Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infomash redirect that I can't seem to kill


  • This topic is locked This topic is locked
25 replies to this topic

#1 Fisticuffs

Fisticuffs

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 21 June 2012 - 09:12 AM

I believe I have a particularly sticky rootkit that is redirecting some of my web traffic to Infomash. I've tried several of the usual methods to rid my computer of it, with no success. I've run a full scan with MAM with no threats detected (though it keeps identifying and blocking a bad IP when active protection is enabled), ComboFix doesn't seem to find anything, Hitman Pro finds nothing. I'm not sure what else to do.

It seems to only redirect google search results, and it doesn't do so consistently. At times it will redirect 1 in 5 of the links, other times I can click on 20 links in google without a problem. The IP that MAM keeps blocking is (91.218.121.57). I have IE, Chrome, and Firefox installed on this computer, and all three browsers exhibit similar symptoms.

Below is the DDS as of 15 minutes ago.

Thanks in advance for your help!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by glabelle at 9:58:25 on 2012-06-21
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8073.5800 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
C:\dell\DBRM\Reminder\DbrmTrayicon.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\glabelle\AppData\Local\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\splwow64.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://mail.google.com/mail/?shva=1#inbox
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab
TCP: DhcpNameServer = 10.4.1.10
TCP: Interfaces\{A5D99536-F416-4867-AC3F-27985397274A} : DhcpNameServer = 10.4.1.10
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun-x64: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\glabelle\AppData\Roaming\Mozilla\Firefox\Profiles\locsfis2.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\glabelle\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 DymoPnpService;DYMO PnP Service;C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [2012-1-30 32336]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-9 13336]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-8 654408]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-12-15 450848]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-9 2656536]
R2 Wave Authentication Manager Service;Wave Authentication Manager Service;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-7-1 1600000]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys --> C:\Windows\system32\DRIVERS\BrSerIb.sys [?]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys --> C:\Windows\system32\DRIVERS\BrUsbSIb.sys [?]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech HD Pro Webcam C920(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-13 116648]
S2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2012-6-8 107848]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-29 257224]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-13 116648]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-18 113120]
S3 netvsc;netvsc;C:\Windows\system32\DRIVERS\netvsc60.sys --> C:\Windows\system32\DRIVERS\netvsc60.sys [?]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SynthVid;SynthVid;C:\Windows\system32\DRIVERS\VMBusVideoM.sys --> C:\Windows\system32\DRIVERS\VMBusVideoM.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-21 13:34:38 6352 ----a-w- C:\Windows\System32\PerfStringBackup.TMP
2012-06-21 13:04:26 -------- d-sh--w- C:\$RECYCLE.BIN
2012-06-20 15:24:18 518144 ----a-w- C:\Windows\SWREG.exe
2012-06-20 15:24:18 256000 ----a-w- C:\Windows\PEV.exe
2012-06-20 15:24:18 208896 ----a-w- C:\Windows\MBR.exe
2012-06-20 15:24:17 98816 ----a-w- C:\Windows\sed.exe
2012-06-20 14:45:48 -------- d-----r- C:\Users\glabelle\Dropbox
2012-06-20 14:42:42 -------- d-----w- C:\Users\glabelle\AppData\Roaming\Dropbox
2012-06-19 15:57:43 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{34E61F3B-0D34-4E80-8DEF-AF34EEBF78BE}\mpengine.dll
2012-06-19 15:55:20 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-19 15:55:07 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-19 15:55:07 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-18 15:10:33 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-18 15:10:29 -------- d-----w- C:\Users\glabelle\AppData\Local\Mozilla Firefox
2012-06-18 14:25:14 -------- d-----w- C:\Program Files (x86)\Oracle
2012-06-18 14:24:49 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-06-13 15:25:05 -------- d-----w- C:\Users\glabelle\AppData\Local\Macromedia
2012-06-13 13:28:01 -------- d-----w- C:\Users\glabelle\AppData\Local\webkit
2012-06-13 13:27:18 -------- d-----w- C:\Users\glabelle\.thumbnails
2012-06-13 13:08:02 -------- d-----w- C:\Users\glabelle\AppData\Local\fontconfig
2012-06-13 13:08:01 -------- d-----w- C:\Users\glabelle\AppData\Local\gegl-0.2
2012-06-13 13:08:01 -------- d-----w- C:\Users\glabelle\.gimp-2.8
2012-06-13 13:06:56 -------- d-----w- C:\Program Files\GIMP 2
2012-06-12 20:09:07 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-12 20:09:07 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-12 20:09:07 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-12 20:09:04 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-12 20:09:04 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-12 20:09:03 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-12 20:09:03 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-12 20:09:02 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-12 20:09:01 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-12 20:09:01 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-12 20:09:01 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-12 20:08:59 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-12 20:08:59 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-12 20:08:59 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-12 20:08:59 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-12 20:08:59 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-12 20:08:59 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-12 16:19:40 -------- d-----w- C:\Users\glabelle\AppData\Roaming\PC-FAX TX
2012-06-11 14:10:03 -------- d-----w- C:\Users\glabelle\AppData\Local\Apps
2012-06-08 23:56:06 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2012-06-08 23:38:01 -------- d-----w- C:\Program Files\HitmanPro
2012-06-08 23:19:16 -------- d-----w- C:\ProgramData\HitmanPro
2012-06-08 21:28:48 -------- d-----w- C:\Users\glabelle\AppData\Roaming\Malwarebytes
2012-06-08 21:28:46 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-08 21:28:46 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-08 21:28:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-08 21:15:22 -------- d-----w- C:\Users\glabelle\AppData\Local\{3E1A9FC9-B1AF-11E1-8270-B8AC6F996F26}
2012-06-08 21:15:22 -------- d-----w- C:\Users\glabelle\AppData\Local\{3E1A66E8-B1AF-11E1-8270-B8AC6F996F26}
2012-06-08 21:14:40 -------- d-----w- C:\Users\glabelle\AppData\Roaming\Uhikaq
2012-06-08 21:14:40 -------- d-----w- C:\Users\glabelle\AppData\Roaming\Saaceq
2012-06-08 21:14:40 -------- d-----w- C:\Users\glabelle\AppData\Roaming\Quokez
2012-06-05 17:07:03 -------- d-----w- C:\Users\glabelle\AppData\Local\Google
2012-06-04 12:47:30 -------- d-----w- C:\Users\glabelle\AppData\Local\Apple
2012-05-29 17:59:14 -------- d-----w- C:\Users\glabelle\AppData\Local\Intuit
2012-05-29 17:28:57 -------- d-----w- C:\Users\glabelle\AppData\Local\Thunderbird
2012-05-29 17:23:54 -------- d-----w- C:\Users\glabelle\AppData\Local\Mozilla
2012-05-29 17:23:06 -------- d-----w- C:\Users\glabelle\AppData\Local\Logitech® Webcam Software
2012-05-29 17:22:16 -------- d-----w- C:\Users\glabelle\AppData\Roaming\Xerox
2012-05-29 17:21:07 -------- d-----w- C:\Users\glabelle\AppData\Local\Adobe
2012-05-29 17:21:06 -------- d-----w- C:\Users\glabelle\AppData\Roaming\Intel Corporation
2012-05-28 14:25:44 -------- d-----w- C:\Program Files (x86)\Belarc
2012-05-23 18:52:08 163048 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
.
==================== Find3M ====================
.
2012-06-13 14:55:55 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-13 14:55:55 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-05 06:47:15 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 23:29:16 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-19 00:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 9:58:47.74 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:00 AM

Posted 23 June 2012 - 11:42 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Fisticuffs

Fisticuffs
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 25 June 2012 - 08:10 AM

Hi there,

As before, I'm still having isolated issues with search results redirecting occasionally. Sometimes I can search fine and it will take me to the appropriate site, other times I'm redirected to Infomash. There doesn't seem to be a pattern as to when it redirects.

Thanks!

Security Check:

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

JavaFX 2.1.1
Java™ 7 Update 5
Out of date Java installed!
Adobe Flash Player 11.3.300.262
Adobe Reader X (10.1.3)
Mozilla Firefox (x86 en-US..)
Mozilla Thunderbird (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

glabelle Desktop Anti-Virus Stuff SecurityCheck.exe
``````````End of Log````````````


Here is the ComboFix log:


ComboFix 12-06-25.02 - glabelle 06/25/2012 8:52.4.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8073.5693 [GMT -4:00]
Running from: c:\users\glabelle\Desktop\Anti-Virus Stuff\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-25 to 2012-06-25 )))))))))))))))))))))))))))))))
.
.
2012-06-25 12:55 . 2012-06-25 12:55 -------- d-----w- c:\users\tbfordham\AppData\Local\temp
2012-06-25 12:55 . 2012-06-25 12:55 -------- d-----w- c:\users\tbfordham.EDEXCELLENCE\AppData\Local\temp
2012-06-25 12:55 . 2012-06-25 12:55 -------- d-----w- c:\users\mharden\AppData\Local\temp
2012-06-25 12:55 . 2012-06-25 12:55 -------- d-----w- c:\users\mharden.EDEXCELLENCE\AppData\Local\temp
2012-06-25 12:55 . 2012-06-25 12:55 -------- d-----w- c:\users\mharden.EDEXCELLENCE.000\AppData\Local\temp
2012-06-25 12:55 . 2012-06-25 12:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-19 15:55 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 15:55 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 15:55 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 15:55 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 15:55 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 15:55 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 15:55 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 15:55 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 15:55 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-18 19:34 . 2012-06-18 19:35 -------- d-----w- c:\users\emcarbaugh
2012-06-18 15:10 . 2012-06-18 15:10 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-06-18 14:25 . 2012-06-18 14:25 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-18 14:25 . 2012-06-18 14:25 -------- d-----w- c:\program files (x86)\Oracle
2012-06-18 14:24 . 2012-05-04 23:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-18 14:21 . 2012-06-18 14:21 -------- d-----w- c:\program files\Microsoft Silverlight
2012-06-18 14:21 . 2012-06-18 14:21 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-06-13 14:40 . 2012-06-13 14:42 -------- d-----w- c:\program files (x86)\Google
2012-06-13 13:06 . 2012-06-13 13:07 -------- d-----w- c:\program files\GIMP 2
2012-06-12 21:30 . 2012-06-12 21:30 -------- d-----w- c:\windows\Sun
2012-06-12 20:09 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-12 20:09 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-12 20:09 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-12 20:09 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-12 20:09 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-12 20:09 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-12 20:09 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-12 20:09 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-12 20:09 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-12 20:09 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-12 20:09 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-12 20:08 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-12 20:08 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-12 20:08 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-12 20:08 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-12 20:08 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-12 20:08 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-08 23:56 . 2012-06-08 23:56 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-06-08 23:38 . 2012-06-08 23:38 -------- d-----w- c:\program files\HitmanPro
2012-06-08 23:19 . 2012-06-08 23:47 -------- d-----w- c:\programdata\HitmanPro
2012-06-08 21:28 . 2012-06-08 21:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-08 21:28 . 2012-06-08 21:28 -------- d-----w- c:\programdata\Malwarebytes
2012-06-08 21:28 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-04 14:22 . 2012-06-04 14:22 -------- d-----w- c:\users\dzeehandebar
2012-05-29 17:20 . 2012-06-20 14:45 -------- d-----w- c:\users\glabelle
2012-05-28 14:25 . 2012-05-28 14:25 -------- d-----w- c:\program files (x86)\Belarc
2012-05-28 13:51 . 2012-05-28 13:51 -------- d-----w- c:\users\mharden\AppData\Roaming\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-21 17:06 . 2012-03-29 17:27 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-21 17:06 . 2012-03-09 16:41 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-23 18:52 . 2012-05-23 18:52 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-05 06:47 . 2012-03-29 17:47 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 23:29 . 2012-03-09 16:52 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-03-30 11:35 . 2012-05-10 04:15 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-29 13:47 . 2012-03-29 13:47 53248 ----a-r- c:\users\mharden.EDEXCELLENCE.000\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-20_15.33.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-06-22 12:54 45836 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-22 12:54 37142 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:30 . 2012-04-10 16:57 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-06-21 12:55 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2012-03-26 18:14 . 2012-06-23 03:00 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-03-26 18:14 . 2012-06-20 03:00 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-03-26 18:14 . 2012-06-20 03:00 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-26 18:14 . 2012-06-23 03:00 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-23 03:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-20 03:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-05-30 12:40 . 2012-06-22 12:54 4656 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-589946346-4175060337-3101168492-1678_UserData.bin
+ 2012-06-25 12:56 . 2012-06-25 12:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-20 15:32 . 2012-06-20 15:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-25 12:56 . 2012-06-25 12:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-20 15:32 . 2012-06-20 15:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-21 17:06 . 2012-06-21 17:06 686280 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_262_Plugin.exe
+ 2012-03-29 17:27 . 2012-06-21 17:06 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2009-07-14 02:36 . 2012-06-22 12:57 711904 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-22 12:57 138020 c:\windows\system32\perfc009.dat
+ 2012-06-21 17:06 . 2012-06-21 17:06 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_262_Plugin.exe
- 2009-07-14 05:30 . 2012-04-10 16:57 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-06-21 12:55 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-04-10 16:57 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-06-21 12:55 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 04:46 . 2012-06-14 21:28 106528 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46 . 2012-06-22 12:56 106528 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-05-30 22:22 . 2012-06-25 12:55 757512 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-05-30 22:22 . 2012-06-20 15:31 757512 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2012-06-25 12:55 444352 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-20 15:31 444352 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-06-21 17:06 . 2012-06-21 17:06 9459912 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
+ 2012-06-21 17:06 . 2012-06-21 17:06 1535176 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
- 2009-07-14 04:45 . 2012-06-13 14:54 7401416 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-06-21 13:32 7401416 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-05-29 22:16 . 2012-06-25 12:55 8527140 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-589946346-4175060337-3101168492-1678-4096.dat
- 2012-03-26 19:42 . 2012-06-04 22:39 2873216 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-589946346-4175060337-3101168492-1193-4096.dat
+ 2012-03-26 19:42 . 2012-06-21 12:51 2873216 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-589946346-4175060337-3101168492-1193-4096.dat
+ 2012-06-21 17:06 . 2012-06-21 17:06 12310216 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll
+ 2012-05-29 22:16 . 2012-06-25 12:55 21210360 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-589946346-4175060337-3101168492-1678-8192.dat
- 2012-06-13 14:51 . 2012-06-18 22:51 10031452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-589946346-4175060337-3101168492-1678-12288.dat
+ 2012-06-13 14:51 . 2012-06-21 22:07 10031452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-589946346-4175060337-3101168492-1678-12288.dat
+ 2012-03-26 19:42 . 2012-06-21 12:51 30829356 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-589946346-4175060337-3101168492-1193-8192.dat
- 2012-03-26 19:42 . 2012-06-04 22:39 30829356 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-589946346-4175060337-3101168492-1193-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\glabelle\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\glabelle\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\glabelle\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-08-09 112408]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-02-22 1497352]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-2-4 1155432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-13 116648]
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2012-06-23 108392]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-08-09 2656536]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-21 250056]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-13 116648]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 DymoPnpService;DYMO PnP Service;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [2012-01-30 32336]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-12-15 450848]
S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-07-01 1600000]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Pro Webcam C920(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 17:06]
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-13 14:40]
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-13 14:40]
.
2012-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-589946346-4175060337-3101168492-1678Core.job
- c:\users\glabelle\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-05 17:07]
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-589946346-4175060337-3101168492-1678UA.job
- c:\users\glabelle\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-05 17:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\glabelle\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\glabelle\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\glabelle\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\glabelle\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-05-27 23:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-05-27 23:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeScanNT Monitor"="-HideWindow" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtDCpl64.exe" [2010-10-04 2907240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-28 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-28 416024]
"TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-05-27 257392]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2011-03-08 227328]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://mail.google.com/mail/?shva=1#inbox
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.4.1.10
FF - ProfilePath - c:\users\glabelle\AppData\Roaming\Mozilla\Firefox\Profiles\locsfis2.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-06-25 08:59:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-25 12:59
ComboFix2.txt 2012-06-21 13:06
ComboFix3.txt 2012-06-20 16:35
ComboFix4.txt 2012-06-20 15:36
.
Pre-Run: 419,281,817,600 bytes free
Post-Run: 418,943,438,848 bytes free
.
- - End Of File - - F10C8432602627AECFE15F5CDA1BAB0C

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:00 AM

Posted 25 June 2012 - 08:16 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Fisticuffs

Fisticuffs
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 25 June 2012 - 08:25 AM

OTL Log:

OTL logfile created on: 6/25/2012 9:19:57 AM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\glabelle\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.88 Gb Total Physical Memory | 6.13 Gb Available Physical Memory | 77.78% Memory free
15.77 Gb Paging File | 13.90 Gb Available in Paging File | 88.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.57 Gb Total Space | 390.45 Gb Free Space | 86.85% Space Free | Partition Type: NTFS

Computer Name: MHARDEN-PC | User Name: glabelle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\glabelle\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
PRC - c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
PRC - C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2e16482769fcdf856919e292a968f16c\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
MOD - C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe ()
MOD - c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll ()
MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (HitmanProScheduler) -- C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
SRV:64bit: - (Wave Authentication Manager Service) -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe (Wave Systems Corp.)
SRV:64bit: - (Intel® PROSet Monitoring Service) Intel® -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation)
SRV:64bit: - (TdmService) -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)
SRV:64bit: - (SecureStorageService) -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (QBCFMonitorService) -- c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (DymoPnpService) -- C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe (Sanford, L.P.)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) Intel® -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (tcsd_win32.exe) -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()
SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (QBFCService) -- c:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LVUVC64) Logitech HD Pro Webcam C920(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (e1cexpress) Intel® -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc60.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (SynthVid) -- C:\Windows\SysNative\drivers\VMBusVideoM.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel® -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\SysNative\drivers\RTDVHD64.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (PBADRV) -- C:\Windows\SysNative\drivers\PBADRV.SYS (Dell Inc)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (BrSerIb) Brother MFC Serial Interface Driver(WDM) -- C:\Windows\SysNative\drivers\BrSerIb.sys (Brother Industries Ltd.)
DRV:64bit: - (BrUsbSIb) Brother MFC Serial USB Driver(WDM) -- C:\Windows\SysNative\drivers\BrUsbSIb.sys (Brother Industries Ltd.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {1365DB7D-9F89-4E9B-A5CF-49B390982762}
IE:64bit: - HKLM\..\SearchScopes\{1365DB7D-9F89-4E9B-A5CF-49B390982762}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {1365DB7D-9F89-4E9B-A5CF-49B390982762}
IE - HKLM\..\SearchScopes\{1365DB7D-9F89-4E9B-A5CF-49B390982762}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-589946346-4175060337-3101168492-1678\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://mail.google.com/mail/?shva=1#inbox
IE - HKU\S-1-5-21-589946346-4175060337-3101168492-1678\..\SearchScopes,DefaultScope = {1365DB7D-9F89-4E9B-A5CF-49B390982762}
IE - HKU\S-1-5-21-589946346-4175060337-3101168492-1678\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@dymo.com/DymoLabelFramework: C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\glabelle\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\glabelle\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Users\glabelle\AppData\Local\Mozilla Firefox\components [2012/06/18 11:10:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Users\glabelle\AppData\Local\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/05/29 13:28:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{3E1A66E8-B1AF-11E1-8270-B8AC6F996F26}: C:\Users\glabelle\AppData\Local\{3E1A66E8-B1AF-11E1-8270-B8AC6F996F26}\ [2012/06/08 17:15:22 | 000,000,000 | ---D | M]

[2012/05/29 13:24:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\glabelle\AppData\Roaming\mozilla\Extensions
[2012/06/18 11:57:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\glabelle\AppData\Roaming\mozilla\Firefox\Profiles\locsfis2.default\extensions
[2012/06/08 17:15:22 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\GLABELLE\APPDATA\LOCAL\{3E1A66E8-B1AF-11E1-8270-B8AC6F996F26}
[2012/06/01 11:54:46 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\GLABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LOCSFIS2.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/06/18 11:57:56 | 000,047,822 | ---- | M] () (No name found) -- C:\USERS\GLABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LOCSFIS2.DEFAULT\EXTENSIONS\BROWSERPROTECT@BROWSERPROTECT.COM.XPI
[2012/06/08 08:52:03 | 000,455,818 | ---- | M] () (No name found) -- C:\USERS\GLABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LOCSFIS2.DEFAULT\EXTENSIONS\FFTOOLBAR@UPROMISE.XPI

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\glabelle\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\glabelle\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\glabelle\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 7.0.10.8 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U1 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DYMO Label Framework (Enabled) = C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\glabelle\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\glabelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\glabelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\glabelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/25 08:56:37 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No CLSID value found.
O2:64bit: - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No CLSID value found.
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found
O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2:64bit: - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - No CLSID value found.
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-589946346-4175060337-3101168492-1678\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Dell Computer Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [OfficeScanNT Monitor] -HideWindow File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-589946346-4175060337-3101168492-1678\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-589946346-4175060337-3101168492-1678\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/RACtrl.cab (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.4.1.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DC.edexcellence.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5D99536-F416-4867-AC3F-27985397274A}: DhcpNameServer = 10.4.1.10
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\intu-help-qb3 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/25 09:16:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/06/25 09:16:16 | 000,000,000 | ---D | C] -- C:\Users\glabelle\AppData\Local\Trend Micro
[2012/06/25 09:00:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/25 08:59:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/21 08:54:01 | 000,000,000 | ---D | C] -- C:\Users\glabelle\Documents\tdsskiller
[2012/06/20 16:13:56 | 000,000,000 | ---D | C] -- C:\Users\glabelle\Desktop\2010 Unemployment Comp Audit Docs
[2012/06/20 13:35:59 | 000,000,000 | ---D | C] -- C:\Users\glabelle\AppData\Roaming\InstallShield
[2012/06/20 11:24:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/20 11:24:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/20 11:24:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/20 10:56:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/20 10:56:12 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/20 10:45:48 | 000,000,000 | R--D | C] -- C:\Users\glabelle\Dropbox
[2012/06/20 10:43:48 | 000,000,000 | ---D | C] -- C:\Users\glabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/06/20 10:42:42 | 000,000,000 | ---D | C] -- C:\Users\glabelle\AppData\Roaming\Dropbox
[2012/06/20 10:06:58 | 000,000,000 | ---D | C] -- C:\Users\glabelle\Desktop\Anti-Virus Stuff
[2012/06/19 11:55:20 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/19 11:55:20 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/19 11:55:20 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/19 11:55:13 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/19 11:55:13 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/19 11:55:13 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/19 11:55:07 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/19 11:55:07 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/18 11:10:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/06/18 11:10:29 | 000,000,000 | ---D | C] -- C:\Users\glabelle\AppData\Local\Mozilla Firefox
[2012/06/18 10:25:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/06/18 10:25:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/06/18 10:24:49 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/06/18 10:24:49 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/06/18 10:24:39 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/06/18 10:24:39 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/06/18 10:21:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/06/18 10:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/06/18 10:21:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/06/14 09:38:13 | 000,000,000 | ---D | C] -- C:\Users\glabelle\Documents\20120614093735
[2012/06/13 11:25:05 | 000,000,000 | ---D | C] -- C:\Users\glabelle\AppData\Local\Macromedia
[2012/06/13 10:43:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Apps Sync
[2012/06/13 10:42:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Apps Migration
[2012/06/13 10:40:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/06/13 10:28:12 | 000,000,000 | ---D | C] -- C:\Users\glabelle\Documents\Outlook Files
[2012/06/13 09:28:01 | 000,000,000 | ---D | C] -- C:\Users\glabelle\AppData\Local\webkit
[2012/06/13 09:27:18 | 000,000,000 | ---D | C] -- C:\Users\glabelle\.thumbnails
[2012/06/13 09:08:02 | 000,000,000 | ---D | C] -- C:\Users\glabelle\AppData\Local\fontconfig
[2012/06/13 09:08:01 | 000,000,000 | ---D | C] -- C:\Users\glabelle\AppData\Local\gegl-0.2
[2012/06/13 09:08:01 | 000,000,000 | ---D | C] -- C:\Users\glabelle\.gimp-2.8
[2012/06/13 09:06:56 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012/06/13 03:00:30 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/13 03:00:29 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/13 03:00:29 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/13 03:00:29 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/13 03:00:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/13 03:00:29 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/13 03:00:29 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/13 03:00:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/13 03:00:28 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/13 03:00:28 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/13 03:00:28 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/13 03:00:28 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/13 03:00:28 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/12 17:30:27 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/06/12 16:09:07 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/12 16:09:07 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/12 16:09:07 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/12 16:09:03 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/12 16:09:03 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/12 16:09:02 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/12 16:09:01 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/12 16:08:59 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/12 16:08:59 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/12 12:19:40 | 000,000,000 | ---D | C] -- C:\Users\glabelle\AppData\Roaming\PC-FAX TX
[2012/06/11 10:10:03 | 000,000,000 | ---D | C] -- C:\Users\glabelle\AppData\Local\Apps
[2012/06/08 19:56:06 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/06/08 19:38:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2012/06/08 19:38:01 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/06/08 19:19:16 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/06/08 17:28:48 | 000,000,000 | ---D | C] -- C:\Users\glabelle\AppData\Roaming\Malwarebytes
[2012/06/08 17:28:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/08 17:28:46 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/08 17:28:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/08 17:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/08 17:15:22 | 000,000,000 | ---D | C] -- C:\Users\glabelle\AppData\Local\{3E1A9FC9-B1AF-11E1-8270-B8AC6F996F26}
[2012/06/08 17:15:22 | 000,000,000 | ---D | C] -- C:\Users\glabelle\AppData\Local\{3E1A66E8-B1AF-11E1-8270-B8AC6F996F26}
[2012/06/08 17:14:40 | 000,000,000 | ---D | C] -- C:\Users\glabelle\AppData\Roaming\Uhikaq
[2012/06/08 17:14:40 | 000,000,000 | ---D | C] -- C:\Users\glabelle\AppData\Roaming\Saaceq
[2012/06/08 17:14:40 | 000,000,000 | ---D | C] -- C:\Users\glabelle\AppData\Roaming\Quokez
[2012/06/05 13:08:32 | 000,000,000 | ---D | C] -- C:\Users\glabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/06/05 13:07:03 | 000,000,000 | ---D | C] -- C:\Users\glabelle\AppData\Local\Google
[2012/06/04 08:47:30 | 000,000,000 | ---D | C] -- C:\Users\glabelle\AppData\Local\Apple
[2012/06/01 16:28:50 | 000,000,000 | ---D | C] -- C:\Users\glabelle\Desktop\Accounting Reference Materials
[2012/05/29 13:59:14 | 000,000,000 | ---D | C] -- C:\Users\glabelle\AppData\Local\Intuit
[2012/05/29 13:28:57 | 000,000,000 | ---D | C] -- C:\Users\glabelle\AppData\Roaming\Thunderbird
[2012/05/29 13:28:57 | 000,000,000 | ---D | C] -- C:\Users\glabelle\AppData\Local\Thunderbird
[2012/05/29 13:23:54 | 000,000,000 | ---D | C] -- C:\Users\glabelle\AppData\Roaming\Mozilla
[2012/05/29 13:23:54 | 000,000,000 | ---D | C] -- C:\Users\glabelle\AppData\Local\Mozilla
[2012/05/29 13:23:06 | 000,000,000 | ---D | C] -- C:\Users\glabelle\AppData\Local\Logitech® Webcam Software
[2012/05/29 13:22:16 | 000,000,000 | ---D | C] -- C:\Users\glabelle\AppData\Roaming\Xerox
[2012/05/29 13:21:49 | 000,000,000 | ---D | C] -- C:\Users\glabelle\Documents\Updater5
[2012/05/29 13:21:46 | 000,000,000 | ---D | C] -- C:\Users\glabelle\AppData\Roaming\Macromedia
[2012/05/29 13:21:07 | 000,000,000 | ---D | C] -- C:\Users\glabelle\AppData\Roaming\Adobe
[2012/05/29 13:21:07 | 000,000,000 | ---D | C] -- C:\Users\glabelle\AppData\Local\Adobe
[2012/05/29 13:21:06 | 000,000,000 | ---D | C] -- C:\Users\glabelle\AppData\Roaming\Roxio
[2012/05/29 13:21:06 | 000,000,000 | ---D | C] -- C:\Users\glabelle\AppData\Roaming\Intel Corporation
[2012/05/29 13:21:06 | 000,000,000 | ---D | C] -- C:\Users\glabelle\AppData\Roaming\Apple Computer
[2012/05/29 13:20:59 | 000,000,000 | R--D | C] -- C:\Users\glabelle\Virtual Machines
[2012/05/29 13:20:59 | 000,000,000 | R--D | C] -- C:\Users\glabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/05/29 13:20:59 | 000,000,000 | R--D | C] -- C:\Users\glabelle\Searches
[2012/05/29 13:20:59 | 000,000,000 | R--D | C] -- C:\Users\glabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/05/29 13:20:59 | 000,000,000 | -H-D | C] -- C:\Users\glabelle\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/05/29 13:20:56 | 000,000,000 | ---D | C] -- C:\Users\glabelle\AppData\Roaming\Identities
[2012/05/29 13:20:53 | 000,000,000 | R--D | C] -- C:\Users\glabelle\Contacts
[2012/05/29 13:20:52 | 000,000,000 | ---D | C] -- C:\Users\glabelle\AppData\Local\VirtualStore
[2012/05/29 13:20:49 | 000,000,000 | --SD | C] -- C:\Users\glabelle\AppData\Roaming\Microsoft
[2012/05/29 13:20:49 | 000,000,000 | R--D | C] -- C:\Users\glabelle\Videos
[2012/05/29 13:20:49 | 000,000,000 | R--D | C] -- C:\Users\glabelle\Saved Games
[2012/05/29 13:20:49 | 000,000,000 | R--D | C] -- C:\Users\glabelle\Pictures
[2012/05/29 13:20:49 | 000,000,000 | R--D | C] -- C:\Users\glabelle\Music
[2012/05/29 13:20:49 | 000,000,000 | R--D | C] -- C:\Users\glabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/05/29 13:20:49 | 000,000,000 | R--D | C] -- C:\Users\glabelle\Links
[2012/05/29 13:20:49 | 000,000,000 | R--D | C] -- C:\Users\glabelle\Favorites
[2012/05/29 13:20:49 | 000,000,000 | R--D | C] -- C:\Users\glabelle\Downloads
[2012/05/29 13:20:49 | 000,000,000 | R--D | C] -- C:\Users\glabelle\Documents
[2012/05/29 13:20:49 | 000,000,000 | R--D | C] -- C:\Users\glabelle\Desktop
[2012/05/29 13:20:49 | 000,000,000 | R--D | C] -- C:\Users\glabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/05/29 13:20:49 | 000,000,000 | -HSD | C] -- C:\Users\glabelle\AppData\Local\Temporary Internet Files
[2012/05/29 13:20:49 | 000,000,000 | -HSD | C] -- C:\Users\glabelle\Templates
[2012/05/29 13:20:49 | 000,000,000 | -HSD | C] -- C:\Users\glabelle\Start Menu
[2012/05/29 13:20:49 | 000,000,000 | -HSD | C] -- C:\Users\glabelle\SendTo
[2012/05/29 13:20:49 | 000,000,000 | -HSD | C] -- C:\Users\glabelle\Recent
[2012/05/29 13:20:49 | 000,000,000 | -HSD | C] -- C:\Users\glabelle\PrintHood
[2012/05/29 13:20:49 | 000,000,000 | -HSD | C] -- C:\Users\glabelle\NetHood
[2012/05/29 13:20:49 | 000,000,000 | -HSD | C] -- C:\Users\glabelle\Documents\My Videos
[2012/05/29 13:20:49 | 000,000,000 | -HSD | C] -- C:\Users\glabelle\Documents\My Pictures
[2012/05/29 13:20:49 | 000,000,000 | -HSD | C] -- C:\Users\glabelle\Documents\My Music
[2012/05/29 13:20:49 | 000,000,000 | -HSD | C] -- C:\Users\glabelle\My Documents
[2012/05/29 13:20:49 | 000,000,000 | -HSD | C] -- C:\Users\glabelle\Local Settings
[2012/05/29 13:20:49 | 000,000,000 | -HSD | C] -- C:\Users\glabelle\AppData\Local\History
[2012/05/29 13:20:49 | 000,000,000 | -HSD | C] -- C:\Users\glabelle\Cookies
[2012/05/29 13:20:49 | 000,000,000 | -HSD | C] -- C:\Users\glabelle\Application Data
[2012/05/29 13:20:49 | 000,000,000 | -HSD | C] -- C:\Users\glabelle\AppData\Local\Application Data
[2012/05/29 13:20:49 | 000,000,000 | -H-D | C] -- C:\Users\glabelle\AppData
[2012/05/29 13:20:49 | 000,000,000 | ---D | C] -- C:\Users\glabelle\AppData\Local\Temp
[2012/05/29 13:20:49 | 000,000,000 | ---D | C] -- C:\Users\glabelle\AppData\Local\Microsoft Help
[2012/05/29 13:20:49 | 000,000,000 | ---D | C] -- C:\Users\glabelle\AppData\Local\Microsoft
[2012/05/29 13:20:49 | 000,000,000 | ---D | C] -- C:\Users\glabelle\AppData\Roaming\Media Center Programs
[2012/05/28 10:25:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belarc

========== Files - Modified Within 30 Days ==========

[2012/06/25 09:17:57 | 000,015,965 | ---- | M] () -- C:\Windows\cfgall.ini
[2012/06/25 09:17:00 | 000,866,080 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/25 09:17:00 | 000,723,000 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/25 09:17:00 | 000,141,604 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/25 09:12:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-589946346-4175060337-3101168492-1678UA.job
[2012/06/25 09:08:11 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/25 09:08:11 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/25 09:00:58 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/25 09:00:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/25 09:00:27 | 2053,910,527 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/25 08:56:37 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/25 08:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/25 08:45:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/24 13:12:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-589946346-4175060337-3101168492-1678Core.job
[2012/06/21 13:06:48 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/21 13:06:48 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/20 10:45:48 | 000,001,006 | ---- | M] () -- C:\Users\glabelle\Desktop\Dropbox.lnk
[2012/06/20 09:19:14 | 000,002,046 | -H-- | M] () -- C:\Users\glabelle\Documents\Default.rdp
[2012/06/18 11:10:34 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/18 10:24:34 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/06/18 10:24:34 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/06/18 08:48:32 | 001,915,749 | ---- | M] () -- C:\Users\glabelle\Desktop\Tiaa Cref Enrollment - A Churchill.pdf
[2012/06/15 14:28:59 | 000,117,548 | ---- | M] () -- C:\Users\glabelle\Documents\TDFCU.pdf
[2012/06/13 17:52:51 | 000,028,332 | ---- | M] () -- C:\Users\glabelle\AppData\Roaming\Tab Separated Values (Windows).ADR
[2012/06/13 17:38:16 | 000,028,501 | ---- | M] () -- C:\Users\glabelle\AppData\Roaming\Comma Separated Values (Windows).ADR
[2012/06/13 17:37:24 | 000,046,021 | ---- | M] () -- C:\Users\glabelle\Documents\Contacts.csv
[2012/06/13 10:52:18 | 000,485,056 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/13 10:28:14 | 000,001,133 | ---- | M] () -- C:\Users\glabelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/06/13 10:13:39 | 000,828,162 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/13 09:29:18 | 000,002,121 | ---- | M] () -- C:\Users\glabelle\AppData\Local\recently-used.xbel
[2012/06/12 12:28:56 | 000,001,082 | ---- | M] () -- C:\Windows\Brpfx04a.ini
[2012/06/12 12:20:44 | 000,000,000 | ---- | M] () -- C:\Windows\brdfxspd.dat
[2012/06/12 12:19:52 | 000,000,164 | ---- | M] () -- C:\Windows\brpcfx.ini
[2012/06/11 23:12:51 | 000,002,376 | ---- | M] () -- C:\Users\glabelle\Desktop\Google Chrome.lnk
[2012/06/11 10:14:39 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/06/08 19:56:06 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/06/08 19:48:05 | 000,003,382 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2012/06/08 14:53:12 | 001,310,733 | ---- | M] () -- C:\Users\glabelle\Desktop\2011 Federal and State K-1s.pdf
[2012/06/07 18:26:49 | 000,002,036 | ---- | M] () -- C:\Users\glabelle\Documents\Remote Server.RDP
[2012/06/07 17:52:38 | 000,002,084 | ---- | M] () -- C:\Users\glabelle\Documents\Remote Desktop.RDP
[2012/06/02 18:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/02 18:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/02 18:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/02 18:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/02 18:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/02 18:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/01 09:44:41 | 000,001,058 | ---- | M] () -- C:\Users\glabelle\Desktop\Documents - Shortcut.lnk
[2012/05/30 18:08:55 | 006,579,321 | ---- | M] () -- C:\Users\glabelle\Desktop\NEC Phone Guide.pdf
[2012/05/29 13:28:39 | 000,002,031 | ---- | M] () -- C:\Users\glabelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/05/29 13:28:39 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012/05/29 13:21:16 | 000,001,439 | ---- | M] () -- C:\Users\glabelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/28 10:25:44 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk

========== Files Created - No Company Name ==========

[2012/06/20 11:24:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/20 11:24:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/20 11:24:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/20 11:24:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/20 11:24:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/20 10:45:48 | 000,001,006 | ---- | C] () -- C:\Users\glabelle\Desktop\Dropbox.lnk
[2012/06/18 11:10:34 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/18 11:10:33 | 000,001,202 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/06/18 08:48:32 | 001,915,749 | ---- | C] () -- C:\Users\glabelle\Desktop\Tiaa Cref Enrollment - A Churchill.pdf
[2012/06/15 14:28:59 | 000,117,548 | ---- | C] () -- C:\Users\glabelle\Documents\TDFCU.pdf
[2012/06/13 17:52:51 | 000,028,332 | ---- | C] () -- C:\Users\glabelle\AppData\Roaming\Tab Separated Values (Windows).ADR
[2012/06/13 17:38:16 | 000,028,501 | ---- | C] () -- C:\Users\glabelle\AppData\Roaming\Comma Separated Values (Windows).ADR
[2012/06/13 17:37:24 | 000,046,021 | ---- | C] () -- C:\Users\glabelle\Documents\Contacts.csv
[2012/06/13 10:40:25 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/13 10:40:25 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/13 10:28:14 | 000,001,133 | ---- | C] () -- C:\Users\glabelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/06/13 09:29:18 | 000,002,121 | ---- | C] () -- C:\Users\glabelle\AppData\Local\recently-used.xbel
[2012/06/13 09:07:29 | 000,000,894 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012/06/11 10:14:39 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/06/11 10:14:38 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/06/08 19:48:05 | 000,003,382 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2012/06/08 17:18:11 | 000,016,896 | ---- | C] () -- C:\Users\glabelle\AppData\Local\{b551ea50-100a-33f7-84e8-cbf7426c45fc}\U\80000000.@
[2012/06/08 17:18:11 | 000,001,648 | ---- | C] () -- C:\Users\glabelle\AppData\Local\{b551ea50-100a-33f7-84e8-cbf7426c45fc}\U\00000001.@
[2012/06/08 16:23:47 | 000,000,632 | ---- | C] () -- C:\Users\glabelle\Desktop\Shortcut to Schoool Sponsorship Fees.lnk
[2012/06/08 14:53:11 | 001,310,733 | ---- | C] () -- C:\Users\glabelle\Desktop\2011 Federal and State K-1s.pdf
[2012/06/07 18:26:47 | 000,002,036 | ---- | C] () -- C:\Users\glabelle\Documents\Remote Server.RDP
[2012/06/07 17:52:38 | 000,002,084 | ---- | C] () -- C:\Users\glabelle\Documents\Remote Desktop.RDP
[2012/06/07 17:51:27 | 000,002,046 | -H-- | C] () -- C:\Users\glabelle\Documents\Default.rdp
[2012/06/05 13:08:33 | 000,002,376 | ---- | C] () -- C:\Users\glabelle\Desktop\Google Chrome.lnk
[2012/06/05 13:07:04 | 000,000,920 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-589946346-4175060337-3101168492-1678UA.job
[2012/06/05 13:07:04 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-589946346-4175060337-3101168492-1678Core.job
[2012/06/01 09:44:41 | 000,001,058 | ---- | C] () -- C:\Users\glabelle\Desktop\Documents - Shortcut.lnk
[2012/05/30 18:08:55 | 006,579,321 | ---- | C] () -- C:\Users\glabelle\Desktop\NEC Phone Guide.pdf
[2012/05/29 13:28:39 | 000,002,031 | ---- | C] () -- C:\Users\glabelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/05/29 13:28:39 | 000,002,007 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012/05/29 13:21:16 | 000,001,439 | ---- | C] () -- C:\Users\glabelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/29 13:21:04 | 000,001,411 | ---- | C] () -- C:\Users\glabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/05/29 13:20:59 | 000,001,445 | ---- | C] () -- C:\Users\glabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/05/29 13:20:49 | 000,000,290 | ---- | C] () -- C:\Users\glabelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/05/29 13:20:49 | 000,000,272 | ---- | C] () -- C:\Users\glabelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/05/28 10:25:44 | 000,002,078 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
[2012/05/28 10:25:44 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2012/04/10 12:08:34 | 000,000,121 | ---- | C] () -- C:\Windows\TurboMeeting.INI
[2012/03/27 08:55:54 | 000,001,082 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012/03/27 08:55:54 | 000,000,164 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012/03/27 08:54:42 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/03/27 08:54:42 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7840W.DAT
[2012/03/27 08:52:55 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2012/03/27 08:52:54 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012/03/27 08:52:54 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012/03/27 08:52:52 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012/03/27 08:52:50 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012/03/27 08:23:05 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2012/03/27 08:02:37 | 000,015,965 | ---- | C] () -- C:\Windows\cfgall.ini
[2012/03/27 07:48:22 | 000,002,048 | -HS- | C] () -- C:\Users\glabelle\AppData\Local\{b551ea50-100a-33f7-84e8-cbf7426c45fc}\@
[2012/03/27 07:42:24 | 000,002,992 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/03/09 14:17:13 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/03/09 14:17:12 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/03/09 14:17:11 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/03/09 14:17:08 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/03/09 14:17:07 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/03/09 12:57:16 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll
[2011/12/15 05:23:04 | 010,920,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/12/15 05:23:04 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011/12/15 05:23:04 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/05/16 12:31:44 | 000,008,592 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2011/02/10 10:33:46 | 000,828,162 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/19 19:18:20 | 001,008,640 | ---- | C] () -- C:\Windows\SysWow64\DemoLicense.dll

< End of report >

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:00 AM

Posted 25 June 2012 - 12:14 PM

Hello Fisticuffs

I see somethings in the last report that will need another tool to be able to remove it

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Fisticuffs

Fisticuffs
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 25 June 2012 - 12:47 PM

Thanks again for your help! Please find the Farbar Scan Results below:

Scan result of Farbar Recovery Scan Tool Version: 24-06-2012
Ran by SYSTEM at 25-06-2012 13:40:13
Running from F:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe [2907240 2010-10-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167704 2011-06-28] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-06-28] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-06-28] (Intel Corporation)
HKLM\...\Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [257392 2011-05-27] (Wave Systems Corp.)
HKLM\...\Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)
HKLM\...\Run: [OfficeScanNT Monitor] -HideWindow [x]
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [112408 2011-08-08] (Intel Corporation)
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM-x32\...\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup [1497352 2011-02-21] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [624248 2007-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow [1340720 2009-09-07] (Trend Micro Inc.)
HKU\mharden.EDEXCELLENCE\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17148552 2012-02-29] (Skype Technologies S.A.)
HKU\mharden.EDEXCELLENCE.000\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17148552 2012-02-29] (Skype Technologies S.A.)
HKU\mharden.EDEXCELLENCE.000\...\Run: [DymoQuickPrint] "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup [1865808 2012-01-30] (Sanford, L.P.)
HKU\mharden.EDEXCELLENCE.000\...\Run: [Vidyo Desktop] C:\Program Files (x86)\Vidyo\Vidyo Desktop\VidyoDesktop.exe [5656576 2011-07-25] ()
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.4.1.10
Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)

==================== Services (Whitelisted) ======

2 DymoPnpService; "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe" [32336 2012-01-30] (Sanford, L.P.)
2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [108392 2012-06-22] (SurfRight B.V.)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
2 ntrtscan; "C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe" [1934128 2009-09-04] (Trend Micro Inc.)
2 QBCFMonitorService; "C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe" [45056 2012-02-04] (Intuit)
3 QBFCService; "C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe" [61440 2009-07-23] (Intuit Inc.)
3 RoxMediaDB12OEM; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe" [1116656 2010-11-25] (Sonic Solutions)
2 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe" [219632 2010-11-25] (Sonic Solutions)
2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [67072 2009-07-13] (Microsoft Corporation)
3 SecureStorageService; "C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe" [2154888 2011-05-24] (Wave Systems Corp.)
2 SharedAccess; C:\Windows\System32\ipnathlp.dll [359424 2009-07-13] (Microsoft Corporation)
2 tcsd_win32.exe; "C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe" [1633280 2011-02-17] ()
2 tmlisten; "C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe" [1940104 2009-09-04] (Trend Micro Inc.)
3 TmProxy; "C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe" [917768 2009-07-15] (Trend Micro Inc.)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656536 2011-08-08] (Intel Corporation)
2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1600000 2011-07-01] (Wave Systems Corp.)
3 WinHttpAutoProxySvc; winhttp.dll [444416 2010-11-20] (Microsoft Corporation)
3 WinHttpAutoProxySvc; winhttp.dll [351232 2010-11-20] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [1980648 2010-10-04] (Realtek Semiconductor Corp.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
2 TmFilter; \??\C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [342288 2011-07-12] (Trend Micro Inc.)
2 TmPreFilter; \??\C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [42768 2011-07-12] (Trend Micro Inc.)
1 tmtdi; C:\Windows\System32\Drivers\tmtdi.sys [107536 2009-07-15] (Trend Micro Inc.)
2 VSApiNt; \??\C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys [2077456 2011-07-12] (Trend Micro Inc.)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-25 13:40 - 2012-06-25 13:40 - 00000000 ____D C:\FRST
2012-06-25 09:35 - 2012-06-25 09:35 - 00000000 ____D C:\Users\glabelle\Desktop\Flash Drive
2012-06-25 09:33 - 2012-06-25 09:33 - 01425489 ____A C:\Users\glabelle\Downloads\FRST64.exe
2012-06-25 09:02 - 2012-06-25 09:02 - 00001578 ____A C:\Users\glabelle\Desktop\TrendMicroAV (tbfserver) - Shortcut.lnk
2012-06-25 05:24 - 2012-06-25 05:24 - 00062310 ____A C:\Users\glabelle\Desktop\Extras.Txt
2012-06-25 05:23 - 2012-06-25 05:23 - 00122002 ____A C:\Users\glabelle\Desktop\OTL.Txt
2012-06-25 05:22 - 2012-06-25 05:22 - 00122002 ____A C:\Users\glabelle\Downloads\OTL.Txt
2012-06-25 05:22 - 2012-06-25 05:22 - 00062310 ____A C:\Users\glabelle\Downloads\Extras.Txt
2012-06-25 05:17 - 2012-06-25 05:17 - 00596992 ____A (OldTimer Tools) C:\Users\glabelle\Downloads\OTL.exe
2012-06-25 05:16 - 2012-06-25 05:16 - 00000000 ____D C:\Users\glabelle\AppData\Local\Trend Micro
2012-06-25 05:16 - 2012-06-25 05:16 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2012-06-25 04:59 - 2012-06-25 04:59 - 00030996 ____A C:\ComboFix.txt
2012-06-25 04:49 - 2012-06-25 04:49 - 00881475 ____A C:\Users\glabelle\Downloads\SecurityCheck(1).exe
2012-06-21 04:54 - 2012-06-21 04:54 - 00000000 ____D C:\Users\glabelle\Documents\tdsskiller
2012-06-20 12:13 - 2012-06-21 04:51 - 00000000 ____D C:\Users\glabelle\Desktop\2010 Unemployment Comp Audit Docs
2012-06-20 09:35 - 2012-06-20 09:35 - 00000000 ____D C:\Users\glabelle\AppData\Roaming\InstallShield
2012-06-20 07:24 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-06-20 07:24 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-06-20 07:24 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-06-20 07:24 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-06-20 07:24 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-06-20 07:24 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-06-20 07:24 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-06-20 07:24 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-06-20 06:56 - 2012-06-25 04:59 - 00000000 ____D C:\Qoobox
2012-06-20 06:56 - 2012-06-20 07:35 - 00000000 ____D C:\Windows\erdnt
2012-06-20 06:45 - 2012-06-21 05:30 - 00000000 ___RD C:\Users\glabelle\Dropbox
2012-06-20 06:45 - 2012-06-20 06:45 - 00001006 ____A C:\Users\glabelle\Desktop\Dropbox.lnk
2012-06-20 06:42 - 2012-06-21 05:31 - 00000000 ____D C:\Users\glabelle\AppData\Roaming\Dropbox
2012-06-20 06:40 - 2012-06-20 06:41 - 18492072 ____A (Dropbox, Inc.) C:\Users\glabelle\Downloads\Dropbox 1.4.9.exe
2012-06-20 06:35 - 2012-06-20 06:35 - 00881475 ____A C:\Users\glabelle\Downloads\SecurityCheck.exe
2012-06-20 06:06 - 2012-06-25 04:51 - 00000000 ____D C:\Users\glabelle\Desktop\Anti-Virus Stuff
2012-06-19 07:55 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-19 07:55 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-19 07:55 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-19 07:55 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-19 07:55 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-19 07:55 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-19 07:55 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-19 07:55 - 2012-06-02 11:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-19 07:55 - 2012-06-02 11:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-18 11:35 - 2012-06-18 11:35 - 00135256 ____A C:\Users\emcarbaugh\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-18 11:35 - 2012-06-18 11:35 - 00000000 ___RD C:\Users\emcarbaugh\Virtual Machines
2012-06-18 11:35 - 2012-06-18 11:35 - 00000000 ____D C:\Users\emcarbaugh\AppData\Roaming\Roxio
2012-06-18 11:35 - 2012-06-18 11:35 - 00000000 ____D C:\Users\emcarbaugh\AppData\Roaming\Intel Corporation
2012-06-18 11:35 - 2012-06-18 11:35 - 00000000 ____D C:\Users\emcarbaugh\AppData\Roaming\Apple Computer
2012-06-18 11:35 - 2012-06-18 11:35 - 00000000 ____D C:\Users\emcarbaugh\AppData\Roaming\Adobe
2012-06-18 11:35 - 2012-06-18 11:35 - 00000000 ____D C:\Users\emcarbaugh\AppData\Local\VirtualStore
2012-06-18 11:35 - 2012-06-18 11:35 - 00000000 ____D C:\Users\emcarbaugh\AppData\Local\Adobe
2012-06-18 11:34 - 2012-06-18 11:35 - 00000000 ____D C:\users\emcarbaugh
2012-06-18 11:34 - 2012-06-18 11:34 - 00000020 __ASH C:\Users\emcarbaugh\ntuser.ini
2012-06-18 11:34 - 2012-03-30 23:00 - 00000000 ____D C:\Users\emcarbaugh\AppData\Local\Microsoft Help
2012-06-18 08:41 - 2012-06-18 08:41 - 10056824 ____A (Web Eight LLC ) C:\Users\glabelle\Downloads\BrowserProtect_Setup.exe
2012-06-18 07:10 - 2012-06-18 07:10 - 00001172 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-06-18 07:10 - 2012-06-18 07:10 - 00000000 ____D C:\Users\glabelle\AppData\Local\Mozilla Firefox
2012-06-18 07:10 - 2012-06-18 07:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-18 06:25 - 2012-06-18 06:25 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-06-18 06:24 - 2012-06-18 06:24 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-06-18 06:24 - 2012-06-18 06:24 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-06-18 06:24 - 2012-05-04 15:29 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-06-18 06:24 - 2012-05-04 15:29 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-06-18 06:22 - 2012-06-18 06:22 - 00893936 ____A (Oracle Corporation) C:\Users\glabelle\Downloads\jxpiinstall.exe
2012-06-18 06:21 - 2012-06-18 06:21 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-06-18 06:21 - 2012-06-18 06:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-06-18 06:15 - 2012-06-18 06:16 - 13085120 ____A (Microsoft Corporation) C:\Users\glabelle\Downloads\Silverlight_x64.exe
2012-06-14 06:14 - 2012-06-14 06:18 - 00077312 ____A C:\Users\glabelle\Downloads\Mt Vernon Adult Jul 12 Schedule.xls
2012-06-14 05:38 - 2012-06-14 05:39 - 00000000 ____D C:\Users\glabelle\Documents\20120614093735
2012-06-13 13:52 - 2012-06-13 13:52 - 00028332 ____A C:\Users\glabelle\AppData\Roaming\Tab Separated Values (Windows).ADR
2012-06-13 13:51 - 2012-06-13 13:51 - 00002272 ____A C:\Users\glabelle\Documents\Gary Contacts.txt
2012-06-13 13:38 - 2012-06-13 13:38 - 00028501 ____A C:\Users\glabelle\AppData\Roaming\Comma Separated Values (Windows).ADR
2012-06-13 13:37 - 2012-06-13 13:37 - 00046021 ____A C:\Users\glabelle\Documents\Contacts.csv
2012-06-13 07:25 - 2012-06-13 07:25 - 00000000 ____D C:\Users\glabelle\AppData\Local\Macromedia
2012-06-13 06:40 - 2012-06-25 09:06 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-13 06:40 - 2012-06-25 08:45 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-13 06:40 - 2012-06-13 06:42 - 00000000 ____D C:\Program Files (x86)\Google
2012-06-13 06:40 - 2012-06-13 06:40 - 00740000 ____A (Google Inc.) C:\Users\glabelle\Downloads\googleappssyncsetup.exe
2012-06-13 06:28 - 2012-06-25 09:11 - 00000000 ____D C:\Users\glabelle\Documents\Outlook Files
2012-06-13 05:29 - 2012-06-13 05:29 - 00002121 ____A C:\Users\glabelle\AppData\Local\recently-used.xbel
2012-06-13 05:28 - 2012-06-13 05:28 - 00000000 ____D C:\Users\glabelle\AppData\Local\webkit
2012-06-13 05:27 - 2012-06-13 05:27 - 00000000 ____D C:\Users\glabelle\.thumbnails
2012-06-13 05:08 - 2012-06-13 05:29 - 00000000 ____D C:\Users\glabelle\.gimp-2.8
2012-06-13 05:08 - 2012-06-13 05:08 - 00000000 ____D C:\Users\glabelle\AppData\Local\gegl-0.2
2012-06-13 05:06 - 2012-06-13 05:07 - 00000000 ____D C:\Program Files\GIMP 2
2012-06-13 05:01 - 2012-06-13 05:03 - 76225536 ____A (The GIMP Team ) C:\Users\glabelle\Downloads\gimp-2.8.0-setup.exe
2012-06-12 23:00 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-12 23:00 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-12 23:00 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-12 23:00 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-12 23:00 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-12 23:00 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-12 23:00 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-12 23:00 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-12 23:00 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-12 23:00 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-12 23:00 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-12 23:00 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-12 23:00 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-12 23:00 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-12 23:00 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-12 23:00 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-12 23:00 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-12 23:00 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-12 23:00 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-12 23:00 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-12 23:00 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-12 23:00 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-12 23:00 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-12 23:00 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-12 23:00 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-12 23:00 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-12 23:00 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-12 23:00 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-12 13:30 - 2012-06-12 13:30 - 00000000 ____D C:\Windows\Sun
2012-06-12 12:09 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-12 12:09 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-12 12:09 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-12 12:09 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-12 12:09 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-12 12:09 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-12 12:09 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-12 12:09 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-12 12:09 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-12 12:09 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-12 12:09 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-12 12:08 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-12 12:08 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-12 12:08 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-12 12:08 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-12 12:08 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-12 12:08 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-12 08:19 - 2012-06-12 08:20 - 00000000 ____D C:\Users\glabelle\AppData\Roaming\PC-FAX TX
2012-06-11 06:14 - 2012-06-11 06:14 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-06-11 06:10 - 2012-06-11 06:10 - 00000000 ____D C:\Users\glabelle\AppData\Local\Apps\2.0
2012-06-08 15:56 - 2012-06-08 15:56 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2012-06-08 15:48 - 2012-06-08 15:48 - 00003382 ____A C:\Windows\System32\.crusader
2012-06-08 15:38 - 2012-06-08 15:38 - 00000000 ____D C:\Program Files\HitmanPro
2012-06-08 15:19 - 2012-06-08 15:47 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-06-08 15:18 - 2012-06-08 15:18 - 07287176 ____A (SurfRight B.V.) C:\Users\glabelle\Downloads\HitmanPro36.exe
2012-06-08 14:59 - 2012-06-08 14:59 - 00000361 ____A C:\rkill.log
2012-06-08 14:58 - 2012-06-08 14:59 - 01012656 ____A C:\Users\glabelle\Downloads\iExplore.exe
2012-06-08 14:58 - 2012-06-08 14:58 - 00001205 ____A C:\Users\glabelle\Downloads\registryfix.reg
2012-06-08 13:28 - 2012-06-08 13:28 - 00000000 ____D C:\Users\glabelle\AppData\Roaming\Malwarebytes
2012-06-08 13:28 - 2012-06-08 13:28 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-08 13:28 - 2012-06-08 13:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-08 13:28 - 2012-04-04 11:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-08 13:15 - 2012-06-08 13:15 - 00000038 ____A C:\Users\glabelle\AppData\Roaming\cconf.txt.enc
2012-06-08 13:15 - 2012-06-08 13:15 - 00000000 ____D C:\Users\glabelle\AppData\Local\{3E1A9FC9-B1AF-11E1-8270-B8AC6F996F26}
2012-06-08 13:15 - 2012-06-08 13:15 - 00000000 ____D C:\Users\glabelle\AppData\Local\{3E1A66E8-B1AF-11E1-8270-B8AC6F996F26}
2012-06-08 13:14 - 2012-06-08 13:33 - 00000000 ____D C:\Users\glabelle\AppData\Roaming\Quokez
2012-06-08 13:14 - 2012-06-08 13:15 - 00000000 ____D C:\Users\glabelle\AppData\Roaming\Uhikaq
2012-06-08 13:14 - 2012-06-08 13:14 - 00000000 ____D C:\Users\glabelle\AppData\Roaming\Saaceq
2012-06-08 12:23 - 2009-05-07 07:07 - 00000632 ____A C:\Users\glabelle\Desktop\Shortcut to Schoool Sponsorship Fees.lnk
2012-06-07 14:26 - 2012-06-07 14:26 - 00002036 ____A C:\Users\glabelle\Documents\Remote Server.RDP
2012-06-07 13:52 - 2012-06-07 13:52 - 00002084 ____A C:\Users\glabelle\Documents\Remote Desktop.RDP
2012-06-07 13:51 - 2012-06-20 05:19 - 00002046 ___AH C:\Users\glabelle\Documents\Default.rdp
2012-06-05 12:48 - 2012-06-05 12:48 - 00790528 ____A C:\Users\glabelle\Documents\Copy of National Programs budget vs actual.xls
2012-06-05 09:08 - 2012-06-11 19:12 - 00002376 ____A C:\Users\glabelle\Desktop\Google Chrome.lnk
2012-06-05 09:07 - 2012-06-25 09:12 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-589946346-4175060337-3101168492-1678UA.job
2012-06-05 09:07 - 2012-06-25 09:12 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-589946346-4175060337-3101168492-1678Core.job
2012-06-05 09:07 - 2012-06-13 06:43 - 00000000 ____D C:\Users\glabelle\AppData\Local\Google
2012-06-05 09:06 - 2012-06-05 09:06 - 00739824 ____A (Google Inc.) C:\Users\glabelle\Downloads\ChromeSetup.exe
2012-06-05 06:08 - 2012-06-05 06:08 - 00670743 ____A C:\Users\glabelle\Downloads\TiaaPFR_1338905357983.zip
2012-06-04 06:22 - 2012-06-04 06:22 - 00135256 ____A C:\Users\dzeehandebar\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-04 06:22 - 2012-06-04 06:22 - 00000020 __ASH C:\Users\dzeehandebar\ntuser.ini
2012-06-04 06:22 - 2012-06-04 06:22 - 00000000 ___RD C:\Users\dzeehandebar\Virtual Machines
2012-06-04 06:22 - 2012-06-04 06:22 - 00000000 ____D C:\Users\dzeehandebar\AppData\Roaming\Roxio
2012-06-04 06:22 - 2012-06-04 06:22 - 00000000 ____D C:\Users\dzeehandebar\AppData\Roaming\Intel Corporation
2012-06-04 06:22 - 2012-06-04 06:22 - 00000000 ____D C:\Users\dzeehandebar\AppData\Roaming\Apple Computer
2012-06-04 06:22 - 2012-06-04 06:22 - 00000000 ____D C:\Users\dzeehandebar\AppData\Roaming\Adobe
2012-06-04 06:22 - 2012-06-04 06:22 - 00000000 ____D C:\Users\dzeehandebar\AppData\Local\VirtualStore
2012-06-04 06:22 - 2012-06-04 06:22 - 00000000 ____D C:\Users\dzeehandebar\AppData\Local\Adobe
2012-06-04 06:22 - 2012-06-04 06:22 - 00000000 ____D C:\users\dzeehandebar
2012-06-04 06:22 - 2012-03-30 23:00 - 00000000 ____D C:\Users\dzeehandebar\AppData\Local\Microsoft Help
2012-06-04 04:47 - 2012-06-04 04:47 - 00000000 ____D C:\Users\glabelle\AppData\Local\Apple
2012-06-01 13:55 - 2012-06-01 13:55 - 00009815 ____A C:\Users\glabelle\Desktop\Newlin Analysis.xlsx
2012-06-01 12:28 - 2012-06-20 07:24 - 00000000 ____D C:\Users\glabelle\Desktop\Accounting Reference Materials
2012-06-01 07:31 - 2012-06-01 07:31 - 00052727 ____A C:\Users\glabelle\Downloads\expression_search_gmailui-0.8.3-tb.xpi
2012-06-01 05:48 - 2012-06-14 07:40 - 00009955 ____A C:\Users\glabelle\Documents\Budget.xlsx
2012-06-01 05:44 - 2012-06-01 05:44 - 00001058 ____A C:\Users\glabelle\Desktop\Documents - Shortcut.lnk
2012-06-01 05:44 - 2012-06-01 05:43 - 00064733 ____A C:\Users\glabelle\Documents\Student Loan Amortization.xlsx
2012-05-29 12:32 - 2012-05-29 12:32 - 00059798 ____A C:\Users\glabelle\Downloads\20120529163327.zip
2012-05-29 12:11 - 2012-05-29 12:11 - 00073616 ____A C:\Users\glabelle\Downloads\20120529161202.zip
2012-05-29 10:54 - 2012-05-29 10:54 - 00000000 ____A C:\Users\glabelle\Sti_Trace.log
2012-05-29 09:59 - 2012-05-29 09:59 - 00000000 ____D C:\Users\glabelle\AppData\Local\Intuit
2012-05-29 09:28 - 2012-06-11 06:17 - 00000000 ____D C:\Users\glabelle\AppData\Local\Thunderbird
2012-05-29 09:28 - 2012-05-29 09:28 - 00002007 ____A C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2012-05-29 09:28 - 2012-05-29 09:28 - 00000000 ____D C:\Users\glabelle\AppData\Roaming\Thunderbird
2012-05-29 09:23 - 2012-05-29 09:24 - 00000000 ____D C:\Users\glabelle\AppData\Roaming\Mozilla
2012-05-29 09:23 - 2012-05-29 09:23 - 00000000 ____D C:\Users\glabelle\AppData\Local\Mozilla
2012-05-29 09:23 - 2012-05-29 09:23 - 00000000 ____D C:\Users\glabelle\AppData\Local\Logitech® Webcam Software
2012-05-29 09:22 - 2012-05-29 09:22 - 00000000 ____D C:\Users\glabelle\AppData\Roaming\Xerox
2012-05-29 09:21 - 2012-06-11 06:21 - 00000000 ____D C:\Users\glabelle\AppData\Roaming\Adobe
2012-05-29 09:21 - 2012-05-29 09:21 - 00135256 ____A C:\Users\glabelle\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-29 09:21 - 2012-05-29 09:21 - 00000000 ____D C:\Users\glabelle\Documents\Updater5
2012-05-29 09:21 - 2012-05-29 09:21 - 00000000 ____D C:\Users\glabelle\AppData\Roaming\Roxio
2012-05-29 09:21 - 2012-05-29 09:21 - 00000000 ____D C:\Users\glabelle\AppData\Roaming\Macromedia
2012-05-29 09:21 - 2012-05-29 09:21 - 00000000 ____D C:\Users\glabelle\AppData\Roaming\Intel Corporation
2012-05-29 09:21 - 2012-05-29 09:21 - 00000000 ____D C:\Users\glabelle\AppData\Roaming\Apple Computer
2012-05-29 09:21 - 2012-05-29 09:21 - 00000000 ____D C:\Users\glabelle\AppData\Local\Adobe
2012-05-29 09:20 - 2012-06-20 06:45 - 00000000 ____D C:\users\glabelle
2012-05-29 09:20 - 2012-06-15 13:25 - 00000000 ___RD C:\Users\glabelle\Virtual Machines
2012-05-29 09:20 - 2012-05-29 09:21 - 00000000 ____D C:\Users\glabelle\AppData\Local\VirtualStore
2012-05-29 09:20 - 2012-05-29 09:20 - 00000020 ___SH C:\Users\glabelle\ntuser.ini
2012-05-29 09:20 - 2012-03-30 23:00 - 00000000 ____D C:\Users\glabelle\AppData\Local\Microsoft Help
2012-05-28 06:25 - 2012-05-28 06:25 - 03186736 ____A C:\Users\mharden.EDEXCELLENCE.000\Downloads\advisorinstaller.exe
2012-05-28 06:25 - 2012-05-28 06:25 - 00002066 ____A C:\Users\Public\Desktop\Belarc Advisor.lnk
2012-05-28 06:25 - 2012-05-28 06:25 - 00000000 ____D C:\Program Files (x86)\Belarc
2012-05-28 05:51 - 2012-05-28 05:51 - 00000000 ____D C:\Users\mharden\AppData\Roaming\Apple Computer

============ 3 Months Modified Files and Folders =============

2012-06-25 13:40 - 2012-06-25 13:40 - 00000000 ____D C:\FRST
2012-06-25 09:36 - 2012-03-09 08:39 - 01400120 ____A C:\Windows\WindowsUpdate.log
2012-06-25 09:36 - 2009-07-13 21:13 - 00861828 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-25 09:35 - 2012-06-25 09:35 - 00000000 ____D C:\Users\glabelle\Desktop\Flash Drive
2012-06-25 09:33 - 2012-06-25 09:33 - 01425489 ____A C:\Users\glabelle\Downloads\FRST64.exe
2012-06-25 09:13 - 2009-07-13 20:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-25 09:13 - 2009-07-13 20:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-25 09:12 - 2012-06-05 09:07 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-589946346-4175060337-3101168492-1678UA.job
2012-06-25 09:12 - 2012-06-05 09:07 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-589946346-4175060337-3101168492-1678Core.job
2012-06-25 09:11 - 2012-06-13 06:28 - 00000000 ____D C:\Users\glabelle\Documents\Outlook Files
2012-06-25 09:06 - 2012-06-13 06:40 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-25 09:06 - 2012-03-26 10:07 - 00000152 ____A C:\Windows\System32\config\netlogon.ftl
2012-06-25 09:06 - 2012-03-09 09:06 - 00037694 ____A C:\Windows\System32\TmInstall.log
2012-06-25 09:06 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-25 09:06 - 2009-07-13 20:51 - 00036324 ____A C:\Windows\setupact.log
2012-06-25 09:05 - 2010-11-20 19:47 - 00095542 ____A C:\Windows\PFRO.log
2012-06-25 09:04 - 2012-03-27 04:02 - 00015965 ____A C:\Windows\cfgall.ini
2012-06-25 09:02 - 2012-06-25 09:02 - 00001578 ____A C:\Users\glabelle\Desktop\TrendMicroAV (tbfserver) - Shortcut.lnk
2012-06-25 08:47 - 2012-03-29 09:27 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-25 08:45 - 2012-06-13 06:40 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-25 05:24 - 2012-06-25 05:24 - 00062310 ____A C:\Users\glabelle\Desktop\Extras.Txt
2012-06-25 05:23 - 2012-06-25 05:23 - 00122002 ____A C:\Users\glabelle\Desktop\OTL.Txt
2012-06-25 05:22 - 2012-06-25 05:22 - 00122002 ____A C:\Users\glabelle\Downloads\OTL.Txt
2012-06-25 05:22 - 2012-06-25 05:22 - 00062310 ____A C:\Users\glabelle\Downloads\Extras.Txt
2012-06-25 05:17 - 2012-06-25 05:17 - 00596992 ____A (OldTimer Tools) C:\Users\glabelle\Downloads\OTL.exe
2012-06-25 05:16 - 2012-06-25 05:16 - 00000000 ____D C:\Users\glabelle\AppData\Local\Trend Micro
2012-06-25 05:16 - 2012-06-25 05:16 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2012-06-25 04:59 - 2012-06-25 04:59 - 00030996 ____A C:\ComboFix.txt
2012-06-25 04:59 - 2012-06-20 06:56 - 00000000 ____D C:\Qoobox
2012-06-25 04:56 - 2009-07-13 18:34 - 00000215 ____N C:\Windows\system.ini
2012-06-25 04:51 - 2012-06-20 06:06 - 00000000 ____D C:\Users\glabelle\Desktop\Anti-Virus Stuff
2012-06-25 04:49 - 2012-06-25 04:49 - 00881475 ____A C:\Users\glabelle\Downloads\SecurityCheck(1).exe
2012-06-22 08:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-06-22 07:11 - 2012-03-26 12:11 - 00000000 ____D C:\Users\All Users\SQL Anywhere 11
2012-06-21 09:06 - 2012-03-29 09:27 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-21 09:06 - 2012-03-09 08:41 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-21 05:31 - 2012-06-20 06:42 - 00000000 ____D C:\Users\glabelle\AppData\Roaming\Dropbox
2012-06-21 05:30 - 2012-06-20 06:45 - 00000000 ___RD C:\Users\glabelle\Dropbox
2012-06-21 04:54 - 2012-06-21 04:54 - 00000000 ____D C:\Users\glabelle\Documents\tdsskiller
2012-06-21 04:51 - 2012-06-20 12:13 - 00000000 ____D C:\Users\glabelle\Desktop\2010 Unemployment Comp Audit Docs
2012-06-20 11:43 - 2012-03-27 03:49 - 00000000 ____D C:\Users\mharden.EDEXCELLENCE.000\AppData\Roaming\Adobe
2012-06-20 11:42 - 2012-03-27 04:10 - 00000000 ____D C:\Users\mharden.EDEXCELLENCE.000\AppData\Roaming\Skype
2012-06-20 09:39 - 2012-03-27 03:59 - 12837691 ____A C:\Windows\OFCNT.LOG
2012-06-20 09:35 - 2012-06-20 09:35 - 00000000 ____D C:\Users\glabelle\AppData\Roaming\InstallShield
2012-06-20 07:35 - 2012-06-20 06:56 - 00000000 ____D C:\Windows\erdnt
2012-06-20 07:31 - 2009-07-13 18:34 - 79953920 ____A C:\Windows\System32\config\software.bak
2012-06-20 07:31 - 2009-07-13 18:34 - 16515072 ____A C:\Windows\System32\config\system.bak
2012-06-20 07:31 - 2009-07-13 18:34 - 00524288 ____A C:\Windows\System32\config\default.bak
2012-06-20 07:31 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\security.bak
2012-06-20 07:24 - 2012-06-01 12:28 - 00000000 ____D C:\Users\glabelle\Desktop\Accounting Reference Materials
2012-06-20 06:45 - 2012-06-20 06:45 - 00001006 ____A C:\Users\glabelle\Desktop\Dropbox.lnk
2012-06-20 06:45 - 2012-05-29 09:20 - 00000000 ____D C:\users\glabelle
2012-06-20 06:41 - 2012-06-20 06:40 - 18492072 ____A (Dropbox, Inc.) C:\Users\glabelle\Downloads\Dropbox 1.4.9.exe
2012-06-20 06:35 - 2012-06-20 06:35 - 00881475 ____A C:\Users\glabelle\Downloads\SecurityCheck.exe
2012-06-20 05:19 - 2012-06-07 13:51 - 00002046 ___AH C:\Users\glabelle\Documents\Default.rdp
2012-06-18 14:51 - 2012-03-27 06:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2012-06-18 11:35 - 2012-06-18 11:35 - 00135256 ____A C:\Users\emcarbaugh\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-18 11:35 - 2012-06-18 11:35 - 00000000 ___RD C:\Users\emcarbaugh\Virtual Machines
2012-06-18 11:35 - 2012-06-18 11:35 - 00000000 ____D C:\Users\emcarbaugh\AppData\Roaming\Roxio
2012-06-18 11:35 - 2012-06-18 11:35 - 00000000 ____D C:\Users\emcarbaugh\AppData\Roaming\Intel Corporation
2012-06-18 11:35 - 2012-06-18 11:35 - 00000000 ____D C:\Users\emcarbaugh\AppData\Roaming\Apple Computer
2012-06-18 11:35 - 2012-06-18 11:35 - 00000000 ____D C:\Users\emcarbaugh\AppData\Roaming\Adobe
2012-06-18 11:35 - 2012-06-18 11:35 - 00000000 ____D C:\Users\emcarbaugh\AppData\Local\VirtualStore
2012-06-18 11:35 - 2012-06-18 11:35 - 00000000 ____D C:\Users\emcarbaugh\AppData\Local\Adobe
2012-06-18 11:35 - 2012-06-18 11:34 - 00000000 ____D C:\users\emcarbaugh
2012-06-18 11:34 - 2012-06-18 11:34 - 00000020 __ASH C:\Users\emcarbaugh\ntuser.ini
2012-06-18 08:41 - 2012-06-18 08:41 - 10056824 ____A (Web Eight LLC ) C:\Users\glabelle\Downloads\BrowserProtect_Setup.exe
2012-06-18 07:10 - 2012-06-18 07:10 - 00001172 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-06-18 07:10 - 2012-06-18 07:10 - 00000000 ____D C:\Users\glabelle\AppData\Local\Mozilla Firefox
2012-06-18 07:10 - 2012-06-18 07:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-18 07:10 - 2012-03-26 10:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-06-18 06:25 - 2012-06-18 06:25 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-06-18 06:24 - 2012-06-18 06:24 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-06-18 06:24 - 2012-06-18 06:24 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-06-18 06:22 - 2012-06-18 06:22 - 00893936 ____A (Oracle Corporation) C:\Users\glabelle\Downloads\jxpiinstall.exe
2012-06-18 06:21 - 2012-06-18 06:21 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-06-18 06:21 - 2012-06-18 06:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-06-18 06:16 - 2012-06-18 06:15 - 13085120 ____A (Microsoft Corporation) C:\Users\glabelle\Downloads\Silverlight_x64.exe
2012-06-15 13:25 - 2012-05-29 09:20 - 00000000 ___RD C:\Users\glabelle\Virtual Machines
2012-06-14 07:40 - 2012-06-01 05:48 - 00009955 ____A C:\Users\glabelle\Documents\Budget.xlsx
2012-06-14 06:18 - 2012-06-14 06:14 - 00077312 ____A C:\Users\glabelle\Downloads\Mt Vernon Adult Jul 12 Schedule.xls
2012-06-14 05:39 - 2012-06-14 05:38 - 00000000 ____D C:\Users\glabelle\Documents\20120614093735
2012-06-13 13:52 - 2012-06-13 13:52 - 00028332 ____A C:\Users\glabelle\AppData\Roaming\Tab Separated Values (Windows).ADR
2012-06-13 13:51 - 2012-06-13 13:51 - 00002272 ____A C:\Users\glabelle\Documents\Gary Contacts.txt
2012-06-13 13:38 - 2012-06-13 13:38 - 00028501 ____A C:\Users\glabelle\AppData\Roaming\Comma Separated Values (Windows).ADR
2012-06-13 13:37 - 2012-06-13 13:37 - 00046021 ____A C:\Users\glabelle\Documents\Contacts.csv
2012-06-13 07:25 - 2012-06-13 07:25 - 00000000 ____D C:\Users\glabelle\AppData\Local\Macromedia
2012-06-13 06:52 - 2009-07-13 20:45 - 00485056 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-13 06:43 - 2012-06-05 09:07 - 00000000 ____D C:\Users\glabelle\AppData\Local\Google
2012-06-13 06:42 - 2012-06-13 06:40 - 00000000 ____D C:\Program Files (x86)\Google
2012-06-13 06:40 - 2012-06-13 06:40 - 00740000 ____A (Google Inc.) C:\Users\glabelle\Downloads\googleappssyncsetup.exe
2012-06-13 06:13 - 2011-02-10 06:33 - 00828162 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-13 05:29 - 2012-06-13 05:29 - 00002121 ____A C:\Users\glabelle\AppData\Local\recently-used.xbel
2012-06-13 05:29 - 2012-06-13 05:08 - 00000000 ____D C:\Users\glabelle\.gimp-2.8
2012-06-13 05:28 - 2012-06-13 05:28 - 00000000 ____D C:\Users\glabelle\AppData\Local\webkit
2012-06-13 05:27 - 2012-06-13 05:27 - 00000000 ____D C:\Users\glabelle\.thumbnails
2012-06-13 05:08 - 2012-06-13 05:08 - 00000000 ____D C:\Users\glabelle\AppData\Local\gegl-0.2
2012-06-13 05:07 - 2012-06-13 05:06 - 00000000 ____D C:\Program Files\GIMP 2
2012-06-13 05:03 - 2012-06-13 05:01 - 76225536 ____A (The GIMP Team ) C:\Users\glabelle\Downloads\gimp-2.8.0-setup.exe
2012-06-12 23:06 - 2012-03-26 11:58 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-06-12 23:03 - 2012-04-04 13:43 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-12 13:30 - 2012-06-12 13:30 - 00000000 ____D C:\Windows\Sun
2012-06-12 08:28 - 2012-03-27 04:55 - 00001082 ____A C:\Windows\Brpfx04a.ini
2012-06-12 08:20 - 2012-06-12 08:19 - 00000000 ____D C:\Users\glabelle\AppData\Roaming\PC-FAX TX
2012-06-12 08:20 - 2012-03-27 04:52 - 00000000 ____A C:\Windows\brdfxspd.dat
2012-06-12 08:19 - 2012-03-27 04:55 - 00000164 ____A C:\Windows\brpcfx.ini
2012-06-11 19:12 - 2012-06-05 09:08 - 00002376 ____A C:\Users\glabelle\Desktop\Google Chrome.lnk
2012-06-11 06:41 - 2012-03-27 07:43 - 00000000 ____D C:\Users\All Users\Adobe
2012-06-11 06:21 - 2012-05-29 09:21 - 00000000 ____D C:\Users\glabelle\AppData\Roaming\Adobe
2012-06-11 06:17 - 2012-05-29 09:28 - 00000000 ____D C:\Users\glabelle\AppData\Local\Thunderbird
2012-06-11 06:14 - 2012-06-11 06:14 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-06-11 06:14 - 2012-03-27 08:55 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-06-11 06:10 - 2012-06-11 06:10 - 00000000 ____D C:\Users\glabelle\AppData\Local\Apps\2.0
2012-06-08 15:56 - 2012-06-08 15:56 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2012-06-08 15:56 - 2012-03-27 03:48 - 00000000 __SHD C:\Users\glabelle\AppData\Local\{b551ea50-100a-33f7-84e8-cbf7426c45fc}
2012-06-08 15:48 - 2012-06-08 15:48 - 00003382 ____A C:\Windows\System32\.crusader
2012-06-08 15:47 - 2012-06-08 15:19 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-06-08 15:38 - 2012-06-08 15:38 - 00000000 ____D C:\Program Files\HitmanPro
2012-06-08 15:18 - 2012-06-08 15:18 - 07287176 ____A (SurfRight B.V.) C:\Users\glabelle\Downloads\HitmanPro36.exe
2012-06-08 14:59 - 2012-06-08 14:59 - 00000361 ____A C:\rkill.log
2012-06-08 14:59 - 2012-06-08 14:58 - 01012656 ____A C:\Users\glabelle\Downloads\iExplore.exe
2012-06-08 14:58 - 2012-06-08 14:58 - 00001205 ____A C:\Users\glabelle\Downloads\registryfix.reg
2012-06-08 14:40 - 2012-03-09 09:10 - 00000000 ____D C:\Users\All Users\Sonic
2012-06-08 13:33 - 2012-06-08 13:14 - 00000000 ____D C:\Users\glabelle\AppData\Roaming\Quokez
2012-06-08 13:28 - 2012-06-08 13:28 - 00000000 ____D C:\Users\glabelle\AppData\Roaming\Malwarebytes
2012-06-08 13:28 - 2012-06-08 13:28 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-08 13:28 - 2012-06-08 13:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-08 13:15 - 2012-06-08 13:15 - 00000038 ____A C:\Users\glabelle\AppData\Roaming\cconf.txt.enc
2012-06-08 13:15 - 2012-06-08 13:15 - 00000000 ____D C:\Users\glabelle\AppData\Local\{3E1A9FC9-B1AF-11E1-8270-B8AC6F996F26}
2012-06-08 13:15 - 2012-06-08 13:15 - 00000000 ____D C:\Users\glabelle\AppData\Local\{3E1A66E8-B1AF-11E1-8270-B8AC6F996F26}
2012-06-08 13:15 - 2012-06-08 13:14 - 00000000 ____D C:\Users\glabelle\AppData\Roaming\Uhikaq
2012-06-08 13:14 - 2012-06-08 13:14 - 00000000 ____D C:\Users\glabelle\AppData\Roaming\Saaceq
2012-06-07 14:26 - 2012-06-07 14:26 - 00002036 ____A C:\Users\glabelle\Documents\Remote Server.RDP
2012-06-07 13:52 - 2012-06-07 13:52 - 00002084 ____A C:\Users\glabelle\Documents\Remote Desktop.RDP
2012-06-05 12:48 - 2012-06-05 12:48 - 00790528 ____A C:\Users\glabelle\Documents\Copy of National Programs budget vs actual.xls
2012-06-05 09:06 - 2012-06-05 09:06 - 00739824 ____A (Google Inc.) C:\Users\glabelle\Downloads\ChromeSetup.exe
2012-06-05 06:08 - 2012-06-05 06:08 - 00670743 ____A C:\Users\glabelle\Downloads\TiaaPFR_1338905357983.zip
2012-06-04 06:22 - 2012-06-04 06:22 - 00135256 ____A C:\Users\dzeehandebar\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-04 06:22 - 2012-06-04 06:22 - 00000020 __ASH C:\Users\dzeehandebar\ntuser.ini
2012-06-04 06:22 - 2012-06-04 06:22 - 00000000 ___RD C:\Users\dzeehandebar\Virtual Machines
2012-06-04 06:22 - 2012-06-04 06:22 - 00000000 ____D C:\Users\dzeehandebar\AppData\Roaming\Roxio
2012-06-04 06:22 - 2012-06-04 06:22 - 00000000 ____D C:\Users\dzeehandebar\AppData\Roaming\Intel Corporation
2012-06-04 06:22 - 2012-06-04 06:22 - 00000000 ____D C:\Users\dzeehandebar\AppData\Roaming\Apple Computer
2012-06-04 06:22 - 2012-06-04 06:22 - 00000000 ____D C:\Users\dzeehandebar\AppData\Roaming\Adobe
2012-06-04 06:22 - 2012-06-04 06:22 - 00000000 ____D C:\Users\dzeehandebar\AppData\Local\VirtualStore
2012-06-04 06:22 - 2012-06-04 06:22 - 00000000 ____D C:\Users\dzeehandebar\AppData\Local\Adobe
2012-06-04 06:22 - 2012-06-04 06:22 - 00000000 ____D C:\users\dzeehandebar
2012-06-04 04:47 - 2012-06-04 04:47 - 00000000 ____D C:\Users\glabelle\AppData\Local\Apple
2012-06-02 14:19 - 2012-06-19 07:55 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-19 07:55 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-19 07:55 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-19 07:55 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-19 07:55 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-19 07:55 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-19 07:55 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-19 07:55 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-19 07:55 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 13:55 - 2012-06-01 13:55 - 00009815 ____A C:\Users\glabelle\Desktop\Newlin Analysis.xlsx
2012-06-01 07:31 - 2012-06-01 07:31 - 00052727 ____A C:\Users\glabelle\Downloads\expression_search_gmailui-0.8.3-tb.xpi
2012-06-01 05:44 - 2012-06-01 05:44 - 00001058 ____A C:\Users\glabelle\Desktop\Documents - Shortcut.lnk
2012-06-01 05:43 - 2012-06-01 05:44 - 00064733 ____A C:\Users\glabelle\Documents\Student Loan Amortization.xlsx
2012-05-29 14:16 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\sam.bak
2012-05-29 12:32 - 2012-05-29 12:32 - 00059798 ____A C:\Users\glabelle\Downloads\20120529163327.zip
2012-05-29 12:11 - 2012-05-29 12:11 - 00073616 ____A C:\Users\glabelle\Downloads\20120529161202.zip
2012-05-29 10:54 - 2012-05-29 10:54 - 00000000 ____A C:\Users\glabelle\Sti_Trace.log
2012-05-29 09:59 - 2012-05-29 09:59 - 00000000 ____D C:\Users\glabelle\AppData\Local\Intuit
2012-05-29 09:28 - 2012-05-29 09:28 - 00002007 ____A C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2012-05-29 09:28 - 2012-05-29 09:28 - 00000000 ____D C:\Users\glabelle\AppData\Roaming\Thunderbird
2012-05-29 09:24 - 2012-05-29 09:23 - 00000000 ____D C:\Users\glabelle\AppData\Roaming\Mozilla
2012-05-29 09:23 - 2012-05-29 09:23 - 00000000 ____D C:\Users\glabelle\AppData\Local\Mozilla
2012-05-29 09:23 - 2012-05-29 09:23 - 00000000 ____D C:\Users\glabelle\AppData\Local\Logitech® Webcam Software
2012-05-29 09:22 - 2012-05-29 09:22 - 00000000 ____D C:\Users\glabelle\AppData\Roaming\Xerox
2012-05-29 09:21 - 2012-05-29 09:21 - 00135256 ____A C:\Users\glabelle\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-29 09:21 - 2012-05-29 09:21 - 00000000 ____D C:\Users\glabelle\Documents\Updater5
2012-05-29 09:21 - 2012-05-29 09:21 - 00000000 ____D C:\Users\glabelle\AppData\Roaming\Roxio
2012-05-29 09:21 - 2012-05-29 09:21 - 00000000 ____D C:\Users\glabelle\AppData\Roaming\Macromedia
2012-05-29 09:21 - 2012-05-29 09:21 - 00000000 ____D C:\Users\glabelle\AppData\Roaming\Intel Corporation
2012-05-29 09:21 - 2012-05-29 09:21 - 00000000 ____D C:\Users\glabelle\AppData\Roaming\Apple Computer
2012-05-29 09:21 - 2012-05-29 09:21 - 00000000 ____D C:\Users\glabelle\AppData\Local\Adobe
2012-05-29 09:21 - 2012-05-29 09:20 - 00000000 ____D C:\Users\glabelle\AppData\Local\VirtualStore
2012-05-29 09:20 - 2012-05-29 09:20 - 00000020 ___SH C:\Users\glabelle\ntuser.ini
2012-05-29 03:46 - 2012-03-29 03:50 - 00001996 ___AH C:\Users\mharden.EDEXCELLENCE.000\Documents\Default.rdp
2012-05-28 06:25 - 2012-05-28 06:25 - 03186736 ____A C:\Users\mharden.EDEXCELLENCE.000\Downloads\advisorinstaller.exe
2012-05-28 06:25 - 2012-05-28 06:25 - 00002066 ____A C:\Users\Public\Desktop\Belarc Advisor.lnk
2012-05-28 06:25 - 2012-05-28 06:25 - 00000000 ____D C:\Program Files (x86)\Belarc
2012-05-28 05:51 - 2012-05-28 05:51 - 00000000 ____D C:\Users\mharden\AppData\Roaming\Apple Computer
2012-05-24 04:52 - 2012-05-24 04:52 - 00001605 ____A C:\Users\mharden.EDEXCELLENCE.000\Desktop\SCHWAB Trades 2012 - Shortcut.lnk
2012-05-22 04:03 - 2012-05-22 04:03 - 01317376 ____A C:\Users\mharden.EDEXCELLENCE.000\Desktop\OH Gates Common Core Budget - $120k.xls
2012-05-21 05:48 - 2012-03-27 07:30 - 00000000 ____D C:\Users\mharden.EDEXCELLENCE.000\AppData\Local\Microsoft Help
2012-05-17 18:47 - 2012-06-12 23:00 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-12 23:00 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-12 23:00 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-12 23:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-12 23:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-12 23:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-12 23:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-12 23:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-12 23:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-12 23:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-12 23:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-12 23:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-12 23:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-12 23:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-12 23:00 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-12 23:00 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-12 23:00 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-12 23:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-12 23:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-12 23:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-12 23:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-12 23:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-12 23:00 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-12 23:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-12 23:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-12 23:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-12 23:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-12 23:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-17 08:22 - 2012-05-17 08:22 - 00000000 ____D C:\Users\mharden.EDEXCELLENCE.000\AppData\Roaming\Apple Computer
2012-05-17 08:20 - 2012-05-17 08:20 - 00000000 ____D C:\Users\mharden.EDEXCELLENCE.000\AppData\Local\Apple Computer
2012-05-17 08:15 - 2012-05-17 08:15 - 00000000 ____D C:\Users\All Users\Apple Computer
2012-05-17 08:15 - 2012-05-17 08:15 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-05-17 08:14 - 2012-05-17 08:14 - 00000000 ____D C:\Users\mharden.EDEXCELLENCE.000\AppData\Local\Apple
2012-05-17 08:14 - 2012-05-17 08:14 - 00000000 ____D C:\Users\All Users\Apple
2012-05-17 08:14 - 2012-05-17 08:14 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2012-05-17 08:13 - 2012-05-17 08:12 - 39483256 ____A (Apple Inc.) C:\Users\mharden.EDEXCELLENCE.000\Downloads\QuickTimeInstaller.exe
2012-05-14 17:32 - 2012-06-12 12:09 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-10 06:06 - 2012-05-10 06:06 - 00000262 ____A C:\Users\mharden.EDEXCELLENCE.000\Desktop\Run.lnk
2012-05-09 23:00 - 2010-11-20 23:17 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-08 07:09 - 2012-05-08 07:09 - 00000000 ___SD C:\Users\mharden.EDEXCELLENCE.000\Documents\My Data Sources
2012-05-04 22:47 - 2012-03-29 09:47 - 08744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-04 15:29 - 2012-06-18 06:24 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-05-04 15:29 - 2012-06-18 06:24 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-05-04 15:29 - 2012-03-09 08:52 - 00687504 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-05-04 03:56 - 2012-05-04 03:56 - 00000000 ____D C:\Users\All Users\Mozilla
2012-05-04 03:06 - 2012-06-12 12:09 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-12 12:09 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-12 12:09 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-03 10:56 - 2012-05-03 10:56 - 00001173 ____A C:\Users\mharden.EDEXCELLENCE.000\Desktop\Current Grant Budget Reports - Shortcut.lnk
2012-05-01 05:57 - 2012-05-01 05:57 - 00074134 ____A C:\Users\mharden.EDEXCELLENCE.000\Downloads\20120501095710.zip
2012-04-30 21:40 - 2012-06-12 12:09 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-30 09:48 - 2012-05-24 05:13 - 00012862 ____A C:\Users\mharden.EDEXCELLENCE.000\Desktop\Cash Analysis Chart.xlsx
2012-04-27 19:55 - 2012-06-12 12:09 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:41 - 2012-06-12 12:09 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-12 12:09 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-12 12:09 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 21:37 - 2012-06-12 12:08 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-12 12:08 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-12 12:08 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-12 12:08 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-12 12:08 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-12 12:08 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-23 05:37 - 2012-04-23 05:33 - 00067072 ____A C:\Users\mharden.EDEXCELLENCE.000\Desktop\2011 funders_all-1 Per QB.xls
2012-04-23 05:36 - 2012-04-23 05:36 - 00013304 ____A C:\Users\mharden.EDEXCELLENCE.000\Desktop\2012 funders as of April 20-1 per QB.xlsx
2012-04-18 16:56 - 2012-04-18 16:56 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2012-04-18 16:56 - 2012-04-18 16:56 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
2012-04-12 10:30 - 2012-04-12 10:30 - 00000000 ____D C:\Users\mharden.EDEXCELLENCE.000\AppData\Local\LogMeIn
2012-04-12 10:30 - 2012-04-12 10:30 - 00000000 ____D C:\Users\All Users\LogMeIn
2012-04-11 23:02 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
2012-04-10 09:31 - 2012-04-10 09:31 - 03107936 ____A C:\Users\mharden.EDEXCELLENCE.000\Downloads\VidyoDesktopInstaller-win32-TAG_VD_2_1_0_00310.exe
2012-04-10 09:31 - 2012-04-10 09:31 - 00000000 ____D C:\Users\mharden.EDEXCELLENCE.000\AppData\Roaming\Vidyo
2012-04-10 09:31 - 2012-04-10 09:31 - 00000000 ____D C:\Program Files (x86)\Vidyo
2012-04-10 08:57 - 2012-03-27 23:01 - 00012997 ____A C:\Windows\System32\lvcoinst.log
2012-04-10 08:08 - 2012-04-10 08:08 - 00000121 ____A C:\Windows\TurboMeeting.INI
2012-04-10 06:45 - 2012-04-10 06:45 - 00001282 ____A C:\Users\tbfordham.EDEXCELLENCE\Desktop\MXmeeting.lnk
2012-04-10 06:45 - 2012-04-10 06:45 - 00001282 ____A C:\Users\mharden\Desktop\MXmeeting.lnk
2012-04-10 06:45 - 2012-04-10 06:45 - 00000000 ____D C:\Users\Public\MXmeeting
2012-04-10 06:44 - 2012-04-10 06:44 - 03391416 ____A C:\Users\mharden.EDEXCELLENCE.000\Downloads\MXmeeting.exe
2012-04-09 10:12 - 2012-04-24 06:03 - 00540908 ____A C:\Users\mharden.EDEXCELLENCE.000\Desktop\2012 budget vs actual, monthly.xlsx
2012-04-09 04:58 - 2012-04-09 04:58 - 00463080 ____A (CNET Download.com) C:\Users\mharden.EDEXCELLENCE.000\Downloads\cnet2_R165416_EXE.exe
2012-04-09 03:43 - 2012-04-09 03:43 - 07061336 ____A (Logitech, Inc.) C:\Users\mharden.EDEXCELLENCE.000\Downloads\lws231.exe
2012-04-09 03:43 - 2012-04-09 03:43 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-04-07 04:31 - 2012-06-12 12:09 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 03:26 - 2012-06-12 12:09 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-04-04 11:56 - 2012-06-08 13:28 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-02 10:37 - 2012-03-27 04:54 - 00000426 ____A C:\Windows\BRWMARK.INI
2012-04-01 16:09 - 2012-04-01 16:09 - 00000000 ____D C:\Users\mharden\AppData\Local\Logitech® Webcam Software
2012-04-01 16:07 - 2012-04-01 16:07 - 00000000 ____D C:\Users\mharden\AppData\Local\Adobe
2012-04-01 16:07 - 2012-03-27 03:46 - 00000000 ____D C:\Users\mharden\AppData\Roaming\Adobe
2012-04-01 16:07 - 2012-03-26 10:07 - 00135256 ____A C:\Users\mharden\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-01 16:07 - 2012-03-26 10:06 - 00000000 ___RD C:\Users\mharden\Virtual Machines
2012-04-01 16:07 - 2012-03-26 10:06 - 00000000 ____D C:\Users\mharden\AppData\Local\VirtualStore
2012-03-30 23:00 - 2012-06-18 11:34 - 00000000 ____D C:\Users\emcarbaugh\AppData\Local\Microsoft Help
2012-03-30 23:00 - 2012-06-04 06:22 - 00000000 ____D C:\Users\dzeehandebar\AppData\Local\Microsoft Help
2012-03-30 23:00 - 2012-05-29 09:20 - 00000000 ____D C:\Users\glabelle\AppData\Local\Microsoft Help
2012-03-30 23:00 - 2012-03-30 23:00 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2012-03-30 23:00 - 2012-03-30 23:00 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2012-03-30 03:35 - 2012-05-09 20:15 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 23:03 - 2012-03-29 23:03 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2012-03-29 23:03 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-03-29 09:41 - 2012-03-29 09:41 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-03-29 06:13 - 2012-03-27 03:48 - 00000000 ____D C:\Users\mharden.EDEXCELLENCE.000\AppData\Local\VirtualStore
2012-03-29 05:58 - 2012-03-27 06:59 - 00000000 ____D C:\Users\mharden.EDEXCELLENCE.000\AppData\Local\Thunderbird
2012-03-29 05:50 - 2012-03-29 05:50 - 00000000 ____D C:\Users\mharden.EDEXCELLENCE.000\AppData\Local\Logitech® Webcam Software
2012-03-29 05:48 - 2012-03-29 05:48 - 00000000 ____D C:\Users\All Users\LogiShrd
2012-03-29 05:47 - 2012-03-29 05:47 - 00000000 ____D C:\Users\mharden.EDEXCELLENCE.000\AppData\Roaming\Leadertech
2012-03-29 05:47 - 2012-03-29 05:47 - 00000000 ____D C:\Users\All Users\Logitech
2012-03-29 05:47 - 2012-03-29 05:47 - 00000000 ____D C:\Program Files (x86)\Logitech
2012-03-29 05:47 - 2012-03-26 10:07 - 00000000 ____D C:\Program Files\Common Files\logishrd
2012-03-29 05:43 - 2012-03-29 05:43 - 00000000 ____A C:\Users\mharden.EDEXCELLENCE.000\Sti_Trace.log
2012-03-29 05:43 - 2012-03-27 03:48 - 00000000 ____D C:\users\mharden.EDEXCELLENCE.000
2012-03-29 05:41 - 2012-03-27 03:48 - 00000000 ___RD C:\Users\mharden.EDEXCELLENCE.000\Virtual Machines
2012-03-29 05:38 - 2012-03-27 04:53 - 00000050 ____A C:\Windows\System32\bd7840w.dat
2012-03-29 05:38 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2012-03-29 05:36 - 2012-03-29 05:35 - 43300924 ____A (A.I.SOFT,INC.) C:\Users\mharden.EDEXCELLENCE.000\Downloads\MFC-7840W-inst-win7-A2(1).EXE
2012-03-29 04:27 - 2012-03-29 04:27 - 00000000 ___RD C:\Users\mharden.EDEXCELLENCE.000\AppData\Roaming\Brother
2012-03-29 04:18 - 2012-03-27 04:52 - 00000000 ____D C:\Program Files (x86)\Brother
2012-03-29 04:18 - 2012-03-09 08:53 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-03-29 04:10 - 2012-03-27 04:52 - 00000000 ____D C:\Users\All Users\Brother
2012-03-29 04:09 - 2012-03-29 04:09 - 00000000 ____D C:\Brother

ZeroAccess:
C:\Users\glabelle\AppData\Local\{b551ea50-100a-33f7-84e8-cbf7426c45fc}
C:\Users\glabelle\AppData\Local\{b551ea50-100a-33f7-84e8-cbf7426c45fc}\@
C:\Users\glabelle\AppData\Local\{b551ea50-100a-33f7-84e8-cbf7426c45fc}\L
C:\Users\glabelle\AppData\Local\{b551ea50-100a-33f7-84e8-cbf7426c45fc}\U
C:\Users\glabelle\AppData\Local\{b551ea50-100a-33f7-84e8-cbf7426c45fc}\U\00000001.@
C:\Users\glabelle\AppData\Local\{b551ea50-100a-33f7-84e8-cbf7426c45fc}\U\80000000.@

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 8073.02 MB
Available physical RAM: 7238.61 MB
Total Pagefile: 8071.21 MB
Available Pagefile: 7226.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:449.57 GB) (Free:391.98 GB) NTFS
3 Drive f: () (Removable) (Total:3.72 GB) (Free:3.72 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (RECOVERY) (Fixed) (Total:16.15 GB) (Free:8.12 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 3072 KB
Disk 1 Online 3815 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 16 GB 40 MB
Partition 3 Primary 449 GB 16 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 39 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 16 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 449 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3814 MB 8 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 3814 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-17 20:34

======================= End Of Log ==========================

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:00 AM

Posted 25 June 2012 - 04:22 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

C:\Users\glabelle\AppData\Local\{b551ea50-100a-33f7-84e8-cbf7426c45fc}

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Fisticuffs

Fisticuffs
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 25 June 2012 - 04:32 PM

Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 24-06-2012
Ran by SYSTEM at 2012-06-25 17:28:03 Run:1
Running from F:\

==============================================

C:\Users\glabelle\AppData\Local\{b551ea50-100a-33f7-84e8-cbf7426c45fc} moved successfully.

==== End of Fixlog ====

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:00 AM

Posted 25 June 2012 - 09:24 PM

Greetings Fisticuffs


how are things running now?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Fisticuffs

Fisticuffs
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 26 June 2012 - 07:48 AM

Well... After several attempts searching random words in google and looking for a redirect, there is no sign of infomash, or any other redirect. I think it's finally gone. Thanks so much for your help!

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:00 AM

Posted 26 June 2012 - 07:58 AM

Hello Fisticuffs

That is great news - now we can move to the next phase of sweeping up and locking the doors

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Fisticuffs

Fisticuffs
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 26 June 2012 - 08:06 AM

Here you go!

Adobe Acrobat 8 Standard - English, Français, Deutsch
Adobe Acrobat 8.1.0 Standard
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Apple Application Support
Apple Software Update
Belarc Advisor 8.2
Brother BRAdmin Light 1.18.0001
Brother MFL-Pro Suite MFC-7840W
CameraHelperMsi
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Client System Update
Dell Data Protection | Access
Dell Data Protection | Access | Drivers
Dell Data Protection | Access | Middleware
DirectX 9 Runtime
Dropbox
DYMO Label v.8
erLT
Google Apps Migration For Microsoft Outlook® 2.3.12.34
Google Apps Sync™ for Microsoft Outlook® 3.1.94.203
Google Chrome
Google Update Helper
HL-2270DW
Intel® Control Center
Intel® Identity Protection Technology 1.1.2.0
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Java Auto Updater
Java™ 7 Update 5
JavaFX 2.1.1
Junk Mail filter update
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.61.0.1400
Mesh Runtime
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 13.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MXmeeting
PhotoShowExpress
QBSetup
QuickBooks
QuickBooks Pro 2010
QuickTime
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Skype™ 5.8
Sonic CinePlayer Decoder Pack
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Vidyo Desktop 2.1
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:00 AM

Posted 26 June 2012 - 01:11 PM

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Fisticuffs

Fisticuffs
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 26 June 2012 - 03:42 PM

While I haven't actually suffered any redirects, Malwarebytes has popped up a notification that it blocked access to [some IP address]. But when I run MBAM, it doesn't detect anything.

MBAM:


Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.26.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
glabelle :: MHARDEN-PC [administrator]

Protection: Enabled

6/26/2012 3:49:26 PM
mbam-log-2012-06-26 (15-49-26).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 486281
Time elapsed: 37 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Hijack This:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:46:05 PM, on 6/26/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Intuit\QuickBooks 2010\qbw32.exe
C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgr.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\axlbridge.exe
C:\PROGRA~2\Intuit\QUICKB~1\dbextclr11.exe
C:\Users\glabelle\AppData\Local\Mozilla Firefox\firefox.exe
C:\Users\glabelle\Desktop\Anti-Virus Stuff\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.google.com/mail/?shva=1#inbox
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DC.edexcellence.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = DC.edexcellence.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = DC.edexcellence.net
O18 - Protocol: intu-help-qb3 - {C5E479EA-0A65-4B05-8C6C-2FC8CC682EB4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll (file missing)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: DYMO PnP Service (DymoPnpService) - Sanford, L.P. - C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: Intel® Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QBCFMonitorService - Intuit - c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - c:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: NTRU TSS v1.2.1.36 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: Wave Authentication Manager Service - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16241 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users