Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan horse Patched_c.LXT in system32


  • This topic is locked This topic is locked
23 replies to this topic

#1 SniprUK

SniprUK

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 08 August 2012 - 01:37 PM

Hello,
Today AVG sad that it was infected with a trojan horse Patched_c.LTX and AVG was unable to remove it becase it is a whitelisted destination. I found one of the earlier topics where you helped someone with the same problem but it is a bit hard to follow for my variation. Please help as I need that computer urgently.

Thanks,
SniprUK

I am running Windows 7 Home Premium 64 bit. It is an Intel based machine.

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:45 AM

Posted 09 August 2012 - 09:14 AM

Please do the following:

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 SniprUK

SniprUK
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 13 August 2012 - 11:29 AM

Hey dude, thanks for your quick response! Here is FRST.txt:

Scan result of Farbar Recovery Scan Tool Version: 08-08-2012 01
Ran by SYSTEM at 13-08-2012 16:55:54
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [508472 2009-10-09] (Conexant Systems, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-08-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-08-25] (Intel Corporation)
HKLM\...\Run: [PLFSetI] C:\Windows\PLFSetI.exe [200704 2009-11-20] ()
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM\...\Run: [lxeamon.exe] "C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe" [770728 2011-01-23] ()
HKLM\...\Run: [EzPrint] "C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe" [148280 2011-01-23] ()
HKLM\...\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k [262912 2009-08-20] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe" [600688 2009-12-03] (Chicony)
HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1094736 2009-11-01] (Dritek System Inc.)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-04] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [FREEzeFlipSA] "C:\Program Files (x86)\FREEzeFlip\bin\1.0.6.0\FREEzeFlipSA.exe" [660480 2011-08-09] ()
HKLM-x32\...\Run: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0" [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey [12099672 2012-06-11] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1996200 2012-06-27] (LogMeIn Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [x]
HKLM-x32\...\Run: [WinCast] D:\CDSetup\setup.exe -leng [x]
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKU\Mcx1-WILL-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)
HKU\Sarah\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-10-29] (Google Inc.)
HKU\user\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-10-29] (Google Inc.)
HKU\user\...\Run: [AVG LiveKive] "C:\Program Files (x86)\AVG LiveKive\avglivekive.exe" --windows_startup [x]
HKU\user\...\Run: [Dyyno Launcher] "C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe" 30100 30101 30102 30103 30104 [2151776 2011-01-20] ()
HKU\user\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [718720 2011-07-21] (Microsoft Corporation)
HKU\user\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17148552 2012-02-28] (Skype Technologies S.A.)
HKU\user\...\Run: [Facebook Update] "C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)
HKU\user\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\user\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1353080 2012-08-04] (Valve Corporation)
HKU\user\...\Run: [Google Update] "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-07-14] (Google Inc.)
HKU\user\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\user\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.)
HKU\user\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59240 2012-02-23] (Apple Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Startup: C:\Users\user\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\user\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk
ShortcutTarget: Microsoft SharePoint Workspace.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\user\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ======

2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5160568 2012-07-04] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-13] (AVG Technologies CZ, s.r.o.)
2 BcmSqlStartupSvc; "C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [31144 2010-03-25] (Microsoft Corporation)
2 Dyyno Launcher; C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe [415072 2011-01-20] ()
2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [844320 2009-09-30] (Acer Incorporated)
2 Greg_Service; C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2369960 2012-06-27] (LogMeIn Inc.)
2 lxeaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
2 lxea_device; C:\Windows\system32\lxeacoms.exe -service [1052328 2010-04-14] ( )
2 lxea_device; C:\Windows\SysWow64\lxeacoms.exe -service [598696 2010-04-14] ( )
2 MSSQL$EASIFY; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sEASIFY [29293408 2010-12-10] (Microsoft Corporation)
3 MSSQL$MSSMLBIZ; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [43010392 2009-03-29] (Microsoft Corporation)
2 MSSQL$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [61913952 2010-04-03] (Microsoft Corporation)
4 msvsmon90; "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe" /service msvsmon90 [4737024 2008-07-29] (Microsoft Corporation)
2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [62720 2009-08-20] (NewTech Infosystems, Inc.)
2 OberonGameConsoleService; "C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe" [44312 2009-08-28] ()
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-07-30] ()
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-04-17] ()
4 SQLAgent$MSSMLBIZ; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE" -i MSSMLBIZ [366936 2009-03-29] (Microsoft Corporation)
4 SQLAgent$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS [428384 2010-04-03] (Microsoft Corporation)
2 STEARservice; C:\Program Files (x86)\STEARsoft\Reg\stearservice.exe [57344 2008-07-15] (STEARsoft)
2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [240160 2009-07-03] (Acer)
2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [x]
3 ExpressAccountsService; "C:\Program Files (x86)\NCH Software\ExpressAccounts\expressaccounts.exe" -service [x]
3 ExpressInvoiceService; "C:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe" -service [x]

========================== Drivers (Whitelisted) =============

3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-18] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-21] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-30] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-18] (AVG Technologies CZ, s.r.o.)
3 epmntdrv; \??\C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] ()
3 EuGdiDrv; \??\C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
3 hcwhdpvr; C:\Windows\System32\Drivers\hcwhdpvr.sys [191944 2011-10-31] (Hauppauge, Inc.)
4 RsFx0150; C:\Windows\System32\Drivers\RsFx0150.sys [313696 2010-04-03] (Microsoft Corporation)
3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-10-31] (OpenLibSys.org)
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]
3 VBoxNetFlt; C:\Windows\System32\DRIVERS\VBoxNetFlt.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-08 18:45 - 2012-08-08 18:45 - 00000000 ____D C:\FRST
2012-08-08 07:54 - 2012-08-08 07:54 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-08-08 07:50 - 2012-08-08 07:50 - 00169820 ____A C:\Users\user\Downloads\Screenflow_2_1_serials_key.zip
2012-08-08 07:48 - 2012-08-08 07:48 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-08 07:48 - 2012-08-08 07:48 - 00152003 ____A C:\Users\user\Downloads\Screenflow_2_1_keygen_by_orion.zip
2012-08-08 06:06 - 2012-08-08 06:07 - 00000000 ____D C:\Users\user\AppData\Local\{BF82FC87-0BA0-44A0-9D1B-53CE5F92CBD4}
2012-08-08 06:06 - 2012-08-08 06:06 - 00000000 ____D C:\Users\user\AppData\Local\{1414B68D-8089-4109-B47B-FA82F96833B3}
2012-08-07 08:42 - 2012-08-07 08:43 - 00000000 ____D C:\Users\user\AppData\Local\{AD0113E6-D2C1-4D49-A23B-A0CB03C72F3C}
2012-08-07 08:42 - 2012-08-07 08:42 - 00000000 ____D C:\Users\user\AppData\Local\{E54592A5-3B62-41EF-A21E-D5919E407E60}
2012-08-06 11:42 - 2012-08-06 11:42 - 00000000 ____D C:\Users\user\AppData\Local\{877FA66F-A7EF-48F4-B16C-A50B9E7C2DA5}
2012-08-05 07:28 - 2012-08-05 07:28 - 00000000 ____D C:\Users\user\AppData\Local\{ED64FCC3-7A43-4796-8AC3-3F3602B73BD1}
2012-08-05 07:28 - 2012-08-05 07:28 - 00000000 ____D C:\Users\user\AppData\Local\{4670B449-4243-4339-AC1E-921FC7231F71}
2012-08-04 09:24 - 2012-08-04 09:24 - 00000000 ____D C:\Users\user\AppData\Local\{D75C5894-F0EA-4CD6-8777-C2F256B86F34}
2012-08-04 09:23 - 2012-08-04 09:24 - 00000000 ____D C:\Users\user\AppData\Local\{629B39A5-7FD9-467C-A596-54921D849EF1}
2012-08-02 23:38 - 2012-08-02 23:39 - 00000000 ____D C:\Users\user\AppData\Local\{89DB44AB-167F-4734-87BA-77E5F8EBA9AB}
2012-08-02 23:38 - 2012-08-02 23:38 - 00000000 ____D C:\Users\user\AppData\Local\{96C32C8A-F269-4AC0-8038-942BE1E14B2C}
2012-08-02 10:07 - 2012-08-02 10:07 - 00000000 ____D C:\Users\user\AppData\Local\{035D232B-40E5-4A4A-B4F5-D8A651690EEE}
2012-08-02 10:06 - 2012-08-02 10:07 - 00000000 ____D C:\Users\user\AppData\Local\{AD7F3CEE-BFCA-468A-AA62-C91A8D397F86}
2012-08-02 10:03 - 2012-08-08 10:03 - 00002692 ____A C:\Windows\PFRO.log
2012-08-01 09:26 - 2012-08-01 09:26 - 00009183 ____A C:\Users\user\Documents\Training Program Data.xlsx
2012-08-01 07:49 - 2012-08-01 07:49 - 00000000 ____D C:\Program Files (x86)\SplitMediaLabs
2012-08-01 03:44 - 2012-08-01 04:02 - 00000000 ____D C:\Users\user\Desktop\MP4
2012-08-01 02:47 - 2012-08-01 02:47 - 00001857 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-08-01 02:47 - 2012-08-01 02:47 - 00000000 ____D C:\Users\All Users\Apple Computer
2012-08-01 02:47 - 2012-08-01 02:47 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-08-01 02:45 - 2012-08-01 11:18 - 00000000 ____D C:\Users\user\AppData\Local\575D3232-5274-443C-B192-45ED6C5B5563.aplzod
2012-08-01 02:44 - 2012-08-01 02:46 - 00000000 ____D C:\Users\user\AppData\Roaming\Apple Computer
2012-08-01 02:44 - 2012-08-01 02:44 - 00000000 ____D C:\Program Files\Common Files\Apple
2012-08-01 02:43 - 2012-08-01 02:43 - 00000000 ____D C:\Users\user\AppData\Local\Apple
2012-08-01 02:43 - 2012-08-01 02:43 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2012-08-01 02:42 - 2012-08-01 02:42 - 00000000 ____D C:\Users\All Users\Apple
2012-08-01 02:42 - 2012-08-01 02:42 - 00000000 ____D C:\Program Files\Bonjour
2012-08-01 02:42 - 2012-08-01 02:42 - 00000000 ____D C:\Program Files (x86)\Bonjour
2012-08-01 01:01 - 2012-08-08 10:06 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-995752932-4290874697-1861187567-1001UA.job
2012-08-01 01:01 - 2012-08-03 01:06 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-995752932-4290874697-1861187567-1001Core.job
2012-07-31 23:54 - 2012-07-31 23:54 - 00000000 ____D C:\Users\user\AppData\Local\{A0938C0C-574F-43E2-97C5-7BCCF7A793B6}
2012-07-31 23:53 - 2012-07-31 23:54 - 00000000 ____D C:\Users\user\AppData\Local\{246659D8-7800-4347-88E0-A69C422CA592}
2012-07-31 23:51 - 2012-08-08 10:04 - 00004580 ____A C:\Windows\setupact.log
2012-07-31 23:51 - 2012-07-31 23:51 - 00000000 ____A C:\Windows\setuperr.log
2012-07-31 12:06 - 2012-07-31 12:06 - 00007633 ____A C:\Users\user\Downloads\google_analytics.zip
2012-07-31 11:56 - 2012-01-08 05:41 - 00000000 ____D C:\Users\user\Desktop\FileZilla-3.5.3
2012-07-31 11:07 - 2012-07-31 11:08 - 00000000 ____D C:\Users\user\Desktop\SniprUK
2012-07-31 11:02 - 2012-06-01 01:51 - 00440360 ____A (Broadcom Corporation) C:\Windows\System32\Drivers\k57nd60a.sys
2012-07-31 11:00 - 2012-07-31 11:00 - 00216272 ____A C:\Users\user\Downloads\k57_vista_2k8_x64-15.2.0.4b.zip
2012-07-31 08:49 - 2012-07-31 09:03 - 1006315632 ____A C:\Users\user\Downloads\ARMA2Free_setup.zip
2012-07-31 08:43 - 2012-07-31 08:43 - 00001194 ____A C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
2012-07-31 08:43 - 2012-07-31 08:43 - 00001182 ____A C:\Users\Public\Desktop\Game Booster 3.lnk
2012-07-31 08:43 - 2012-07-31 08:43 - 00000000 ____D C:\Users\All Users\IObit
2012-07-31 08:43 - 2012-07-31 08:43 - 00000000 ____D C:\Program Files (x86)\IObit
2012-07-31 08:43 - 2012-07-31 08:43 - 00000000 ____D C:\Program Files (x86)\ffdshow
2012-07-31 08:43 - 2009-12-05 10:42 - 00085504 ____A C:\Windows\SysWOW64\ff_vfw.dll
2012-07-31 08:18 - 2012-07-31 08:18 - 00821248 ____A C:\Users\user\Downloads\FreeISOBurner.exe
2012-07-31 07:18 - 2012-07-31 07:18 - 00020693 ____A C:\Users\user\Downloads\SimpleAds_1.0.1.zip
2012-07-31 05:44 - 2012-07-31 05:44 - 00002603 ____A C:\Users\Public\Desktop\Tube Toolbox.lnk
2012-07-31 05:44 - 2012-07-31 05:44 - 00000000 ____D C:\Users\All Users\Sincell
2012-07-31 05:44 - 2012-07-31 05:44 - 00000000 ____D C:\Program Files (x86)\Sincell
2012-07-31 05:42 - 2012-07-31 05:42 - 07577604 ____A C:\Users\user\Downloads\TubeToolboxSetup.EXE
2012-07-31 04:16 - 2012-07-31 04:16 - 00599861 ____A C:\Users\user\Downloads\Black_Ops_2.0.zip
2012-07-31 03:48 - 2012-07-31 03:48 - 00000000 ____D C:\Users\user\AppData\Local\{3D0A2CE3-DA05-489A-8501-D08A6E9D7D21}
2012-07-31 03:47 - 2012-07-31 03:48 - 00000000 ____D C:\Users\user\AppData\Local\{0504E230-D93A-4920-AE0E-3920BF28C0D7}
2012-07-30 12:58 - 2012-07-30 12:58 - 00000047 ____A C:\Users\user\.jupload.properties
2012-07-30 11:24 - 2012-07-30 11:24 - 00000090 ____A C:\Users\user\Downloads\config.yml
2012-07-30 11:18 - 2012-07-30 11:18 - 00006554 ____A C:\Users\user\Downloads\ClearLag-1.3.1.zip
2012-07-30 10:03 - 2012-07-30 10:03 - 00128728 ____A C:\Users\user\Downloads\PlotMe.jar
2012-07-30 07:02 - 2012-07-30 07:03 - 11733072 ____A (IObit ) C:\Users\user\Downloads\gb3.5-beta-setup.exe
2012-07-30 05:26 - 2012-07-30 05:28 - 00000000 ____D C:\Users\user\Downloads\GTA IV PC Version
2012-07-30 05:22 - 2012-07-30 05:22 - 00071692 ____A C:\Users\user\Downloads\[isoHunt] GTA IV PC Version.torrent
2012-07-30 05:21 - 2012-07-30 05:25 - 00000000 ____D C:\Users\user\AppData\Local\Conduit
2012-07-30 05:21 - 2012-07-30 05:21 - 00000000 ____D C:\Users\user\AppData\Local\CRE
2012-07-30 05:21 - 2012-07-30 05:21 - 00000000 ____D C:\Program Files (x86)\Conduit
2012-07-30 05:19 - 2012-07-30 05:21 - 00000000 ____D C:\Program Files (x86)\uTorrent
2012-07-30 05:18 - 2012-07-31 11:03 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2012-07-30 05:15 - 2012-07-30 05:15 - 00293528 ____A C:\Users\user\Downloads\GTA_IV_PC_Version (1).exe
2012-07-30 05:14 - 2012-07-30 05:14 - 00293208 ____A C:\Users\user\Downloads\GTA_IV_PC_Version.exe
2012-07-30 05:00 - 2012-07-30 05:00 - 00666208 ____A (OptimumInstaller) C:\Users\user\Downloads\Setup (5).exe
2012-07-30 04:58 - 2012-07-30 04:58 - 00000000 ____D C:\Users\user\AppData\Local\Zoom_Downloader
2012-07-30 04:57 - 2012-07-30 04:57 - 00666208 ____A (OptimumInstaller) C:\Users\user\Downloads\Setup (4).exe
2012-07-30 04:56 - 2012-07-30 04:56 - 00000000 ____D C:\Program Files\Microsoft Xbox 360 Accessories
2012-07-29 07:14 - 2012-07-29 07:14 - 00000000 ____D C:\Users\user\AppData\Local\{A466C7F3-1EA6-421F-A87C-82F4970AB18C}
2012-07-29 07:13 - 2012-07-29 07:14 - 00000000 ____D C:\Users\user\AppData\Local\{293083B4-BAC9-47E7-B435-FBE49E22552D}
2012-07-28 12:08 - 2012-07-28 12:08 - 00000000 ____D C:\Users\user\AppData\Local\{D843F7B2-F30E-423D-A47E-174D488B7AFB}
2012-07-28 12:08 - 2012-07-28 12:08 - 00000000 ____D C:\Users\user\AppData\Local\{0763F062-E07E-43D0-99A8-B37BFCB2B0C3}
2012-07-27 12:35 - 2012-07-27 12:35 - 00000000 ____D C:\Users\user\AppData\Local\{F6D370E0-7D04-41CE-8C2E-CF101A22551C}
2012-07-27 12:35 - 2012-07-27 12:35 - 00000000 ____D C:\Users\user\AppData\Local\{4C6A1204-0E37-4BE1-A872-ACD10A73221D}
2012-07-27 01:13 - 2012-06-11 19:02 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-27 01:06 - 2012-07-27 01:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-07-27 00:41 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-27 00:41 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-27 00:41 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-27 00:41 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-27 00:41 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-27 00:41 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-27 00:41 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-27 00:41 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-27 00:41 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-27 00:41 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-27 00:41 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-27 00:41 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-27 00:41 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-27 00:41 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-27 00:41 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-27 00:41 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-27 00:41 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-27 00:41 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-27 00:41 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-27 00:41 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-27 00:41 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-27 00:41 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-27 00:41 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-27 00:41 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-27 00:41 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-27 00:41 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-27 00:41 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-27 00:41 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-27 00:34 - 2012-07-27 00:35 - 00000000 ____D C:\Users\user\AppData\Local\{5195E1C9-D79F-4A3D-B420-BD7A7D86065F}
2012-07-27 00:34 - 2012-07-27 00:34 - 00000000 ____D C:\Users\user\AppData\Local\{978DD1D8-A28A-46A9-A622-E95F6F8FE5E9}
2012-07-26 12:52 - 2012-03-02 22:29 - 01837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-07-26 12:52 - 2012-03-02 22:29 - 01541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-07-26 12:52 - 2012-03-02 22:29 - 00902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-07-26 12:52 - 2012-03-02 22:29 - 00320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-07-26 12:52 - 2012-03-02 22:29 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-07-26 12:52 - 2012-03-02 21:40 - 01170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-07-26 12:52 - 2012-03-02 21:40 - 01074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-07-26 12:52 - 2012-03-02 21:40 - 00739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-07-26 12:52 - 2012-03-02 21:40 - 00218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-07-26 12:52 - 2012-03-02 21:40 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-07-26 12:51 - 2012-06-08 21:30 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-26 12:51 - 2012-06-08 20:46 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-26 12:51 - 2012-06-05 21:50 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-26 12:51 - 2012-06-05 21:50 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-26 12:51 - 2012-06-05 21:09 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-26 12:51 - 2012-06-05 21:09 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-26 12:51 - 2012-06-01 21:38 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-26 12:51 - 2012-06-01 21:38 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-26 12:51 - 2012-06-01 21:37 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-26 12:51 - 2012-06-01 21:27 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-26 12:51 - 2012-06-01 21:27 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-26 12:51 - 2012-06-01 20:48 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-26 12:51 - 2012-06-01 20:48 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-26 12:51 - 2012-06-01 20:47 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-26 12:51 - 2012-06-01 20:42 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-26 12:51 - 2012-05-04 02:52 - 05505392 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-07-26 12:51 - 2012-05-04 02:08 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-07-26 12:51 - 2012-05-04 02:08 - 03902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-07-26 12:51 - 2012-05-01 21:32 - 00208896 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-07-26 12:51 - 2012-04-27 19:50 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-07-26 12:51 - 2012-04-25 21:34 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-07-26 12:51 - 2012-04-25 21:34 - 00076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-07-26 12:51 - 2012-04-25 21:28 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-07-26 12:51 - 2012-04-23 21:59 - 01460224 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-07-26 12:51 - 2012-04-23 21:59 - 00182272 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-07-26 12:51 - 2012-04-23 21:59 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-07-26 12:51 - 2012-04-23 20:47 - 01156608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-07-26 12:51 - 2012-04-23 20:47 - 00139264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-07-26 12:51 - 2012-04-23 20:47 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-07-26 12:51 - 2012-04-07 04:18 - 03213824 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-07-26 12:51 - 2012-04-07 03:34 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-07-26 12:51 - 2012-03-16 23:55 - 00075632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-07-26 12:50 - 2012-03-30 03:09 - 01895280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-07-26 12:37 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-07-26 12:37 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-07-26 12:37 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-07-26 12:37 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-07-26 12:37 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-07-26 12:37 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-07-26 12:37 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-07-26 12:36 - 2012-06-02 06:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-07-26 12:36 - 2012-06-02 06:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-07-26 12:08 - 2012-07-26 12:09 - 00000000 ____D C:\Users\user\AppData\Local\{70038DA4-73BF-4CAA-A8BE-3ACF1AFEB9A1}
2012-07-26 12:08 - 2012-07-26 12:08 - 00000000 ____D C:\Users\user\AppData\Local\{72AABBB5-1BF5-4DF0-8C51-6C49EB3EC41C}
2012-07-25 12:03 - 2012-07-25 12:03 - 00000000 ____D C:\Users\user\AppData\Local\{A3F27D26-548C-47ED-9233-E401F055D057}
2012-07-25 12:03 - 2012-07-25 12:03 - 00000000 ____D C:\Users\user\AppData\Local\{7FA5E0DD-7D50-4F40-A887-E61EA446C11B}
2012-07-24 22:44 - 2012-07-24 22:44 - 00000000 ____D C:\Users\user\AppData\Local\{C7A90681-CCD8-4F80-9C50-79665802542E}
2012-07-24 22:43 - 2012-07-24 22:44 - 00000000 ____D C:\Users\user\AppData\Local\{5234D399-7660-4A2C-A392-5A30B646AB6E}
2012-07-24 08:44 - 2012-07-24 08:44 - 00001198 ____A C:\Users\Public\Desktop\aTube Catcher.lnk
2012-07-24 08:44 - 2012-07-24 08:44 - 00000000 ____D C:\Program Files (x86)\DsNET Corp
2012-07-24 08:43 - 2012-07-24 08:43 - 00000000 ____D C:\Users\All Users\Ask
2012-07-24 08:41 - 2012-07-24 08:42 - 00352944 ____A (Softonic) C:\Users\user\Downloads\SoftonicDownloader_for_atube-catcher.exe
2012-07-24 08:25 - 2012-07-24 08:27 - 00000000 ____D C:\Users\user\AppData\Roaming\ArcSoft
2012-07-24 08:07 - 2012-07-24 08:07 - 00000000 ____D C:\Users\All Users\ArcSoft
2012-07-24 08:07 - 2009-05-22 11:32 - 00073728 ____A (ArcSoft Inc.) C:\Windows\SysWOW64\MMCEDT3.exe
2012-07-24 08:07 - 2006-09-17 23:50 - 00022784 ____A (Arcsoft, Inc.) C:\Windows\SysWOW64\Drivers\afc.sys
2012-07-24 08:05 - 2012-07-24 08:05 - 00002032 ____A C:\Users\Public\Desktop\TotalMedia Extreme 2.lnk
2012-07-24 08:04 - 2012-07-24 08:04 - 00000000 ____D C:\Program Files (x86)\ArcSoft
2012-07-24 08:04 - 2007-04-19 00:39 - 00256768 ____A (Sample Corporation) C:\Windows\SysWOW64\MSLURT.dll
2012-07-24 08:04 - 2006-01-24 01:20 - 01645320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2012-07-24 08:04 - 2005-07-15 17:35 - 00245408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\unicows.dll
2012-07-24 08:04 - 2005-05-27 21:58 - 00393216 ____A (Sample Corporation) C:\Windows\SysWOW64\MSLUP60.dll
2012-07-24 08:00 - 2010-02-04 09:55 - 00094271 ____A (Hauppauge Computer Works, Inc.) C:\Windows\SysWOW64\hcwblast.ocx
2012-07-24 08:00 - 2010-02-04 09:41 - 00069699 ____A (Hauppauge Computer Works) C:\Windows\SysWOW64\hcwIRblast.dll
2012-07-24 08:00 - 2009-10-19 10:09 - 00000265 ____A C:\Windows\HCWBlast.ini
2012-07-24 08:00 - 2008-01-21 11:52 - 00299008 ____A (Zilog) C:\Windows\SysWOW64\hcwzblast.dll
2012-07-24 07:58 - 2012-07-24 08:00 - 00000000 ____D C:\Program Files (x86)\WinTV
2012-07-24 07:58 - 2011-01-13 02:42 - 00118849 ____A (Hauppauge Computer Works, Inc.) C:\Windows\SysWOW64\hcwi2c32.dll
2012-07-24 07:58 - 2009-09-18 05:11 - 00315448 ____A (Hauppauge Computer Works) C:\Windows\SysWOW64\hcwpnp32.dll
2012-07-24 07:58 - 2009-03-10 10:27 - 00073792 ____A (Hauppauge Computer Works, Inc) C:\Windows\SysWOW64\CHSUITE.OCX
2012-07-24 07:58 - 2008-02-08 05:08 - 00770121 ____A (Hauppauge Computer Works) C:\Windows\SysWOW64\hcwtvwnd.dll
2012-07-24 07:58 - 2006-10-10 07:47 - 00036921 ____A (Hauppauge Computer Works) C:\Windows\SysWOW64\hcwutl32.dll
2012-07-24 07:58 - 2006-05-07 23:55 - 00118784 ____A (Hauppauge Computer Works Inc) C:\Windows\SysWOW64\HCWSched.ocx
2012-07-24 07:58 - 2006-05-07 23:55 - 00040960 ____A (Hauppauge Computer Works) C:\Windows\SysWOW64\HcwTvTvOCX.ocx
2012-07-24 07:58 - 2006-05-07 23:55 - 00028672 ____A (Hauppauge Computer Works) C:\Windows\SysWOW64\hcwsched.dll
2012-07-24 07:58 - 2006-05-07 23:54 - 00204800 ____A (Hauppauge Computer Works) C:\Windows\SysWOW64\Mdcustoms.ocx
2012-07-24 07:58 - 2006-05-07 23:54 - 00132880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Msinet.ocx
2012-07-24 07:58 - 2006-05-07 23:54 - 00065536 ____A C:\Windows\SysWOW64\dmcrypto.dll
2012-07-24 07:58 - 2006-05-07 23:54 - 00053248 ____A (Hauppauge) C:\Windows\SysWOW64\MDCustomPanels.ocx
2012-07-24 07:58 - 2006-01-25 07:38 - 00069632 ____A (Hauppauge Computer Works ) C:\Windows\SysWOW64\3DES.dll
2012-07-24 07:58 - 2001-07-18 22:44 - 00393216 ____A (Snowbound Software Corporation (www.Snowbnd.com)) C:\Windows\SysWOW64\hcwsnbd9.dll
2012-07-24 07:58 - 1998-06-24 16:43 - 01409024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\temp.004
2012-07-24 07:58 - 1998-06-18 01:33 - 00598288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\temp.000
2012-07-24 07:58 - 1998-06-18 01:33 - 00164112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\temp.001
2012-07-24 07:58 - 1998-06-18 01:32 - 00147728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\temp.002
2012-07-24 07:58 - 1998-06-16 14:13 - 00017920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\temp.003
2012-07-24 07:58 - 1998-05-31 06:06 - 00022288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\temp.005
2012-07-24 07:57 - 2012-07-24 08:26 - 00002360 ____A C:\Windows\HCWPNP.INI
2012-07-24 07:57 - 2012-07-24 07:57 - 00000000 ____D C:\Program Files (x86)\Hauppauge
2012-07-24 07:56 - 2012-07-24 07:57 - 00001100 ____A C:\hcwDriverInstall.txt
2012-07-24 07:56 - 2011-10-31 04:12 - 00191944 ____A (Hauppauge, Inc.) C:\Windows\System32\Drivers\hcwhdpvr.sys
2012-07-24 07:53 - 2012-07-24 07:53 - 00000000 ____D C:\Users\user\AppData\Local\autorun
2012-07-24 07:52 - 2012-07-24 07:52 - 00000000 ____D C:\Users\user\AppData\Local\{DD50B06A-6107-4351-B475-D7772000B1A7}
2012-07-24 07:51 - 2012-07-24 07:52 - 00000000 ____D C:\Users\user\AppData\Local\{081306CC-43AB-4B4A-92FF-4BD1EC089FC7}
2012-07-24 07:50 - 2012-07-24 07:50 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2012-07-23 11:41 - 2012-07-23 11:41 - 00000000 ____D C:\Users\user\AppData\Local\{4B9E4216-112D-4121-A0BD-FB810857C9FE}
2012-07-21 12:20 - 2012-07-21 12:21 - 00000000 ____D C:\Users\user\AppData\Local\{39A29C8F-CB6A-4F83-BC6D-5A362B9B94E7}
2012-07-21 12:20 - 2012-07-21 12:20 - 00000000 ____D C:\Users\user\AppData\Local\{7D058A3F-3960-4BC9-B243-C81756895791}
2012-07-20 12:25 - 2012-07-20 12:25 - 00000000 ____D C:\Users\user\AppData\Local\{B67029CE-81F7-44D8-A544-066DFC62D83C}
2012-07-20 12:24 - 2012-07-20 12:24 - 00000000 ____D C:\Users\user\AppData\Local\{F3A97072-1E0B-424D-91AB-5DF81886673C}
2012-07-19 22:47 - 2012-07-31 09:27 - 00282104 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-07-19 22:46 - 2012-07-19 22:46 - 00000000 ____D C:\Users\user\AppData\Local\PunkBuster
2012-07-19 22:45 - 2012-07-31 09:18 - 00000000 ____D C:\Users\user\Documents\Battlefield Play4Free
2012-07-19 22:44 - 2012-07-31 09:27 - 00282104 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-07-19 22:44 - 2012-07-31 09:26 - 00234768 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-07-19 22:44 - 2012-07-30 06:36 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2012-07-19 22:29 - 2012-07-19 22:29 - 00000000 ____D C:\Program Files (x86)\EA Games
2012-07-19 21:05 - 2012-07-19 21:06 - 00000000 ____D C:\Users\user\AppData\Local\{FAA0BA73-FAEC-4EDC-A5DF-114801DAE785}
2012-07-19 21:05 - 2012-07-19 21:05 - 00000000 ____D C:\Users\user\AppData\Local\{A626F9A9-0271-4AF5-B0DB-F0F2FDF9D7F2}
2012-07-19 06:57 - 2012-07-19 06:57 - 00000000 ____D C:\Users\user\AppData\Local\{7517D04F-3836-49C4-A0B9-4DE79DC80640}
2012-07-19 06:57 - 2012-07-19 06:57 - 00000000 ____D C:\Users\user\AppData\Local\{0ACBBAAE-1D4D-42A9-9271-C08988A8D751}
2012-07-18 06:43 - 2012-07-18 06:43 - 00000000 ____D C:\Users\user\AppData\Local\{9381AC35-85BF-4610-B76C-21E07F3E9D9C}
2012-07-18 06:42 - 2012-07-18 06:43 - 00000000 ____D C:\Users\user\AppData\Local\{479C54E4-A776-4907-8692-140EC2E5D750}
2012-07-17 08:06 - 2012-07-17 08:06 - 00000000 ____D C:\Users\user\AppData\Local\{CA953AC8-798F-46A5-BD70-226E239AEDB3}
2012-07-17 08:06 - 2012-07-17 08:06 - 00000000 ____D C:\Users\user\AppData\Local\{71E9BCCC-E3C8-4439-9CA7-07D68B4DF48B}
2012-07-16 11:08 - 2012-07-16 11:08 - 00000000 ____D C:\Users\user\AppData\Local\{83C93696-4660-47ED-AF57-394B61F300C6}
2012-07-16 11:07 - 2012-07-16 11:08 - 00000000 ____D C:\Users\user\AppData\Local\{4B77CF32-2FB5-4116-B3B0-E7F1EC82DC96}
2012-07-15 00:19 - 2012-07-15 00:20 - 00000000 ____D C:\Users\user\AppData\Local\{02105B4C-F5F6-4D25-83A1-0FFE3043B437}
2012-07-15 00:19 - 2012-07-15 00:19 - 00000000 ____D C:\Users\user\AppData\Local\{47819D53-28F1-43E0-A268-E8C6594B6615}
2012-07-14 12:19 - 2012-07-14 12:19 - 00000000 ____D C:\Users\user\AppData\Local\{6302973D-85BC-451E-BF11-1BF7CE725F50}
2012-07-14 12:17 - 2012-07-14 12:18 - 00000000 ____D C:\Users\user\AppData\Local\{A4D073EE-8A78-43EF-9886-D8AB144C8CB1}

============ 3 Months Modified Files ========================

2012-08-08 10:12 - 2009-07-13 20:45 - 00017600 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-08 10:12 - 2009-07-13 20:45 - 00017600 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-08 10:11 - 2009-07-13 21:13 - 00977070 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-08 10:06 - 2012-08-01 01:01 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-995752932-4290874697-1861187567-1001UA.job
2012-08-08 10:05 - 2012-04-11 23:32 - 00000258 _RASH C:\Users\All Users\ntuser.pol
2012-08-08 10:04 - 2012-07-31 23:51 - 00004580 ____A C:\Windows\setupact.log
2012-08-08 10:04 - 2012-03-04 09:54 - 00012920 ____A C:\Users\All Users\lxeascan.log
2012-08-08 10:04 - 2011-07-16 02:53 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-08 10:04 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-08 10:03 - 2012-08-02 10:03 - 00002692 ____A C:\Windows\PFRO.log
2012-08-08 09:03 - 2011-07-16 02:53 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-08 07:50 - 2012-08-08 07:50 - 00169820 ____A C:\Users\user\Downloads\Screenflow_2_1_serials_key.zip
2012-08-08 07:48 - 2012-08-08 07:48 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-08 07:48 - 2012-08-08 07:48 - 00152003 ____A C:\Users\user\Downloads\Screenflow_2_1_keygen_by_orion.zip
2012-08-08 07:48 - 2011-09-25 21:54 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-08 07:48 - 2011-07-16 02:32 - 01899364 ____A C:\Windows\WindowsUpdate.log
2012-08-08 06:50 - 2012-06-08 00:39 - 00000922 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-995752932-4290874697-1861187567-1001UA.job
2012-08-03 01:06 - 2012-08-01 01:01 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-995752932-4290874697-1861187567-1001Core.job
2012-08-01 09:26 - 2012-08-01 09:26 - 00009183 ____A C:\Users\user\Documents\Training Program Data.xlsx
2012-08-01 02:47 - 2012-08-01 02:47 - 00001857 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-07-31 23:51 - 2012-07-31 23:51 - 00000000 ____A C:\Windows\setuperr.log
2012-07-31 12:06 - 2012-07-31 12:06 - 00007633 ____A C:\Users\user\Downloads\google_analytics.zip
2012-07-31 11:00 - 2012-07-31 11:00 - 00216272 ____A C:\Users\user\Downloads\k57_vista_2k8_x64-15.2.0.4b.zip
2012-07-31 09:27 - 2012-07-19 22:47 - 00282104 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-07-31 09:27 - 2012-07-19 22:44 - 00282104 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-07-31 09:26 - 2012-07-19 22:44 - 00234768 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-07-31 09:03 - 2012-07-31 08:49 - 1006315632 ____A C:\Users\user\Downloads\ARMA2Free_setup.zip
2012-07-31 08:43 - 2012-07-31 08:43 - 00001194 ____A C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
2012-07-31 08:43 - 2012-07-31 08:43 - 00001182 ____A C:\Users\Public\Desktop\Game Booster 3.lnk
2012-07-31 08:18 - 2012-07-31 08:18 - 00821248 ____A C:\Users\user\Downloads\FreeISOBurner.exe
2012-07-31 07:18 - 2012-07-31 07:18 - 00020693 ____A C:\Users\user\Downloads\SimpleAds_1.0.1.zip
2012-07-31 05:44 - 2012-07-31 05:44 - 00002603 ____A C:\Users\Public\Desktop\Tube Toolbox.lnk
2012-07-31 05:42 - 2012-07-31 05:42 - 07577604 ____A C:\Users\user\Downloads\TubeToolboxSetup.EXE
2012-07-31 04:16 - 2012-07-31 04:16 - 00599861 ____A C:\Users\user\Downloads\Black_Ops_2.0.zip
2012-07-30 12:58 - 2012-07-30 12:58 - 00000047 ____A C:\Users\user\.jupload.properties
2012-07-30 11:24 - 2012-07-30 11:24 - 00000090 ____A C:\Users\user\Downloads\config.yml
2012-07-30 11:18 - 2012-07-30 11:18 - 00006554 ____A C:\Users\user\Downloads\ClearLag-1.3.1.zip
2012-07-30 10:03 - 2012-07-30 10:03 - 00128728 ____A C:\Users\user\Downloads\PlotMe.jar
2012-07-30 07:03 - 2012-07-30 07:02 - 11733072 ____A (IObit ) C:\Users\user\Downloads\gb3.5-beta-setup.exe
2012-07-30 06:36 - 2012-07-19 22:44 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2012-07-30 05:22 - 2012-07-30 05:22 - 00071692 ____A C:\Users\user\Downloads\[isoHunt] GTA IV PC Version.torrent
2012-07-30 05:15 - 2012-07-30 05:15 - 00293528 ____A C:\Users\user\Downloads\GTA_IV_PC_Version (1).exe
2012-07-30 05:14 - 2012-07-30 05:14 - 00293208 ____A C:\Users\user\Downloads\GTA_IV_PC_Version.exe
2012-07-30 05:00 - 2012-07-30 05:00 - 00666208 ____A (OptimumInstaller) C:\Users\user\Downloads\Setup (5).exe
2012-07-30 04:57 - 2012-07-30 04:57 - 00666208 ____A (OptimumInstaller) C:\Users\user\Downloads\Setup (4).exe
2012-07-27 01:34 - 2009-07-13 20:45 - 00436696 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-24 08:44 - 2012-07-24 08:44 - 00001198 ____A C:\Users\Public\Desktop\aTube Catcher.lnk
2012-07-24 08:42 - 2012-07-24 08:41 - 00352944 ____A (Softonic) C:\Users\user\Downloads\SoftonicDownloader_for_atube-catcher.exe
2012-07-24 08:26 - 2012-07-24 07:57 - 00002360 ____A C:\Windows\HCWPNP.INI
2012-07-24 08:05 - 2012-07-24 08:05 - 00002032 ____A C:\Users\Public\Desktop\TotalMedia Extreme 2.lnk
2012-07-24 07:57 - 2012-07-24 07:56 - 00001100 ____A C:\hcwDriverInstall.txt
2012-07-19 21:50 - 2012-06-08 00:39 - 00000900 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-995752932-4290874697-1861187567-1001Core.job
2012-07-16 11:10 - 2012-06-05 05:37 - 00000977 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-07-13 07:38 - 2012-07-13 07:38 - 13316752 ____A (Mediafour Corporation, info@mediafour.com) C:\Users\user\Downloads\MacDrive_Standard_9.0.3.35_en_Setup.exe
2012-07-13 06:44 - 2012-07-13 06:44 - 03884544 ____A C:\Users\user\Downloads\hamachi.msi
2012-07-13 06:38 - 2012-07-13 06:38 - 00000221 ____A C:\Users\user\Desktop\Football Manager 2012.url
2012-07-12 06:51 - 2012-07-12 06:51 - 00000929 ____A C:\Users\Public\Desktop\Steam.lnk
2012-07-12 06:49 - 2012-07-12 06:49 - 01606656 ____A C:\Users\user\Downloads\SteamInstall.msi
2012-07-12 04:50 - 2012-07-12 04:50 - 00001078 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-07-12 04:49 - 2012-07-12 04:49 - 00031465 ____A C:\Users\user\AppData\Local\funmoods.crx
2012-07-12 04:48 - 2012-07-12 04:48 - 32713272 ____A C:\Users\user\Downloads\vlcmediaplayer-setup.exe
2012-07-11 05:04 - 2012-07-11 05:04 - 02135728 ____A C:\Users\user\Downloads\installspeedfan446.exe
2012-07-11 05:04 - 2012-07-11 05:04 - 00001019 ____A C:\Users\user\Desktop\SpeedFan.lnk
2012-07-11 05:04 - 2012-07-11 05:04 - 00001019 ____A C:\Users\Sarah\Desktop\SpeedFan.lnk
2012-07-11 05:04 - 2012-07-11 05:04 - 00001019 ____A C:\Users\Mcx1-WILL-PC\Desktop\SpeedFan.lnk
2012-07-11 05:04 - 2012-07-11 05:04 - 00000045 ____A C:\Windows\SysWOW64\initdebug.nfo
2012-07-11 05:02 - 2012-07-11 05:02 - 02350696 ____A (Conduit) C:\Users\user\Downloads\FLV_Runner.exe
2012-07-10 05:49 - 2012-07-10 05:44 - 93353943 ____A C:\Users\user\Downloads\1.0 Missile Silo Pack.rar
2012-07-10 05:43 - 2012-07-10 05:43 - 00000809 ____A C:\Users\user\Downloads\minecraft_1.0_missile_silo_release!.txt
2012-07-10 05:30 - 2012-07-10 05:30 - 01583226 ____A C:\Users\user\Documents\Avatar.psd
2012-07-10 05:22 - 2012-07-10 05:14 - 07032257 ____A C:\Users\user\Documents\Sniper.psd
2012-07-10 04:06 - 2012-07-10 04:09 - 00001139 ____A C:\Users\user\Desktop\XSplit Broadcaster.lnk
2012-07-10 04:04 - 2012-07-10 04:04 - 24331504 ____A (SplitMediaLabs) C:\Users\user\Downloads\xsplit_installer_v1.0.1206.0203.exe
2012-07-10 01:57 - 2012-07-10 01:57 - 06806696 ____A C:\Users\user\Downloads\FileZilla_3.5.3_win32.zip
2012-07-10 01:54 - 2012-07-10 01:54 - 00170533 ____A C:\Users\user\Desktop\AMIDST.exe
2012-07-05 09:55 - 2012-07-05 09:55 - 00352936 ____A (Softonic) C:\Users\user\Downloads\SoftonicDownloader_for_hamachi (1).exe
2012-07-05 09:21 - 2012-07-05 09:21 - 00140952 ____A () C:\Users\user\Downloads\eTypeSetupSSP.exe
2012-07-05 08:39 - 2012-07-05 08:39 - 00279392 ____A C:\Users\user\Downloads\3DMGAME_Football_Manager_2012_No_Crack_rar.exe
2012-06-30 02:28 - 2012-06-30 02:18 - 765995008 ____A C:\Users\user\Documents\Zombies 1.mpg
2012-06-26 06:39 - 2012-06-26 06:39 - 00052736 ____A (Technic) C:\Users\user\Downloads\TechnicLauncher (1).exe
2012-06-26 06:29 - 2012-06-26 06:29 - 00052736 ____A (Technic) C:\Users\user\Downloads\TechnicLauncher.exe
2012-06-22 11:10 - 2012-06-22 11:10 - 00118704 ____A C:\Users\Sarah\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-22 11:10 - 2012-04-07 06:48 - 00002621 ____A C:\Users\Sarah\Desktop\CyberLink PowerDirector.lnk
2012-06-21 09:40 - 2012-06-21 09:40 - 00001258 ____A C:\Users\Public\Desktop\CL-Eye Test.lnk
2012-06-21 09:40 - 2012-06-21 09:40 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUSB_01009.Wdf
2012-06-21 09:39 - 2012-06-21 09:38 - 05356584 ____A (Code Laboratories, Inc.) C:\Users\user\Downloads\CL-Eye-Driver-5.0.1.0528.exe
2012-06-17 10:09 - 2012-06-17 10:09 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-06-17 10:09 - 2012-06-17 10:09 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-06-17 10:05 - 2012-06-17 10:05 - 00894448 ____A (Oracle Corporation) C:\Users\user\Downloads\chromeinstall-7u5 (1).exe
2012-06-17 09:57 - 2012-06-17 09:57 - 00478441 ____A (http://www.vgrabber.com) C:\Users\user\Downloads\setup (3).exe
2012-06-17 09:56 - 2012-06-17 09:56 - 00478441 ____A (http://www.vgrabber.com) C:\Users\user\Downloads\setup (2).exe
2012-06-17 09:55 - 2012-06-17 09:55 - 00894448 ____A (Oracle Corporation) C:\Users\user\Downloads\chromeinstall-7u5.exe
2012-06-17 09:50 - 2012-06-17 09:50 - 00278561 ____A C:\Users\user\Desktop\Minecraft.exe
2012-06-15 08:01 - 2009-07-13 21:08 - 00032656 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-12 09:43 - 2012-06-12 09:41 - 04513198 ____A C:\Users\user\Downloads\Normal Youtuber.psd
2012-06-11 19:02 - 2012-07-27 01:13 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:30 - 2012-07-26 12:51 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:46 - 2012-07-26 12:51 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-08 00:48 - 2012-06-08 00:48 - 00301616 ____A (Softonic) C:\Users\user\Downloads\SoftonicDownloader_for_hamachi.exe
2012-06-08 00:39 - 2012-06-08 00:39 - 00493520 ____A (Facebook Inc.) C:\Users\user\Downloads\FacebookVideoCallSetup_v1.2.203.0.exe
2012-06-08 00:02 - 2012-06-07 23:55 - 463624192 ____A C:\Users\user\Documents\360 Project Special epe.mpg
2012-06-07 23:15 - 2012-06-07 23:15 - 02303864 ____A (Beepa Pty Ltd) C:\Users\user\Downloads\setup (1).exe
2012-06-07 23:15 - 2012-06-07 23:15 - 00000574 ____A C:\Users\user\Desktop\Fraps.lnk
2012-06-05 21:50 - 2012-07-26 12:51 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:50 - 2012-07-26 12:51 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:09 - 2012-07-26 12:51 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:09 - 2012-07-26 12:51 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-02 14:19 - 2012-07-26 12:37 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-07-26 12:37 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-07-26 12:37 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-07-26 12:37 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-07-26 12:37 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-07-26 12:37 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-07-26 12:37 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 06:19 - 2012-07-26 12:36 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 06:15 - 2012-07-26 12:36 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-27 00:41 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-27 00:41 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-27 00:41 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-27 00:41 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-27 00:41 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-27 00:41 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-27 00:41 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-27 00:41 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-27 00:41 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-27 00:41 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-27 00:41 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-27 00:41 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-27 00:41 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-27 00:41 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-27 00:41 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-27 00:41 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-27 00:41 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-27 00:41 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-27 00:41 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-27 00:41 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-27 00:41 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-27 00:41 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-27 00:41 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-27 00:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-27 00:41 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-27 00:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-27 00:41 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-27 00:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:38 - 2012-07-26 12:51 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:38 - 2012-07-26 12:51 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:37 - 2012-07-26 12:51 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:27 - 2012-07-26 12:51 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:27 - 2012-07-26 12:51 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:48 - 2012-07-26 12:51 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:48 - 2012-07-26 12:51 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:47 - 2012-07-26 12:51 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:42 - 2012-07-26 12:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-06-01 01:51 - 2012-07-31 11:02 - 00440360 ____A (Broadcom Corporation) C:\Windows\System32\Drivers\k57nd60a.sys
2012-05-29 22:29 - 2012-05-29 22:29 - 00071680 ____A (Beepa P/L) C:\Windows\System32\frapsv64.dll
2012-05-29 22:29 - 2012-05-29 22:29 - 00065536 ____A (Beepa P/L) C:\Windows\SysWOW64\frapsvid.dll
2012-05-28 21:36 - 2012-05-28 21:36 - 00067464 ____A C:\Windows\System32\CLEyeDevices.dll
2012-05-27 02:07 - 2012-05-27 01:53 - 00000600 ____A C:\Users\user\AppData\Local\PUTTY.RND
2012-05-21 09:44 - 2012-05-21 09:43 - 00527423 ____A ( ) C:\Users\user\Downloads\Lame_v3.99.3_for_Windows.exe
2012-05-21 09:11 - 2012-05-21 09:11 - 00001019 ____A C:\Users\user\Desktop\Audacity.lnk
2012-05-21 09:06 - 2012-05-21 09:06 - 20786971 ____A (Audacity Team ) C:\Users\user\Downloads\audacity-win-2.0.exe
2012-05-21 07:58 - 2012-05-21 07:51 - 1977054720 ____A C:\Users\user\Documents\MW2 Snipr TDM.avi

ZeroAccess:
C:\Windows\Installer\{8bc0fc71-2340-ce23-215e-fdddd2d438ac}
C:\Windows\Installer\{8bc0fc71-2340-ce23-215e-fdddd2d438ac}\@
C:\Windows\Installer\{8bc0fc71-2340-ce23-215e-fdddd2d438ac}\L
C:\Windows\Installer\{8bc0fc71-2340-ce23-215e-fdddd2d438ac}\U
C:\Windows\Installer\{8bc0fc71-2340-ce23-215e-fdddd2d438ac}\L\00000004.@
C:\Windows\Installer\{8bc0fc71-2340-ce23-215e-fdddd2d438ac}\L\201d3dde
C:\Windows\Installer\{8bc0fc71-2340-ce23-215e-fdddd2d438ac}\U\00000004.@
C:\Windows\Installer\{8bc0fc71-2340-ce23-215e-fdddd2d438ac}\U\00000008.@
C:\Windows\Installer\{8bc0fc71-2340-ce23-215e-fdddd2d438ac}\U\000000cb.@
C:\Windows\Installer\{8bc0fc71-2340-ce23-215e-fdddd2d438ac}\U\80000000.@
C:\Windows\Installer\{8bc0fc71-2340-ce23-215e-fdddd2d438ac}\U\80000032.@
C:\Windows\Installer\{8bc0fc71-2340-ce23-215e-fdddd2d438ac}\U\80000064.@

ZeroAccess:
C:\Users\user\AppData\Local\{8bc0fc71-2340-ce23-215e-fdddd2d438ac}
C:\Users\user\AppData\Local\{8bc0fc71-2340-ce23-215e-fdddd2d438ac}\@
C:\Users\user\AppData\Local\{8bc0fc71-2340-ce23-215e-fdddd2d438ac}\L
C:\Users\user\AppData\Local\{8bc0fc71-2340-ce23-215e-fdddd2d438ac}\U

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 18%
Total physical RAM: 4024.93 MB
Available physical RAM: 3276.98 MB
Total Pagefile: 4023.08 MB
Available Pagefile: 3275.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (Packard Bell) (Fixed) (Total:286.27 GB) (Free:151.56 GB) NTFS
2 Drive d: (User Data) (Fixed) (Total:1.19 GB) (Free:0.25 GB) NTFS
3 Drive e: (PQSERVICE) (Fixed) (Total:10.52 GB) (Free:1.28 GB) NTFS
5 Drive h: () (Removable) (Total:1.88 GB) (Free:1.87 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 1929 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 10 GB 1024 KB
Partition 0 Extended 1215 MB 10 GB
Partition 4 Logical 1215 MB 10 GB
Partition 2 Primary 100 MB 11 GB
Partition 3 Primary 286 GB 11 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 E PQSERVICE NTFS Partition 10 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D User Data NTFS Partition 1215 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 Y SYSTEM RESE NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 C Packard Bel NTFS Partition 286 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1925 MB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 0E
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT Removable 1925 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-08-07 10:53

======================= End Of Log ==========================

Now, here is search.txt:

Farbar Recovery Scan Tool Version: 08-08-2012 01
Ran by SYSTEM at 2012-08-13 16:59:16
Running from H:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

====== End Of Search ======

Thanks, SniprUK

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:45 AM

Posted 13 August 2012 - 11:47 AM

Please run the following:

  • NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system
  • Please download [attachment=128483:FixList.txt]
  • Save it to your flash drive.
  • Boot to System Recovery Options as you did before and select "Command Prompt".
  • Run FRST64 and press the Fix button just once and wait.
  • The tool will make a log on the flash drive (Fixlog.txt) please post it to your next reply.


NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 SniprUK

SniprUK
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 13 August 2012 - 02:51 PM

Ok, here is fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 08-08-2012 01
Ran by SYSTEM at 2012-08-13 20:50:00 Run:1
Running from H:\

==============================================

C:\Users\user\Downloads\Screenflow_2_1_serials_key.zip moved successfully.
C:\Users\user\Downloads\Screenflow_2_1_keygen_by_orion.zip moved successfully.
C:\Windows\Installer\{8bc0fc71-2340-ce23-215e-fdddd2d438ac} moved successfully.
C:\Users\user\AppData\Local\{8bc0fc71-2340-ce23-215e-fdddd2d438ac} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

I am just doing the ComboFix part now :)

Thanks for your speedy response,
SniprUK

#6 SniprUK

SniprUK
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 14 August 2012 - 02:34 AM

ok, I ran the scan but it seems to be stopped at stage 4 and isn't continuing, is this normal>

#7 SniprUK

SniprUK
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 14 August 2012 - 03:20 AM

Doesn't matter, It has resolved it's self. :) It is just preparing the log now...

#8 SniprUK

SniprUK
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 14 August 2012 - 03:42 AM

Hey dude, here is the log.txt file from ComboFix:


ComboFix 12-08-13.01 - user 14/08/2012 8:10.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4025.2325 [GMT 1:00]
Running from: c:\users\user\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\packardbell.ico
c:\program files (x86)\Object
c:\program files (x86)\Object\bho_project.dll
c:\program files (x86)\Object\ChromeAddon.pem
c:\program files (x86)\Object\chromeaddon\._included.js
c:\program files (x86)\Object\chromeaddon\background.html
c:\program files (x86)\Object\chromeaddon\included.js
c:\program files (x86)\Object\chromeaddon\manifest.json
c:\program files (x86)\Object\config.ini
c:\program files (x86)\Object\enable.txt
c:\program files (x86)\Object\facetheme_uninstall.exe
c:\program files (x86)\Object\status.txt
c:\program files (x86)\Object\status2.txt
c:\programdata\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\programdata\FullRemove.exe
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\chrome.manifest
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\funmoods.css
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\funmoods.xul
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\images\pref.jpg
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\arwDwn.gif
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ae.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\bg.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ch.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cn.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cz.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\de.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\eg.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\en.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\es.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\fr.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\gr.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\he.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\il.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\it.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ja.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\jp.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\nl.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\no.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pl.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pt.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ro.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ru.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sa.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\se.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sv.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\tr.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ua.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\us.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\help_16.gif
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\home.gif
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\logo.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\privecy_16_hot.gif
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\tellafriend.gif
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\loader.xul
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\mtstart.js
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\preferences.xul
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\tmplt.js
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\install.rdf
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.rsa
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.sf
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\META-INF\manifest.mf
c:\users\user\Documents\Downloads\CT2776682_BrotherSoft_Extreme.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-14 to 2012-08-14 )))))))))))))))))))))))))))))))
.
.
2012-08-09 02:45 . 2012-08-09 02:45 -------- d-----w- C:\FRST
2012-08-08 15:54 . 2012-08-08 15:54 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-08-08 15:48 . 2012-08-08 15:48 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-01 15:49 . 2012-08-01 15:49 -------- d-----w- c:\program files (x86)\SplitMediaLabs
2012-08-01 10:47 . 2012-08-01 10:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-08-01 10:47 . 2012-08-01 10:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-08-01 10:47 . 2012-08-01 10:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-08-01 10:47 . 2012-08-01 10:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-08-01 10:47 . 2012-08-01 10:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-08-01 10:47 . 2012-08-01 10:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-08-01 10:47 . 2012-08-01 10:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-08-01 10:47 . 2012-08-01 10:47 -------- d-----w- c:\program files (x86)\QuickTime
2012-08-01 10:47 . 2012-08-01 10:47 -------- d-----w- c:\programdata\Apple Computer
2012-08-01 10:45 . 2012-08-01 19:18 -------- d-----w- c:\users\user\AppData\Local\575D3232-5274-443C-B192-45ED6C5B5563.aplzod
2012-08-01 10:44 . 2012-08-01 10:46 -------- d-----w- c:\users\user\AppData\Roaming\Apple Computer
2012-08-01 10:44 . 2012-08-01 10:44 -------- d-----w- c:\program files\Common Files\Apple
2012-08-01 10:43 . 2012-08-01 10:43 -------- d-----w- c:\users\user\AppData\Local\Apple
2012-08-01 10:43 . 2012-08-01 10:43 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-08-01 10:42 . 2012-08-01 10:42 -------- d-----w- c:\program files\Bonjour
2012-08-01 10:42 . 2012-08-01 10:42 -------- d-----w- c:\program files (x86)\Bonjour
2012-08-01 10:42 . 2012-08-01 10:44 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-08-01 10:42 . 2012-08-01 10:42 -------- d-----w- c:\programdata\Apple
2012-07-31 19:02 . 2012-06-01 09:51 440360 ----a-w- c:\windows\system32\drivers\k57nd60a.sys
2012-07-31 16:43 . 2009-12-05 18:42 85504 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2012-07-31 16:43 . 2012-07-31 16:43 -------- d-----w- c:\program files (x86)\ffdshow
2012-07-31 16:43 . 2012-07-31 16:43 -------- d-----w- c:\programdata\IObit
2012-07-31 16:43 . 2012-07-31 16:43 -------- d-----w- c:\program files (x86)\IObit
2012-07-31 13:44 . 2012-07-31 13:44 -------- d-----w- c:\programdata\Sincell
2012-07-31 13:44 . 2012-07-31 13:44 -------- d-----w- c:\program files (x86)\Sincell
2012-07-30 13:21 . 2012-07-30 13:21 -------- d-----w- c:\users\user\AppData\Local\CRE
2012-07-30 13:21 . 2012-07-30 13:21 -------- d-----w- c:\program files (x86)\Conduit
2012-07-30 13:21 . 2012-07-30 13:25 -------- d-----w- c:\users\user\AppData\Local\Conduit
2012-07-30 13:19 . 2012-07-30 13:21 -------- d-----w- c:\program files (x86)\uTorrent
2012-07-30 13:18 . 2012-07-31 19:03 -------- d-----w- c:\users\user\AppData\Roaming\uTorrent
2012-07-30 12:58 . 2012-07-30 12:58 -------- d-----w- c:\users\user\AppData\Local\Zoom_Downloader
2012-07-30 12:56 . 2012-07-30 12:56 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2012-07-27 09:13 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-07-26 20:52 . 2012-03-03 06:29 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-07-26 20:52 . 2012-03-03 05:40 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-07-26 20:52 . 2012-03-03 06:29 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-07-26 20:52 . 2012-03-03 06:29 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-07-26 20:52 . 2012-03-03 06:29 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-07-26 20:52 . 2012-03-03 06:29 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-07-26 20:52 . 2012-03-03 05:40 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-07-26 20:52 . 2012-03-03 05:40 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-07-26 20:52 . 2012-03-03 05:40 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-07-26 20:52 . 2012-03-03 05:40 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-07-26 20:50 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-07-26 20:50 . 2012-04-02 05:26 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-07-26 20:50 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-07-26 20:50 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-07-26 20:50 . 2012-04-02 05:24 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-07-26 20:50 . 2012-04-02 05:24 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-07-26 20:50 . 2012-06-06 05:50 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-26 20:50 . 2012-06-06 05:09 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-26 20:37 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-26 20:37 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-26 20:37 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-07-26 20:37 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-07-26 20:37 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-07-26 20:37 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-07-26 20:37 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-07-26 20:36 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-26 20:36 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-07-24 16:44 . 2012-07-24 16:44 -------- d-----w- c:\program files (x86)\DsNET Corp
2012-07-24 16:43 . 2012-07-24 16:43 -------- d-----w- c:\programdata\Ask
2012-07-24 16:25 . 2012-07-24 16:27 -------- d-----w- c:\users\user\AppData\Roaming\ArcSoft
2012-07-24 16:07 . 2012-07-24 16:07 -------- d-----w- c:\programdata\ArcSoft
2012-07-24 16:07 . 2009-05-22 19:32 73728 ----a-w- c:\windows\SysWow64\MMCEDT3.exe
2012-07-24 16:07 . 2006-09-18 07:50 22784 ----a-w- c:\windows\SysWow64\drivers\afc.sys
2012-07-24 16:05 . 2012-07-24 16:05 -------- d-----w- c:\program files (x86)\Common Files\ArcSoft
2012-07-24 16:04 . 2007-04-19 08:39 256768 ----a-w- c:\windows\SysWow64\MSLURT.dll
2012-07-24 16:04 . 2005-07-16 01:35 245408 ----a-w- c:\windows\SysWow64\unicows.dll
2012-07-24 16:04 . 2006-01-24 09:20 1645320 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-07-24 16:04 . 2005-05-28 05:58 393216 ----a-w- c:\windows\SysWow64\MSLUP60.dll
2012-07-24 16:04 . 2012-07-24 16:04 -------- d-----w- c:\program files (x86)\ArcSoft
2012-07-24 16:00 . 2012-07-24 16:00 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2012-07-24 16:00 . 2010-02-04 17:55 94271 ----a-w- c:\windows\SysWow64\hcwblast.ocx
2012-07-24 16:00 . 2010-02-04 17:41 69699 ----a-w- c:\windows\SysWow64\hcwIRblast.dll
2012-07-24 16:00 . 2008-01-21 19:52 299008 ----a-w- c:\windows\SysWow64\hcwzblast.dll
2012-07-24 15:57 . 2012-07-24 15:57 -------- d-----w- c:\program files (x86)\Hauppauge
2012-07-24 15:56 . 2011-10-31 12:12 191944 ----a-w- c:\windows\system32\drivers\hcwhdpvr.sys
2012-07-24 15:53 . 2012-07-24 15:53 -------- d-----w- c:\users\user\AppData\Local\autorun
2012-07-24 15:50 . 2012-07-24 15:50 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-07-20 06:47 . 2012-07-31 17:27 282104 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-07-20 06:46 . 2012-07-20 06:46 -------- d-----w- c:\users\user\AppData\Local\PunkBuster
2012-07-20 06:44 . 2012-07-31 17:27 282104 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-20 06:44 . 2012-07-31 17:26 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-07-20 06:44 . 2012-07-30 14:36 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-07-20 06:29 . 2012-07-20 06:29 -------- d-----w- c:\program files (x86)\EA Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-08 15:48 . 2011-09-26 05:54 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-08 14:09 . 2011-03-28 17:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-30 06:29 . 2012-05-30 06:29 71680 ----a-w- c:\windows\system32\frapsv64.dll
2012-05-30 06:29 . 2012-05-30 06:29 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
2012-05-29 05:36 . 2012-05-29 05:36 67464 ----a-w- c:\windows\system32\CLEyeDevices.dll
2006-05-03 11:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 12:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 14:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-06 23:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-30 39408]
"Dyyno Launcher"="c:\program files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe" [2011-01-20 2151776]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"Facebook Update"="c:\users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-04 1353080]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2009-08-21 262912]
"Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2009-12-03 600688]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
"FREEzeFlipSA"="c:\program files (x86)\FREEzeFlip\bin\1.0.6.0\FREEzeFlipSA.exe" [2011-08-10 660480]
"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2012-06-11 12099672]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Microsoft SharePoint Workspace.lnk - c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-16 135664]
R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [2010-04-14 45736]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 ExpressAccountsService;Express Accounts;c:\program files (x86)\NCH Software\ExpressAccounts\expressaccounts.exe [x]
R3 ExpressInvoiceService;Express Invoice;c:\program files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-16 135664]
R3 hcwhdpvr;Hauppauge HD PVR Capture Device;c:\windows\system32\DRIVERS\hcwhdpvr.sys [2011-10-31 191944]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-06-05 216064]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-12-19 146736]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-07 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 313696]
R4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);c:\program files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 428384]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-08 169312]
S2 Dyyno Launcher;Dyyno Service;c:\program files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe [2011-01-20 415072]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe [2010-04-14 1052328]
S2 MSSQL$EASIFY;SQL Server (EASIFY);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2009-08-21 62720]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe [2009-08-29 44312]
S2 STEARservice;STEARservice;c:\program files (x86)\STEARsoft\Reg\stearservice.exe [2008-07-15 57344]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-07-04 240160]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 139264]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2012-06-01 440360]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-995752932-4290874697-1861187567-1001Core.job
- c:\users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-08 05:45]
.
2012-08-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-995752932-4290874697-1861187567-1001UA.job
- c:\users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-08 05:45]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-16 10:53]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-16 10:53]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-995752932-4290874697-1861187567-1001Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-01 20:57]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-995752932-4290874697-1861187567-1001UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-01 20:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-10-09 508472]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-11-20 200704]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2009-09-30 823840]
"lxeamon.exe"="c:\program files (x86)\Lexmark S300-S400 Series\lxeamon.exe" [2011-01-23 770728]
"EzPrint"="c:\program files (x86)\Lexmark S300-S400 Series\ezprint.exe" [2011-01-23 148280]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=easynote_tj65&r=27360711m5b6l0450z1m5f4491w501
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=easynote_tj65&r=27360711m5b6l0450z1m5f4491w501
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AVG LiveKive - c:\program files (x86)\AVG LiveKive\avglivekive.exe
Wow6432Node-HKLM-Run-ArcSoft Connection Service - c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
Wow6432Node-HKLM-Run-WinCast - d:\cdsetup\setup.exe
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-ExpressAccounts - c:\program files (x86)\NCH Software\ExpressAccounts\uninst.exe
AddRemove-ExpressInvoice - c:\program files (x86)\NCH Software\ExpressInvoice\uninst.exe
AddRemove-facetheme - c:\program files (x86)\Object\facetheme_uninstall.exe
AddRemove-Prism - c:\program files (x86)\NCH Software\Prism\uninst.exe
AddRemove-Switch - c:\program files (x86)\NCH Software\Switch\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\STEARsoft\Reg\stearserver.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
.
**************************************************************************
.
Completion time: 2012-08-14 09:24:07 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-14 08:24
.
Pre-Run: 164,099,043,328 bytes free
Post-Run: 163,453,022,208 bytes free
.
- - End Of File - - 7FCE48B16CEC60605BB2F893311A27D3


Thanks and I hope this helps,
SniprUK

#9 SniprUK

SniprUK
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 14 August 2012 - 03:42 AM

Hey dude, here is the log.txt file from ComboFix:


ComboFix 12-08-13.01 - user 14/08/2012 8:10.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4025.2325 [GMT 1:00]
Running from: c:\users\user\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\packardbell.ico
c:\program files (x86)\Object
c:\program files (x86)\Object\bho_project.dll
c:\program files (x86)\Object\ChromeAddon.pem
c:\program files (x86)\Object\chromeaddon\._included.js
c:\program files (x86)\Object\chromeaddon\background.html
c:\program files (x86)\Object\chromeaddon\included.js
c:\program files (x86)\Object\chromeaddon\manifest.json
c:\program files (x86)\Object\config.ini
c:\program files (x86)\Object\enable.txt
c:\program files (x86)\Object\facetheme_uninstall.exe
c:\program files (x86)\Object\status.txt
c:\program files (x86)\Object\status2.txt
c:\programdata\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\programdata\FullRemove.exe
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\chrome.manifest
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\funmoods.css
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\funmoods.xul
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\images\pref.jpg
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\arwDwn.gif
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ae.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\bg.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ch.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cn.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cz.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\de.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\eg.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\en.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\es.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\fr.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\gr.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\he.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\il.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\it.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ja.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\jp.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\nl.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\no.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pl.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pt.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ro.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ru.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sa.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\se.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sv.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\tr.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ua.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\us.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\help_16.gif
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\home.gif
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\logo.png
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\privecy_16_hot.gif
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\tellafriend.gif
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\loader.xul
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\mtstart.js
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\preferences.xul
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\tmplt.js
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\install.rdf
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.rsa
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.sf
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\META-INF\manifest.mf
c:\users\user\Documents\Downloads\CT2776682_BrotherSoft_Extreme.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-14 to 2012-08-14 )))))))))))))))))))))))))))))))
.
.
2012-08-09 02:45 . 2012-08-09 02:45 -------- d-----w- C:\FRST
2012-08-08 15:54 . 2012-08-08 15:54 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-08-08 15:48 . 2012-08-08 15:48 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-01 15:49 . 2012-08-01 15:49 -------- d-----w- c:\program files (x86)\SplitMediaLabs
2012-08-01 10:47 . 2012-08-01 10:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-08-01 10:47 . 2012-08-01 10:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-08-01 10:47 . 2012-08-01 10:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-08-01 10:47 . 2012-08-01 10:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-08-01 10:47 . 2012-08-01 10:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-08-01 10:47 . 2012-08-01 10:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-08-01 10:47 . 2012-08-01 10:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-08-01 10:47 . 2012-08-01 10:47 -------- d-----w- c:\program files (x86)\QuickTime
2012-08-01 10:47 . 2012-08-01 10:47 -------- d-----w- c:\programdata\Apple Computer
2012-08-01 10:45 . 2012-08-01 19:18 -------- d-----w- c:\users\user\AppData\Local\575D3232-5274-443C-B192-45ED6C5B5563.aplzod
2012-08-01 10:44 . 2012-08-01 10:46 -------- d-----w- c:\users\user\AppData\Roaming\Apple Computer
2012-08-01 10:44 . 2012-08-01 10:44 -------- d-----w- c:\program files\Common Files\Apple
2012-08-01 10:43 . 2012-08-01 10:43 -------- d-----w- c:\users\user\AppData\Local\Apple
2012-08-01 10:43 . 2012-08-01 10:43 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-08-01 10:42 . 2012-08-01 10:42 -------- d-----w- c:\program files\Bonjour
2012-08-01 10:42 . 2012-08-01 10:42 -------- d-----w- c:\program files (x86)\Bonjour
2012-08-01 10:42 . 2012-08-01 10:44 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-08-01 10:42 . 2012-08-01 10:42 -------- d-----w- c:\programdata\Apple
2012-07-31 19:02 . 2012-06-01 09:51 440360 ----a-w- c:\windows\system32\drivers\k57nd60a.sys
2012-07-31 16:43 . 2009-12-05 18:42 85504 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2012-07-31 16:43 . 2012-07-31 16:43 -------- d-----w- c:\program files (x86)\ffdshow
2012-07-31 16:43 . 2012-07-31 16:43 -------- d-----w- c:\programdata\IObit
2012-07-31 16:43 . 2012-07-31 16:43 -------- d-----w- c:\program files (x86)\IObit
2012-07-31 13:44 . 2012-07-31 13:44 -------- d-----w- c:\programdata\Sincell
2012-07-31 13:44 . 2012-07-31 13:44 -------- d-----w- c:\program files (x86)\Sincell
2012-07-30 13:21 . 2012-07-30 13:21 -------- d-----w- c:\users\user\AppData\Local\CRE
2012-07-30 13:21 . 2012-07-30 13:21 -------- d-----w- c:\program files (x86)\Conduit
2012-07-30 13:21 . 2012-07-30 13:25 -------- d-----w- c:\users\user\AppData\Local\Conduit
2012-07-30 13:19 . 2012-07-30 13:21 -------- d-----w- c:\program files (x86)\uTorrent
2012-07-30 13:18 . 2012-07-31 19:03 -------- d-----w- c:\users\user\AppData\Roaming\uTorrent
2012-07-30 12:58 . 2012-07-30 12:58 -------- d-----w- c:\users\user\AppData\Local\Zoom_Downloader
2012-07-30 12:56 . 2012-07-30 12:56 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2012-07-27 09:13 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-07-26 20:52 . 2012-03-03 06:29 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-07-26 20:52 . 2012-03-03 05:40 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-07-26 20:52 . 2012-03-03 06:29 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-07-26 20:52 . 2012-03-03 06:29 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-07-26 20:52 . 2012-03-03 06:29 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-07-26 20:52 . 2012-03-03 06:29 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-07-26 20:52 . 2012-03-03 05:40 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-07-26 20:52 . 2012-03-03 05:40 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-07-26 20:52 . 2012-03-03 05:40 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-07-26 20:52 . 2012-03-03 05:40 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-07-26 20:50 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-07-26 20:50 . 2012-04-02 05:26 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-07-26 20:50 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-07-26 20:50 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-07-26 20:50 . 2012-04-02 05:24 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-07-26 20:50 . 2012-04-02 05:24 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-07-26 20:50 . 2012-06-06 05:50 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-26 20:50 . 2012-06-06 05:09 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-26 20:37 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-26 20:37 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-26 20:37 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-07-26 20:37 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-07-26 20:37 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-07-26 20:37 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-07-26 20:37 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-07-26 20:36 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-26 20:36 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-07-24 16:44 . 2012-07-24 16:44 -------- d-----w- c:\program files (x86)\DsNET Corp
2012-07-24 16:43 . 2012-07-24 16:43 -------- d-----w- c:\programdata\Ask
2012-07-24 16:25 . 2012-07-24 16:27 -------- d-----w- c:\users\user\AppData\Roaming\ArcSoft
2012-07-24 16:07 . 2012-07-24 16:07 -------- d-----w- c:\programdata\ArcSoft
2012-07-24 16:07 . 2009-05-22 19:32 73728 ----a-w- c:\windows\SysWow64\MMCEDT3.exe
2012-07-24 16:07 . 2006-09-18 07:50 22784 ----a-w- c:\windows\SysWow64\drivers\afc.sys
2012-07-24 16:05 . 2012-07-24 16:05 -------- d-----w- c:\program files (x86)\Common Files\ArcSoft
2012-07-24 16:04 . 2007-04-19 08:39 256768 ----a-w- c:\windows\SysWow64\MSLURT.dll
2012-07-24 16:04 . 2005-07-16 01:35 245408 ----a-w- c:\windows\SysWow64\unicows.dll
2012-07-24 16:04 . 2006-01-24 09:20 1645320 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-07-24 16:04 . 2005-05-28 05:58 393216 ----a-w- c:\windows\SysWow64\MSLUP60.dll
2012-07-24 16:04 . 2012-07-24 16:04 -------- d-----w- c:\program files (x86)\ArcSoft
2012-07-24 16:00 . 2012-07-24 16:00 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2012-07-24 16:00 . 2010-02-04 17:55 94271 ----a-w- c:\windows\SysWow64\hcwblast.ocx
2012-07-24 16:00 . 2010-02-04 17:41 69699 ----a-w- c:\windows\SysWow64\hcwIRblast.dll
2012-07-24 16:00 . 2008-01-21 19:52 299008 ----a-w- c:\windows\SysWow64\hcwzblast.dll
2012-07-24 15:57 . 2012-07-24 15:57 -------- d-----w- c:\program files (x86)\Hauppauge
2012-07-24 15:56 . 2011-10-31 12:12 191944 ----a-w- c:\windows\system32\drivers\hcwhdpvr.sys
2012-07-24 15:53 . 2012-07-24 15:53 -------- d-----w- c:\users\user\AppData\Local\autorun
2012-07-24 15:50 . 2012-07-24 15:50 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-07-20 06:47 . 2012-07-31 17:27 282104 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-07-20 06:46 . 2012-07-20 06:46 -------- d-----w- c:\users\user\AppData\Local\PunkBuster
2012-07-20 06:44 . 2012-07-31 17:27 282104 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-20 06:44 . 2012-07-31 17:26 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-07-20 06:44 . 2012-07-30 14:36 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-07-20 06:29 . 2012-07-20 06:29 -------- d-----w- c:\program files (x86)\EA Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-08 15:48 . 2011-09-26 05:54 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-08 14:09 . 2011-03-28 17:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-30 06:29 . 2012-05-30 06:29 71680 ----a-w- c:\windows\system32\frapsv64.dll
2012-05-30 06:29 . 2012-05-30 06:29 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
2012-05-29 05:36 . 2012-05-29 05:36 67464 ----a-w- c:\windows\system32\CLEyeDevices.dll
2006-05-03 11:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 12:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 14:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-06 23:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-30 39408]
"Dyyno Launcher"="c:\program files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe" [2011-01-20 2151776]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"Facebook Update"="c:\users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-04 1353080]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2009-08-21 262912]
"Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2009-12-03 600688]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
"FREEzeFlipSA"="c:\program files (x86)\FREEzeFlip\bin\1.0.6.0\FREEzeFlipSA.exe" [2011-08-10 660480]
"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2012-06-11 12099672]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Microsoft SharePoint Workspace.lnk - c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-16 135664]
R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [2010-04-14 45736]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 ExpressAccountsService;Express Accounts;c:\program files (x86)\NCH Software\ExpressAccounts\expressaccounts.exe [x]
R3 ExpressInvoiceService;Express Invoice;c:\program files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-16 135664]
R3 hcwhdpvr;Hauppauge HD PVR Capture Device;c:\windows\system32\DRIVERS\hcwhdpvr.sys [2011-10-31 191944]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-06-05 216064]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-12-19 146736]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-07 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 313696]
R4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);c:\program files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 428384]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-08 169312]
S2 Dyyno Launcher;Dyyno Service;c:\program files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe [2011-01-20 415072]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe [2010-04-14 1052328]
S2 MSSQL$EASIFY;SQL Server (EASIFY);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2009-08-21 62720]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe [2009-08-29 44312]
S2 STEARservice;STEARservice;c:\program files (x86)\STEARsoft\Reg\stearservice.exe [2008-07-15 57344]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-07-04 240160]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 139264]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2012-06-01 440360]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-995752932-4290874697-1861187567-1001Core.job
- c:\users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-08 05:45]
.
2012-08-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-995752932-4290874697-1861187567-1001UA.job
- c:\users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-08 05:45]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-16 10:53]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-16 10:53]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-995752932-4290874697-1861187567-1001Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-01 20:57]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-995752932-4290874697-1861187567-1001UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-01 20:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-10-09 508472]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-11-20 200704]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2009-09-30 823840]
"lxeamon.exe"="c:\program files (x86)\Lexmark S300-S400 Series\lxeamon.exe" [2011-01-23 770728]
"EzPrint"="c:\program files (x86)\Lexmark S300-S400 Series\ezprint.exe" [2011-01-23 148280]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=easynote_tj65&r=27360711m5b6l0450z1m5f4491w501
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=easynote_tj65&r=27360711m5b6l0450z1m5f4491w501
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AVG LiveKive - c:\program files (x86)\AVG LiveKive\avglivekive.exe
Wow6432Node-HKLM-Run-ArcSoft Connection Service - c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
Wow6432Node-HKLM-Run-WinCast - d:\cdsetup\setup.exe
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-ExpressAccounts - c:\program files (x86)\NCH Software\ExpressAccounts\uninst.exe
AddRemove-ExpressInvoice - c:\program files (x86)\NCH Software\ExpressInvoice\uninst.exe
AddRemove-facetheme - c:\program files (x86)\Object\facetheme_uninstall.exe
AddRemove-Prism - c:\program files (x86)\NCH Software\Prism\uninst.exe
AddRemove-Switch - c:\program files (x86)\NCH Software\Switch\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\STEARsoft\Reg\stearserver.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
.
**************************************************************************
.
Completion time: 2012-08-14 09:24:07 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-14 08:24
.
Pre-Run: 164,099,043,328 bytes free
Post-Run: 163,453,022,208 bytes free
.
- - End Of File - - 7FCE48B16CEC60605BB2F893311A27D3


Thanks and I hope this helps,
SniprUK

#10 SniprUK

SniprUK
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 14 August 2012 - 04:35 AM

Sorry for the double-post my browser refreshed and it posted twice :)

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:45 AM

Posted 14 August 2012 - 07:50 AM

Please do the following:

Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 SniprUK

SniprUK
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 14 August 2012 - 08:02 AM

Ok, here is the log for Malwarebyte's:


Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.14.02

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
user :: WILL-PC [administrator]

Protection: Enabled

14/08/2012 13:56:35
mbam-log-2012-08-14 (13-56-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237928
Time elapsed: 3 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 20
HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\escort.escortIEPane (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods (PUP.Funmoods) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Program Files (x86)\Funmoods\1.5.23.22 (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\bh (PUP.Funmoods) -> Quarantined and deleted successfully.

Files Detected: 18
C:\Program Files (x86)\Funmoods\1.5.23.22\funmoodssrv.exe (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\escortApp.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\escortEng.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\user\Downloads\eTypeSetupSSP.exe (PUP.BundleInstaller.BI) -> Quarantined and deleted successfully.
C:\Users\user\Downloads\setup (2).exe (PUP.BundleInstaller.VG) -> Quarantined and deleted successfully.
C:\Users\user\Downloads\setup (3).exe (PUP.BundleInstaller.VG) -> Quarantined and deleted successfully.
C:\Users\user\Downloads\Setup (4).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\user\Downloads\Setup (5).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\user\Downloads\SoftonicDownloader_for_atube-catcher.exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.
C:\Users\user\Downloads\SoftonicDownloader_for_hamachi (1).exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.
C:\Users\user\Downloads\SoftonicDownloader_for_hamachi.exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\user\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\escortShld.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\FavIcon.ico (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\uninstall.exe (PUP.Funmoods) -> Quarantined and deleted successfully.

(end)

I am just about to run ESET

#13 SniprUK

SniprUK
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 14 August 2012 - 10:33 AM

And dude, here, finally, is the log from ESET:


C:\FRST\Quarantine\Screenflow_2_1_keygen_by_orion.zip a variant of Win32/Kryptik.AJOV trojan
C:\FRST\Quarantine\Screenflow_2_1_serials_key.zip a variant of Win32/Kryptik.AJOV trojan
C:\FRST\Quarantine\services.exe Win64/Patched.A.Gen trojan
C:\FRST\Quarantine\{8bc0fc71-2340-ce23-215e-fdddd2d438ac}\U\00000008.@ Win64/Agent.BA trojan
C:\FRST\Quarantine\{8bc0fc71-2340-ce23-215e-fdddd2d438ac}\U\000000cb.@ Win64/Conedex.B trojan
C:\FRST\Quarantine\{8bc0fc71-2340-ce23-215e-fdddd2d438ac}\U\80000000.@ Win64/Sirefef.AP trojan
C:\FRST\Quarantine\{8bc0fc71-2340-ce23-215e-fdddd2d438ac}\U\80000032.@ a variant of Win32/Sirefef.FD trojan
C:\Program Files (x86)\1ClickDownload\ocpack.exe Win32/Adware.1ClickDownload.E application
C:\Program Files (x86)\FREEzeFlip\bin\1.0.6.0\FREEzeFlipSA.exe probably a variant of Win32/Adware.180Solutions application
C:\Program Files (x86)\FREEzeFlip\bin\1.0.6.0\FREEzeFlipSAHook.dll probably a variant of Win32/Adware.180Solutions application
C:\Program Files (x86)\FREEzeFlip\bin\1.0.6.0\FREEzeFlipUninstaller.exe Win32/Adware.HotBar.E application
C:\Program Files (x86)\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Qoobox\Quarantine\C\Program Files (x86)\Object\bho_project.dll.vir a variant of Win32/Adware.Facetheme.A application
C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\user\Downloads\3DMGAME_Football_Manager_2012_No_Crack_rar.exe Win32/Adware.1ClickDownload.C application
C:\Users\user\Downloads\avc-free (1).exe Win32/OpenCandy application
C:\Users\user\Downloads\avc-free.exe Win32/OpenCandy application
C:\Users\user\Downloads\vlcmediaplayer-setup.exe Win32/DownloadAdmin.A.Gen application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\onlinereservebesthotels_biz[1].htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\onlinereservebesthotels_biz[1].htm HTML/Iframe.B.Gen virus
Operating memory probably a variant of Win32/Adware.180Solutions application


Hope this helps,
SniprUK

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:45 AM

Posted 14 August 2012 - 11:43 AM

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Program Files (x86)\1ClickDownload\ocpack.exe 
C:\Program Files (x86)\FREEzeFlip\bin\1.0.6.0\FREEzeFlipSA.exe 
C:\Program Files (x86)\FREEzeFlip\bin\1.0.6.0\FREEzeFlipSAHook.dll 
C:\Program Files (x86)\FREEzeFlip\bin\1.0.6.0\FREEzeFlipUninstaller.exe 
C:\Program Files (x86)\Yontoo\YontooIEClient.dll 
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll 
C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
C:\Users\user\Downloads\3DMGAME_Football_Manager_2012_No_Crack_rar.exe 
C:\Users\user\Downloads\avc-free (1).exe 
C:\Users\user\Downloads\avc-free.exe 
C:\Users\user\Downloads\vlcmediaplayer-setup.exe 
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\onlinereservebesthotels_biz[1].htm 
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\onlinereservebesthotels_biz[1].htm 

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT


  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List installed programs.

Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.

NEXT


Please download Farbar Service Scanner to your desktop and run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT

Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 SniprUK

SniprUK
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 14 August 2012 - 12:19 PM

Here is the ComboFix log:


ComboFix 12-08-14.03 - user 14/08/2012 17:59:36.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4025.2544 [GMT 1:00]
Running from: c:\users\user\Desktop\ComboFix.exe
Command switches used :: c:\users\user\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\1ClickDownload\ocpack.exe"
"c:\program files (x86)\FREEzeFlip\bin\1.0.6.0\FREEzeFlipSA.exe"
"c:\program files (x86)\FREEzeFlip\bin\1.0.6.0\FREEzeFlipSAHook.dll"
"c:\program files (x86)\FREEzeFlip\bin\1.0.6.0\FREEzeFlipUninstaller.exe"
"c:\program files (x86)\Yontoo\YontooIEClient.dll"
"c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll"
"c:\users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll"
"c:\users\user\Downloads\3DMGAME_Football_Manager_2012_No_Crack_rar.exe"
"c:\users\user\Downloads\avc-free (1).exe"
"c:\users\user\Downloads\avc-free.exe"
"c:\users\user\Downloads\vlcmediaplayer-setup.exe"
"c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\onlinereservebesthotels_biz[1].htm"
"c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\onlinereservebesthotels_biz[1].htm"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\1ClickDownload\ocpack.exe
c:\program files (x86)\FREEzeFlip\bin\1.0.6.0\FREEzeFlipSA.exe
c:\program files (x86)\FREEzeFlip\bin\1.0.6.0\FREEzeFlipSAHook.dll
c:\program files (x86)\FREEzeFlip\bin\1.0.6.0\FREEzeFlipUninstaller.exe
c:\program files (x86)\Yontoo\YontooIEClient.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\users\user\Downloads\3DMGAME_Football_Manager_2012_No_Crack_rar.exe
c:\users\user\Downloads\avc-free (1).exe
c:\users\user\Downloads\avc-free.exe
c:\users\user\Downloads\vlcmediaplayer-setup.exe
c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\onlinereservebesthotels_biz[1].htm
.
.
((((((((((((((((((((((((( Files Created from 2012-07-14 to 2012-08-14 )))))))))))))))))))))))))))))))
.
.
2012-08-14 17:08 . 2012-08-14 17:08 -------- d-----w- c:\users\Sarah\AppData\Local\temp
2012-08-14 17:08 . 2012-08-14 17:08 -------- d-----w- c:\users\Mcx1-WILL-PC\AppData\Local\temp
2012-08-14 17:08 . 2012-08-14 17:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-14 13:02 . 2012-08-14 13:02 -------- d-----w- c:\program files (x86)\ESET
2012-08-14 12:55 . 2012-08-14 12:55 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes
2012-08-14 12:55 . 2012-08-14 12:55 -------- d-----w- c:\programdata\Malwarebytes
2012-08-14 12:55 . 2012-08-14 12:55 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-14 12:55 . 2012-07-03 12:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-09 02:45 . 2012-08-09 02:45 -------- d-----w- C:\FRST
2012-08-08 15:54 . 2012-08-08 15:54 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-08-08 15:48 . 2012-08-08 15:48 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-01 15:49 . 2012-08-01 15:49 -------- d-----w- c:\program files (x86)\SplitMediaLabs
2012-08-01 10:47 . 2012-08-01 10:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-08-01 10:47 . 2012-08-01 10:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-08-01 10:47 . 2012-08-01 10:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-08-01 10:47 . 2012-08-01 10:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-08-01 10:47 . 2012-08-01 10:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-08-01 10:47 . 2012-08-01 10:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-08-01 10:47 . 2012-08-01 10:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-08-01 10:47 . 2012-08-01 10:47 -------- d-----w- c:\program files (x86)\QuickTime
2012-08-01 10:47 . 2012-08-01 10:47 -------- d-----w- c:\programdata\Apple Computer
2012-08-01 10:45 . 2012-08-01 19:18 -------- d-----w- c:\users\user\AppData\Local\575D3232-5274-443C-B192-45ED6C5B5563.aplzod
2012-08-01 10:44 . 2012-08-01 10:46 -------- d-----w- c:\users\user\AppData\Roaming\Apple Computer
2012-08-01 10:44 . 2012-08-01 10:44 -------- d-----w- c:\program files\Common Files\Apple
2012-08-01 10:43 . 2012-08-01 10:43 -------- d-----w- c:\users\user\AppData\Local\Apple
2012-08-01 10:43 . 2012-08-01 10:43 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-08-01 10:42 . 2012-08-01 10:42 -------- d-----w- c:\program files\Bonjour
2012-08-01 10:42 . 2012-08-01 10:42 -------- d-----w- c:\program files (x86)\Bonjour
2012-08-01 10:42 . 2012-08-01 10:44 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-08-01 10:42 . 2012-08-01 10:42 -------- d-----w- c:\programdata\Apple
2012-07-31 19:02 . 2012-06-01 09:51 440360 ----a-w- c:\windows\system32\drivers\k57nd60a.sys
2012-07-31 16:43 . 2009-12-05 18:42 85504 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2012-07-31 16:43 . 2012-07-31 16:43 -------- d-----w- c:\program files (x86)\ffdshow
2012-07-31 16:43 . 2012-07-31 16:43 -------- d-----w- c:\programdata\IObit
2012-07-31 16:43 . 2012-07-31 16:43 -------- d-----w- c:\program files (x86)\IObit
2012-07-31 13:44 . 2012-07-31 13:44 -------- d-----w- c:\programdata\Sincell
2012-07-31 13:44 . 2012-07-31 13:44 -------- d-----w- c:\program files (x86)\Sincell
2012-07-30 13:21 . 2012-07-30 13:21 -------- d-----w- c:\users\user\AppData\Local\CRE
2012-07-30 13:21 . 2012-07-30 13:21 -------- d-----w- c:\program files (x86)\Conduit
2012-07-30 13:21 . 2012-07-30 13:25 -------- d-----w- c:\users\user\AppData\Local\Conduit
2012-07-30 13:19 . 2012-07-30 13:21 -------- d-----w- c:\program files (x86)\uTorrent
2012-07-30 13:18 . 2012-07-31 19:03 -------- d-----w- c:\users\user\AppData\Roaming\uTorrent
2012-07-30 12:58 . 2012-07-30 12:58 -------- d-----w- c:\users\user\AppData\Local\Zoom_Downloader
2012-07-30 12:56 . 2012-07-30 12:56 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2012-07-27 09:13 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-07-26 20:52 . 2012-03-03 06:29 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-07-26 20:52 . 2012-03-03 05:40 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-07-26 20:52 . 2012-03-03 06:29 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-07-26 20:52 . 2012-03-03 06:29 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-07-26 20:52 . 2012-03-03 06:29 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-07-26 20:52 . 2012-03-03 06:29 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-07-26 20:52 . 2012-03-03 05:40 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-07-26 20:52 . 2012-03-03 05:40 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-07-26 20:52 . 2012-03-03 05:40 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-07-26 20:52 . 2012-03-03 05:40 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-07-26 20:50 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-07-26 20:50 . 2012-04-02 05:26 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-07-26 20:50 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-07-26 20:50 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-07-26 20:50 . 2012-04-02 05:24 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-07-26 20:50 . 2012-04-02 05:24 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-07-26 20:50 . 2012-06-06 05:50 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-26 20:50 . 2012-06-06 05:09 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-26 20:37 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-26 20:37 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-26 20:37 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-07-26 20:37 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-07-26 20:37 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-07-26 20:37 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-07-26 20:37 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-07-26 20:36 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-26 20:36 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-07-24 16:44 . 2012-07-24 16:44 -------- d-----w- c:\program files (x86)\DsNET Corp
2012-07-24 16:43 . 2012-07-24 16:43 -------- d-----w- c:\programdata\Ask
2012-07-24 16:25 . 2012-07-24 16:27 -------- d-----w- c:\users\user\AppData\Roaming\ArcSoft
2012-07-24 16:07 . 2012-07-24 16:07 -------- d-----w- c:\programdata\ArcSoft
2012-07-24 16:07 . 2009-05-22 19:32 73728 ----a-w- c:\windows\SysWow64\MMCEDT3.exe
2012-07-24 16:07 . 2006-09-18 07:50 22784 ----a-w- c:\windows\SysWow64\drivers\afc.sys
2012-07-24 16:05 . 2012-07-24 16:05 -------- d-----w- c:\program files (x86)\Common Files\ArcSoft
2012-07-24 16:04 . 2007-04-19 08:39 256768 ----a-w- c:\windows\SysWow64\MSLURT.dll
2012-07-24 16:04 . 2005-07-16 01:35 245408 ----a-w- c:\windows\SysWow64\unicows.dll
2012-07-24 16:04 . 2006-01-24 09:20 1645320 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-07-24 16:04 . 2005-05-28 05:58 393216 ----a-w- c:\windows\SysWow64\MSLUP60.dll
2012-07-24 16:04 . 2012-07-24 16:04 -------- d-----w- c:\program files (x86)\ArcSoft
2012-07-24 16:00 . 2012-07-24 16:00 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2012-07-24 16:00 . 2010-02-04 17:55 94271 ----a-w- c:\windows\SysWow64\hcwblast.ocx
2012-07-24 16:00 . 2010-02-04 17:41 69699 ----a-w- c:\windows\SysWow64\hcwIRblast.dll
2012-07-24 16:00 . 2008-01-21 19:52 299008 ----a-w- c:\windows\SysWow64\hcwzblast.dll
2012-07-24 15:57 . 2012-07-24 15:57 -------- d-----w- c:\program files (x86)\Hauppauge
2012-07-24 15:56 . 2011-10-31 12:12 191944 ----a-w- c:\windows\system32\drivers\hcwhdpvr.sys
2012-07-24 15:53 . 2012-07-24 15:53 -------- d-----w- c:\users\user\AppData\Local\autorun
2012-07-24 15:50 . 2012-07-24 15:50 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-07-20 06:47 . 2012-07-31 17:27 282104 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-07-20 06:46 . 2012-07-20 06:46 -------- d-----w- c:\users\user\AppData\Local\PunkBuster
2012-07-20 06:44 . 2012-07-31 17:27 282104 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-20 06:44 . 2012-07-31 17:26 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-07-20 06:44 . 2012-07-30 14:36 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-07-20 06:29 . 2012-07-20 06:29 -------- d-----w- c:\program files (x86)\EA Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-08 15:48 . 2011-09-26 05:54 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-08 14:09 . 2011-03-28 17:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-30 06:29 . 2012-05-30 06:29 71680 ----a-w- c:\windows\system32\frapsv64.dll
2012-05-30 06:29 . 2012-05-30 06:29 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
2012-05-29 05:36 . 2012-05-29 05:36 67464 ----a-w- c:\windows\system32\CLEyeDevices.dll
2006-05-03 11:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 12:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 14:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-06 23:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-14_08.17.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-30 05:17 . 2012-08-14 17:12 91062 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-14 17:12 53992 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-07-16 11:08 . 2012-08-14 17:12 24128 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-995752932-4290874697-1861187567-1001_UserData.bin
+ 2011-07-16 10:34 . 2012-08-14 09:05 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-16 10:34 . 2012-08-03 10:56 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-07-16 10:34 . 2012-08-14 09:05 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-07-16 10:34 . 2012-08-03 10:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-03 10:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-14 09:05 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-08-14 17:09 . 2012-08-14 17:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-14 08:15 . 2012-08-14 08:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-14 17:09 . 2012-08-14 17:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-14 08:15 . 2012-08-14 08:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-08-14 08:15 406704 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-14 17:08 406704 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-25 12:00 . 2012-08-14 17:08 8332443 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-995752932-4290874697-1861187567-1001-8192.dat
- 2012-02-25 12:00 . 2012-08-14 08:15 8332443 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-995752932-4290874697-1861187567-1001-8192.dat
- 2009-07-14 02:34 . 2012-08-03 16:13 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-08-14 09:26 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-30 39408]
"Dyyno Launcher"="c:\program files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe" [2011-01-20 2151776]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"Facebook Update"="c:\users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-04 1353080]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2009-08-21 262912]
"Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2009-12-03 600688]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2012-06-11 12099672]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Microsoft SharePoint Workspace.lnk - c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-16 135664]
R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [2010-04-14 45736]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 ExpressAccountsService;Express Accounts;c:\program files (x86)\NCH Software\ExpressAccounts\expressaccounts.exe [x]
R3 ExpressInvoiceService;Express Invoice;c:\program files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-16 135664]
R3 hcwhdpvr;Hauppauge HD PVR Capture Device;c:\windows\system32\DRIVERS\hcwhdpvr.sys [2011-10-31 191944]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-06-05 216064]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-12-19 146736]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-07 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 313696]
R4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);c:\program files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 428384]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-08 169312]
S2 Dyyno Launcher;Dyyno Service;c:\program files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe [2011-01-20 415072]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe [2010-04-14 1052328]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 MSSQL$EASIFY;SQL Server (EASIFY);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2009-08-21 62720]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe [2009-08-29 44312]
S2 STEARservice;STEARservice;c:\program files (x86)\STEARsoft\Reg\stearservice.exe [2008-07-15 57344]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-07-04 240160]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 139264]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2012-06-01 440360]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-995752932-4290874697-1861187567-1001Core.job
- c:\users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-08 05:45]
.
2012-08-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-995752932-4290874697-1861187567-1001UA.job
- c:\users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-08 05:45]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-16 10:53]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-16 10:53]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-995752932-4290874697-1861187567-1001Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-01 20:57]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-995752932-4290874697-1861187567-1001UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-01 20:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-10-09 508472]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-11-20 200704]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2009-09-30 823840]
"lxeamon.exe"="c:\program files (x86)\Lexmark S300-S400 Series\lxeamon.exe" [2011-01-23 770728]
"EzPrint"="c:\program files (x86)\Lexmark S300-S400 Series\ezprint.exe" [2011-01-23 148280]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=easynote_tj65&r=27360711m5b6l0450z1m5f4491w501
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=easynote_tj65&r=27360711m5b6l0450z1m5f4491w501
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-FREEzeFlipSA - c:\program files (x86)\FREEzeFlip\bin\1.0.6.0\FREEzeFlipSA.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-FREEzeFlipSA - c:\program files (x86)\FREEzeFlip\bin\1.0.6.0\FREEzeFlipUninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\STEARsoft\Reg\stearserver.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
.
**************************************************************************
.
Completion time: 2012-08-14 18:17:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-14 17:17
ComboFix2.txt 2012-08-14 08:24
.
Pre-Run: 160,083,218,432 bytes free
Post-Run: 159,797,108,736 bytes free
.
- - End Of File - - 73ED8B01A64FD949B3142D06621FA7A6




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users