Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirector bug in Bing and audio ads running with nothing open


  • This topic is locked This topic is locked
29 replies to this topic

#1 jmzzll

jmzzll

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 20 August 2012 - 11:20 AM

I'm seeing a few issues with this virus.
1. Redirector - My default search engine is Bing. When I click on link from a bing search, it redirects me too spam sites.
2. Audio ads run in the background with no browser open.
3. Web pages load extremely slow.

I have run several virus scans using Norton and Malwarebytes. Nothing has been flagged.

Any help is appreciated.

Jay

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by jmezzell at 9:43:05 on 2012-08-20
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3978.822 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\crypserv.exe
C:\Windows\system32\svchost.exe -k ftpsvc
C:\Program Files\Common Files\ICONICS\FWX64\BIN\AwxServer64.exe
C:\Program Files\ICONICS\GENESIS64\Components\IcoFwxServer.exe
C:\Program Files\Common Files\ICONICS\FWX64\BIN\MonitorWorX64.exe
C:\Program Files\ICONICS\GENESIS64\Components\NativeLicenseServer64.exe
C:\Program Files\Common Files\ICONICS\FWX64\BIN\GASEngine64.exe
C:\Program Files\Common Files\ICONICS\FWX64\BIN\GenBroker64.exe
C:\Program Files\ICONICS\GENESIS64\Components\IcoLicenseService.exe
C:\Program Files (x86)\ICONICS\ICONICS OPC Server Suite 5\server_eventlog.exe
C:\Program Files\ICONICS\GENESIS64\Components\IcoRemotingService.exe
C:\Program Files\ICONICS\GENESIS64\Components\CRP32002.NGN
C:\Program Files\Common Files\ICONICS\FWX64\BIN\UDMRuntime64.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Program Files (x86)\Kepware\KEPServerEX 5\server_eventlog.exe
C:\Program Files (x86)\M86 Security\Authenticator\Authenticat_s.exe
C:\Windows\System32\msdtc.exe
c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
C:\Program Files (x86)\Common Files\OPC Foundation\UA\v1.0\Bin\Opc.Ua.DiscoveryServer.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\ICONICS\GenRegistrarServer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\ICONICS\ICONICS OPC Server Suite 5\server_runtime.exe
C:\Program Files (x86)\Kepware\KEPServerEX 5\server_runtime.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files (x86)\Kepware\KEPServerEX 5\xi_wrapper\xi_server_runtime.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ICONICS\ICONICS OPC Server Suite 5\server_admin.exe
C:\Program Files (x86)\Kepware\KEPServerEX 5\server_admin.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files (x86)\Microsoft Lync\communicator.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\CCM\CcmExec.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\CCM\RemCtrl\CmRcService.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\CCM\SCNotification.exe
C:\Program Files\Common Files\ICONICS\FWX64\BIN\GenEvent64.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Microsoft Lync\UcMapi.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\ICONICS\GENESIS64\Components\WorkbenchApp.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://bluenet
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = <local>
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31d09ba0-12f5-4cce-be8a-2923e76605da} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Akamai NetSession Interface] "C:\Users\jmezzell\AppData\Local\Akamai\netsession_win.exe"
uRun: [Spotify Web Helper] "C:\Users\jmezzell\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAGIT~1.LNK - C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: %SystemRoot%\system32\vsocklib.dll
Trusted Zone: localhost
Trusted Zone: scadawebhmi
Trusted Zone: tuliconscada01
Trusted Zone: tulsccm01
Trusted Zone: virtualearth.net\dev
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.161.14 192.168.161.2 208.180.42.100
TCP: Interfaces\{CD9EAACA-8050-493F-86B5-6E3F4776C754}\16474777966696 : DhcpNameServer = 192.168.4.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{CD9EAACA-8050-493F-86B5-6E3F4776C754}\24B45405 : DhcpNameServer = 192.168.161.14 192.168.161.2 208.180.42.100
TCP: Interfaces\{F134C69E-6A9B-4B24-A1A9-1787DEA7116A} : DhcpNameServer = 192.168.161.14 192.168.161.2 208.180.42.100
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
BHO-X64: Lync add-on BHO - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\BASHDefs\20120811.003\BHDrvx64.sys [2012-8-10 1385120]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1308000.00E

\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\IPSDefs\20120817.001\IDSviA64.sys [2012-8-17 509088]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1308000.00E\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1308000.00E\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 CmRcService;Configuration Manager Remote Control;C:\Windows\CCM\RemCtrl\CmRcService.exe [2012-2-20 605040]
R2 ftpsvc;Microsoft FTP Service;C:\Windows\system32\svchost.exe -k ftpsvc [2009-7-13 20992]
R2 IcoAlarmService;ICONICS AlarmWorX64 Server;C:\Program Files\Common Files\ICONICS\FWX64\Bin\AwxServer64.exe [2011-12-14 4958208]
R2 IcoFwxServer;ICONICS FrameWorX64;C:\Program Files\ICONICS\GENESIS64\Components\IcoFwxServer.exe [2011-12-14 8192]
R2 IcoGasEngine;ICONICS Global Aliasing;C:\Program Files\Common Files\ICONICS\FWX64\Bin\GASEngine64.exe [2011-12-14 670720]
R2 IcoGenBroker;ICONICS GenBroker;C:\Program Files\Common Files\ICONICS\FWX64\Bin\GenBroker64.exe [2011-12-14 6114816]
R2 IcoLicenseService;ICONICS License;C:\Program Files\ICONICS\GENESIS64\Components\IcoLicenseService.exe [2011-12-14 7680]
R2 ICONICSOPCServerSuiteLoggerV5;ICONICS OPC Server Suite 5.5 Event Logger;C:\Program Files (x86)\ICONICS\ICONICS OPC Server Suite 5\server_eventlog.exe [2011-3-10 107808]
R2 ICONICSOPCServerSuiteV5;ICONICS OPC Server Suite 5.5 Runtime;C:\Program Files (x86)\ICONICS\ICONICS OPC Server Suite 5\server_runtime.exe [2011-3-10 183584]
R2 IcoRemotingService;ICONICS Remoting Service;C:\Program Files\ICONICS\GENESIS64\Components\IcoRemotingService.exe [2011-12-14 47104]
R2 IcoUdmRuntime;ICONICS Data Manager;C:\Program Files\Common Files\ICONICS\FWX64\Bin\UDMRuntime64.exe [2011-12-14 722432]
R2 KEPServerEXLoggerV5;KEPServerEX 5.9 Event Logger;C:\Program Files (x86)\Kepware\KEPServerEX 5\server_eventlog.exe [2012-6-14 201800]
R2 KEPServerEXV5;KEPServerEX 5.9 Runtime;C:\Program Files (x86)\Kepware\KEPServerEX 5\server_runtime.exe [2012-6-14 258120]
R2 M86_Auth;M86 Security Authenticator;C:\Program Files (x86)\M86 Security\Authenticator\Authenticat_s.exe [2011-5-4 394584]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe [2012-8-14 138272]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-7-2 1997416]
R2 Sentinel64;Sentinel64;C:\Windows\system32\Drivers\Sentinel64.sys --> C:\Windows\system32\Drivers\Sentinel64.sys [?]
R2 SentinelKeysServer;Sentinel Keys Server;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2010-10-20 374048]
R2 SentinelSecurityRuntime;Sentinel Security Runtime;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [2010-10-20 292128]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-6-5 378472]
R2 SWGVCSvc;SonicWALL Global VPN Client Service;C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [2009-3-6 284696]
R2 UA Local Discovery Server;UA Local Discovery Server;C:\Program Files (x86)\Common Files\OPC Foundation\UA\v1.0\Bin\Opc.Ua.DiscoveryServer.exe [2010-11-2 28160]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-29 846448]
R3 BTWAMPFL;BTWAMPFL;C:\Windows\system32\DRIVERS\btwampfl.sys --> C:\Windows\system32\DRIVERS\btwampfl.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-12 138912]
R3 KEPServerEXV5_OPCNET;KEPServerEX 5.9 OPC .NET;C:\Program Files (x86)\Kepware\KEPServerEX 5\xi_wrapper\xi_server_runtime.exe [2012-6-14 17480]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-5-25 43032]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S1 SWIPsec;SonicWALL IPsec Driver;\??\C:\Windows\system32\Drivers\SWIPsec.sys --> C:\Windows\system32\Drivers\SWIPsec.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-20 136176]
S2 IcoRemotingService32;ICONICS Remoting Service 32;C:\Program Files (x86)\Common Files\ICONICS\IcoRemoting32\IcoRemotingService.exe [2011-7-1 62800]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-18 655944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-7 250056]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
S3 BwxService;ICONICS BridgeWorX;C:\Program Files (x86)\ICONICS\BizViz\BridgeWorX\BwxServices\BridgeWorX.exe [2011-8-22 51200]
S3 DataWorX32;ICONICS DataWorX32;C:\Program Files (x86)\ICONICS\GENESIS32\Bin\DwxRuntime.exe [2011-6-20 1404994]
S3 DBOPC;ICONICS DBOPC Server Runtime;C:\Program Files (x86)\Common Files\ICONICS\DBOPCServerRuntime.exe [2011-7-1 1623376]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-20 136176]
S3 IcoAlarmLogger;ICONICS AlarmWorX64 Logger;C:\Program Files\Common Files\ICONICS\FWX64\Bin\AWXLog64.exe [2011-12-14 1067520]
S3 IcoBPAService;ICONICS Productivity Analytics;C:\Program Files (x86)\ICONICS\BizViz\Productivity Analytics\BpaWinService\IcoBPAnalyticsWinService.exe [2011-8-22 192352]
S3 IcoEaService;ICONICS Energy AnalytiX;"C:\Program Files\ICONICS\GENESIS64\Components\IcoBizVizEAService.exe" --> C:\Program Files\ICONICS\GENESIS64\Components

\IcoBizVizEAService.exe [?]
S3 IcoFaService;ICONICS Facility AnalytiX;"C:\Program Files\ICONICS\GENESIS64\Components\IcoBizVizFAService.exe" --> C:\Program Files\ICONICS\GENESIS64\Components

\IcoBizVizFAService.exe [?]
S3 IcoHHServiceCollector;ICONICS Hyper Historian Collector;C:\Program Files\ICONICS\GENESIS64\Components\HHCollectorService.exe [2011-6-27 7680]
S3 IcoHHServiceCore;ICONICS Hyper Historian Core;C:\Program Files\ICONICS\GENESIS64\Components\HHLoggerService.exe [2011-6-27 7680]
S3 IcoMGXServiceCore;ICONICS MergeWorX Service;C:\Program Files\ICONICS\GENESIS64\Components\MGXCoreService.exe [2011-6-27 7168]
S3 IcoScheduleWorXRuntime;ICONICS ScheduleWorX64;C:\Program Files\Common Files\ICONICS\FWX64\Bin\ScheduleWorXRuntime64.exe [2011-12-14 685568]
S3 IcoTwxLogger;ICONICS TrendWorX64 Logger;C:\Program Files\Common Files\ICONICS\FWX64\Bin\TwxLog64.exe [2011-12-14 5214720]
S3 KEPServerEXKeySvcV5;KEPServerEX 5.9 Key Service;C:\Program Files (x86)\Kepware\KEPServerEX 5\keysvc.exe [2012-6-14 34376]
S3 lpasvc;Microsoft Policy Platform Local Authority;C:\Program Files\Microsoft Policy Platform\policyHost.exe [2011-12-6 50472]
S3 lppsvc;Microsoft Policy Platform Processor;C:\Program Files\Microsoft Policy Platform\policyHost.exe [2011-12-6 50472]
S3 MSSI$Default;StreamInsight (Default);C:\Program Files\Microsoft StreamInsight 1.1\Host\StreamInsightHost.exe [2010-10-21 30576]
S3 NWUSBCDFIL64;Novatel Wireless Installation CD;C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys --> C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys [?]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\Windows\system32\DRIVERS\nwusbser2.sys --> C:\Windows\system32\DRIVERS\nwusbser2.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RwxService;ICONICS ReportWorX;C:\Program Files (x86)\ICONICS\BizViz\ReportWorX\RwxService\ReportWorX.exe [2011-8-22 91648]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SWVNIC;SonicWALL Virtual Miniport;C:\Windows\system32\DRIVERS\swvnic.sys --> C:\Windows\system32\DRIVERS\swvnic.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S4 RsFx0150;RsFx0150 Driver;C:\Windows\system32\DRIVERS\RsFx0150.sys --> C:\Windows\system32\DRIVERS\RsFx0150.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-4-3 428384]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
.scr=DWGTrueViewScriptFile
.
=============== Created Last 30 ================
.
2012-08-20 12:34:48 -------- d-----w- C:\Users\jmezzell\AppData\Local\{DC5EC9C7-8390-45F7-8B14-71196A142314}
2012-08-19 20:32:59 -------- d-----w- C:\Users\jmezzell\AppData\Local\{556F37DB-D34F-48CD-AA38-F28848D5FA2F}
2012-08-19 08:32:45 -------- d-----w- C:\Users\jmezzell\AppData\Local\{9E55CF2F-1B46-48FF-ACCB-C1C37C5A4999}
2012-08-18 17:56:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-18 17:53:12 -------- d-----w- C:\Users\jmezzell\AppData\Roaming\Ad-Aware Antivirus
2012-08-18 17:46:57 -------- d-----w- C:\Users\jmezzell\AppData\Local\{C986029E-2893-49A2-BE1D-119536B6739B}
2012-08-18 17:46:46 -------- d-----w- C:\Users\jmezzell\AppData\Local\{56A124FC-BF65-4133-B2CB-F79BC2078B7B}
2012-08-18 16:53:18 -------- d-----w- C:\Users\jmezzell\AppData\Local\Threat Expert
2012-08-18 16:38:05 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-08-18 16:31:38 251560 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-08-18 16:31:38 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-08-18 16:31:09 -------- d-----w- C:\ProgramData\PC Tools
2012-08-18 16:31:08 -------- d-----w- C:\Users\jmezzell\AppData\Roaming\TestApp
2012-08-18 05:46:18 -------- d-----w- C:\Users\jmezzell\AppData\Local\{29666324-9CE1-4B0C-9DCB-B37862620EAB}
2012-08-18 05:46:08 -------- d-----w- C:\Users\jmezzell\AppData\Local\{41AC0866-A294-4AD8-88A7-9126A816878B}
2012-08-17 15:27:38 -------- d-----w- C:\Users\jmezzell\AppData\Local\{FF6A97FE-5C7E-4EB9-A79A-5C97D322CEB4}
2012-08-17 15:27:12 -------- d-----w- C:\Users\jmezzell\AppData\Local\{5C6D31D1-2FC4-49EF-854B-F34087DE816F}
2012-08-17 03:26:58 -------- d-----w- C:\Users\jmezzell\AppData\Local\{EACE8073-D263-47FC-8B9F-CAE6C66AB21D}
2012-08-16 15:26:21 -------- d-----w- C:\Users\jmezzell\AppData\Local\{EB5F3B0C-9F95-4148-89CB-882EC4C5589B}
2012-08-16 15:26:04 -------- d-----w- C:\Users\jmezzell\AppData\Local\{97C0C320-4835-4FEA-AE87-9FF929402CF0}
2012-08-15 21:32:18 -------- d-----w- C:\Users\jmezzell\AppData\Roaming\Curiolab
2012-08-15 14:04:23 -------- d-----w- C:\Users\jmezzell\AppData\Local\{01C1DB33-8A4D-408E-AD5B-9EEAD7014354}
2012-08-15 14:04:00 -------- d-----w- C:\Users\jmezzell\AppData\Local\{D77D0F03-B6A1-4572-8964-2780317F55FB}
2012-08-15 02:03:45 -------- d-----w- C:\Users\jmezzell\AppData\Local\{3A7D89D9-E8CF-4BE6-84AE-F77B236B0903}
2012-08-15 02:03:34 -------- d-----w- C:\Users\jmezzell\AppData\Local\{A72334C3-7A2E-4338-9353-13949FCF3212}
2012-08-15 01:33:43 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\symnets.sys
2012-08-15 01:33:43 1129120 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\symefa64.sys
2012-08-15 01:33:42 737952 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\srtsp64.sys
2012-08-15 01:33:42 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1308000.00E\symds64.sys
2012-08-15 01:33:42 37536 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\srtspx64.sys
2012-08-15 01:33:42 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\ironx64.sys
2012-08-15 01:33:42 167072 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\ccsetx64.sys
2012-08-15 01:33:31 -------- d-----w- C:\Windows\System32\drivers\NISx64\1308000.00E
2012-08-14 14:03:04 -------- d-----w- C:\Users\jmezzell\AppData\Local\{B5F04B3A-1F1F-4654-A908-F4D7D73342BC}
2012-08-14 14:02:49 -------- d-----w- C:\Users\jmezzell\AppData\Local\{E2BF125B-CD2C-4EF4-86DE-C77A56CBFFF8}
2012-08-14 03:59:01 -------- d-----w- C:\Users\jmezzell\AppData\Local\{991B0CC9-DA23-4286-B7A5-A98CE6090B94}
2012-08-13 11:20:17 -------- d-----w- C:\Users\jmezzell\AppData\Local\{E62EFC6E-C94E-43A2-A2D2-49E2495FD591}
2012-08-13 11:19:45 -------- d-----w- C:\Users\jmezzell\AppData\Local\{2D8F4A48-BC4D-4200-908B-4A3E10792CB1}
2012-08-13 08:59:46 -------- d-----w- C:\Users\jmezzell\AppData\Local\{6D291CD0-5F3D-4B8D-AD1D-9A098624E1D4}
2012-08-13 08:59:34 -------- d-----w- C:\Users\jmezzell\AppData\Local\{544CC213-EFC3-47A7-84E1-66E27DB91F5F}
2012-08-12 16:34:23 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-08-12 16:31:23 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-08-12 16:31:22 -------- d-----w- C:\Program Files\Symantec
2012-08-12 16:31:22 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-08-12 16:30:46 -------- d-----w- C:\Windows\System32\drivers\NISx64
2012-08-12 16:30:45 -------- d-----w- C:\Program Files (x86)\Norton Internet Security
2012-08-12 15:54:09 -------- d-----w- C:\Users\jmezzell\AppData\Local\{E0630A24-7FF1-4F6B-A293-5D65C78AADCE}
2012-08-12 15:53:58 -------- d-----w- C:\Users\jmezzell\AppData\Local\{332E9CF4-3107-426C-AE63-552519623307}
2012-08-12 15:48:57 -------- d-----w- C:\ProgramData\Norton
2012-08-12 15:45:43 -------- d-----w- C:\ProgramData\NortonInstaller
2012-08-12 15:45:43 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2012-08-12 03:53:44 -------- d-----w- C:\Users\jmezzell\AppData\Local\{2F0AC3EE-DCD0-49A6-9AE7-347C0CBE6102}
2012-08-12 03:53:33 -------- d-----w- C:\Users\jmezzell\AppData\Local\{79E83C47-5AB5-43A9-AF38-0DEA66F31F99}
2012-08-11 18:45:37 -------- d-----w- C:\ComboFix
2012-08-11 15:53:07 -------- d-----w- C:\Users\jmezzell\AppData\Local\{0FF69A18-9593-4804-90FB-829A4892D34A}
2012-08-11 15:52:52 -------- d-----w- C:\Users\jmezzell\AppData\Local\{A0DCCB0C-C79B-4AEC-B27D-07298AB295D2}
2012-08-11 03:19:28 -------- d-----w- C:\Users\jmezzell\AppData\Local\{CCC50CF3-FBBE-48E7-B2AC-DB579CC98712}
2012-08-11 03:19:17 -------- d-----w- C:\Users\jmezzell\AppData\Local\{A83225CE-15E3-431A-B6AE-95BD4B764167}
2012-08-10 13:56:17 -------- d-----w- C:\Users\jmezzell\AppData\Local\{E6D61123-1FA9-42D1-A182-DFE02A3294E0}
2012-08-10 13:55:54 -------- d-----w- C:\Users\jmezzell\AppData\Local\{2A03390B-1DF0-4055-9F94-130F708D1EBE}
2012-08-10 01:55:41 -------- d-----w- C:\Users\jmezzell\AppData\Local\{DABFF5F7-B578-49DF-A73D-20E3D55E4D83}
2012-08-10 01:55:29 -------- d-----w- C:\Users\jmezzell\AppData\Local\{5CC449D4-C49E-4E8A-9675-8E9E1C778AF3}
2012-08-09 23:56:58 -------- d-----w- C:\Users\jmezzell\AppData\Local\Macromedia
2012-08-09 13:55:18 -------- d-----w- C:\Users\jmezzell\AppData\Local\{43939895-6690-45C8-83D8-384B3C831663}
2012-08-09 01:54:41 -------- d-----w- C:\Users\jmezzell\AppData\Local\{F4BB7429-94F2-44F0-9973-7500D1648705}
2012-08-09 01:54:30 -------- d-----w- C:\Users\jmezzell\AppData\Local\{06668E39-0EBD-488C-AC69-BA027275CB17}
2012-08-08 21:41:20 -------- d-----w- C:\ProgramData\Sophos
2012-08-08 13:54:03 -------- d-----w- C:\Users\jmezzell\AppData\Local\{DBB85AA4-B925-4967-B80C-EE40BFB2A494}
2012-08-08 13:53:38 -------- d-----w- C:\Users\jmezzell\AppData\Local\{19793B3B-92A8-4846-970A-2D6D255FF6F8}
2012-08-08 02:17:15 9826504 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-08-08 01:53:12 -------- d-----w- C:\Users\jmezzell\AppData\Local\{C726104E-C7B4-41C2-BDDE-5198E388FE9F}
2012-08-08 01:53:01 -------- d-----w- C:\Users\jmezzell\AppData\Local\{9A6C7B7B-F572-453E-8935-516C37F094C3}
2012-08-08 01:49:11 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-08 01:11:59 -------- d-----w- C:\Users\jmezzell\AppData\Local\Mozilla
2012-08-07 13:52:48 -------- d-----w- C:\Users\jmezzell\AppData\Local\{91959931-463C-43A9-93D4-BE51583DE6B4}
2012-08-07 13:52:21 -------- d-----w- C:\Users\jmezzell\AppData\Local\{886B171D-CA74-494B-8A29-5C5789A1935A}
2012-08-07 01:52:07 -------- d-----w- C:\Users\jmezzell\AppData\Local\{6C5C9056-A1FE-4729-AEC7-527BF0C8F051}
2012-08-07 01:51:56 -------- d-----w- C:\Users\jmezzell\AppData\Local\{5F0C56D4-7E8F-4289-91B5-12A42F43C308}
2012-08-06 13:51:31 -------- d-----w- C:\Users\jmezzell\AppData\Local\{51FF779C-9B93-4606-AF64-4A403D59F48A}
2012-08-06 13:51:19 -------- d-----w- C:\Users\jmezzell\AppData\Local\{51D41F28-AE94-48BB-9E87-A5B0664015EA}
2012-08-06 11:41:30 -------- d-----w- C:\Users\jmezzell\AppData\Local\{EDEE31AC-A2F6-41C2-BCB6-25BD85CE4489}
2012-08-05 23:05:41 167936 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeWave Technologies\fwTFTP\fwTFTP.exe
2012-08-05 22:46:37 -------- d-----w- C:\Program Files\HitmanPro
2012-08-05 22:46:01 -------- d-----w- C:\ProgramData\HitmanPro
2012-08-05 20:47:06 -------- d-----w- C:\Users\jmezzell\AppData\Local\{F8ACA118-92C9-438E-BABF-B48A816395BE}
2012-08-05 20:46:52 -------- d-----w- C:\Users\jmezzell\AppData\Local\{29DCC102-4964-4CE3-B48B-DE313155A997}
2012-08-03 12:33:52 -------- d-----w- C:\Users\jmezzell\AppData\Local\{A58546F6-0469-4D98-AA0A-B28273F91A6D}
2012-08-03 12:33:37 -------- d-----w- C:\Users\jmezzell\AppData\Local\{4028FEA3-2086-4EB4-A856-E708F64D840A}
2012-08-03 00:20:59 -------- d-----w- C:\Users\jmezzell\AppData\Local\{C4DD6587-B1A4-4EB0-B6DE-19B220948468}
2012-08-03 00:20:47 -------- d-----w- C:\Users\jmezzell\AppData\Local\{77F35251-FD43-45B8-84A9-A0D2E070A0BC}
2012-08-02 10:38:37 -------- d-----w- C:\Users\jmezzell\AppData\Local\{247CFE32-A70C-4420-A068-D92B2E982B84}
2012-08-01 20:32:42 -------- d-----w- C:\Users\jmezzell\AppData\Local\{CA064F33-9339-4E01-8EFD-491C2A90AC31}
2012-08-01 20:32:18 -------- d-----w- C:\Users\jmezzell\AppData\Local\{51546762-E8C2-4F36-9CF0-4429DD144C42}
2012-08-01 08:32:23 -------- d-----w- C:\Users\jmezzell\AppData\Local\{5AD04CBA-872B-4754-A997-B68A64701BF8}
2012-07-31 17:29:47 -------- d-----w- C:\Users\jmezzell\AppData\Local\{3BD97EFD-9E69-42BD-B75E-0138DB002179}
2012-07-31 17:29:35 -------- d-----w- C:\Users\jmezzell\AppData\Local\{CCA88A5F-761A-4AA8-83F9-509128C07BA9}
2012-07-30 19:54:48 -------- d-----w- C:\Users\jmezzell\AppData\Local\{32805744-3764-49CA-803B-0D139E045B04}
2012-07-30 19:54:25 -------- d-----w- C:\Users\jmezzell\AppData\Local\{EB649C59-2B5F-43F6-AA04-4FD17EDF0AC6}
2012-07-30 07:53:59 -------- d-----w- C:\Users\jmezzell\AppData\Local\{835972B5-9F9E-464D-9D31-7911ADB975F7}
2012-07-30 07:53:36 -------- d-----w- C:\Users\jmezzell\AppData\Local\{70DDADDD-CA91-4D51-A282-8E792AF439C0}
2012-07-29 19:53:23 -------- d-----w- C:\Users\jmezzell\AppData\Local\{CBBF1986-621F-4F69-91AA-F966D73DA05F}
2012-07-29 19:53:13 -------- d-----w- C:\Users\jmezzell\AppData\Local\{46EB6BFC-77AB-496C-8749-CDA9BEEBC97D}
2012-07-29 07:52:40 -------- d-----w- C:\Users\jmezzell\AppData\Local\{BF436660-E065-4C2E-895F-BA0B91106A83}
2012-07-29 07:52:28 -------- d-----w- C:\Users\jmezzell\AppData\Local\{A24DE772-68BC-47C6-9C8B-F57EC782732C}
2012-07-28 16:06:34 -------- d-----w- C:\Users\jmezzell\AppData\Local\{FD5EF78C-5EDB-446D-9E18-842D96CED7C5}
2012-07-28 16:06:23 -------- d-----w- C:\Users\jmezzell\AppData\Local\{19E9C3D1-8CEC-4CD4-9EA0-51671A71A01E}
2012-07-28 04:05:40 -------- d-----w- C:\Users\jmezzell\AppData\Local\{751353E3-27EE-4D4D-A2E6-3BFBCD22ED85}
2012-07-28 04:05:29 -------- d-----w- C:\Users\jmezzell\AppData\Local\{CB6F93A3-627E-4CEC-91BA-CB1CE2E5AD7A}
2012-07-27 13:50:23 -------- d-----w- C:\Users\jmezzell\AppData\Local\{F224DB15-52C1-45BB-B887-8DD5D9BE3FEE}
2012-07-27 13:47:13 -------- d-----w- C:\Users\jmezzell\AppData\Local\{8D0A3045-8CC9-437D-A6CA-FBD4FE5E201E}
2012-07-27 10:39:52 -------- d-----w- C:\Users\jmezzell\AppData\Local\{E5FD303A-2404-4805-A51B-4647182CE4DF}
2012-07-26 19:14:01 -------- d-----w- C:\Users\jmezzell\AppData\Local\{DAF72352-27A2-492F-AC22-5EDDF7BCCC27}
2012-07-26 19:12:41 -------- d-----w- C:\Users\jmezzell\AppData\Local\{42BE3BFD-A6AE-49A7-A4A0-C9E0CEF08E24}
2012-07-26 18:18:01 77152 ----a-w- C:\Windows\System32\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll
2012-07-26 18:18:01 47456 ----a-w- C:\Windows\SysWow64\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll
2012-07-26 18:17:44 79200 ----a-w- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.50.1600.1.dll
2012-07-26 18:17:44 73568 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.50.1600.1.dll
2012-07-26 18:15:24 -------- d-----w- C:\Windows\System32\RsFx
2012-07-26 18:09:47 -------- d-----w- C:\Windows\SysWow64\1033
2012-07-26 18:09:47 -------- d-----w- C:\Windows\System32\1033
2012-07-26 17:52:26 -------- d-----w- C:\277adc09241d34109a9e7660465e594b
2012-07-26 17:51:42 -------- d-----w- C:\Users\jmezzell\AppData\Local\{AA413363-60ED-45C9-8436-BD56ADA2EEE1}
2012-07-26 17:26:43 -------- d-----w- C:\Users\jmezzell\AppData\Local\{97BB022B-D3C1-408C-8ABD-102CD369F157}
2012-07-26 17:20:27 -------- d-----w- C:\Users\jmezzell\AppData\Local\{53CF1B4B-176A-448E-8FB4-1E382C1E244F}
2012-07-26 05:43:29 -------- d-----w- C:\Users\jmezzell\AppData\Local\{EB5BBD29-8B8E-4349-ADEC-AE36A42C029C}
2012-07-25 22:09:27 -------- d-----w- C:\Users\jmezzell\AppData\Local\Microsoft_Corporation
2012-07-25 13:32:53 -------- d-----w- C:\Users\jmezzell\AppData\Local\{DA6C1FE0-C8C5-4A84-BF5C-8EA10F768935}
2012-07-24 17:56:38 -------- d-----w- C:\Users\jmezzell\AppData\Local\{1FF19AA8-A6A9-44ED-95B2-C2BE87AC868B}
2012-07-24 17:55:50 -------- d-----w- C:\Users\jmezzell\AppData\Local\{5268D673-A4AA-44E0-931A-01C149F380DC}
2012-07-24 13:18:35 -------- d-----w- C:\Users\jmezzell\AppData\Local\{7F671652-C0E9-4AF8-8457-93BE7D71314C}
2012-07-24 01:18:19 -------- d-----w- C:\Users\jmezzell\AppData\Local\{E1250E6C-DE20-4490-B4CB-F4833C32B187}
2012-07-24 01:18:09 -------- d-----w- C:\Users\jmezzell\AppData\Local\{B1BD81D5-B92E-4481-BB39-5C8178A94585}
2012-07-23 15:32:34 -------- d-----w- C:\Users\jmezzell\AppData\Roaming\Kepware
2012-07-23 15:32:22 -------- d-----w- C:\ProgramData\Kepware
2012-07-23 15:32:12 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2012-07-23 15:32:00 -------- d-----w- C:\Program Files (x86)\Kepware
2012-07-23 15:26:07 -------- d-----w- C:\SQL
2012-07-23 15:26:07 -------- d-----w- C:\Services Batch Files
2012-07-23 15:26:07 -------- d-----w- C:\OPC Server
2012-07-23 13:17:57 -------- d-----w- C:\Users\jmezzell\AppData\Local\{7DC1597B-28F6-45A0-96E1-7458E323C000}
2012-07-23 13:17:31 -------- d-----w- C:\Users\jmezzell\AppData\Local\{E4AC3597-E03F-4DC8-9D8D-83E1D6649FAA}
2012-07-23 01:17:18 -------- d-----w- C:\Users\jmezzell\AppData\Local\{0E724364-00EF-4008-B5AB-C1AB0F51556F}
2012-07-23 01:17:07 -------- d-----w- C:\Users\jmezzell\AppData\Local\{0FB44382-54B2-4A27-92F6-EEE2A3AD05D0}
2012-07-22 13:16:39 -------- d-----w- C:\Users\jmezzell\AppData\Local\{52177522-6DA7-4BD4-912F-B78F660BA4FF}
2012-07-21 19:00:19 -------- d-----w- C:\Users\jmezzell\AppData\Local\{DA288F31-B31F-4393-A4FC-F3F1AE61C4D7}
2012-07-21 19:00:08 -------- d-----w- C:\Users\jmezzell\AppData\Local\{089D990D-2AF6-4395-9771-E77AD7AF4E24}
.
==================== Find3M ====================
.
2012-08-14 20:17:24 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-02 13:54:51 0 ----a-w- C:\Windows\invcol.tmp
2011-12-14 15:06:10 118784 ----a-w- C:\Program Files (x86)\Common Files\unifiedsetupstorage.dll
.
============= FINISH: 9:52:43.86 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:47 PM

Posted 21 August 2012 - 12:43 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 jmzzll

jmzzll
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 21 August 2012 - 09:51 AM

Security Check log:

Results of screen317's Security Check version 0.99.46
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 30
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

ComboFix log:

ComboFix 12-08-20.02 - jmezzell 08/21/2012 8:05.1.4 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3978.1740 [GMT -5:00]
Running from: c:\users\jmezzell\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\NKrlcBrm4umYDb
c:\users\Gen64User\AppData\Local\assembly\tmp
c:\users\jmezzell\AppData\Local\assembly\tmp
c:\users\jmezzell\g2ax_customer_downloadhelper_win32_x86.exe
c:\users\jmezzell\g2mdlhlpx.exe
c:\windows\system\IcoExpEng64.dll
c:\windows\SysWow64\FlashPlayerInstaller.exe
c:\windows\SysWow64\IcoZipDll.DLL
.
.
((((((((((((((((((((((((( Files Created from 2012-07-21 to 2012-08-21 )))))))))))))))))))))))))))))))
.
.
2012-08-21 13:59 . 2012-08-21 13:59 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-21 13:59 . 2012-08-21 13:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-21 13:59 . 2012-08-21 13:59 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2012-08-21 13:59 . 2012-08-21 13:59 -------- d-----w- c:\users\BKEP\AppData\Local\temp
2012-08-21 13:59 . 2012-08-21 13:59 -------- d-----w- c:\users\admin-jpd\AppData\Local\temp
2012-08-18 17:56 . 2012-08-18 17:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-18 17:53 . 2012-08-18 17:53 -------- d-----w- c:\users\jmezzell\AppData\Roaming\Ad-Aware Antivirus
2012-08-18 16:53 . 2012-08-18 16:53 -------- d-----w- c:\users\jmezzell\AppData\Local\Threat Expert
2012-08-18 16:38 . 2012-08-18 17:11 -------- d-----w- c:\program files (x86)\PC Tools
2012-08-18 16:31 . 2012-08-18 17:11 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-08-18 16:31 . 2012-06-22 20:35 251560 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-08-18 16:31 . 2012-08-18 17:07 -------- d-----w- c:\programdata\PC Tools
2012-08-18 16:31 . 2012-08-18 16:31 -------- d-----w- c:\users\jmezzell\AppData\Roaming\TestApp
2012-08-15 21:32 . 2012-08-15 21:32 -------- d-----w- c:\users\jmezzell\AppData\Roaming\Curiolab
2012-08-12 16:34 . 2012-08-12 16:34 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-08-12 16:31 . 2012-08-12 16:31 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-08-12 16:31 . 2012-08-12 16:31 -------- d-----w- c:\program files\Symantec
2012-08-12 16:31 . 2012-08-12 16:31 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-08-12 16:30 . 2012-08-18 17:14 -------- d-----w- c:\windows\system32\drivers\NISx64
2012-08-12 16:30 . 2012-08-12 16:30 -------- d-----w- c:\program files (x86)\Norton Internet Security
2012-08-12 15:48 . 2012-08-12 16:33 -------- d-----w- c:\programdata\Norton
2012-08-12 15:45 . 2012-08-12 16:30 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-08-09 23:56 . 2012-08-09 23:56 -------- d-----w- c:\users\jmezzell\AppData\Local\Macromedia
2012-08-08 21:41 . 2012-08-08 21:41 -------- d-----w- c:\programdata\Sophos
2012-08-08 01:49 . 2012-08-14 20:17 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-08 01:11 . 2012-08-08 01:11 -------- d-----w- c:\users\jmezzell\AppData\Local\Mozilla
2012-08-05 23:05 . 2006-04-04 17:03 167936 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\FreeWave Technologies\fwTFTP\fwTFTP.exe
2012-08-05 22:46 . 2012-08-08 01:21 -------- d-----w- c:\program files\HitmanPro
2012-08-05 22:46 . 2012-08-05 22:46 -------- d-----w- c:\programdata\HitmanPro
2012-07-26 18:18 . 2010-04-03 16:51 47456 ----a-w- c:\windows\SysWow64\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll
2012-07-26 18:18 . 2010-04-03 15:57 77152 ----a-w- c:\windows\system32\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll
2012-07-26 18:17 . 2010-04-03 16:51 73568 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.50.1600.1.dll
2012-07-26 18:17 . 2010-04-03 15:57 79200 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.50.1600.1.dll
2012-07-26 18:15 . 2012-07-26 18:15 -------- d-----w- c:\windows\system32\RsFx
2012-07-26 18:12 . 2012-07-26 18:12 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-07-26 18:11 . 2012-07-26 18:11 -------- d-----w- c:\program files\Microsoft.NET
2012-07-26 18:09 . 2012-07-26 18:09 -------- d-----w- c:\windows\SysWow64\1033
2012-07-26 18:09 . 2012-07-26 18:09 -------- d-----w- c:\windows\system32\1033
2012-07-26 18:03 . 2012-07-26 18:04 -------- d-----w- c:\users\Gen64User
2012-07-26 17:52 . 2012-07-26 18:00 -------- d-----w- C:\277adc09241d34109a9e7660465e594b
2012-07-25 22:09 . 2012-07-25 22:09 -------- d-----w- c:\users\jmezzell\AppData\Local\Microsoft_Corporation
2012-07-25 03:35 . 2012-07-25 03:35 -------- d-----w- c:\users\TEMP
2012-07-23 15:32 . 2012-07-23 15:32 -------- d-----w- c:\programdata\FLEXnet
2012-07-23 15:32 . 2012-07-23 15:32 -------- d-----w- c:\users\jmezzell\AppData\Roaming\Kepware
2012-07-23 15:32 . 2012-07-23 15:33 -------- d-----w- c:\programdata\Kepware
2012-07-23 15:32 . 2012-07-23 15:32 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2012-07-23 15:32 . 2012-07-23 15:32 -------- d-----w- c:\program files (x86)\Kepware
2012-07-23 15:26 . 2012-07-23 15:26 -------- d-----w- C:\SQL
2012-07-23 15:26 . 2012-07-23 15:26 -------- d-----w- C:\Services Batch Files
2012-07-23 15:26 . 2012-07-23 15:26 -------- d-----w- C:\OPC Server
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-14 20:17 . 2011-12-21 02:44 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-02 13:54 . 2012-07-02 13:54 0 ----a-w- c:\windows\invcol.tmp
2011-12-14 15:06 . 2011-12-14 15:06 118784 ----a-w- c:\program files (x86)\Common Files\unifiedsetupstorage.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\jmezzell\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-25 1193176]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2011-07-21 12023568]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
.
c:\users\BKEP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SonicWALL Global VPN Client.lnk - c:\windows\Installer\{5E2D889D-FAFC-4E76-A851-3695ABA1A76F}\_A408D8C4509665C152B13E.exe [2011-12-19 4710]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-10-15 1133856]
Snagit 10.lnk - c:\program files (x86)\TechSmith\Snagit 10\Snagit32.exe [2011-3-21 7067464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 SWIPsec;SonicWALL IPsec Driver;c:\windows\system32\Drivers\SWIPsec.sys [2009-03-06 99352]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DriverX;DriverX;c:\windows\System32\Drivers\DriverX.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-21 136176]
R2 IcoRemotingService32;ICONICS Remoting Service 32;c:\program files (x86)\Common Files\ICONICS\IcoRemoting32\IcoRemotingService.exe [2011-07-01 62800]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 BwxService;ICONICS BridgeWorX;c:\program files (x86)\ICONICS\BizViz\BridgeWorX\BwxServices\BridgeWorX.exe [2011-08-22 51200]
R3 DataWorX32;ICONICS DataWorX32;c:\program files (x86)\ICONICS\GENESIS32\Bin\DwxRuntime.exe [2011-06-20 1404994]
R3 DBOPC;ICONICS DBOPC Server Runtime;c:\program files (x86)\Common Files\ICONICS\DBOPCServerRuntime.exe [2011-07-01 1623376]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-21 136176]
R3 IcoAlarmLogger;ICONICS AlarmWorX64 Logger;c:\program files\Common Files\ICONICS\FWX64\BIN\AWXLog64.exe [2011-12-14 1067520]
R3 IcoBPAService;ICONICS Productivity Analytics;c:\program files (x86)\ICONICS\BizViz\Productivity Analytics\BpaWinService\IcoBPAnalyticsWinService.exe [2011-08-22 192352]
R3 IcoEaService;ICONICS Energy AnalytiX;c:\program files\ICONICS\GENESIS64\Components\IcoBizVizEAService.exe [x]
R3 IcoFaService;ICONICS Facility AnalytiX;c:\program files\ICONICS\GENESIS64\Components\IcoBizVizFAService.exe [x]
R3 IcoHHServiceCollector;ICONICS Hyper Historian Collector;c:\program files\ICONICS\GENESIS64\Components\HHCollectorService.exe [2011-06-27 7680]
R3 IcoHHServiceCore;ICONICS Hyper Historian Core;c:\program files\ICONICS\GENESIS64\Components\HHLoggerService.exe [2011-06-27 7680]
R3 IcoMGXServiceCore;ICONICS MergeWorX Service;c:\program files\ICONICS\GENESIS64\Components\MGXCoreService.exe [2011-06-27 7168]
R3 IcoScheduleWorXRuntime;ICONICS ScheduleWorX64;c:\program files\Common Files\ICONICS\FWX64\BIN\ScheduleWorXRuntime64.exe [2011-12-14 685568]
R3 IcoTwxLogger;ICONICS TrendWorX64 Logger;c:\program files\Common Files\ICONICS\FWX64\BIN\TwxLog64.exe [2011-12-14 5214720]
R3 KEPServerEXKeySvcV5;KEPServerEX 5.9 Key Service;c:\program files (x86)\Kepware\KEPServerEX 5\keysvc.exe [2012-06-14 34376]
R3 lpasvc;Microsoft Policy Platform Local Authority;c:\program files\Microsoft Policy Platform\policyHost.exe [2011-12-06 50472]
R3 lppsvc;Microsoft Policy Platform Processor;c:\program files\Microsoft Policy Platform\policyHost.exe [2011-12-06 50472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MSSI$Default;StreamInsight (Default);c:\program files\Microsoft StreamInsight 1.1\Host\StreamInsightHost.exe [2010-10-21 30576]
R3 NWUSBCDFIL64;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil64.sys [2009-12-18 25600]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [2009-12-18 213376]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RwxService;ICONICS ReportWorX;c:\program files (x86)\ICONICS\BizViz\ReportWorX\RwxService\ReportWorX.exe [2011-08-22 91648]
R3 SWVNIC;SonicWALL Virtual Miniport;c:\windows\system32\DRIVERS\swvnic.sys [2009-03-05 24600]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 313696]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 428384]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-06-05 25960]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS [2012-03-29 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [2012-05-22 1129120]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\BASHDefs\20120811.003\BHDrvx64.sys [2012-08-11 1385120]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [2012-06-07 167072]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\IPSDefs\20120818.001\IDSvia64.sys [2012-08-10 509088]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [2012-04-18 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1308000.00E\SYMNETS.SYS [2012-04-18 405624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 CmRcService;Configuration Manager Remote Control;c:\windows\CCM\RemCtrl\CmRcService.exe [2012-02-20 605040]
S2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 IcoAlarmService;ICONICS AlarmWorX64 Server;c:\program files\Common Files\ICONICS\FWX64\BIN\AwxServer64.exe [2011-12-14 4958208]
S2 IcoFwxServer;ICONICS FrameWorX64;c:\program files\ICONICS\GENESIS64\Components\IcoFwxServer.exe [2011-12-14 8192]
S2 IcoGasEngine;ICONICS Global Aliasing;c:\program files\Common Files\ICONICS\FWX64\BIN\GASEngine64.exe [2011-12-14 670720]
S2 IcoGenBroker;ICONICS GenBroker;c:\program files\Common Files\ICONICS\FWX64\BIN\GenBroker64.exe [2011-12-14 6114816]
S2 IcoLicenseService;ICONICS License;c:\program files\ICONICS\GENESIS64\Components\IcoLicenseService.exe [2011-12-14 7680]
S2 ICONICSOPCServerSuiteLoggerV5;ICONICS OPC Server Suite 5.5 Event Logger;c:\program files (x86)\ICONICS\ICONICS OPC Server Suite 5\server_eventlog.exe [2011-03-10 107808]
S2 ICONICSOPCServerSuiteV5;ICONICS OPC Server Suite 5.5 Runtime;c:\program files (x86)\ICONICS\ICONICS OPC Server Suite 5\server_runtime.exe [2011-03-10 183584]
S2 IcoRemotingService;ICONICS Remoting Service;c:\program files\ICONICS\GENESIS64\Components\IcoRemotingService.exe [2011-12-14 47104]
S2 IcoUdmRuntime;ICONICS Data Manager;c:\program files\Common Files\ICONICS\FWX64\BIN\UDMRuntime64.exe [2011-12-14 722432]
S2 KEPServerEXLoggerV5;KEPServerEX 5.9 Event Logger;c:\program files (x86)\Kepware\KEPServerEX 5\server_eventlog.exe [2012-06-14 201800]
S2 KEPServerEXV5;KEPServerEX 5.9 Runtime;c:\program files (x86)\Kepware\KEPServerEX 5\server_runtime.exe [2012-06-14 258120]
S2 M86_Auth;M86 Security Authenticator;c:\program files (x86)\M86 Security\Authenticator\Authenticat_s.exe [2011-05-04 394584]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe [2012-06-16 138272]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-06-05 1997416]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [2009-09-17 145448]
S2 SentinelKeysServer;Sentinel Keys Server;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2010-10-20 374048]
S2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [2010-10-20 292128]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-06-05 378472]
S2 SWGVCSvc;SonicWALL Global VPN Client Service;c:\program files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [2009-03-06 284696]
S2 UA Local Discovery Server;UA Local Discovery Server;c:\program files (x86)\Common Files\OPC Foundation\UA\v1.0\Bin\Opc.Ua.DiscoveryServer.exe [2010-11-03 28160]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-30 846448]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-12-19 348712]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-12-19 39464]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2011-07-20 342704]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-11 138912]
S3 KEPServerEXV5_OPCNET;KEPServerEX 5.9 OPC .NET;c:\program files (x86)\Kepware\KEPServerEX 5\xi_wrapper\xi_server_runtime.exe [2012-06-14 17480]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-05-10 174184]
S3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;c:\progra~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-05-25 43032]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-08 20:17]
.
2012-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-21 02:44]
.
2012-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-21 02:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2011-01-18 6492672]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-07-20 611192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-28 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-28 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-28 416024]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-06-05 312936]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1692264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://bluenet
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = <local>
LSP: %SystemRoot%\system32\vsocklib.dll
Trusted Zone: localhost
Trusted Zone: scadawebhmi
Trusted Zone: tuliconscada01
Trusted Zone: tulsccm01
Trusted Zone: virtualearth.net\dev
TCP: DhcpNameServer = 192.168.161.14 192.168.161.2 208.180.42.100
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\jmezzell\AppData\Local\Akamai\netsession_win.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-21 09:25:20
ComboFix-quarantined-files.txt 2012-08-21 14:25
.
Pre-Run: 59,014,041,600 bytes free
Post-Run: 59,102,498,816 bytes free
.
- - End Of File - - 09E07CB1597FE2A85D69926B7699C4B7

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:47 PM

Posted 21 August 2012 - 12:42 PM

Greetings jmzzll

How are things running now?

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 jmzzll

jmzzll
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 21 August 2012 - 04:37 PM

Looking the same. I downloaded the TDSSKiller app to my desktop but it doesn't do anything when I double click on it. I've tried to run as administrator with no luck also. I get a "cannot display webpage" notice when I tried the aswMBR.exe link above.

Also, I've upgraded Adobe and Java because of the Security Check log. Windows Update is current.

Thanks for you help.

Jay

#6 jmzzll

jmzzll
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 21 August 2012 - 04:46 PM

On second thought. Browsing is much faster now but I never saw the TDSSKiller interface to launch the scan.

I've hit a few links from a Bing search without being redirected also. So, I'm not sure what happened.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:47 PM

Posted 21 August 2012 - 05:10 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 jmzzll

jmzzll
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 21 August 2012 - 07:47 PM

Same problem with FixTDSS. Nothing opens when I double-click on it.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:47 PM

Posted 21 August 2012 - 08:02 PM

Greetings

I need you to make a bootable usb and to make a screenshot for me - follow the instructions below to do this

How to create a bootable Puppy USB Drive

  • Download and save a copy of the latest Puppy ISO file
  • Download and save a copy of Unetbootin for Windows.
  • Insert an empty formatted USB drive into a USB port on the computer that's being used to create the bootable USB.
  • Launch Unetbootin ....
  • Ensure that Disk Image is selected.
  • Using the browse button ... browse to and select the Puppy ISO file.
  • Ensure that Type: is set to USB Drive and that the Drive: letter corresponds to the USB drive.
  • Click OK
Unetbootin will now copy the Puppy files to the USB and make it a bootable device.

Next

You need to change the boot order of the computer to boot from a USB drive ....

  • Read HERE for instructions how to do this.

Now boot into Puppylinux

when you get to the desktop Click on each of the drive items found in the bottom left corner to mount them (when mounted they will have a red cross next to them)

Next - Launch GParted which is found at Menu > System > GParted partition manager,
Click to select All Drives then click Okay
I need you to take a screenshot of the window that opens up - to do this follow these instructions

To take a screenshot in Puppy ....

With the GParted window open ...

  • Click menu > Graphic > mtPaint-snapshot screen capture
  • A small window will open ....

    • Click Capture Now
    • Click OK
  • The mtPaint program will open ....
    • Click File > Save
    • Double click on ../
    • Double click on mnt/
    • Double click on sdb1/
    • Set File Format to JPEG
    • Enter screenshot1 into the text box
    • Click OK

This will save a file screenshot1.jpeg into the USB drive, paste or attach this to your next post

Next

  • Click menu > shutdown > power off computer
  • If prompted to save the session click on No

Puppy will now close down.

remove the usb and save it - we will use it again - boot back into windows and send me the screen capture

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 jmzzll

jmzzll
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 22 August 2012 - 11:51 AM

Here's the screenshot.

Thanks again.

Attached Files



#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:47 PM

Posted 22 August 2012 - 12:39 PM

Greetings

I want you to boot back into GParted and right click on the first partition (sda1) and select "manage flags" and then select "boot"

Exit out of GParted, saving as you leave and boot back into windows

Report back to me

NOTE** If you have trouble booting into windows I want you then to change the boot flag to the second partition (sda2)

if you still have trouble booting into windows after you have changed it to (sda2) then change it to (sda3)
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 jmzzll

jmzzll
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 22 August 2012 - 02:17 PM

Here are the results:

sda1 - after reboot, it went to a command prompt after loading DRMK V8.00.
sda2 - at boot up, gave a waring with options to Launch Repair tool or Start Windows normally. Starting Windows normally did not work, it kept rebooting. And launching the repair failed too, it said it couldn't repair it.
sda3 - at boot up, received a message that BootMGR was missing, couldn't launch Windows.

Now I'm back to sda4.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:47 PM

Posted 22 August 2012 - 03:23 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 jmzzll

jmzzll
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 22 August 2012 - 07:52 PM

I tried to go into the Repair tool for sda4 but it would stall when trying to load Windows files.
Then, I changed the boot drive to sda2 and was able to use the tool. The logs are below.

Scan result of Farbar Recovery Scan Tool Version: 22-08-2012 02
Ran by SYSTEM at 22-08-2012 19:26:09
Running from G:\
Windows 7 Enterprise (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [6492672 2011-01-18] (Dell Inc.)
HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [611192 2011-07-20] (Alps Electric Co., Ltd.)
HKLM\...\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start [312936 2011-06-05] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet [1692264 2011-05-04] ()
HKLM-x32\...\Run: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey [12023568 2011-07-21] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\Classic .NET AppPool\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\Default\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\jmezzell\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\TEMP\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\UpdatusUser\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
AppInit_DLLs: C:\Windows\System32\nvinitx.dll
Startup: C:\Users\BKEP\Start Menu\Programs\Startup\SonicWALL Global VPN Client.lnk
ShortcutTarget: SonicWALL Global VPN Client.lnk -> C:\Windows\Installer\{5E2D889D-FAFC-4E76-A851-3695ABA1A76F}\_A408D8C4509665C152B13E.exe ()

==================== Services (Whitelisted) ======

3 BwxService; "C:\Program Files (x86)\ICONICS\BizViz\BridgeWorX\BwxServices\BridgeWorX.exe" [51200 2011-08-22] (ICONICS, Inc.)
2 CcmExec; C:\Windows\CCM\CcmExec.exe [1684848 2012-02-20] (Microsoft Corporation)
2 CmRcService; C:\Windows\CCM\RemCtrl\CmRcService.exe [605040 2012-02-20] (Microsoft Corporation)
2 Crypkey License; crypserv.exe [126976 2009-05-29] (CrypKey (Canada) Ltd.)
3 DataWorX32; "C:\Program Files (x86)\ICONICS\GENESIS32\Bin\DwxRuntime.exe" [1404994 2011-06-20] (ICONICS, Inc.)
3 DBOPC; "C:\Program Files (x86)\Common Files\ICONICS\DBOPCServerRuntime.exe" [1623376 2011-07-01] (ICONICS, Inc.)
2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2011-01-26] (Microsoft Corporation)
2 GenRegistrar; "C:\Program Files (x86)\Common Files\ICONICS\GenRegistrarServer.exe" [548944 2011-07-01] (ICONICS, Inc.)
3 IcoAlarmLogger; C:\Program Files\Common Files\ICONICS\FWX64\BIN\AWXLog64.exe [1067520 2011-12-14] (ICONICS, Inc.)
2 IcoAlarmService; C:\Program Files\Common Files\ICONICS\FWX64\BIN\AwxServer64.exe [4958208 2011-12-14] (ICONICS, Inc.)
3 IcoBPAService; "C:\Program Files (x86)\ICONICS\BizViz\Productivity Analytics\BpaWinService\IcoBPAnalyticsWinService.exe" [192352 2011-08-22] (ICONICS, Inc.)
2 IcoFwxServer; C:\Program Files\ICONICS\GENESIS64\Components\IcoFwxServer.exe [8192 2011-12-14] (ICONICS, Inc.)
2 IcoGasEngine; C:\Program Files\Common Files\ICONICS\FWX64\BIN\GASEngine64.exe [670720 2011-12-14] (ICONICS, Inc.)
2 IcoGenBroker; C:\Program Files\Common Files\ICONICS\FWX64\BIN\GenBroker64.exe [6114816 2011-12-14] (ICONICS, Inc.)
3 IcoHHServiceCollector; C:\Program Files\ICONICS\GENESIS64\Components\HHCollectorService.exe [7680 2011-06-27] (ICONICS, Inc.)
3 IcoHHServiceCore; C:\Program Files\ICONICS\GENESIS64\Components\HHLoggerService.exe [7680 2011-06-27] (ICONICS, Inc.)
2 IcoLicenseService; C:\Program Files\ICONICS\GENESIS64\Components\IcoLicenseService.exe [7680 2011-12-14] (ICONICS, Inc.)
3 IcoMGXServiceCore; C:\Program Files\ICONICS\GENESIS64\Components\MGXCoreService.exe [7168 2011-06-27] (ICONICS, Inc.)
2 ICONICSOPCServerSuiteLoggerV5; "C:\Program Files (x86)\ICONICS\ICONICS OPC Server Suite 5\server_eventlog.exe" -service [107808 2011-03-10] (Kepware Technologies)
2 ICONICSOPCServerSuiteV5; "C:\Program Files (x86)\ICONICS\ICONICS OPC Server Suite 5\server_runtime.exe" -service [183584 2011-03-10] (Kepware Technologies)
2 IcoRemotingService; C:\Program Files\ICONICS\GENESIS64\Components\IcoRemotingService.exe [47104 2011-12-14] (ICONICS, Inc.)
2 IcoRemotingService32; "C:\Program Files (x86)\Common Files\ICONICS\IcoRemoting32\IcoRemotingService.exe" [62800 2011-07-01] (ICONICS, Inc.)
3 IcoScheduleWorXRuntime; C:\Program Files\Common Files\ICONICS\FWX64\BIN\ScheduleWorXRuntime64.exe [685568 2011-12-14] (ICONICS, Inc.)
3 IcoTwxLogger; C:\Program Files\Common Files\ICONICS\FWX64\BIN\TwxLog64.exe [5214720 2011-12-14] (ICONICS, Inc.)
2 IcoUdmRuntime; C:\Program Files\Common Files\ICONICS\FWX64\BIN\UDMRuntime64.exe [722432 2011-12-14] (ICONICS, Inc.)
2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
3 KEPServerEXKeySvcV5; "C:\Program Files (x86)\Kepware\KEPServerEX 5\keysvc.exe" -service [34376 2012-06-13] (Kepware Technologies)
2 KEPServerEXLoggerV5; "C:\Program Files (x86)\Kepware\KEPServerEX 5\server_eventlog.exe" -service [201800 2012-06-13] (Kepware Technologies)
2 KEPServerEXV5; "C:\Program Files (x86)\Kepware\KEPServerEX 5\server_runtime.exe" -service [258120 2012-06-13] (Kepware Technologies)
3 KEPServerEXV5_OPCNET; "C:\Program Files (x86)\Kepware\KEPServerEX 5\xi_wrapper\xi_server_runtime.exe" [17480 2012-06-13] (Kepware Technologies)
3 lpasvc; "C:\Program Files\Microsoft Policy Platform\policyHost.exe" /service [50472 2011-12-06] (Microsoft Corporation)
3 lppsvc; "C:\Program Files\Microsoft Policy Platform\policyHost.exe" /service [50472 2011-12-06] (Microsoft Corporation)
2 M86_Auth; "C:\Program Files (x86)\M86 Security\Authenticator\Authenticat_s.exe" -service [394584 2011-05-04] (M86 Security)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
2 MSSQL$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [61913952 2010-04-03] (Microsoft Corporation)
2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)
3 OpcEnum; C:\Windows\SysWOW64\OpcEnum.exe [172832 2011-01-17] (OPC Foundation)
3 RwxService; "C:\Program Files (x86)\ICONICS\BizViz\ReportWorX\RwxService\ReportWorX.exe" [91648 2011-08-22] (ICONICS, Inc.)
2 SentinelKeysServer; "C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" [374048 2010-10-19] (SafeNet, Inc.)
2 SentinelProtectionServer; "C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe" [1250592 2010-10-20] (SafeNet, Inc)
2 SentinelSecurityRuntime; "C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe" [292128 2010-10-19] (SafeNet, Inc.)
3 smstsmgr; C:\Windows\CCM\TSManager.exe /service [374640 2012-02-20] (Microsoft Corporation)
4 SQLAgent$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS [428384 2010-04-03] (Microsoft Corporation)
2 UA Local Discovery Server; C:\Program Files (x86)\Common Files\OPC Foundation\UA\v1.0\Bin\Opc.Ua.DiscoveryServer.exe [28160 2010-11-02] (OPC Foundation)
2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
2 W3SVC; C:\Windows\SysWow64\inetsrv\iisw3adm.dll [397824 2010-11-20] (Microsoft Corporation)
3 IcoEaService; "C:\Program Files\ICONICS\GENESIS64\Components\IcoBizVizEAService.exe" [x]
3 IcoFaService; "C:\Program Files\ICONICS\GENESIS64\Components\IcoBizVizFAService.exe" [x]
3 MSSI$Default; "C:\Program Files\Microsoft StreamInsight 1.1\Host\StreamInsightHost.exe" -config "C:\Program Files\Microsoft StreamInsight 1.1\Host\MSSI.Default\StreamInsightHost.exe.config" [x]

========================== Drivers (Whitelisted) =============

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\BASHDefs\20120811.003\BHDrvx64.sys [1385120 2012-08-10] (Symantec Corporation)
1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [167072 2012-06-06] (Symantec Corporation)
2 DriverX; C:\Windows\SysWow64\Drivers\DriverX.sys [40992 2010-09-20] (Kepware)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-22] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-10] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\IPSDefs\20120822.001\IDSvia64.sys [512672 2012-08-21] (Symantec Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\VirusDefs\20120822.002\ENG64.SYS [125600 2012-08-22] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\VirusDefs\20120822.002\EX64.SYS [2084000 2012-08-22] (Symantec Corporation)
1 NetworkX; C:\Windows\system32\ckldrv.sys [29688 2009-06-12] ()
3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [213376 2009-12-18] (Novatel Wireless Inc.)
3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [213376 2009-12-18] (Novatel Wireless Inc.)
3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [213376 2009-12-18] (Novatel Wireless Inc.)
3 prepdrvr; \??\C:\Windows\CCM\prepdrv.sys [26992 2012-02-20] (Microsoft Corporation)
2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
3 SMSIVZAM5X64; \??\C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [43032 2009-05-25] (Smith Micro Inc.)
3 SRTSP; C:\Windows\System32\Drivers\NISx64\1308000.00E\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\NISx64\1308000.00E\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NISx64\1308000.00E\SYMDS64.SYS [451192 2012-03-28] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-08-12] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [190072 2012-04-17] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\NISx64\1308000.00E\SYMNETS.SYS [405624 2012-04-17] (Symantec Corporation)
2 VMparport; C:\Windows\System32\Drivers\VMparport.sys [31344 2011-11-13] (VMware, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-22 17:41 - 2012-08-22 17:41 - 00000000 ____D C:\FRST
2012-08-22 15:05 - 2012-08-22 15:05 - 00000059 ____A C:\Windows\LTDLGFILE14N.INI
2012-08-22 12:36 - 2012-08-22 12:36 - 01446117 ____A (Farbar) C:\Users\jmezzell\Desktop\FRST64.exe
2012-08-22 09:51 - 2012-08-22 09:51 - 00302592 ____A C:\Users\jmezzell\Desktop\7xtun940.exe
2012-08-22 09:50 - 2012-08-22 09:50 - 00089088 ____A C:\Users\jmezzell\Desktop\mbr.exe
2012-08-22 09:50 - 2012-08-22 09:50 - 00000227 ____A C:\Users\jmezzell\Desktop\mbr.log
2012-08-22 09:35 - 2012-08-22 09:35 - 04731392 ____A (AVAST Software) C:\Users\jmezzell\Desktop\aswMBR.exe
2012-08-22 09:06 - 2012-08-22 11:24 - 00007644 ____A C:\Users\jmezzell\AppData\Local\Resmon.ResmonCfg
2012-08-22 08:02 - 2012-08-22 08:02 - 05145088 ____A (Geza Kovacs) C:\Users\jmezzell\Desktop\unetbootin-windows-578.exe
2012-08-22 07:27 - 2012-08-22 07:27 - 120776704 ____A C:\Users\jmezzell\Desktop\slacko-5.3.3-4g-SCSI.iso
2012-08-22 06:51 - 2012-08-22 06:52 - 00000000 ____D C:\Users\jmezzell\Documents\USBFiles
2012-08-22 06:11 - 2012-08-22 06:11 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{38E70DF3-C74C-4EC3-ABE1-0F9C119CB128}
2012-08-21 16:39 - 2012-08-21 16:39 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{212D2DA7-14D4-4670-A834-8F2E2966DC99}
2012-08-21 15:11 - 2012-08-21 15:11 - 01932256 ____A (Symantec Corporation) C:\Users\jmezzell\Desktop\FixTDSS.exe
2012-08-21 13:24 - 2012-08-21 13:31 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\jmezzell\Desktop\tdskiller.exe
2012-08-21 10:42 - 2012-08-21 10:42 - 08864168 ____A (SurfRight B.V.) C:\Users\jmezzell\Desktop\HitmanPro36_x64.exe
2012-08-21 08:38 - 2012-08-21 08:38 - 17142744 ____A (Microsoft Corporation) C:\Users\jmezzell\Desktop\Windows-KB890830-x64-V4.11.exe
2012-08-21 08:36 - 2012-08-03 01:46 - 59884088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-08-21 08:04 - 2012-08-22 15:47 - 00000330 ____A C:\Windows\Tasks\GlaryInitialize.job
2012-08-21 08:04 - 2012-08-21 08:06 - 00000000 ____D C:\Users\jmezzell\AppData\Roaming\GlarySoft
2012-08-21 08:04 - 2012-08-21 08:04 - 00001070 ____A C:\Users\jmezzell\Desktop\Glary Utilities.lnk
2012-08-21 08:04 - 2012-08-21 08:04 - 00000142 ____A C:\Users\jmezzell\Desktop\Filepuma.url
2012-08-21 08:04 - 2012-08-21 08:04 - 00000000 ____D C:\Program Files (x86)\Glary Utilities
2012-08-21 08:03 - 2012-08-21 08:03 - 08993008 ____A (Glarysoft Ltd ) C:\Users\jmezzell\Desktop\gusetup.exe
2012-08-21 07:55 - 2012-08-21 16:07 - 00000362 ____A C:\Windows\Tasks\RegInOut Scheduled Scan - jmezzell.job
2012-08-21 07:55 - 2012-08-21 07:55 - 00000000 ____D C:\Windows\RegInOut System Utilities
2012-08-21 07:55 - 2012-08-21 07:55 - 00000000 ____D C:\Users\All Users\RegInOut
2012-08-21 06:59 - 2012-08-21 06:58 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-08-21 06:59 - 2012-08-21 06:58 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-08-21 06:59 - 2012-08-21 06:58 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-08-21 06:59 - 2012-08-21 06:58 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-08-21 06:59 - 2012-08-21 06:58 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-08-21 06:55 - 2012-08-21 06:55 - 00000000 ____D C:\Users\All Users\McAfee
2012-08-21 06:43 - 2012-08-21 06:44 - 00881581 ____A C:\Users\jmezzell\Desktop\SecurityCheck.exe
2012-08-21 06:25 - 2012-08-21 06:25 - 00025974 ____A C:\ComboFix.txt
2012-08-21 06:19 - 2012-08-21 06:21 - 00000000 ____D C:\Users\jmezzell\Desktop\SCADA_Info
2012-08-21 06:17 - 2012-08-22 12:26 - 00000000 ____D C:\Users\jmezzell\Desktop\Mortgage
2012-08-21 06:16 - 2012-08-21 06:17 - 00000000 ____D C:\Users\jmezzell\Desktop\ConfigFiles
2012-08-21 04:53 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-08-21 04:53 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-08-21 04:53 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-08-21 04:53 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-08-21 04:53 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-08-21 04:53 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-08-21 04:53 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-08-21 04:53 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-08-21 04:52 - 2012-08-21 06:26 - 00000000 ____D C:\ComboFix
2012-08-21 04:38 - 2012-08-21 04:38 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{F15B6851-18F1-497D-9420-54B38FCAB938}
2012-08-20 06:31 - 2012-08-20 06:31 - 00000000 ____A C:\Users\jmezzell\defogger_reenable
2012-08-20 04:34 - 2012-08-20 04:35 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{DC5EC9C7-8390-45F7-8B14-71196A142314}
2012-08-19 12:32 - 2012-08-19 12:33 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{556F37DB-D34F-48CD-AA38-F28848D5FA2F}
2012-08-19 00:32 - 2012-08-19 00:32 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{9E55CF2F-1B46-48FF-ACCB-C1C37C5A4999}
2012-08-18 09:56 - 2012-08-18 09:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-18 09:56 - 2012-08-18 09:56 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-18 09:53 - 2012-08-18 09:53 - 00000000 ____D C:\Users\jmezzell\AppData\Roaming\Ad-Aware Antivirus
2012-08-18 09:46 - 2012-08-18 09:47 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{C986029E-2893-49A2-BE1D-119536B6739B}
2012-08-18 09:46 - 2012-08-18 09:46 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{56A124FC-BF65-4133-B2CB-F79BC2078B7B}
2012-08-18 08:53 - 2012-08-18 08:53 - 00000000 ____D C:\Users\jmezzell\AppData\Local\Threat Expert
2012-08-18 08:38 - 2012-08-18 09:11 - 00000000 ____D C:\Program Files (x86)\PC Tools
2012-08-18 08:31 - 2012-08-18 09:07 - 00000000 ____D C:\Users\All Users\PC Tools
2012-08-18 08:31 - 2012-08-18 08:32 - 01646829 ____A C:\Windows\System32\Drivers\Cat.DB
2012-08-18 08:31 - 2012-08-18 08:31 - 00000000 ____D C:\Users\jmezzell\AppData\Roaming\TestApp
2012-08-18 08:31 - 2012-06-22 12:35 - 00251560 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys
2012-08-17 21:46 - 2012-08-17 21:46 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{41AC0866-A294-4AD8-88A7-9126A816878B}
2012-08-17 21:46 - 2012-08-17 21:46 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{29666324-9CE1-4B0C-9DCB-B37862620EAB}
2012-08-17 07:27 - 2012-08-17 07:27 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{FF6A97FE-5C7E-4EB9-A79A-5C97D322CEB4}
2012-08-17 07:27 - 2012-08-17 07:27 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{5C6D31D1-2FC4-49EF-854B-F34087DE816F}
2012-08-16 19:26 - 2012-08-16 19:27 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{EACE8073-D263-47FC-8B9F-CAE6C66AB21D}
2012-08-16 07:26 - 2012-08-16 19:26 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{97C0C320-4835-4FEA-AE87-9FF929402CF0}
2012-08-16 07:26 - 2012-08-16 07:26 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{EB5F3B0C-9F95-4148-89CB-882EC4C5589B}
2012-08-15 13:32 - 2012-08-15 13:32 - 00000000 ____D C:\Users\jmezzell\AppData\Roaming\Curiolab
2012-08-15 06:04 - 2012-08-15 06:04 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{D77D0F03-B6A1-4572-8964-2780317F55FB}
2012-08-15 06:04 - 2012-08-15 06:04 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{01C1DB33-8A4D-408E-AD5B-9EEAD7014354}
2012-08-14 18:03 - 2012-08-14 18:03 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{A72334C3-7A2E-4338-9353-13949FCF3212}
2012-08-14 18:03 - 2012-08-14 18:03 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{3A7D89D9-E8CF-4BE6-84AE-F77B236B0903}
2012-08-14 06:03 - 2012-08-14 06:03 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{B5F04B3A-1F1F-4654-A908-F4D7D73342BC}
2012-08-14 06:02 - 2012-08-14 06:03 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{E2BF125B-CD2C-4EF4-86DE-C77A56CBFFF8}
2012-08-13 19:59 - 2012-08-13 19:59 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{991B0CC9-DA23-4286-B7A5-A98CE6090B94}
2012-08-13 03:20 - 2012-08-13 03:20 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{E62EFC6E-C94E-43A2-A2D2-49E2495FD591}
2012-08-13 03:19 - 2012-08-13 03:20 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{2D8F4A48-BC4D-4200-908B-4A3E10792CB1}
2012-08-13 00:59 - 2012-08-13 00:59 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{6D291CD0-5F3D-4B8D-AD1D-9A098624E1D4}
2012-08-13 00:59 - 2012-08-13 00:59 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{544CC213-EFC3-47A7-84E1-66E27DB91F5F}
2012-08-12 08:33 - 2012-08-12 08:33 - 00000000 ____D C:\Users\jmezzell\Documents\Symantec
2012-08-12 08:31 - 2012-08-12 08:31 - 00175736 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2012-08-12 08:31 - 2012-08-12 08:31 - 00007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2012-08-12 08:31 - 2012-08-12 08:31 - 00000000 ____D C:\Program Files\Symantec
2012-08-12 08:31 - 2012-08-12 08:31 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2012-08-12 08:30 - 2012-08-18 09:14 - 00000000 ____D C:\Windows\System32\Drivers\NISx64
2012-08-12 08:30 - 2012-08-12 08:30 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2012-08-12 08:26 - 2012-08-12 08:26 - 00001260 ____A C:\Users\jmezzell\Desktop\Norton Installation Files.lnk
2012-08-12 08:26 - 2012-08-12 08:26 - 00000000 ____D C:\Users\Public\Downloads\Norton
2012-08-12 07:54 - 2012-08-12 07:54 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{E0630A24-7FF1-4F6B-A293-5D65C78AADCE}
2012-08-12 07:53 - 2012-08-12 07:54 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{332E9CF4-3107-426C-AE63-552519623307}
2012-08-12 07:48 - 2012-08-12 08:33 - 00000000 ____D C:\Users\All Users\Norton
2012-08-11 19:53 - 2012-08-11 19:53 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{79E83C47-5AB5-43A9-AF38-0DEA66F31F99}
2012-08-11 19:53 - 2012-08-11 19:53 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{2F0AC3EE-DCD0-49A6-9AE7-347C0CBE6102}
2012-08-11 10:44 - 2012-08-21 06:26 - 00000000 ____D C:\Qoobox
2012-08-11 10:42 - 2012-08-21 04:41 - 04734695 ____R (Swearware) C:\Users\jmezzell\Desktop\ComboFix.exe
2012-08-11 10:34 - 2012-08-21 06:08 - 00000000 ____D C:\Windows\erdnt
2012-08-11 07:53 - 2012-08-11 07:53 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{0FF69A18-9593-4804-90FB-829A4892D34A}
2012-08-11 07:52 - 2012-08-11 07:53 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{A0DCCB0C-C79B-4AEC-B27D-07298AB295D2}
2012-08-10 19:19 - 2012-08-10 19:19 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{CCC50CF3-FBBE-48E7-B2AC-DB579CC98712}
2012-08-10 19:19 - 2012-08-10 19:19 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{A83225CE-15E3-431A-B6AE-95BD4B764167}
2012-08-10 05:56 - 2012-08-10 05:56 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{E6D61123-1FA9-42D1-A182-DFE02A3294E0}
2012-08-10 05:55 - 2012-08-10 05:56 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{2A03390B-1DF0-4055-9F94-130F708D1EBE}
2012-08-09 17:55 - 2012-08-09 17:55 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{DABFF5F7-B578-49DF-A73D-20E3D55E4D83}
2012-08-09 17:55 - 2012-08-09 17:55 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{5CC449D4-C49E-4E8A-9675-8E9E1C778AF3}
2012-08-09 15:56 - 2012-08-09 15:56 - 00000000 ____D C:\Users\jmezzell\AppData\Local\Macromedia
2012-08-09 05:55 - 2012-08-09 05:55 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{43939895-6690-45C8-83D8-384B3C831663}
2012-08-08 17:54 - 2012-08-09 05:55 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{06668E39-0EBD-488C-AC69-BA027275CB17}
2012-08-08 17:54 - 2012-08-08 17:54 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{F4BB7429-94F2-44F0-9973-7500D1648705}
2012-08-08 13:41 - 2012-08-08 13:41 - 00000000 ____D C:\Users\All Users\Sophos
2012-08-08 05:54 - 2012-08-08 05:54 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{DBB85AA4-B925-4967-B80C-EE40BFB2A494}
2012-08-08 05:53 - 2012-08-08 05:54 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{19793B3B-92A8-4846-970A-2D6D255FF6F8}
2012-08-07 17:53 - 2012-08-07 17:53 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{C726104E-C7B4-41C2-BDDE-5198E388FE9F}
2012-08-07 17:53 - 2012-08-07 17:53 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{9A6C7B7B-F572-453E-8935-516C37F094C3}
2012-08-07 17:49 - 2012-08-22 15:17 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-07 17:49 - 2012-08-14 12:17 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-07 17:11 - 2012-08-07 17:11 - 00000000 ____D C:\Users\jmezzell\AppData\Local\Mozilla
2012-08-07 17:11 - 2012-08-07 17:11 - 00000000 ____D C:\Users\All Users\Mozilla
2012-08-07 05:52 - 2012-08-07 05:52 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{91959931-463C-43A9-93D4-BE51583DE6B4}
2012-08-07 05:52 - 2012-08-07 05:52 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{886B171D-CA74-494B-8A29-5C5789A1935A}
2012-08-06 17:52 - 2012-08-06 17:52 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{6C5C9056-A1FE-4729-AEC7-527BF0C8F051}
2012-08-06 17:51 - 2012-08-06 17:52 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{5F0C56D4-7E8F-4289-91B5-12A42F43C308}
2012-08-06 05:51 - 2012-08-06 05:51 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{51FF779C-9B93-4606-AF64-4A403D59F48A}
2012-08-06 05:51 - 2012-08-06 05:51 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{51D41F28-AE94-48BB-9E87-A5B0664015EA}
2012-08-06 03:41 - 2012-08-06 03:41 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{EDEE31AC-A2F6-41C2-BCB6-25BD85CE4489}
2012-08-05 15:05 - 2012-08-21 07:00 - 00002014 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-08-05 15:05 - 2012-07-23 07:32 - 00001965 ____A C:\Users\Public\Desktop\KEPServerEX 5 Configuration.lnk
2012-08-05 15:05 - 2012-06-21 11:53 - 00001209 ____A C:\Users\Public\Desktop\Modbus Poll.lnk
2012-08-05 15:05 - 2012-06-21 11:03 - 00001379 ____A C:\Users\Public\Desktop\FreeWave Tool Suite.lnk
2012-08-05 15:05 - 2012-05-11 06:22 - 00002099 ____A C:\Users\Public\Desktop\DWG TrueView 2013.lnk
2012-08-05 15:05 - 2012-05-10 06:20 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-08-05 15:05 - 2012-03-09 16:58 - 00002473 ____A C:\Users\Public\Desktop\Driver Detective.lnk
2012-08-05 15:05 - 2012-01-20 08:02 - 00002030 ____A C:\Users\Public\Desktop\ICONICS OPC Server 5 Configuration.lnk
2012-08-05 15:05 - 2012-01-18 09:25 - 00002132 ____A C:\Users\Public\Desktop\VMware Player.lnk
2012-08-05 14:46 - 2012-08-07 17:21 - 00000000 ____D C:\Program Files\HitmanPro
2012-08-05 14:46 - 2012-08-05 14:46 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-08-05 13:06 - 2012-08-05 13:07 - 00000005 ____A C:\Users\jmezzell\AppData\Roaming\mbam.context.scan
2012-08-05 12:47 - 2012-08-05 12:47 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{F8ACA118-92C9-438E-BABF-B48A816395BE}
2012-08-05 12:46 - 2012-08-05 12:47 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{29DCC102-4964-4CE3-B48B-DE313155A997}
2012-08-05 12:15 - 2012-08-05 12:15 - 00000072 ____A C:\Users\All Users\-NKrlcBrm4umYDbr
2012-08-05 12:15 - 2012-08-05 12:15 - 00000072 ____A C:\Users\All Users\-NKrlcBrm4umYDb
2012-08-03 04:33 - 2012-08-03 04:34 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{A58546F6-0469-4D98-AA0A-B28273F91A6D}
2012-08-03 04:33 - 2012-08-03 04:33 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{4028FEA3-2086-4EB4-A856-E708F64D840A}
2012-08-02 16:20 - 2012-08-02 16:21 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{C4DD6587-B1A4-4EB0-B6DE-19B220948468}
2012-08-02 16:20 - 2012-08-02 16:20 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{77F35251-FD43-45B8-84A9-A0D2E070A0BC}
2012-08-02 02:38 - 2012-08-02 02:38 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{247CFE32-A70C-4420-A068-D92B2E982B84}
2012-08-01 12:32 - 2012-08-01 12:32 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{CA064F33-9339-4E01-8EFD-491C2A90AC31}
2012-08-01 12:32 - 2012-08-01 12:32 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{51546762-E8C2-4F36-9CF0-4429DD144C42}
2012-08-01 00:32 - 2012-08-01 00:32 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{5AD04CBA-872B-4754-A997-B68A64701BF8}
2012-07-31 09:29 - 2012-07-31 09:29 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{CCA88A5F-761A-4AA8-83F9-509128C07BA9}
2012-07-31 09:29 - 2012-07-31 09:29 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{3BD97EFD-9E69-42BD-B75E-0138DB002179}
2012-07-30 11:54 - 2012-07-30 11:54 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{EB649C59-2B5F-43F6-AA04-4FD17EDF0AC6}
2012-07-30 11:54 - 2012-07-30 11:54 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{32805744-3764-49CA-803B-0D139E045B04}
2012-07-29 23:53 - 2012-07-29 23:54 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{835972B5-9F9E-464D-9D31-7911ADB975F7}
2012-07-29 23:53 - 2012-07-29 23:53 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{70DDADDD-CA91-4D51-A282-8E792AF439C0}
2012-07-29 11:53 - 2012-07-29 11:53 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{CBBF1986-621F-4F69-91AA-F966D73DA05F}
2012-07-29 11:53 - 2012-07-29 11:53 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{46EB6BFC-77AB-496C-8749-CDA9BEEBC97D}
2012-07-28 23:52 - 2012-07-28 23:52 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{BF436660-E065-4C2E-895F-BA0B91106A83}
2012-07-28 23:52 - 2012-07-28 23:52 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{A24DE772-68BC-47C6-9C8B-F57EC782732C}
2012-07-28 08:06 - 2012-07-28 08:06 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{FD5EF78C-5EDB-446D-9E18-842D96CED7C5}
2012-07-28 08:06 - 2012-07-28 08:06 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{19E9C3D1-8CEC-4CD4-9EA0-51671A71A01E}
2012-07-27 20:05 - 2012-07-27 20:06 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{751353E3-27EE-4D4D-A2E6-3BFBCD22ED85}
2012-07-27 20:05 - 2012-07-27 20:05 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{CB6F93A3-627E-4CEC-91BA-CB1CE2E5AD7A}
2012-07-27 05:50 - 2012-07-27 05:51 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{F224DB15-52C1-45BB-B887-8DD5D9BE3FEE}
2012-07-27 05:47 - 2012-07-27 05:50 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{8D0A3045-8CC9-437D-A6CA-FBD4FE5E201E}
2012-07-27 05:40 - 2012-07-27 05:40 - 00000000 ____D C:\Users\Gen64User\AppData\Local\IsolatedStorage
2012-07-27 02:39 - 2012-07-27 02:39 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{E5FD303A-2404-4805-A51B-4647182CE4DF}
2012-07-26 12:12 - 2012-07-26 12:12 - 00000000 ____D C:\Users\Gen64User\AppData\Local\Apple Computer
2012-07-26 11:14 - 2012-07-26 11:14 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{DAF72352-27A2-492F-AC22-5EDDF7BCCC27}
2012-07-26 11:12 - 2012-07-26 11:13 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{42BE3BFD-A6AE-49A7-A4A0-C9E0CEF08E24}
2012-07-26 10:19 - 2012-07-26 10:19 - 00000000 ____D C:\Users\Gen64User\AppData\Local\Microsoft_Corporation
2012-07-26 10:18 - 2010-04-03 08:51 - 00047456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll
2012-07-26 10:18 - 2010-04-03 07:57 - 00077152 ____A (Microsoft Corporation) C:\Windows\System32\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll
2012-07-26 10:17 - 2012-07-26 10:17 - 00000000 ____D C:\Users\Gen64User\Documents\Integration Services Script Component
2012-07-26 10:17 - 2010-04-03 08:51 - 00073568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL$SQLEXPRESS-sqlctr10.50.1600.1.dll
2012-07-26 10:17 - 2010-04-03 07:57 - 00079200 ____A (Microsoft Corporation) C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.50.1600.1.dll
2012-07-26 10:16 - 2012-07-26 10:16 - 00000000 ____D C:\Users\Gen64User\Documents\SQL Server Management Studio
2012-07-26 10:16 - 2012-07-26 10:16 - 00000000 ____D C:\Users\Gen64User\Documents\Integration Services Script Task
2012-07-26 10:15 - 2012-07-26 10:15 - 00000000 ____D C:\Windows\System32\RsFx
2012-07-26 10:14 - 2012-07-26 10:14 - 00000000 ____D C:\Users\Gen64User\AppData\Local\Microsoft Help
2012-07-26 10:12 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 9.0
2012-07-26 10:10 - 2012-07-26 10:10 - 00000000 ____D C:\Users\Gen64User\AppData\Roaming\Macromedia
2012-07-26 10:10 - 2012-07-26 10:10 - 00000000 ____D C:\Users\Gen64User\AppData\Roaming\Google
2012-07-26 10:10 - 2012-07-26 10:10 - 00000000 ____D C:\Users\Gen64User\AppData\Roaming\Adobe
2012-07-26 10:10 - 2012-07-26 10:10 - 00000000 ____D C:\Users\Gen64User\AppData\Local\Google
2012-07-26 10:09 - 2012-07-26 10:09 - 00000000 ____D C:\Windows\SysWOW64\1033
2012-07-26 10:09 - 2012-07-26 10:09 - 00000000 ____D C:\Windows\System32\1033
2012-07-26 10:04 - 2012-07-26 12:12 - 00000000 ____D C:\Users\Gen64User\Tracing
2012-07-26 10:04 - 2012-07-26 12:12 - 00000000 ____D C:\Users\Gen64User\AppData\Roaming\Apple Computer
2012-07-26 10:04 - 2012-07-26 10:04 - 00139336 ____A C:\Users\Gen64User\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-26 10:04 - 2012-07-26 10:04 - 00000000 ____D C:\Users\Gen64User\Documents\Snagit
2012-07-26 10:04 - 2012-07-26 10:04 - 00000000 ____D C:\Users\Gen64User\Documents\Bluetooth Exchange Folder
2012-07-26 10:04 - 2012-07-26 10:04 - 00000000 ____D C:\Users\Gen64User\AppData\Local\TechSmith
2012-07-26 10:04 - 2012-07-26 10:04 - 00000000 ____D C:\Users\Gen64User\AppData\Local\Broadcom
2012-07-26 10:03 - 2012-07-26 10:03 - 00000020 ___SH C:\Users\Gen64User\ntuser.ini
2012-07-26 09:52 - 2012-07-26 10:00 - 00000000 ____D C:\277adc09241d34109a9e7660465e594b
2012-07-26 09:51 - 2012-07-26 09:51 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{AA413363-60ED-45C9-8436-BD56ADA2EEE1}
2012-07-26 09:26 - 2012-07-26 09:26 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{97BB022B-D3C1-408C-8ABD-102CD369F157}
2012-07-26 09:20 - 2012-07-26 09:20 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{53CF1B4B-176A-448E-8FB4-1E382C1E244F}
2012-07-25 21:43 - 2012-07-25 21:43 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{EB5BBD29-8B8E-4349-ADEC-AE36A42C029C}
2012-07-25 14:09 - 2012-07-25 14:09 - 00000000 ____D C:\Users\jmezzell\AppData\Local\Microsoft_Corporation
2012-07-25 05:32 - 2012-07-25 05:35 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{DA6C1FE0-C8C5-4A84-BF5C-8EA10F768935}
2012-07-24 19:35 - 2012-07-24 19:35 - 00000020 __ASH C:\Users\TEMP\ntuser.ini
2012-07-24 09:56 - 2012-07-24 09:56 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{1FF19AA8-A6A9-44ED-95B2-C2BE87AC868B}
2012-07-24 09:55 - 2012-07-24 09:56 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{5268D673-A4AA-44E0-931A-01C149F380DC}
2012-07-24 05:18 - 2012-07-24 05:19 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{7F671652-C0E9-4AF8-8457-93BE7D71314C}
2012-07-23 17:18 - 2012-07-23 17:18 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{E1250E6C-DE20-4490-B4CB-F4833C32B187}
2012-07-23 17:18 - 2012-07-23 17:18 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{B1BD81D5-B92E-4481-BB39-5C8178A94585}
2012-07-23 07:32 - 2012-07-23 07:33 - 00000000 ____D C:\Users\All Users\Kepware
2012-07-23 07:32 - 2012-07-23 07:32 - 00000000 ____D C:\Users\jmezzell\AppData\Roaming\Kepware
2012-07-23 07:32 - 2012-07-23 07:32 - 00000000 ____D C:\Users\All Users\FLEXnet
2012-07-23 07:32 - 2012-07-23 07:32 - 00000000 ____D C:\Program Files (x86)\Kepware
2012-07-23 07:26 - 2012-07-23 07:26 - 00000000 ____D C:\SQL
2012-07-23 07:26 - 2012-07-23 07:26 - 00000000 ____D C:\Services Batch Files
2012-07-23 07:26 - 2012-07-23 07:26 - 00000000 ____D C:\OPC Server
2012-07-23 07:25 - 2012-07-23 07:26 - 00000000 ____D C:\Users\jmezzell\Downloads\Class Files
2012-07-23 05:17 - 2012-07-23 05:18 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{7DC1597B-28F6-45A0-96E1-7458E323C000}
2012-07-23 05:17 - 2012-07-23 05:17 - 00000000 ____D C:\Users\jmezzell\AppData\Local\{E4AC3597-E03F-4DC8-9D8D-83E1D6649FAA}

============ 3 Months Modified Files ========================

2012-08-22 15:57 - 2012-01-17 14:00 - 00025408 ____A C:\Windows\error.log
2012-08-22 15:57 - 2011-12-19 13:07 - 01431315 ____A C:\Windows\WindowsUpdate.log
2012-08-22 15:54 - 2009-07-13 20:45 - 00015280 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-22 15:54 - 2009-07-13 20:45 - 00015280 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-22 15:49 - 2012-01-17 11:26 - 00000569 ____A C:\Windows\SMSCFG.ini
2012-08-22 15:47 - 2012-08-21 08:04 - 00000330 ____A C:\Windows\Tasks\GlaryInitialize.job
2012-08-22 15:47 - 2011-12-20 18:44 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-22 15:44 - 2012-01-17 14:00 - 00035158 ____A C:\Windows\errord.log
2012-08-22 15:44 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-22 15:44 - 2009-07-13 20:51 - 00054355 ____A C:\Windows\setupact.log
2012-08-22 15:17 - 2012-08-07 17:49 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-22 15:05 - 2012-08-22 15:05 - 00000059 ____A C:\Windows\LTDLGFILE14N.INI
2012-08-22 13:58 - 2011-12-19 13:24 - 00000240 ____A C:\Windows\System32\config\netlogon.ftl
2012-08-22 13:25 - 2011-12-29 13:50 - 01245184 ____A C:\Users\jmezzell\Documents\Budget.xls
2012-08-22 12:40 - 2011-12-20 18:44 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-22 12:36 - 2012-08-22 12:36 - 01446117 ____A (Farbar) C:\Users\jmezzell\Desktop\FRST64.exe
2012-08-22 11:24 - 2012-08-22 09:06 - 00007644 ____A C:\Users\jmezzell\AppData\Local\Resmon.ResmonCfg
2012-08-22 09:51 - 2012-08-22 09:51 - 00302592 ____A C:\Users\jmezzell\Desktop\7xtun940.exe
2012-08-22 09:50 - 2012-08-22 09:50 - 00089088 ____A C:\Users\jmezzell\Desktop\mbr.exe
2012-08-22 09:50 - 2012-08-22 09:50 - 00000227 ____A C:\Users\jmezzell\Desktop\mbr.log
2012-08-22 09:35 - 2012-08-22 09:35 - 04731392 ____A (AVAST Software) C:\Users\jmezzell\Desktop\aswMBR.exe
2012-08-22 08:02 - 2012-08-22 08:02 - 05145088 ____A (Geza Kovacs) C:\Users\jmezzell\Desktop\unetbootin-windows-578.exe
2012-08-22 07:27 - 2012-08-22 07:27 - 120776704 ____A C:\Users\jmezzell\Desktop\slacko-5.3.3-4g-SCSI.iso
2012-08-21 16:07 - 2012-08-21 07:55 - 00000362 ____A C:\Windows\Tasks\RegInOut Scheduled Scan - jmezzell.job
2012-08-21 16:06 - 2011-12-19 14:09 - 00249906 ____A C:\Windows\PFRO.log
2012-08-21 15:11 - 2012-08-21 15:11 - 01932256 ____A (Symantec Corporation) C:\Users\jmezzell\Desktop\FixTDSS.exe
2012-08-21 13:31 - 2012-08-21 13:24 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\jmezzell\Desktop\tdskiller.exe
2012-08-21 10:42 - 2012-08-21 10:42 - 08864168 ____A (SurfRight B.V.) C:\Users\jmezzell\Desktop\HitmanPro36_x64.exe
2012-08-21 08:38 - 2012-08-21 08:38 - 17142744 ____A (Microsoft Corporation) C:\Users\jmezzell\Desktop\Windows-KB890830-x64-V4.11.exe
2012-08-21 08:04 - 2012-08-21 08:04 - 00001070 ____A C:\Users\jmezzell\Desktop\Glary Utilities.lnk
2012-08-21 08:04 - 2012-08-21 08:04 - 00000142 ____A C:\Users\jmezzell\Desktop\Filepuma.url
2012-08-21 08:03 - 2012-08-21 08:03 - 08993008 ____A (Glarysoft Ltd ) C:\Users\jmezzell\Desktop\gusetup.exe
2012-08-21 07:00 - 2012-08-05 15:05 - 00002014 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-08-21 06:58 - 2012-08-21 06:59 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-08-21 06:58 - 2012-08-21 06:59 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-08-21 06:58 - 2012-08-21 06:59 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-08-21 06:58 - 2012-08-21 06:59 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-08-21 06:58 - 2012-08-21 06:59 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-08-21 06:58 - 2012-01-19 08:27 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-08-21 06:44 - 2012-08-21 06:43 - 00881581 ____A C:\Users\jmezzell\Desktop\SecurityCheck.exe
2012-08-21 06:25 - 2012-08-21 06:25 - 00025974 ____A C:\ComboFix.txt
2012-08-21 06:01 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-08-21 04:41 - 2012-08-11 10:42 - 04734695 ____R (Swearware) C:\Users\jmezzell\Desktop\ComboFix.exe
2012-08-20 06:31 - 2012-08-20 06:31 - 00000000 ____A C:\Users\jmezzell\defogger_reenable
2012-08-20 06:04 - 2012-05-11 14:12 - 00000434 ____A C:\rkill.log
2012-08-18 09:56 - 2012-08-18 09:56 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-18 08:32 - 2012-08-18 08:31 - 01646829 ____A C:\Windows\System32\Drivers\Cat.DB
2012-08-14 12:17 - 2012-08-07 17:49 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-14 12:17 - 2011-12-20 18:44 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-12 08:31 - 2012-08-12 08:31 - 00175736 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2012-08-12 08:31 - 2012-08-12 08:31 - 00007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2012-08-12 08:26 - 2012-08-12 08:26 - 00001260 ____A C:\Users\jmezzell\Desktop\Norton Installation Files.lnk
2012-08-12 07:42 - 2012-04-16 09:38 - 00000031 ____A C:\Windows\QUICKEN.INI
2012-08-06 10:12 - 2011-12-19 13:25 - 00026383 _RASH C:\Users\All Users\ntuser.pol
2012-08-05 13:07 - 2012-08-05 13:06 - 00000005 ____A C:\Users\jmezzell\AppData\Roaming\mbam.context.scan
2012-08-05 12:15 - 2012-08-05 12:15 - 00000072 ____A C:\Users\All Users\-NKrlcBrm4umYDbr
2012-08-05 12:15 - 2012-08-05 12:15 - 00000072 ____A C:\Users\All Users\-NKrlcBrm4umYDb
2012-08-03 01:46 - 2012-08-21 08:36 - 59884088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-08-03 01:27 - 2011-12-20 07:34 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-27 06:20 - 2009-07-13 21:13 - 00974038 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-26 10:04 - 2012-07-26 10:04 - 00139336 ____A C:\Users\Gen64User\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-26 10:03 - 2012-07-26 10:03 - 00000020 ___SH C:\Users\Gen64User\ntuser.ini
2012-07-24 19:35 - 2012-07-24 19:35 - 00000020 __ASH C:\Users\TEMP\ntuser.ini
2012-07-24 09:37 - 2012-01-18 14:10 - 00000039 ____A C:\Windows\SymbolLibrary.INI
2012-07-24 07:56 - 2011-12-30 07:13 - 00974038 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-23 07:32 - 2012-08-05 15:05 - 00001965 ____A C:\Users\Public\Desktop\KEPServerEX 5 Configuration.lnk
2012-07-02 06:02 - 2012-07-02 06:02 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2012-07-02 05:58 - 2012-07-02 05:56 - 169263776 ____A (Dell Inc.) C:\Users\jmezzell\Documents\VIDEO_DRVR_WIN_R312024.EXE
2012-07-02 05:56 - 2012-07-02 05:56 - 06067768 ____A C:\Users\jmezzell\Documents\E6420A13.exe
2012-07-02 05:55 - 2012-07-02 05:55 - 00074294 ____A C:\Windows\SysWOW64\DellSystem.xml
2012-07-02 05:54 - 2012-07-02 05:54 - 00000000 ____A C:\Windows\invcol.tmp
2012-06-22 12:35 - 2012-08-18 08:31 - 00251560 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys
2012-06-22 11:09 - 2009-07-13 20:45 - 00487064 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-21 11:53 - 2012-08-05 15:05 - 00001209 ____A C:\Users\Public\Desktop\Modbus Poll.lnk
2012-06-21 11:46 - 2012-06-21 11:18 - 00000017 ____A C:\Users\jmezzell\Desktop\network.pnf
2012-06-21 11:03 - 2012-08-05 15:05 - 00001379 ____A C:\Users\Public\Desktop\FreeWave Tool Suite.lnk
2012-06-21 11:03 - 2011-12-20 11:00 - 00139336 ____A C:\Users\jmezzell\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-20 05:24 - 2012-04-17 05:16 - 00001124 ____A C:\Windows\DirectX.log
2012-06-19 13:13 - 2012-06-19 13:13 - 00001782 ____A C:\Users\jmezzell\Desktop\Spotify.lnk
2012-06-10 20:38 - 2011-12-30 07:12 - 00072453 ____A C:\Windows\iis7.log
2012-06-06 05:06 - 2012-06-06 05:06 - 00004764 ____A C:\Windows\System32\CcmFramework.ini
2012-06-06 05:06 - 2012-06-06 05:06 - 00000621 ____A C:\Windows\System32\CcmFramework.h
2012-06-01 14:04 - 2012-06-01 14:04 - 00015144 ____A C:\Users\jmezzell\Documents\OPCserverErrors.xlsx
2012-06-01 14:04 - 2012-06-01 14:04 - 00014591 ____A C:\Users\jmezzell\Documents\system_doc_identifiers.xlsx
2012-05-31 05:30 - 2012-05-31 05:00 - 00129024 ____A C:\Users\jmezzell\Documents\Transmont_SCADA_Tags - Rev6 - Kirk (2).xls


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 3978.19 MB
Available physical RAM: 3388.9 MB
Total Pagefile: 3976.34 MB
Available Pagefile: 3383.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:232.73 GB) (Free:148.15 GB) NTFS
2 Drive d: () (Fixed) (Total:0.04 GB) (Free:0.04 GB) FAT
4 Drive g: () (Removable) (Total:1.86 GB) (Free:1.75 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 1907 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 39 MB 31 KB
Partition 2 Primary 100 MB 40 MB
Partition 3 Primary 232 GB 140 MB
Partition 4 Primary 10 MB 232 GB

==================================================================================

Disk: 0
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D FAT Partition 39 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 232 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1907 MB 64 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT Removable 1907 MB Healthy

==================================================================================

Last Boot: 2012-08-17 01:43

======================= End Of Log ==========================











Farbar Recovery Scan Tool Version: 22-08-2012 02
Ran by SYSTEM at 2012-08-22 19:32:50
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\erdnt\cache64\services.exe
[2012-08-21 06:08] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:47 PM

Posted 22 August 2012 - 09:16 PM

greetings

we have a couple of things going on and I am not for sure how they are going to react bumping into each other

first make this fix and save it to a usb drive that has the frst program on it


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

TDL4: custom:26000022 <===== ATTENTION!
CMD: bootrec /FixMbr


now I want you to go into GParted and make sure SDA2 has the boot flag set for it

after we are sure that sda2 has the boot flag go into the System Recovery Options and Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users