 2012-04-25 22:23 -------- d-----w- c:\program files (x86)\Photobleepet
2012-04-21 00:37 . 2012-04-21 00:37 -------- d-----w- C:\Python27
2012-04-20 22:50 . 2012-04-20 22:50 -------- d-----w- c:\users\Archie\AppData\Roaming\Barnes & Noble
2012-04-20 22:50 . 2012-04-21 00:37 -------- d-----w- C:\NookBooks
2012-04-20 22:49 . 2012-04-20 22:49 -------- d-----w- c:\program files (x86)\Barnes & Noble
2012-04-20 20:20 . 2012-04-20 20:22 -------- d-----w- c:\windows\SysWow64\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 10:10 . 2012-04-05 16:43 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 10:10 . 2012-03-07 04:18 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 10:10 . 2012-04-05 17:10 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-06 08:58 . 2009-08-18 20:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-04-06 08:58 . 2009-08-18 19:24 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-06 05:34 . 2012-04-06 05:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-06 05:34 . 2012-04-06 05:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-06 05:34 . 2012-04-06 05:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-06 05:33 . 2012-04-06 05:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-06 05:33 . 2012-04-06 05:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-06 05:33 . 2012-04-06 05:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-06 05:32 . 2012-04-06 05:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2012-04-06 02:21 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2011-12-06 03:16 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-04-06 02:13 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2011-12-06 02:18 64000 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2011-12-06 02:51 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-04-06 01:34 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23 7431680 ----a-w- c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-04-06 01:22 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2011-12-06 02:11 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-04-06 01:09 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:09 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2011-12-06 02:11 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-04-04 22:56 . 2012-04-06 08:24 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-04 05:53 . 2012-04-04 05:53 53656 ----a-w- c:\windows\system32\AdobePDF.dll
2012-04-04 05:53 . 2012-04-04 05:53 24984 ----a-w- c:\windows\system32\AdobePDFUI.dll
2012-03-27 06:38 . 2012-03-27 06:38 647168 ----a-w- c:\windows\AutoKMS.exe
2012-03-25 21:02 . 2012-03-25 21:02 3998 ----a-w- C:\STF9EBC.tmp
2012-03-25 20:50 . 2012-03-25 20:50 4238 ----a-w- C:\STF3915.tmp
2012-03-25 19:49 . 2012-03-25 19:49 4238 ----a-w- C:\STFDF60.tmp
2012-03-25 19:45 . 2012-03-25 19:45 4238 ----a-w- C:\STFD448.tmp
2012-03-25 10:38 . 2012-03-25 10:38 4238 ----a-w- C:\STF9CC8.tmp
2012-03-25 10:27 . 2012-03-25 10:27 4238 ----a-w- C:\STFBBBC.tmp
2012-03-25 10:16 . 2012-03-25 10:16 4238 ----a-w- C:\STF81F6.tmp
2012-03-25 10:05 . 2012-03-25 10:05 4238 ----a-w- C:\STF22B6.tmp
2012-03-24 23:10 . 2012-03-24 23:10 4238 ----a-w- C:\STFCE14.tmp
2012-03-24 23:01 . 2012-03-24 23:01 4238 ----a-w- C:\STF3FE8.tmp
2012-03-24 08:43 . 2012-03-24 08:43 4070 ----a-w- C:\STFB776.tmp
2012-03-24 08:30 . 2012-03-24 08:30 4070 ----a-w- C:\STF4745.tmp
2012-03-23 23:20 . 2012-03-23 23:20 4070 ----a-w- C:\STF3649.tmp
2012-03-23 23:02 . 2012-03-23 23:02 4070 ----a-w- C:\STF9910.tmp
2012-03-23 22:48 . 2012-03-23 22:48 4070 ----a-w- C:\STF70A7.tmp
2012-03-23 22:31 . 2012-03-23 22:31 4070 ----a-w- C:\STF6457.tmp
2012-03-23 22:19 . 2012-03-23 22:19 4070 ----a-w- C:\STF9BF9.tmp
2012-03-23 22:06 . 2012-03-23 22:06 4070 ----a-w- C:\STF4512.tmp
2012-03-23 21:41 . 2012-03-23 21:41 4070 ----a-w- C:\STFA24C.tmp
2012-03-23 21:09 . 2012-03-23 21:09 4168 ----a-w- C:\STF4E23.tmp
2012-03-09 21:07 . 2012-03-09 21:07 29184 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-03-09 21:06 . 2012-03-09 21:06 24576 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-03-05 23:15 . 2012-03-05 23:15 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-24 19:14 . 2012-02-24 19:14 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-02-24 19:13 . 2012-02-24 19:13 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-02-24 19:13 . 2012-02-24 19:13 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-02-24 19:13 . 2012-02-24 19:13 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-02-23 12:32 . 2012-02-23 12:32 95760 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2012-02-21 08:05 . 2012-02-21 08:05 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-05-19_05.56.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-18 21:11 . 2012-05-19 05:58 35738 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-19 05:58 36208 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:30 . 2012-05-19 07:17 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2012-05-17 03:30 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2012-05-19 07:06 . 2010-12-21 05:55 28160 c:\windows\system32\DriverStore\FileRepository\via_usb_modem.inf_amd64_neutral_2358dcbee0e9f747\VIA_USB_MODEM.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 21760 c:\windows\system32\DriverStore\FileRepository\via_usb_ets.inf_amd64_neutral_74f37c1f9f7c8ec2\VIA_USB_ETS.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 23040 c:\windows\system32\DriverStore\FileRepository\ssusbdownload.inf_amd64_neutral_4b2c86fcdcd8e77b\amd64\SSUSBDownload.sys
+ 2012-05-19 07:06 . 2011-02-18 05:40 19520 c:\windows\system32\DriverStore\FileRepository\ssudrnds.inf_amd64_neutral_21cbda3f7f60abfb\amd64\ssudnflt.sys
+ 2012-05-19 07:06 . 2011-02-18 04:47 50240 c:\windows\system32\DriverStore\FileRepository\ssudnd5.inf_amd64_neutral_607d78d6681a8561\amd64\ssudnd5.sys
+ 2012-05-19 07:06 . 2011-02-18 04:47 82112 c:\windows\system32\DriverStore\FileRepository\ssudbus.inf_amd64_neutral_0f49bd8e92b7e3ce\amd64\ssudbus.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 17224 c:\windows\system32\DriverStore\FileRepository\sssdsdm2.inf_amd64_neutral_29ac14b64340ac80\amd64\sssdcmnt.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 17224 c:\windows\system32\DriverStore\FileRepository\sssdobx2.inf_amd64_neutral_3fd1f638c64396f1\amd64\sssdcmnt.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 20808 c:\windows\system32\DriverStore\FileRepository\sssdmdm2.inf_amd64_neutral_1a6f106eaa620fcc\amd64\sssdmdfl.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 17224 c:\windows\system32\DriverStore\FileRepository\sssdmdm2.inf_amd64_neutral_1a6f106eaa620fcc\amd64\sssdcmnt.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 17736 c:\windows\system32\DriverStore\FileRepository\sssdbus.inf_amd64_neutral_2c086231d5030ed1\amd64\sssdwhnt.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 15360 c:\windows\system32\DriverStore\FileRepository\ssm_ser2.inf_amd64_neutral_90500022f5ee5502\amd64\ssm_cmnt.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 18944 c:\windows\system32\DriverStore\FileRepository\ssm_mdm2.inf_amd64_neutral_8a6ed9e25774e477\amd64\ssm_mdfl.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 15360 c:\windows\system32\DriverStore\FileRepository\ssm_mdm2.inf_amd64_neutral_8a6ed9e25774e477\amd64\ssm_cmnt.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 15872 c:\windows\system32\DriverStore\FileRepository\ssm_bus.inf_amd64_neutral_282b82799728f1c6\amd64\ssm_whnt.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 15872 c:\windows\system32\DriverStore\FileRepository\ssecunic.inf_amd64_neutral_e37043d36926d065\amd64\ssecwhnt.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 13312 c:\windows\system32\DriverStore\FileRepository\ssecunic.inf_amd64_neutral_e37043d36926d065\amd64\sseccrnt.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 14848 c:\windows\system32\DriverStore\FileRepository\ssecsdm2.inf_amd64_neutral_f8f2e725ef31735d\amd64\sseccmnt.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 14848 c:\windows\system32\DriverStore\FileRepository\ssecobx2.inf_amd64_neutral_28cee263fdbd49c1\amd64\sseccmnt.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 34304 c:\windows\system32\DriverStore\FileRepository\ssecndis.inf_amd64_neutral_c3c9e76d1fa7b1be\amd64\ssecnd5.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 18944 c:\windows\system32\DriverStore\FileRepository\ssecmdm2.inf_amd64_neutral_7650de2ad52e799c\amd64\ssecmdfl.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 14848 c:\windows\system32\DriverStore\FileRepository\ssecmdm2.inf_amd64_neutral_7650de2ad52e799c\amd64\sseccmnt.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 15872 c:\windows\system32\DriverStore\FileRepository\ssecbus.inf_amd64_neutral_0745b2a227fcff7a\amd64\ssecwhnt.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 15944 c:\windows\system32\DriverStore\FileRepository\ssdudfu.inf_amd64_neutral_178084af5935a222\amd64\ssduwhnt.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 91208 c:\windows\system32\DriverStore\FileRepository\ssdudfu.inf_amd64_neutral_178084af5935a222\amd64\ssdudfu.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 15360 c:\windows\system32\DriverStore\FileRepository\sscesdm2.inf_amd64_neutral_5ba67db7c890f91a\amd64\sscecmnt.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 18944 c:\windows\system32\DriverStore\FileRepository\sscemdm2.inf_amd64_neutral_74f4a27de2bbc485\amd64\sscemdfl.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 15360 c:\windows\system32\DriverStore\FileRepository\sscemdm2.inf_amd64_neutral_74f4a27de2bbc485\amd64\sscecmnt.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 15872 c:\windows\system32\DriverStore\FileRepository\sscebus.inf_amd64_neutral_910b5c17945c9460\amd64\sscewhnt.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 19016 c:\windows\system32\DriverStore\FileRepository\sscdw2k.inf_amd64_neutral_f10c2995a60f0dbb\amd64\sscdmdfl.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 15432 c:\windows\system32\DriverStore\FileRepository\sscdw2k.inf_amd64_neutral_f10c2995a60f0dbb\amd64\sscdcmnt.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 15432 c:\windows\system32\DriverStore\FileRepository\sscdsdm2.inf_amd64_neutral_81a4504f027ce380\amd64\sscdcmnt.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 15944 c:\windows\system32\DriverStore\FileRepository\sscdbus.inf_amd64_neutral_778ff86e71c86806\amd64\sscdwhnt.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 18944 c:\windows\system32\DriverStore\FileRepository\ssbcmdm2.inf_amd64_neutral_213d8cdcfe2b0ef6\amd64\ssbcmdfl.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 14848 c:\windows\system32\DriverStore\FileRepository\ssbcmdm2.inf_amd64_neutral_213d8cdcfe2b0ef6\amd64\ssbccmnt.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 15872 c:\windows\system32\DriverStore\FileRepository\ssbcbus.inf_amd64_neutral_6a998f5fe26c7a34\amd64\ssbcwhnt.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 15944 c:\windows\system32\DriverStore\FileRepository\ssaeunic.inf_amd64_neutral_f251edfe6ddfd1bf\amd64\ssaewhnt.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 14920 c:\windows\system32\DriverStore\FileRepository\ssaeunic.inf_amd64_neutral_f251edfe6ddfd1bf\amd64\ssaecrnt.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 34376 c:\windows\system32\DriverStore\FileRepository\ssaendis.inf_amd64_neutral_2a09a18b89bd4cb6\amd64\ssaend5.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 19016 c:\windows\system32\DriverStore\FileRepository\ssaemdm2.inf_amd64_neutral_aab4956d58316cca\amd64\ssaemdfl.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 15432 c:\windows\system32\DriverStore\FileRepository\ssaemdm2.inf_amd64_neutral_aab4956d58316cca\amd64\ssaecmnt.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 15944 c:\windows\system32\DriverStore\FileRepository\ssaebus.inf_amd64_neutral_52d5c961892b3d6b\amd64\ssaewhnt.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 36256 c:\windows\system32\DriverStore\FileRepository\ssaeadb2.inf_amd64_neutral_be801ca834b05d87\amd64\ssaeadb.sys
+ 2012-05-19 07:06 . 2011-01-03 08:38 13288 c:\windows\system32\DriverStore\FileRepository\ssadsdm2.inf_amd64_neutral_543e42101a1fdacc\amd64\ssadcmnt.sys
+ 2012-05-19 07:06 . 2011-01-03 08:38 16872 c:\windows\system32\DriverStore\FileRepository\ssadmdm2.inf_amd64_neutral_0e1e7c83b11d3ad5\amd64\ssadmdfl.sys
+ 2012-05-19 07:06 . 2011-01-03 08:38 13288 c:\windows\system32\DriverStore\FileRepository\ssadmdm2.inf_amd64_neutral_0e1e7c83b11d3ad5\amd64\ssadcmnt.sys
+ 2012-05-19 07:06 . 2011-01-03 08:38 13800 c:\windows\system32\DriverStore\FileRepository\ssadbus.inf_amd64_neutral_958d45acef50d182\amd64\ssadwhnt.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 36328 c:\windows\system32\DriverStore\FileRepository\ssadadb2.inf_amd64_neutral_fe000d2731fb415b\amd64\ssadadb.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 18944 c:\windows\system32\DriverStore\FileRepository\ss_mdm2.inf_amd64_neutral_cf1c4663ef7c9a1d\amd64\ss_mdfl.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 15360 c:\windows\system32\DriverStore\FileRepository\ss_mdm2.inf_amd64_neutral_cf1c4663ef7c9a1d\amd64\ss_cmnt.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 15872 c:\windows\system32\DriverStore\FileRepository\ss_bus.inf_amd64_neutral_6d955f904c10c7ea\amd64\ss_whnt.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 15360 c:\windows\system32\DriverStore\FileRepository\ss_bsdm2.inf_amd64_neutral_0a371e51eb1c4f49\amd64\ss_bcmnt.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 18944 c:\windows\system32\DriverStore\FileRepository\ss_bmdm2.inf_amd64_neutral_0b4d9aff4bff4834\amd64\ss_bmdfl.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 15360 c:\windows\system32\DriverStore\FileRepository\ss_bmdm2.inf_amd64_neutral_0b4d9aff4bff4834\amd64\ss_bcmnt.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 15872 c:\windows\system32\DriverStore\FileRepository\ss_bbus.inf_amd64_neutral_c15b1b62bb89ce93\amd64\ss_bwhnt.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 18944 c:\windows\system32\DriverStore\FileRepository\secumdm2.inf_amd64_neutral_3188a136cdb27f07\amd64\secumdfl.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 14848 c:\windows\system32\DriverStore\FileRepository\secumdm2.inf_amd64_neutral_3188a136cdb27f07\amd64\secucmnt.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 15872 c:\windows\system32\DriverStore\FileRepository\secubus.inf_amd64_neutral_2485f81ced67332f\amd64\secuwhnt.sys
+ 2012-05-19 07:06 . 2011-01-25 00:47 88832 c:\windows\system32\DriverStore\FileRepository\mbtmdm.inf_amd64_neutral_ad7a0b406dde284e\amd64\mbtusbser.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 24064 c:\windows\system32\DriverStore\FileRepository\hspusb.inf_amd64_neutral_aa9384c434d5a484\amd64\HSPUSB.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 19968 c:\windows\system32\DriverStore\FileRepository\flashusb_x64.inf_amd64_neutral_e46c63b64ae37057\FlashUSB_x64.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 69120 c:\windows\system32\DriverStore\FileRepository\ccdcmbsax64.inf_amd64_neutral_070f9083c302ca83\nmwcdclsx64.dll
+ 2012-05-19 07:06 . 2010-12-21 05:55 19456 c:\windows\system32\DriverStore\FileRepository\ccdcmbsax64.inf_amd64_neutral_070f9083c302ca83\ccdcmbsax64.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 25088 c:\windows\system32\DriverStore\FileRepository\ccdcmbsaox64.inf_amd64_neutral_cda946f4d092ea4c\ccdcmbsaox64.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 49664 c:\windows\system32\DriverStore\FileRepository\c7xxphone.inf_amd64_neutral_4732a16017f7bb26\XP64\C7xPHNX6.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 48640 c:\windows\system32\DriverStore\FileRepository\c7xxphone.inf_amd64_neutral_4732a16017f7bb26\W764\C7xPHN76.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 49664 c:\windows\system32\DriverStore\FileRepository\c7xxphone.inf_amd64_neutral_4732a16017f7bb26\VT64\C7xPHNV6.sys
+ 2009-07-14 00:09 . 2009-07-14 00:09 19968 c:\windows\system32\drivers\usb8023x.sys
+ 2009-07-14 00:09 . 2009-07-14 00:09 41472 c:\windows\system32\drivers\rndismpx.sys
- 2012-02-18 20:03 . 2012-05-19 05:55 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-02-18 20:03 . 2012-05-19 07:17 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-02-18 20:03 . 2012-05-19 05:55 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-02-18 20:03 . 2012-05-19 07:17 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-02-18 20:03 . 2012-05-19 05:55 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-18 20:03 . 2012-05-19 07:17 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-12 18:40 . 2012-05-19 07:16 3538 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-03-12 18:40 . 2012-05-19 05:53 3538 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-02-18 20:26 . 2012-05-19 05:58 6552 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3356171485-3904491640-1079932676-1000_UserData.bin
+ 2012-05-19 07:12 . 2012-05-19 07:12 9560 c:\windows\system32\NetworkList\Icons\{924B56C5-41A4-44A8-86AB-50D963090CB7}_48.bin
+ 2012-05-19 07:12 . 2012-05-19 07:12 4280 c:\windows\system32\NetworkList\Icons\{924B56C5-41A4-44A8-86AB-50D963090CB7}_32.bin
+ 2012-05-19 07:12 . 2012-05-19 07:12 2456 c:\windows\system32\NetworkList\Icons\{924B56C5-41A4-44A8-86AB-50D963090CB7}_24.bin
+ 2012-05-19 07:06 . 2010-12-21 05:55 9216 c:\windows\system32\DriverStore\FileRepository\ccdcmbsamx64.inf_amd64_neutral_89226c160d4d9620\usbser_lowerfltsax64.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 9216 c:\windows\system32\DriverStore\FileRepository\ccdcmbcjsax64.inf_amd64_neutral_b7e0f9145307ac4b\usbser_lowerfltsax64j.sys
+ 2012-05-19 07:17 . 2012-05-19 07:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-19 05:53 . 2012-05-19 05:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-19 05:53 . 2012-05-19 05:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-19 07:17 . 2012-05-19 07:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-05-19 07:08 618026 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-17 03:47 618026 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-17 03:47 104340 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-05-19 07:08 104340 c:\windows\system32\perfc009.dat
- 2009-07-14 05:30 . 2012-05-17 03:30 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-05-19 07:17 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-05-17 03:29 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-05-19 07:06 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2012-05-19 07:06 . 2011-02-18 04:47 202560 c:\windows\system32\DriverStore\FileRepository\ssudserd.inf_amd64_neutral_8e7fc36012f8063f\amd64\ssudserd.sys
+ 2012-05-19 07:06 . 2011-02-18 04:47 202560 c:\windows\system32\DriverStore\FileRepository\ssudobex.inf_amd64_neutral_9873e2de68829155\amd64\ssudobex.sys
+ 2012-05-19 07:06 . 2011-02-18 04:47 202560 c:\windows\system32\DriverStore\FileRepository\ssudmdm.inf_amd64_neutral_ba04139c48cd05a3\amd64\ssudmdm.sys
+ 2012-05-19 07:06 . 2011-02-18 04:47 202560 c:\windows\system32\DriverStore\FileRepository\ssuddmgr.inf_amd64_neutral_8f15244aac0bd555\amd64\ssuddmgr.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 708168 c:\windows\system32\DriverStore\FileRepository\ssudadb.inf_amd64_neutral_198195521bf3f307\amd64\WinUSBCoInstaller.dll
+ 2012-05-19 07:06 . 2010-12-21 05:55 142664 c:\windows\system32\DriverStore\FileRepository\sssdsdm2.inf_amd64_neutral_29ac14b64340ac80\amd64\sssdmgmt.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 138056 c:\windows\system32\DriverStore\FileRepository\sssdobx2.inf_amd64_neutral_3fd1f638c64396f1\amd64\sssdobex.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 163144 c:\windows\system32\DriverStore\FileRepository\sssdmdm2.inf_amd64_neutral_1a6f106eaa620fcc\amd64\sssdmdm.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 129352 c:\windows\system32\DriverStore\FileRepository\sssdbus.inf_amd64_neutral_2c086231d5030ed1\amd64\sssdbus.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 172032 c:\windows\system32\DriverStore\FileRepository\ssm_ser2.inf_amd64_neutral_90500022f5ee5502\amd64\ssm_mdm.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 172032 c:\windows\system32\DriverStore\FileRepository\ssm_mdm2.inf_amd64_neutral_8a6ed9e25774e477\amd64\ssm_mdm.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 136192 c:\windows\system32\DriverStore\FileRepository\ssm_bus.inf_amd64_neutral_282b82799728f1c6\amd64\ssm_bus.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 145408 c:\windows\system32\DriverStore\FileRepository\ssecunic.inf_amd64_neutral_e37043d36926d065\amd64\ssecunic.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 132096 c:\windows\system32\DriverStore\FileRepository\ssecsdm2.inf_amd64_neutral_f8f2e725ef31735d\amd64\ssecmgmt.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 127488 c:\windows\system32\DriverStore\FileRepository\ssecobx2.inf_amd64_neutral_28cee263fdbd49c1\amd64\ssecobex.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 152064 c:\windows\system32\DriverStore\FileRepository\ssecmdm2.inf_amd64_neutral_7650de2ad52e799c\amd64\ssecmdm.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 113664 c:\windows\system32\DriverStore\FileRepository\ssecbus.inf_amd64_neutral_0745b2a227fcff7a\amd64\ssecbus.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 129024 c:\windows\system32\DriverStore\FileRepository\sscesdm2.inf_amd64_neutral_5ba67db7c890f91a\amd64\ssceserd.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 161280 c:\windows\system32\DriverStore\FileRepository\sscemdm2.inf_amd64_neutral_74f4a27de2bbc485\amd64\sscemdm.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 127488 c:\windows\system32\DriverStore\FileRepository\sscebus.inf_amd64_neutral_910b5c17945c9460\amd64\sscebus.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 172104 c:\windows\system32\DriverStore\FileRepository\sscdw2k.inf_amd64_neutral_f10c2995a60f0dbb\amd64\sscdmdm.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 141384 c:\windows\system32\DriverStore\FileRepository\sscdsdm2.inf_amd64_neutral_81a4504f027ce380\amd64\sscdserd.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 136264 c:\windows\system32\DriverStore\FileRepository\sscdbus.inf_amd64_neutral_778ff86e71c86806\amd64\sscdbus.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 145408 c:\windows\system32\DriverStore\FileRepository\ssbcmdm2.inf_amd64_neutral_213d8cdcfe2b0ef6\amd64\ssbcmdm.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 108032 c:\windows\system32\DriverStore\FileRepository\ssbcbus.inf_amd64_neutral_6a998f5fe26c7a34\amd64\ssbcbus.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 178760 c:\windows\system32\DriverStore\FileRepository\ssaeunic.inf_amd64_neutral_f251edfe6ddfd1bf\amd64\ssaeunic.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 171592 c:\windows\system32\DriverStore\FileRepository\ssaemdm2.inf_amd64_neutral_aab4956d58316cca\amd64\ssaemdm.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 136264 c:\windows\system32\DriverStore\FileRepository\ssaebus.inf_amd64_neutral_52d5c961892b3d6b\amd64\ssaebus.sys
+ 2012-05-19 07:06 . 2011-01-03 08:38 145384 c:\windows\system32\DriverStore\FileRepository\ssadsdm2.inf_amd64_neutral_543e42101a1fdacc\amd64\ssadserd.sys
+ 2012-05-19 07:06 . 2011-01-03 08:38 177128 c:\windows\system32\DriverStore\FileRepository\ssadmdm2.inf_amd64_neutral_0e1e7c83b11d3ad5\amd64\ssadmdm.sys
+ 2012-05-19 07:06 . 2011-01-03 08:38 157160 c:\windows\system32\DriverStore\FileRepository\ssadbus.inf_amd64_neutral_958d45acef50d182\amd64\ssadbus.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 161280 c:\windows\system32\DriverStore\FileRepository\ss_mdm2.inf_amd64_neutral_cf1c4663ef7c9a1d\amd64\ss_mdm.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 127488 c:\windows\system32\DriverStore\FileRepository\ss_bus.inf_amd64_neutral_6d955f904c10c7ea\amd64\ss_bus.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 128000 c:\windows\system32\DriverStore\FileRepository\ss_bsdm2.inf_amd64_neutral_0a371e51eb1c4f49\amd64\ss_bserd.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 161280 c:\windows\system32\DriverStore\FileRepository\ss_bmdm2.inf_amd64_neutral_0b4d9aff4bff4834\amd64\ss_bmdm.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 127488 c:\windows\system32\DriverStore\FileRepository\ss_bbus.inf_amd64_neutral_c15b1b62bb89ce93\amd64\ss_bbus.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 160768 c:\windows\system32\DriverStore\FileRepository\secumdm2.inf_amd64_neutral_3188a136cdb27f07\amd64\secumdm.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 118784 c:\windows\system32\DriverStore\FileRepository\secubus.inf_amd64_neutral_2485f81ced67332f\amd64\secubus.sys
+ 2012-05-19 07:06 . 2010-12-21 05:55 1490656 c:\windows\system32\DriverStore\FileRepository\ssudnd5.inf_amd64_neutral_607d78d6681a8561\amd64\WdfCoInstaller01007.dll
+ 2012-05-19 07:06 . 2010-12-21 05:55 1490656 c:\windows\system32\DriverStore\FileRepository\ssudadb.inf_amd64_neutral_198195521bf3f307\amd64\WdfCoInstaller01007.dll
+ 2012-05-19 07:06 . 2010-12-21 05:55 1917344 c:\windows\system32\DriverStore\FileRepository\ssaeadb2.inf_amd64_neutral_be801ca834b05d87\amd64\ssaeCoInstaller01005.dll
+ 2012-05-19 07:06 . 2010-12-21 05:55 1917416 c:\windows\system32\DriverStore\FileRepository\ssadadb2.inf_amd64_neutral_fe000d2731fb415b\amd64\WdfCoInstaller01005.dll
+ 2012-05-19 07:06 . 2010-12-21 05:55 1721576 c:\windows\system32\DriverStore\FileRepository\ccdcmbsax64.inf_amd64_neutral_070f9083c302ca83\wdfcoinstaller01009.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-18 399736]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-02-25 1242448]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"F.lux"="c:\users\Archie\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2012-04-04 1261472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
.
c:\users\Archie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-5-9 1014112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-12-28 51727736]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-14 129976]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 ssudnflt;Remote NDIS Filter Driver;c:\windows\system32\DRIVERS\ssudnflt.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Realtek87B;Realtek87B;c:\program files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe [2009-12-07 40960]
S2 RipCore;RipCore;c:\program files (x86)\Fawkes Engineering\AccuRIP\RipCore.exe [2012-03-27 2107800]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [x]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 10:10]
.
2012-05-19 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS.exe [2012-03-27 06:38]
.
2012-05-19 c:\windows\Tasks\AutoKMSDaily.job
- c:\windows\AutoKMS.exe [2012-03-27 06:38]
.
2012-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3356171485-3904491640-1079932676-1000Core.job
- c:\users\Archie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-18 20:03]
.
2012-05-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3356171485-3904491640-1079932676-1000UA.job
- c:\users\Archie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-18 20:03]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://eweb4.laccd.edu/WebStudent/signon.asp
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Lookup on Merriam Webster
IE: Lookup on Wikipedia
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Archie\AppData\Roaming\Mozilla\Firefox\Profiles\n5jasqfs.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3356171485-3904491640-1079932676-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*A*OÈQ%]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3356171485-3904491640-1079932676-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*A*OÈQ%\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3356171485-3904491640-1079932676-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*F*VT²D]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3356171485-3904491640-1079932676-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*F*VT²D\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3356171485-3904491640-1079932676-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*F*•ÆU]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3356171485-3904491640-1079932676-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*F*•ÆU\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3356171485-3904491640-1079932676-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*L*e*n*šT²D\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3356171485-3904491640-1079932676-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*L*i*n*9¸ÞO\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3356171485-3904491640-1079932676-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R*o*x*ÞgO\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3356171485-3904491640-1079932676-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*A*OÈQ%]
@Allowed: (Read) (RestrictedCode)
"0"=hex:66,69,6c,65,3a,2f,2f,2f,44,3a,2f,50,6f,72,6e,2f,46,4f,4f,48,2f,45,64,
65,6e,2e,41,64,61,6d,73,2e,77,6d,76,00,2e,00,41,00,4f,c8,51,25,00,00,a6,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-3356171485-3904491640-1079932676-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*F*VT²D]
@Allowed: (Read) (RestrictedCode)
"0"=hex:66,69,6c,65,3a,2f,2f,2f,44,3a,2f,50,6f,72,6e,2f,46,4f,4f,48,2f,53,63,
61,72,6c,65,74,74,2e,46,61,79,2e,77,6d,76,00,65,00,74,00,74,00,2e,00,46,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-3356171485-3904491640-1079932676-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*F*•ÆU]
@Allowed: (Read) (RestrictedCode)
"0"=hex:66,69,6c,65,3a,2f,2f,2f,44,3a,2f,50,6f,72,6e,2f,46,4f,4f,48,2f,53,63,
61,72,6c,65,74,74,2e,46,61,79,2e,77,6d,76,00,65,00,74,00,74,00,2e,00,46,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtWlan.exe
.
**************************************************************************
.
Completion time: 2012-05-19 00:19:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-19 07:19
ComboFix2.txt 2012-05-19 05:58
ComboFix3.txt 2012-05-09 22:15
ComboFix4.txt 2012-04-19 06:04
ComboFix5.txt 2012-05-19 07:10
.
Pre-Run: 35,743,535,104 bytes free
Post-Run: 35,884,208,128 bytes free
.
- - End Of File - - 861741E60B38A3C6896266CA71CC720F



Didn't seem like it changed anything, google still redirects, computer still kinda icky

Edited by aupperk24, 19 May 2012 - 02:24 AM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:50 AM

Posted 19 May 2012 - 03:27 AM

greetings


which browsers are redirecting and please verify all that are installed



Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 aupperk24

aupperk24
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 19 May 2012 - 01:00 PM

greetings


which browsers are redirecting and please verify all that are installed



Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo


internet explorer and firefox. Chrome is safe.


OTL logfile created on: 5/19/2012 10:53:27 AM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Archie\Downloads
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 27.07% Memory free
8.00 Gb Paging File | 4.75 Gb Available in Paging File | 59.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.14 Gb Total Space | 33.49 Gb Free Space | 28.11% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 320.11 Gb Free Space | 68.73% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 86.24 Mb Free Space | 86.25% Space Free | Partition Type: NTFS

Computer Name: ARCHIE-PC | User Name: Archie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Archie\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Fawkes Engineering\AccuRIP\RipCore.exe ()
PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
PRC - C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe (Realtek)
PRC - C:\Users\Archie\Local Settings\Apps\F.lux\flux.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Users\Archie\AppData\Local\Google\Chrome\Application\19.0.1084.46\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Archie\AppData\Local\Google\Chrome\Application\19.0.1084.46\pdf.dll ()
MOD - C:\Users\Archie\AppData\Local\Google\Chrome\Application\19.0.1084.46\libglesv2.dll ()
MOD - C:\Users\Archie\AppData\Local\Google\Chrome\Application\19.0.1084.46\libegl.dll ()
MOD - C:\Users\Archie\AppData\Local\Google\Chrome\Application\19.0.1084.46\avutil-51.dll ()
MOD - C:\Users\Archie\AppData\Local\Google\Chrome\Application\19.0.1084.46\avformat-54.dll ()
MOD - C:\Users\Archie\AppData\Local\Google\Chrome\Application\19.0.1084.46\avcodec-54.dll ()
MOD - C:\Users\Archie\AppData\Local\Google\Chrome\Application\19.0.1084.46\gcswf32.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Users\Archie\Local Settings\Apps\F.lux\flux.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (RipCore) -- C:\Program Files (x86)\Fawkes Engineering\AccuRIP\RipCore.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Realtek87B) -- C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe (Realtek)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION)


========== Driver Services (SafeList) ==========

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (ssudnflt) -- C:\Windows\SysNative\drivers\ssudnflt.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (RTL8187) -- C:\Windows\SysNative\drivers\rtl8187.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3356171485-3904491640-1079932676-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://eweb4.laccd.edu/WebStudent/signon.asp
IE - HKU\S-1-5-21-3356171485-3904491640-1079932676-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3356171485-3904491640-1079932676-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 8E 80 BD 09 F3 CC 01 [binary data]
IE - HKU\S-1-5-21-3356171485-3904491640-1079932676-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3356171485-3904491640-1079932676-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3356171485-3904491640-1079932676-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3356171485-3904491640-1079932676-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Archie\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Archie\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012/02/18 17:58:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/05/09 19:10:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/13 17:04:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/04/08 15:27:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Archie\AppData\Roaming\Mozilla\Extensions
[2012/05/12 08:56:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Archie\AppData\Roaming\Mozilla\Firefox\Profiles\n5jasqfs.default\extensions
[2012/04/08 15:27:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/08 15:28:10 | 000,052,197 | ---- | M] () (No name found) -- C:\USERS\ARCHIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N5JASQFS.DEFAULT\EXTENSIONS\FIREFORCE@SCRT.CH.XPI
[2012/05/13 17:04:54 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/12 21:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/12 21:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Archie\AppData\Local\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Archie\AppData\Local\Google\Chrome\Application\19.0.1084.46\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Archie\AppData\Local\Google\Chrome\Application\19.0.1084.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Archie\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Archie\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\Archie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Archie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\Archie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.33_0\
CHR - Extension: Gmail = C:\Users\Archie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/05/19 00:17:12 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKU\S-1-5-21-3356171485-3904491640-1079932676-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-3356171485-3904491640-1079932676-1000..\Run: [Adobe Acrobat Synchronizer] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-3356171485-3904491640-1079932676-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3356171485-3904491640-1079932676-1000..\Run: [F.lux] C:\Users\Archie\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKU\S-1-5-21-3356171485-3904491640-1079932676-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3356171485-3904491640-1079932676-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Archie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3356171485-3904491640-1079932676-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3356171485-3904491640-1079932676-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Lookup on Merriam Webster - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: Lookup on Wikipedia - Reg Error: Value error. File not found
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Lookup on Merriam Webster - Reg Error: Value error. File not found
O8 - Extra context menu item: Lookup on Wikipedia - Reg Error: Value error. File not found
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E008CBF-A4CA-4F6A-AADB-C9ED961E912B}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{837629D1-8269-4A7D-8942-BF43294878C7}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\navnet - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\navnet {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - C:\Program Files (x86)\NavNetApp\ComUtilities.dll (MH)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (C:\Windows\SYSTEM32\RtlGina\RtlGina.DLL) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/19 00:19:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/19 00:06:34 | 001,490,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01007.dll
[2012/05/19 00:06:34 | 000,708,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinUSBCoInstaller.dll
[2012/05/19 00:06:34 | 000,019,520 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudnflt.sys
[2012/05/19 00:06:33 | 000,202,560 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2012/05/19 00:06:33 | 000,082,112 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2012/05/19 00:06:06 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2012/05/19 00:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2012/05/16 20:29:20 | 000,000,000 | ---D | C] -- C:\Users\Archie\AppData\Roaming\Research In Motion
[2012/05/16 20:29:05 | 000,031,744 | ---- | C] (Research in Motion Ltd) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys
[2012/05/16 20:28:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Research In Motion
[2012/05/15 09:10:15 | 000,000,000 | ---D | C] -- C:\Users\Archie\Documents\Diablo III
[2012/05/15 08:38:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012/05/15 08:38:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III
[2012/05/15 08:38:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012/05/15 08:38:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2012/05/15 08:36:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012/05/14 19:59:12 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Archie\Desktop\dds.scr
[2012/05/13 17:04:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/05/13 17:04:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/10 08:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2012/05/09 22:44:09 | 000,000,000 | ---D | C] -- C:\Users\Archie\AppData\Roaming\ieSpell
[2012/05/09 14:59:17 | 004,498,946 | R--- | C] (Swearware) -- C:\Users\Archie\Desktop\ComboFix.exe
[2012/05/03 15:31:40 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/05/03 15:31:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012/05/03 15:31:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/05/03 15:30:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/05/01 14:08:40 | 000,000,000 | ---D | C] -- C:\Users\Archie\Desktop\misc
[2012/04/28 20:32:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hex Workshop v6.6
[2012/04/28 20:32:36 | 000,000,000 | ---D | C] -- C:\Program Files\BreakPoint Software
[2012/04/25 16:03:31 | 000,000,000 | ---D | C] -- C:\Users\Archie\AppData\Local\Navnet_Solutions
[2012/04/25 15:25:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NavNetApp
[2012/04/25 15:25:20 | 000,000,000 | ---D | C] -- C:\Users\Archie\AppData\Roaming\NavNet Solutions
[2012/04/25 15:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NavNet
[2012/04/25 15:23:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NavNet
[2012/04/25 15:16:59 | 000,000,000 | ---D | C] -- C:\Users\Archie\Photobleepet
[2012/04/25 14:55:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Photobleepet
[2012/04/20 17:50:22 | 000,000,000 | ---D | C] -- C:\Users\Archie\Desktop\Encrypted Book
[2012/04/20 17:47:09 | 000,000,000 | ---D | C] -- C:\Users\Archie\Desktop\DecryptedBook
[2012/04/20 17:37:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
[2012/04/20 17:37:02 | 000,000,000 | ---D | C] -- C:\Python27
[2012/04/20 15:50:47 | 000,000,000 | ---D | C] -- C:\Users\Archie\Documents\My Barnes & Noble eBooks
[2012/04/20 15:50:47 | 000,000,000 | ---D | C] -- C:\Users\Archie\AppData\Roaming\Barnes & Noble
[2012/04/20 15:50:20 | 000,000,000 | ---D | C] -- C:\NookBooks
[2012/04/20 15:49:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Barnes & Noble
[2012/04/20 15:49:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Barnes & Noble
[2012/04/20 13:20:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[20 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/19 10:13:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3356171485-3904491640-1079932676-1000UA.job
[2012/05/19 10:10:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/19 01:15:07 | 000,717,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/19 01:15:07 | 000,618,026 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/19 01:15:07 | 000,104,340 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/19 00:24:08 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/19 00:24:08 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/19 00:17:31 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012/05/19 00:17:28 | 000,000,202 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
[2012/05/19 00:17:28 | 000,000,202 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2012/05/19 00:17:20 | 000,078,848 | ---- | M] () -- C:\Windows\KMSEmulator.exe
[2012/05/19 00:17:12 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/05/19 00:17:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/19 00:16:49 | 3220,873,216 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/18 23:58:41 | 000,000,512 | ---- | M] () -- C:\Users\Archie\Desktop\MBR.dat
[2012/05/18 23:52:57 | 000,004,435 | ---- | M] () -- C:\Users\Archie\Desktop\tetherxp.inf
[2012/05/18 22:47:03 | 004,498,946 | R--- | M] (Swearware) -- C:\Users\Archie\Desktop\ComboFix.exe
[2012/05/18 22:04:26 | 000,079,734 | ---- | M] () -- C:\Users\Archie\Desktop\Personality test based on Jung - Myers-Briggs typology.pdf
[2012/05/18 12:58:56 | 000,047,832 | ---- | M] () -- C:\E-Trade Home Computer Layout.pag
[2012/05/18 12:13:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3356171485-3904491640-1079932676-1000Core.job
[2012/05/16 20:30:49 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimUsb_AMD64_01009.Wdf
[2012/05/15 08:38:30 | 000,001,193 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012/05/14 22:29:33 | 003,550,671 | ---- | M] () -- C:\Users\Archie\Desktop\20120507_191635.jpg
[2012/05/14 19:59:11 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Archie\Desktop\dds.scr
[2012/05/14 14:16:13 | 000,022,428 | ---- | M] () -- C:\Users\Archie\Desktop\png.png
[2012/05/09 19:10:49 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2012/05/05 03:10:13 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/05/05 03:10:13 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/05/05 03:10:11 | 008,744,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/05/04 01:29:32 | 000,001,131 | ---- | M] () -- C:\Users\Archie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
[2012/05/04 01:29:26 | 000,000,936 | ---- | M] () -- C:\Users\Archie\Desktop\Evernote.lnk
[2012/05/04 00:46:37 | 000,001,891 | ---- | M] () -- C:\Users\Archie\Desktop\chrome - Shortcut.lnk
[2012/05/02 19:20:17 | 000,075,317 | ---- | M] () -- C:\Users\Archie\Desktop\obama.jpg
[2012/05/01 11:48:46 | 000,061,426 | ---- | M] () -- C:\Users\Archie\Desktop\proof.jpg
[2012/05/01 07:20:11 | 000,005,574 | ---- | M] () -- C:\Users\Archie\Desktop\download.jpg
[2012/04/29 18:54:11 | 000,106,622 | ---- | M] () -- C:\Users\Archie\Desktop\20120429_182645.jpg
[2012/04/29 18:45:07 | 000,146,005 | ---- | M] () -- C:\Users\Archie\Desktop\20120429_182644.jpg
[2012/04/29 18:27:27 | 001,900,447 | ---- | M] () -- C:\Users\Archie\Desktop\20120429_182643.jpg
[2012/04/28 20:32:37 | 000,001,258 | ---- | M] () -- C:\Users\Public\Desktop\Hex Workshop Hex Editor (64 bit).lnk
[2012/04/27 17:04:06 | 000,069,856 | ---- | M] () -- C:\Users\Archie\Desktop\316045_2236561726106_1609887875_32252236_1755518458_n.jpg
[2012/04/25 15:35:12 | 000,122,424 | ---- | M] () -- C:\Users\Archie\Desktop\zyzz-steroids1.jpg
[2012/04/25 15:34:55 | 000,029,212 | ---- | M] () -- C:\Users\Archie\Desktop\154626_475459937225_351749002225_5532579_8067531_n.jpg
[2012/04/25 15:34:47 | 000,057,744 | ---- | M] () -- C:\Users\Archie\Desktop\33884_442846007225_351749002225_5050820_556506_n.jpg
[2012/04/25 15:25:21 | 000,000,940 | ---- | M] () -- C:\Users\Public\Desktop\NavNet.lnk
[2012/04/24 01:56:12 | 006,975,928 | ---- | M] () -- C:\Users\Archie\Desktop\Photobleepet0125_Installer.exe
[2012/04/22 07:45:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\lame_acm.xml
[2012/04/21 23:23:51 | 000,011,850 | ---- | M] () -- C:\Users\Archie\Desktop\MADCOW 5x5.pdf
[2012/04/21 22:53:27 | 000,062,661 | ---- | M] () -- C:\Users\Archie\Desktop\Weekly Agenda Stylew.pdf
[2012/04/21 19:51:26 | 000,064,177 | ---- | M] () -- C:\Users\Archie\Desktop\Weekly Agenda Style.pdf
[2012/04/21 18:57:52 | 000,001,105 | ---- | M] () -- C:\Users\Archie\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/04/21 01:22:33 | 002,096,312 | ---- | M] () -- C:\Users\Archie\Desktop\20120420_230431.jpg
[2012/04/20 15:49:58 | 000,001,032 | ---- | M] () -- C:\Users\Public\Desktop\NOOK Study.lnk
[20 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/19 00:17:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012/05/18 23:58:41 | 000,000,512 | ---- | C] () -- C:\Users\Archie\Desktop\MBR.dat
[2012/05/18 23:53:05 | 000,004,435 | ---- | C] () -- C:\Users\Archie\Desktop\tetherxp.inf
[2012/05/18 22:04:26 | 000,079,734 | ---- | C] () -- C:\Users\Archie\Desktop\Personality test based on Jung - Myers-Briggs typology.pdf
[2012/05/16 20:30:49 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimUsb_AMD64_01009.Wdf
[2012/05/15 08:38:02 | 000,001,193 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012/05/14 22:28:46 | 003,550,671 | ---- | C] () -- C:\Users\Archie\Desktop\20120507_191635.jpg
[2012/05/14 20:15:52 | 000,302,592 | ---- | C] () -- C:\Users\Archie\Desktop\gmer.exe
[2012/05/14 14:16:13 | 000,022,428 | ---- | C] () -- C:\Users\Archie\Desktop\png.png
[2012/05/09 19:10:49 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2012/05/08 06:21:09 | 000,078,848 | ---- | C] () -- C:\Windows\KMSEmulator.exe
[2012/05/04 01:29:32 | 000,001,131 | ---- | C] () -- C:\Users\Archie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
[2012/05/04 01:29:26 | 000,000,936 | ---- | C] () -- C:\Users\Archie\Desktop\Evernote.lnk
[2012/05/02 19:20:16 | 000,075,317 | ---- | C] () -- C:\Users\Archie\Desktop\obama.jpg
[2012/05/01 11:48:46 | 000,061,426 | ---- | C] () -- C:\Users\Archie\Desktop\proof.jpg
[2012/05/01 07:20:18 | 000,005,574 | ---- | C] () -- C:\Users\Archie\Desktop\download.jpg
[2012/04/29 18:54:09 | 000,106,622 | ---- | C] () -- C:\Users\Archie\Desktop\20120429_182645.jpg
[2012/04/29 18:45:05 | 000,146,005 | ---- | C] () -- C:\Users\Archie\Desktop\20120429_182644.jpg
[2012/04/29 18:27:27 | 001,900,447 | ---- | C] () -- C:\Users\Archie\Desktop\20120429_182643.jpg
[2012/04/28 20:32:37 | 000,001,258 | ---- | C] () -- C:\Users\Public\Desktop\Hex Workshop Hex Editor (64 bit).lnk
[2012/04/28 20:14:57 | 000,001,891 | ---- | C] () -- C:\Users\Archie\Desktop\chrome - Shortcut.lnk
[2012/04/27 17:04:06 | 000,069,856 | ---- | C] () -- C:\Users\Archie\Desktop\316045_2236561726106_1609887875_32252236_1755518458_n.jpg
[2012/04/25 15:35:12 | 000,122,424 | ---- | C] () -- C:\Users\Archie\Desktop\zyzz-steroids1.jpg
[2012/04/25 15:34:55 | 000,029,212 | ---- | C] () -- C:\Users\Archie\Desktop\154626_475459937225_351749002225_5532579_8067531_n.jpg
[2012/04/25 15:34:47 | 000,057,744 | ---- | C] () -- C:\Users\Archie\Desktop\33884_442846007225_351749002225_5050820_556506_n.jpg
[2012/04/25 15:23:30 | 000,000,940 | ---- | C] () -- C:\Users\Public\Desktop\NavNet.lnk
[2012/04/25 14:55:22 | 006,975,928 | ---- | C] () -- C:\Users\Archie\Desktop\Photobleepet0125_Installer.exe
[2012/04/22 07:45:00 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\lame_acm.xml
[2012/04/21 23:23:51 | 000,011,850 | ---- | C] () -- C:\Users\Archie\Desktop\MADCOW 5x5.pdf
[2012/04/21 19:55:15 | 000,062,661 | ---- | C] () -- C:\Users\Archie\Desktop\Weekly Agenda Stylew.pdf
[2012/04/21 19:31:30 | 000,064,177 | ---- | C] () -- C:\Users\Archie\Desktop\Weekly Agenda Style.pdf
[2012/04/21 18:57:52 | 000,001,105 | ---- | C] () -- C:\Users\Archie\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/04/20 23:05:43 | 002,096,312 | ---- | C] () -- C:\Users\Archie\Desktop\20120420_230431.jpg
[2012/04/20 15:49:58 | 000,001,032 | ---- | C] () -- C:\Users\Public\Desktop\NOOK Study.lnk
[2012/04/08 20:58:52 | 000,000,600 | ---- | C] () -- C:\Users\Archie\AppData\Roaming\winscp.rnd
[2012/03/31 15:10:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/31 15:10:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/31 15:10:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/31 15:10:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/31 15:10:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/28 16:33:13 | 000,003,620 | ---- | C] () -- C:\ProgramData\content.ie5
[2012/03/26 23:38:25 | 000,647,168 | ---- | C] () -- C:\Windows\AutoKMS.exe
[2012/03/26 23:38:25 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2012/03/25 23:25:33 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/18 02:44:26 | 000,139,264 | RHS- | C] () -- C:\Windows\SysWow64\storage4.dll
[2012/03/11 17:17:46 | 000,000,132 | ---- | C] () -- C:\Users\Archie\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012/03/11 17:13:23 | 000,000,132 | ---- | C] () -- C:\Users\Archie\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/02/19 02:33:06 | 000,005,632 | ---- | C] () -- C:\Users\Archie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/18 13:24:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/02/18 13:11:39 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2012/02/18 12:51:06 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012/02/14 19:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 19:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/02/09 15:20:38 | 004,794,880 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2012/01/28 13:12:40 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/01/09 20:45:18 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/12/07 20:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2011/09/12 16:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

< End of report >

Attached Files


Edited by aupperk24, 19 May 2012 - 01:02 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users