Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

variant of Win32/Sirefef.EZ trojan


  • This topic is locked This topic is locked
22 replies to this topic

#1 marknugent

marknugent

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 27 August 2012 - 12:39 PM

On approx 12th Aug I started to get a message from ESET NOD32 antivirus 4 saying I had a "variant of Win32/Patched.B.Gen trojan."

I have then been on holiday until 24th Aug. Computer off between 14th and 24th.

Now I get a message saying "variant of Win32/Sirefef.EZ trojan."

All it seems to do is redirect me to innocuous webpages when I click on links in Google searches.

Hope you can help. Mark

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Mark Nugent 2 at 18:22:35 on 2012-08-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.16375.13108 [GMT 1:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe
C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\Citrix\GoToMyPC\g2pre.exe
C:\Program Files (x86)\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Edimax\Common\RaRegistry.exe
C:\Program Files (x86)\Edimax\Common\RaRegistry64.exe
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Xobni\XobniService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler64.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Windows\System32\spool\drivers\x64\3\E_YATIH2E.EXE
C:\Program Files (x86)\TechSmith\Jing\Jing.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NETGEAR\WG311v3\WG311v3.exe
C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\SkyGolf\SkyCaddie Desktop\CaddieSyncLauncher.exe
C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Program Files (x86)\Edimax\Common\RaUI.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe
C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Mark Nugent 2\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\real\realplayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Users\Mark Nugent 2\Desktop\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Mark Nugent 2\AppData\Local\Mozilla Firefox\firefox.exe
C:\Users\Mark Nugent 2\AppData\Local\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchqu.com/406
mStart Page = hxxp://startsear.ch/?aff=1
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Wincore Mediabar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Wincore Mediabar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll
uRun: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
uRun: [CAHeadless] C:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe
uRun: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIH2E.EXE /EPT "EPLTarget\P0000000000000000" /M "WP-4515 Series" /EF "HKCU"
uRun: [Jing] C:\Program Files (x86)\TechSmith\Jing\jing.exe
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Spotify Web Helper] "C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
mRun: [CaddieSyncLauncher] C:\Program Files (x86)\SkyGolf\SkyCaddie Desktop\CaddieSyncLauncher.exe
mRun: [ScanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
mRun: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
mRun: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [EaseUs Watch] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe"
mRun: [EaseUs Tray] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRun: [CtxfiReg] CTXFIREG.exe /FAIL2
StartupFolder: C:\Users\MARKNU~2\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BBCIPL~1.LNK - C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
StartupFolder: C:\Users\MARKNU~2\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\MARKNU~2\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Mark Nugent 2\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\MARKNU~2\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUDIBL~1.LNK - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CARDMI~1.LNK - C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONVER~1.LNK - C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WG311v3\WG311v3.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANSN~1.LNK - C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WIRELE~1.LNK - C:\Program Files (x86)\Edimax\Common\RaUI.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: ebay.co.uk\www
Trusted Zone: ebay.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D6E0B119-DCF2-4CD6-8DFB-7CFF1B70F7FF} - hxxps://bis.eu.blackberry.com/html/web/client_tools/TOImport.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{73EB72FE-0EB3-4503-8022-1DB050F29688} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{85C6E23A-E312-4AAC-9073-38B7806C27EE} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D091B09B-52F5-43D0-B4FE-FDF1292B87D1} : DhcpNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Program Files (x86)\PixiePack Codec Pack\InstallerHelper.exe
BHO-X64: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO-X64: IDM Helper - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Wincore Mediabar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll
BHO-X64: Wincore Mediabar - No File
BHO-X64: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO-X64: RoboForm BHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB-X64: Wincore Mediabar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll
mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
mRun-x64: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
mRun-x64: [CaddieSyncLauncher] C:\Program Files (x86)\SkyGolf\SkyCaddie Desktop\CaddieSyncLauncher.exe
mRun-x64: [ScanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
mRun-x64: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
mRun-x64: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
mRun-x64: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun-x64: [EaseUs Watch] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe"
mRun-x64: [EaseUs Tray] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [CTxfiHlp] CTXFIHLP.EXE
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
AppInit_DLLs-X64: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mark Nugent 2\AppData\Roaming\Mozilla\Firefox\Profiles\8ob2o9fb.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=179&systemid=406&sr=0&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Mark Nugent 2\AppData\Local\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: C:\Users\Mark Nugent 2\AppData\Local\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Users\Mark Nugent 2\AppData\Local\Mozilla Firefox\plugins\nprpplugin.dll
FF - plugin: C:\Users\Mark Nugent 2\AppData\Local\Mozilla Firefox\plugins\npvsharetvplg.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
.
============= SERVICES / DRIVERS ===============
.
R0 EUBAKUP;EUBAKUP;C:\Windows\system32\drivers\eubakup.sys --> C:\Windows\system32\drivers\eubakup.sys [?]
R0 EUBKMON;EUBKMON;C:\Windows\system32\drivers\EUBKMON.sys --> C:\Windows\system32\drivers\EUBKMON.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\system32\DRIVERS\tdrpm273.sys --> C:\Windows\system32\DRIVERS\tdrpm273.sys [?]
R1 EUDSKACS;EUDSKACS;\??\C:\Windows\system32\drivers\eudskacs.sys --> C:\Windows\system32\drivers\eudskacs.sys [?]
R1 EUFDDISK;EUFDDISK;\??\C:\Windows\system32\drivers\EuFdDisk.sys --> C:\Windows\system32\drivers\EuFdDisk.sys [?]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;C:\Windows\system32\DRIVERS\rtlprot.sys --> C:\Windows\system32\DRIVERS\rtlprot.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-10-16 3246040]
R2 BecHelperService;BecHelperService;C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2012-8-3 1740696]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 EaseUS Agent;EaseUS Agent;C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2012-1-30 61064]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-11-16 735960]
R2 Guard Agent;Guard Agent;C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2012-1-30 23176]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-5-7 197976]
R2 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-4-1 67400]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-2-22 2348352]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-9-16 80896]
R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\Edimax\Common\RaRegistry.exe [2011-11-29 185632]
R2 RalinkRegistryWriter64;Ralink Registry Writer 64;C:\Program Files (x86)\Edimax\Common\RaRegistry64.exe [2011-11-29 212256]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-12-18 656624]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2012-8-21 1019328]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-9 382272]
R2 XobniService;XobniService;C:\Program Files (x86)\Xobni\XobniService.exe [2010-8-4 55528]
R3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]
R3 chdrvr01;CH Control Manager Driver 1;C:\Windows\system32\DRIVERS\chdrvr01.sys --> C:\Windows\system32\DRIVERS\chdrvr01.sys [?]
R3 chdrvr02;CH Control Manager Driver 2;C:\Windows\system32\DRIVERS\chdrvr02.sys --> C:\Windows\system32\DRIVERS\chdrvr02.sys [?]
R3 chdrvr03;chdrvr03;C:\Windows\system32\DRIVERS\chdrvr03.sys --> C:\Windows\system32\DRIVERS\chdrvr03.sys [?]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
R3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\system32\drivers\ha20x22k.sys --> C:\Windows\system32\drivers\ha20x22k.sys [?]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys --> C:\Windows\system32\DRIVERS\ew_jubusenum.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-12 136176]
S2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]
S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-12-18 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-12-18 79360]
S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2010-2-13 79360]
S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys --> C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys --> C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys [?]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;C:\Windows\system32\DRIVERS\ewusbwwan.sys --> C:\Windows\system32\DRIVERS\ewusbwwan.sys [?]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-6-6 30192]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-12 136176]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]
S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\system32\DRIVERS\lvpopf64.sys --> C:\Windows\system32\DRIVERS\lvpopf64.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech Webcam C160(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
S3 MRV6X64P;Vista 64-bits Native WiFi Driver;C:\Windows\system32\DRIVERS\MRVW13C.sys --> C:\Windows\system32\DRIVERS\MRVW13C.sys [?]
S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;C:\Windows\system32\DRIVERS\wg111v3.sys --> C:\Windows\system32\DRIVERS\wg111v3.sys [?]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;C:\Windows\system32\DRIVERS\silabenm.sys --> C:\Windows\system32\DRIVERS\silabenm.sys [?]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;C:\Windows\system32\DRIVERS\silabser.sys --> C:\Windows\system32\DRIVERS\silabser.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys --> C:\Windows\system32\DRIVERS\ssadserd.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-08-25 08:09:24 -------- d-----w- C:\Users\Mark Nugent 2\AppData\Local\{7F394CEB-0F0B-4729-9757-E8AC1D125881}
2012-08-23 19:04:06 -------- d-----w- C:\Users\Mark Nugent 2\AppData\Local\{A0A4687F-A8BA-460D-A603-3F9B2B3C88EE}
2012-08-23 19:04:06 -------- d-----w- C:\Users\Mark Nugent 2\AppData\Local\{1FDE96C5-EE7B-4254-AE40-8E2D8066D4AF}
2012-08-23 15:21:26 110080 ----a-r- C:\Users\Mark Nugent 2\AppData\Roaming\Microsoft\Installer\{F3D711FA-C72D-4688-95B3-C7A71DB2F1A0}\IconF7A21AF7.exe
2012-08-23 15:21:26 110080 ----a-r- C:\Users\Mark Nugent 2\AppData\Roaming\Microsoft\Installer\{F3D711FA-C72D-4688-95B3-C7A71DB2F1A0}\IconD7F16134.exe
2012-08-23 15:21:26 110080 ----a-r- C:\Users\Mark Nugent 2\AppData\Roaming\Microsoft\Installer\{F3D711FA-C72D-4688-95B3-C7A71DB2F1A0}\Icon5B4E0377.exe
2012-08-23 15:21:25 -------- d-----w- C:\sh4ldr
2012-08-23 15:12:39 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-23 15:12:35 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-08-23 15:06:33 -------- d-----w- C:\Windows\F3D711FAC72D468895B3C7A71DB2F1A0.TMP
2012-08-12 10:46:38 -------- d-----w- C:\Users\Mark Nugent 2\AppData\Local\{64C862BC-F20B-4FC1-B8B2-C9FFFFE93732}
2012-08-12 10:46:27 -------- d-----w- C:\Users\Mark Nugent 2\AppData\Local\{C1F62028-8B18-4B39-A7C8-7CFE3A1E57A9}
2012-08-09 09:01:34 -------- d-----w- C:\Users\Mark Nugent 2\AppData\Local\{43469AD3-BA72-4890-8EF1-0E85838F1A19}
2012-08-09 09:01:23 -------- d-----w- C:\Users\Mark Nugent 2\AppData\Local\{CE93CD62-B581-4ADC-B2FB-BDE671C094E2}
2012-08-09 08:15:06 -------- d-----w- C:\Windows\en
2012-08-09 08:12:35 19720 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-08-09 08:08:36 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2d65af891cd760601\DSETUP.dll
2012-08-09 08:08:36 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2d65af891cd760601\DXSETUP.exe
2012-08-09 08:08:36 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2d65af891cd760601\dsetup32.dll
2012-08-09 07:52:25 -------- d-----w- C:\Users\Mark Nugent 2\AppData\Local\{5922DB7C-4952-4780-84F8-94F627CEC64A}
2012-08-08 17:59:51 -------- d-----w- C:\Users\Mark Nugent 2\AppData\Local\{D812F46F-E182-11E1-8270-B8AC6F996F26}
2012-08-08 17:59:50 -------- d-----w- C:\Users\Mark Nugent 2\AppData\Local\{D812BA45-E182-11E1-8270-B8AC6F996F26}
2012-08-08 17:59:49 459264 ----a-w- C:\Users\Mark Nugent 2\AppData\Roaming\qcofil.dll
2012-08-08 12:44:53 -------- d-----w- C:\Program Files\Enigma Software Group
2012-08-08 12:44:09 -------- d-----w- C:\Windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-08-08 12:44:09 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-08-06 22:46:50 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BFA9AB72-AAB2-42E9-BE2A-6D5880955858}\mpengine.dll
2012-08-06 11:41:04 -------- d-----w- C:\Windows\SysWow64\%APPDATA%
2012-08-04 19:02:22 -------- d-----w- C:\Users\Mark Nugent 2\AppData\Local\{32BBEC58-C13C-4D50-B8D9-FE240C59D4A7}
2012-08-04 19:02:10 -------- d-----w- C:\Users\Mark Nugent 2\AppData\Local\{320BFBD5-3928-4ED6-B330-247F08DFE20C}
2012-08-04 18:32:47 -------- d-----w- C:\Users\Mark Nugent 2\AppData\Local\Windows Live
2012-08-03 15:49:49 -------- d-----w- C:\Users\Mark Nugent 2\AppData\Roaming\Birdstep Technology
2012-08-03 15:49:32 10240 ----a-w- C:\Windows\SysWow64\drivers\mdvrmng.sys
2012-08-03 15:49:30 -------- d-----w- C:\Program Files (x86)\3 Mobile Broadband
2012-08-03 12:16:00 -------- d-----w- C:\Program Files\Paint.NET
2012-08-03 12:15:32 -------- d-----w- C:\Users\Mark Nugent 2\AppData\Local\Paint.NET
2012-08-03 08:58:25 737792 ----a-w- C:\Windows\System32\drivers\netr28x.sys
2012-08-01 10:38:53 -------- d-----w- C:\Program Files (x86)\Quick Screen Capture
2012-08-01 10:38:53 -------- d-----w- C:\MyCaptures
2012-07-31 21:40:20 89360 ----a-r- C:\Windows\SysWow64\VB5DB.DLL
2012-07-31 21:40:20 69632 ----a-r- C:\Windows\SysWow64\xmltok.dll
2012-07-31 21:40:20 505104 ----a-r- C:\Windows\SysWow64\msxml.dll
2012-07-31 21:40:20 36864 ----a-r- C:\Windows\SysWow64\xmlparse.dll
2012-07-31 21:40:20 35840 ----a-r- C:\Windows\SysWow64\comdlg32.oca
2012-07-31 21:40:20 29184 ----a-r- C:\Windows\SysWow64\MSINET.oca
2012-07-31 21:40:20 28432 ----a-r- C:\Windows\SysWow64\msxmlr.dll
2012-07-31 21:40:20 26096 ----a-r- C:\Windows\SysWow64\xmlinst.exe
.
==================== Find3M ====================
.
2012-07-31 09:14:23 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-07-31 09:14:23 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-07-31 09:13:18 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-07-24 15:28:40 11881936 ----a-w- C:\Users\Mark Nugent 2\gosetup.exe
2012-07-16 11:25:13 472576 --sha-w- C:\EUMONBMP.SYS
2012-07-13 13:34:48 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-06-27 07:06:53 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-06-27 05:53:07 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-27 04:53:10 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-27 04:10:55 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-25 15:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll
2012-06-23 09:29:35 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-23 09:29:35 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-16 05:16:04 609792 ----a-w- C:\Windows\System32\vbscript.dll
2012-06-16 04:26:57 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-06-06 19:59:42 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 14:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 14:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 11:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 18:23:58.27 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:41 AM

Posted 27 August 2012 - 06:11 PM

Please do the following:

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 marknugent

marknugent
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 28 August 2012 - 04:40 PM

Hi - struggling with this.

PC has...

c drive - 211gb of 921gb free
x drive - external usd drive 2tb - all free
e drive - usb drive, 1gb all free except frst64.exe

When i follow your instructions and type notebook from dos prompt and go to computer I see...

e drive (9.61 gb, mostly unused) - a Dell recovery partition?
j - 2tb all free (was x on normal boot)
x - 31mb of 33 mb free (???)

Doing "e:\frst64.exe" from all directories produces "not recognised as an internal or external command, operating programmee or batch file."

Searching on all directories in dos for frst64.exe yields nothing.

Do I need to force the usb drive with frst64.exe to a drive letter that is certainly unused. e.g. "M"?

Thanks for your help so far.

Mark

Regards,

Mark

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:41 AM

Posted 28 August 2012 - 04:55 PM

did you try the notepad step?

when you look in "my computer" you should see that the USB has already been assigned a drive letter.

If the USB is not being recognized for some reason, try saving FRST directly to your C:\ drive, then navigate to the C:\ drive once in the recovery environment

from what you have described, it's not seeing even the c:\ drive (that should probably be D:\)

Edited by CatByte, 28 August 2012 - 04:55 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 marknugent

marknugent
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 29 August 2012 - 02:13 AM

Managed it on the c drive...

Scan result of Farbar Recovery Scan Tool Version: 28-08-2012
Ran by SYSTEM at 29-08-2012 08:54:19
Running from C:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet002

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [2716216 2009-11-16] (ESET)
HKLM\...\Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart [980368 2010-11-05] (The Eraser Project)
HKLM\...\Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [394768 2010-10-20] (Acronis)
HKLM-x32\...\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2009-07-17] (Alcor Micro Corp.)
HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r [241789 2009-04-09] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807600 2009-11-13] ()
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0" [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup [30192 2010-06-06] (Google)
HKLM-x32\...\Run: [CaddieSyncLauncher] C:\Program Files (x86)\SkyGolf\SkyCaddie Desktop\CaddieSyncLauncher.exe [95744 2009-11-19] (SkyHawke Inc.)
HKLM-x32\...\Run: [ScanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe [86016 2009-09-30] (PFU LIMITED)
HKLM-x32\...\Run: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start [x]
HKLM-x32\...\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe [2537096 2011-09-22] (Acronis)
HKLM-x32\...\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [5551288 2011-09-23] (Acronis)
HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [165208 2010-05-07] (Logitech Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [79192 2011-02-18] (Research In Motion Limited)
HKLM-x32\...\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EaseUs Watch] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe" [70792 2011-12-23] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUs Tray] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe" [743560 2011-12-26] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CTxfiHlp] CTXFIHLP.EXE [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot [296056 2012-05-20] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Mark Nugent 2\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Mark Nugent 2\...\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot [3491264 2012-06-07] (Tonec Inc.)
HKU\Mark Nugent 2\...\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe [615808 2009-09-18] (Adobe Systems Incorporated)
HKU\Mark Nugent 2\...\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIH2E.EXE /EPT "EPLTarget\P0000000000000000" /M "WP-4515 Series" /EF "HKCU" [239488 2011-11-22] (SEIKO EPSON CORPORATION)
HKU\Mark Nugent 2\...\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\jing.exe [2918224 2012-02-01] (TechSmith Corporation)
HKU\Mark Nugent 2\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [12218904 2012-07-20] (Google)
HKU\Mark Nugent 2\...\Run: [Spotify Web Helper] "C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe" [1193176 2012-08-24] ()
HKU\Mark Nugent 2\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Mark Nugent 2\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.)
HKU\Mark Nugent 2\...\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [109336 2012-07-27] (Siber Systems)
HKU\UpdatusUser\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKLM-x32\...\runonceex: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-26] (Sonic Solutions)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
AppInit_DLLs:
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (No File)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\CardMinder Viewer.lnk
ShortcutTarget: CardMinder Viewer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe (PFU LIMITED)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Conversion to PDF with ScanSnap Organizer.lnk
ShortcutTarget: Conversion to PDF with ScanSnap Organizer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\NETGEAR WG311v3 Smart Wizard.lnk
ShortcutTarget: NETGEAR WG311v3 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WG311v3\WG311v3.exe ()
Startup: C:\Users\All Users\Start Menu\Programs\Startup\ScanSnap Manager.lnk
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Wireless Utility.lnk
ShortcutTarget: Wireless Utility.lnk -> C:\Program Files (x86)\Edimax\Common\RaUI.exe (Edimax Technology Co.)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Mark Nugent 2\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
ShortcutTarget: BBC iPlayer Desktop.lnk -> C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
Startup: C:\Users\Mark Nugent 2\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Mark Nugent 2\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Mark Nugent 2\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
Startup: C:\Users\UpdatusUser\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ======

2 AcrSch2Svc; "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe" [1118328 2010-10-20] (Acronis)
2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2011-10-16] (Acronis)
2 BecHelperService; C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [1740696 2011-03-23] ()
3 Creative Media Toolbox 6 Licensing Service; "C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe" [79360 2010-02-13] (Creative Labs)
2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [61064 2011-12-23] (CHENGDU YIWO Tech Development Co., Ltd)
3 EhttpSrv; "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" [23296 2009-11-16] (ESET)
2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [735960 2009-11-16] (ESET)
3 getPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll [68000 2010-03-29] (NOS Microsystems Ltd.)
3 GoogleDesktopManager-051210-111108; "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [30192 2010-06-06] (Google)
2 Guard Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [23176 2011-12-23] (CHENGDU YIWO Tech Development Co., Ltd)
2 MsDepSvc; "C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe" -runService:MsDepSvc [67400 2011-04-01] (Microsoft Corporation)
2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2010-09-16] ()
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-07-13] ()
2 RalinkRegistryWriter; C:\Program Files (x86)\Edimax\Common\RaRegistry.exe [185632 2009-12-17] (Ralink Technology, Corp.)
2 RalinkRegistryWriter64; C:\Program Files (x86)\Edimax\Common\RaRegistry64.exe [212256 2009-12-17] (Ralink Technology, Corp.)
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe" [247152 2009-04-17] ()
2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1019328 2012-08-21] (Enigma Software Group USA, LLC.)
3 stllssvr; "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [74392 2009-04-30] (MicroVision Development, Inc.)
2 XobniService; "C:\Program Files (x86)\Xobni\XobniService.exe" [55528 2010-08-04] (Xobni Corporation)
2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]

==================== Drivers (Whitelisted) ===================

3 61883; C:\Windows\System32\Drivers\61883.sys [60288 2009-07-14] (Microsoft Corporation)
3 afcdp; C:\Windows\System32\Drivers\afcdp.sys [285280 2011-10-16] (Acronis)
3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [33736 2009-11-01] (HTC, Corporation)
3 chdrvr01; C:\Windows\System32\Drivers\chdrvr01.sys [251224 2011-05-20] (CH Products)
3 chdrvr02; C:\Windows\System32\Drivers\chdrvr02.sys [13016 2011-05-20] (CH Products)
3 chdrvr03; C:\Windows\System32\Drivers\chdrvr03.sys [17496 2011-05-20] (CH Products)
2 eamon; C:\Windows\System32\Drivers\eamon.sys [145336 2009-11-16] (ESET)
1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [136584 2009-11-16] (ESET)
2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [123200 2009-12-18] (ESET)
3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
0 EUBAKUP; C:\Windows\System32\Drivers\EUBAKUP.sys [57480 2011-12-23] (CHENGDU YIWO Tech Development Co., Ltd)
0 EUBKMON; C:\Windows\System32\Drivers\EUBKMON.sys [51336 2011-12-23] ()
1 EUDSKACS; C:\Windows\System32\Drivers\EUDSKACS.sys [19592 2011-12-23] (CHENGDU YIWO Tech Development Co., Ltd)
1 EUFDDISK; C:\Windows\System32\Drivers\EUFDDISK.sys [189576 2011-12-23] (CHENGDU YIWO Tech Development Co., Ltd)
3 ewusbmbb; C:\Windows\System32\DRIVERS\ewusbwwan.sys [421376 2011-03-23] (Huawei Technologies Co., Ltd.)
3 ew_usbenumfilter; C:\Windows\System32\Drivers\ew_usbenumfilter.sys [13952 2011-03-23] (Huawei Technologies Co., Ltd.)
3 ha20x22k; C:\Windows\System32\Drivers\ha20x22k.sys [1613400 2011-08-11] (Creative Technology Ltd)
3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30304 2010-05-07] ()
3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
2 mdvrmng; C:\Windows\SysWow64\Drivers\mdvrmng.sys [10240 2011-03-23] ()
3 MRV6X64P; C:\Windows\System32\DRIVERS\MRVW13C.sys [244736 2007-05-03] (Marvell Semiconductor, Inc)
2 MySQL; "C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld" --defaults-file="C:\Program Files\MySQL\MySQL Server 5.1\my.ini" MySQL [8916 2011-06-21] ()
3 RTL8187B; C:\Windows\System32\DRIVERS\wg111v3.sys [446976 2009-11-18] (NETGEAR Inc. )
1 RtlProt; C:\Windows\System32\Drivers\RtlProt.sys [31016 2007-04-23] (Windows ® Codename Longhorn DDK provider)
1 RxFilter; C:\Windows\SysWow64\Drivers\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
3 silabenm; C:\Windows\System32\Drivers\silabenm.sys [52224 2010-02-02] (Silicon Laboratories, Inc.)
3 silabser; C:\Windows\System32\Drivers\silabser.sys [72192 2010-02-16] (Silicon Laboratories)
0 snapman; C:\Windows\System32\Drivers\snapman.sys [277088 2011-02-16] (Acronis)
3 tbhsd; C:\Windows\System32\Drivers\tbhsd.sys [46112 2009-12-21] (RapidSolution Software AG)
0 tdrpman273; C:\Windows\System32\DRIVERS\tdrpm273.sys [1263200 2011-10-16] (Acronis)
0 timounter; C:\Windows\System32\DRIVERS\timntr.sys [970336 2011-10-16] (Acronis)
3 RTL8187; C:\Windows\System32\DRIVERS\wg111v2.sys [x]
3 X6va005; \??\C:\Users\MARKNU~2\AppData\Local\Temp\005496E.tmp [x]

==================== NetSvcs (Whitelisted) =================


==================== One Month Created Files and Folders ======================

2012-08-29 08:47 - 2012-08-28 22:30 - 01448001 ____A (Farbar) C:\FRST64.exe
2012-08-28 21:48 - 2012-08-28 21:48 - 971892414 ____A C:\Users\Mark Nugent 2\Desktop\Frank Kern new way to add value.avi
2012-08-28 09:15 - 2012-08-28 21:53 - 00002016 ___AH C:\Users\Mark Nugent 2\My Documents\Default.rdp
2012-08-28 09:15 - 2012-08-28 21:53 - 00002016 ___AH C:\Users\Mark Nugent 2\Documents\Default.rdp
2012-08-27 19:48 - 2012-08-27 19:49 - 00000000 ____D C:\Users\Mark Nugent 2\Desktop\malware
2012-08-27 19:21 - 2012-08-27 19:21 - 00607260 ____A (Swearware) C:\Users\Mark Nugent 2\Downloads\dds.com
2012-08-27 12:42 - 2012-08-28 00:33 - 00000000 ____D C:\Users\Mark Nugent 2\Desktop\Watch
2012-08-25 10:09 - 2012-08-25 10:09 - 00000000 ____D C:\Users\Mark Nugent 2\Local Settings\Application Data\{7F394CEB-0F0B-4729-9757-E8AC1D125881}
2012-08-25 10:09 - 2012-08-25 10:09 - 00000000 ____D C:\Users\Mark Nugent 2\Local Settings\{7F394CEB-0F0B-4729-9757-E8AC1D125881}
2012-08-25 10:09 - 2012-08-25 10:09 - 00000000 ____D C:\Users\Mark Nugent 2\AppData\Local\{7F394CEB-0F0B-4729-9757-E8AC1D125881}
2012-08-24 18:23 - 2012-08-26 18:19 - 00000000 ____D C:\Users\Mark Nugent 2\Desktop\BBC new lessons
2012-08-23 21:14 - 2012-08-24 12:18 - 00000000 ____D C:\Users\Mark Nugent 2\Desktop\Asahi search
2012-08-23 21:14 - 2012-08-23 21:14 - 00000000 ___RD C:\Users\Mark Nugent 2\Desktop\2012
2012-08-23 21:12 - 2012-08-25 10:08 - 00000000 ____D C:\Users\Mark Nugent 2\Desktop\Rob and Fin Go To London
2012-08-23 21:04 - 2012-08-23 21:08 - 00000000 ____D C:\Users\Mark Nugent 2\Local Settings\Application Data\{1FDE96C5-EE7B-4254-AE40-8E2D8066D4AF}
2012-08-23 21:04 - 2012-08-23 21:08 - 00000000 ____D C:\Users\Mark Nugent 2\Local Settings\{1FDE96C5-EE7B-4254-AE40-8E2D8066D4AF}
2012-08-23 21:04 - 2012-08-23 21:08 - 00000000 ____D C:\Users\Mark Nugent 2\AppData\Local\{1FDE96C5-EE7B-4254-AE40-8E2D8066D4AF}
2012-08-23 21:04 - 2012-08-23 21:04 - 00000000 ____D C:\Users\Mark Nugent 2\Local Settings\Application Data\{A0A4687F-A8BA-460D-A603-3F9B2B3C88EE}
2012-08-23 21:04 - 2012-08-23 21:04 - 00000000 ____D C:\Users\Mark Nugent 2\Local Settings\{A0A4687F-A8BA-460D-A603-3F9B2B3C88EE}
2012-08-23 21:04 - 2012-08-23 21:04 - 00000000 ____D C:\Users\Mark Nugent 2\AppData\Local\{A0A4687F-A8BA-460D-A603-3F9B2B3C88EE}
2012-08-23 17:21 - 2012-08-23 17:21 - 00000000 ____D C:\sh4ldr
2012-08-23 17:13 - 2012-07-05 00:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-23 17:13 - 2012-07-05 00:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-08-23 17:13 - 2012-07-05 00:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-08-23 17:13 - 2012-07-04 23:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-08-23 17:13 - 2012-07-04 23:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-08-23 17:13 - 2012-06-27 09:06 - 01494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-23 17:13 - 2012-06-27 09:06 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-23 17:13 - 2012-06-27 09:06 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-23 17:13 - 2012-06-27 09:03 - 09059840 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-23 17:13 - 2012-06-27 09:03 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-23 17:13 - 2012-06-27 09:03 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-23 17:13 - 2012-06-27 09:02 - 12297216 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-23 17:13 - 2012-06-27 09:02 - 02453504 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-23 17:13 - 2012-06-27 09:02 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-23 17:13 - 2012-06-27 09:02 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-23 17:13 - 2012-06-27 07:53 - 01231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-23 17:13 - 2012-06-27 07:53 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-23 17:13 - 2012-06-27 07:53 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-23 17:13 - 2012-06-27 07:51 - 06027776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-23 17:13 - 2012-06-27 07:51 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-23 17:13 - 2012-06-27 07:51 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-23 17:13 - 2012-06-27 07:50 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-23 17:13 - 2012-06-27 07:50 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-23 17:13 - 2012-06-27 07:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-23 17:13 - 2012-06-27 07:50 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-23 17:13 - 2012-06-27 06:53 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-23 17:13 - 2012-06-27 06:10 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-23 17:13 - 2012-06-16 07:16 - 00609792 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-23 17:13 - 2012-06-16 07:15 - 00911360 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-23 17:13 - 2012-06-16 06:26 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-23 17:13 - 2012-06-16 06:26 - 00428032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-23 17:13 - 2012-05-05 10:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-08-23 17:13 - 2012-05-05 09:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2012-08-23 17:13 - 2012-02-11 08:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-08-23 17:13 - 2012-02-11 08:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-08-23 17:13 - 2012-02-11 08:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
2012-08-23 17:13 - 2012-02-11 07:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2012-08-23 17:12 - 2012-07-18 20:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-23 17:12 - 2012-05-14 07:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-08-23 17:06 - 2012-08-23 17:21 - 00000000 ____D C:\Windows\F3D711FAC72D468895B3C7A71DB2F1A0.TMP
2012-08-23 16:54 - 2012-08-23 16:54 - 00285968 ____A C:\Windows\Minidump\082312-49764-01.dmp
2012-08-12 12:46 - 2012-08-12 12:46 - 00000000 ____D C:\Users\Mark Nugent 2\Local Settings\Application Data\{C1F62028-8B18-4B39-A7C8-7CFE3A1E57A9}
2012-08-12 12:46 - 2012-08-12 12:46 - 00000000 ____D C:\Users\Mark Nugent 2\Local Settings\Application Data\{64C862BC-F20B-4FC1-B8B2-C9FFFFE93732}
2012-08-12 12:46 - 2012-08-12 12:46 - 00000000 ____D C:\Users\Mark Nugent 2\Local Settings\{C1F62028-8B18-4B39-A7C8-7CFE3A1E57A9}
2012-08-12 12:46 - 2012-08-12 12:46 - 00000000 ____D C:\Users\Mark Nugent 2\Local Settings\{64C862BC-F20B-4FC1-B8B2-C9FFFFE93732}
2012-08-12 12:46 - 2012-08-12 12:46 - 00000000 ____D C:\Users\Mark Nugent 2\AppData\Local\{C1F62028-8B18-4B39-A7C8-7CFE3A1E57A9}
2012-08-12 12:46 - 2012-08-12 12:46 - 00000000 ____D C:\Users\Mark Nugent 2\AppData\Local\{64C862BC-F20B-4FC1-B8B2-C9FFFFE93732}
2012-08-09 11:01 - 2012-08-09 11:01 - 00000000 ____D C:\Users\Mark Nugent 2\Local Settings\Application Data\{CE93CD62-B581-4ADC-B2FB-BDE671C094E2}
2012-08-09 11:01 - 2012-08-09 11:01 - 00000000 ____D C:\Users\Mark Nugent 2\Local Settings\Application Data\{43469AD3-BA72-4890-8EF1-0E85838F1A19}
2012-08-09 11:01 - 2012-08-09 11:01 - 00000000 ____D C:\Users\Mark Nugent 2\Local Settings\{CE93CD62-B581-4ADC-B2FB-BDE671C094E2}
2012-08-09 11:01 - 2012-08-09 11:01 - 00000000 ____D C:\Users\Mark Nugent 2\Local Settings\{43469AD3-BA72-4890-8EF1-0E85838F1A19}
2012-08-09 11:01 - 2012-08-09 11:01 - 00000000 ____D C:\Users\Mark Nugent 2\AppData\Local\{CE93CD62-B581-4ADC-B2FB-BDE671C094E2}
2012-08-09 11:01 - 2012-08-09 11:01 - 00000000 ____D C:\Users\Mark Nugent 2\AppData\Local\{43469AD3-BA72-4890-8EF1-0E85838F1A19}
2012-08-09 10:15 - 2012-08-09 10:15 - 00000000 ____D C:\Windows\en
2012-08-09 10:12 - 2012-08-09 10:12 - 00000000 ____D C:\Program Files\Windows Live
2012-08-09 09:52 - 2012-08-09 09:52 - 00000000 ____D C:\Users\Mark Nugent 2\Local Settings\Application Data\{5922DB7C-4952-4780-84F8-94F627CEC64A}
2012-08-09 09:52 - 2012-08-09 09:52 - 00000000 ____D C:\Users\Mark Nugent 2\Local Settings\{5922DB7C-4952-4780-84F8-94F627CEC64A}
2012-08-09 09:52 - 2012-08-09 09:52 - 00000000 ____D C:\Users\Mark Nugent 2\AppData\Local\{5922DB7C-4952-4780-84F8-94F627CEC64A}
2012-08-08 19:59 - 2012-08-08 19:59 - 00459264 ____A (Electronic Arts Inc.) C:\Users\Mark Nugent 2\Application Data\qcofil.dll
2012-08-08 19:59 - 2012-08-08 19:59 - 00459264 ____A (Electronic Arts Inc.) C:\Users\Mark Nugent 2\AppData\Roaming\qcofil.dll
2012-08-08 19:59 - 2012-08-08 19:59 - 00000426 ____A C:\Windows\chrome_installer.log
2012-08-08 19:59 - 2012-08-08 19:59 - 00000000 ____D C:\Users\Mark Nugent 2\Local Settings\Application Data\{D812F46F-E182-11E1-8270-B8AC6F996F26}
2012-08-08 19:59 - 2012-08-08 19:59 - 00000000 ____D C:\Users\Mark Nugent 2\Local Settings\Application Data\{D812BA45-E182-11E1-8270-B8AC6F996F26}
2012-08-08 19:59 - 2012-08-08 19:59 - 00000000 ____D C:\Users\Mark Nugent 2\Local Settings\{D812F46F-E182-11E1-8270-B8AC6F996F26}
2012-08-08 19:59 - 2012-08-08 19:59 - 00000000 ____D C:\Users\Mark Nugent 2\Local Settings\{D812BA45-E182-11E1-8270-B8AC6F996F26}
2012-08-08 19:59 - 2012-08-08 19:59 - 00000000 ____D C:\Users\Mark Nugent 2\AppData\Local\{D812F46F-E182-11E1-8270-B8AC6F996F26}
2012-08-08 19:59 - 2012-08-08 19:59 - 00000000 ____D C:\Users\Mark Nugent 2\AppData\Local\{D812BA45-E182-11E1-8270-B8AC6F996F26}
2012-08-08 19:58 - 2012-08-08 19:58 - 00000012 ____A C:\Windows\srun.log
2012-08-08 14:44 - 2012-08-23 17:21 - 00000000 ____D C:\Windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-08-08 14:44 - 2012-08-08 14:44 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-08-07 12:30 - 2012-08-07 13:18 - 00002933 ____A C:\ecls.txt
2012-08-07 12:27 - 2012-08-07 12:27 - 00000138 ____A C:\Users\Mark Nugent 2\Desktop\eav_cmd_scan.bat
2012-08-06 13:41 - 2012-08-06 13:41 - 00000000 ____D C:\Windows\SysWOW64\%APPDATA%
2012-08-04 21:02 - 2012-08-04 21:02 - 00000000 ____D C:\Users\Mark Nugent 2\Local Settings\Application Data\{32BBEC58-C13C-4D50-B8D9-FE240C59D4A7}
2012-08-04 21:02 - 2012-08-04 21:02 - 00000000 ____D C:\Users\Mark Nugent 2\Local Settings\Application Data\{320BFBD5-3928-4ED6-B330-247F08DFE20C}
2012-08-04 21:02 - 2012-08-04 21:02 - 00000000 ____D C:\Users\Mark Nugent 2\Local Settings\{32BBEC58-C13C-4D50-B8D9-FE240C59D4A7}
2012-08-04 21:02 - 2012-08-04 21:02 - 00000000 ____D C:\Users\Mark Nugent 2\Local Settings\{320BFBD5-3928-4ED6-B330-247F08DFE20C}
2012-08-04 21:02 - 2012-08-04 21:02 - 00000000 ____D C:\Users\Mark Nugent 2\AppData\Local\{32BBEC58-C13C-4D50-B8D9-FE240C59D4A7}
2012-08-04 21:02 - 2012-08-04 21:02 - 00000000 ____D C:\Users\Mark Nugent 2\AppData\Local\{320BFBD5-3928-4ED6-B330-247F08DFE20C}
2012-08-04 20:32 - 2012-08-23 21:04 - 00000000 ____D C:\Users\Mark Nugent 2\Local Settings\Windows Live
2012-08-04 20:32 - 2012-08-23 21:04 - 00000000 ____D C:\Users\Mark Nugent 2\Local Settings\Application Data\Windows Live
2012-08-04 20:32 - 2012-08-23 21:04 - 00000000 ____D C:\Users\Mark Nugent 2\AppData\Local\Windows Live
2012-08-03 17:49 - 2012-08-03 17:49 - 00000000 ____D C:\Users\Mark Nugent 2\Application Data\Birdstep Technology
2012-08-03 17:49 - 2012-08-03 17:49 - 00000000 ____D C:\Users\Mark Nugent 2\AppData\Roaming\Birdstep Technology
2012-08-03 17:49 - 2012-08-03 17:49 - 00000000 ____D C:\Program Files (x86)\3 Mobile Broadband
2012-08-03 17:49 - 2011-03-23 17:17 - 00010240 ____A C:\Windows\SysWOW64\Drivers\mdvrmng.sys
2012-08-03 14:16 - 2012-08-03 14:16 - 00000000 ____D C:\Program Files\Paint.NET
2012-08-03 14:15 - 2012-08-05 14:32 - 00000000 ____D C:\Users\Mark Nugent 2\Local Settings\Paint.NET
2012-08-03 14:15 - 2012-08-05 14:32 - 00000000 ____D C:\Users\Mark Nugent 2\Local Settings\Application Data\Paint.NET
2012-08-03 14:15 - 2012-08-05 14:32 - 00000000 ____D C:\Users\Mark Nugent 2\AppData\Local\Paint.NET
2012-08-03 10:58 - 2009-10-06 12:57 - 00737792 ____A (Ralink Technology, Corp.) C:\Windows\System32\Drivers\netr28x.sys
2012-08-03 10:58 - 2009-10-06 12:57 - 00013931 ____A C:\Windows\SysWOW64\RaCoInst.dat
2012-08-03 10:55 - 2009-10-06 12:57 - 00013931 ____A C:\Windows\System32\RaCoInst.dat
2012-08-03 10:55 - 2009-10-06 12:57 - 00000096 ____A C:\Program1
2012-08-01 12:38 - 2012-08-01 12:38 - 00000970 ____A C:\Users\UpdatusUser\Desktop\Quick Screen Capture.lnk
2012-08-01 12:38 - 2012-08-01 12:38 - 00000000 ____D C:\Program Files (x86)\Quick Screen Capture
2012-08-01 12:38 - 2012-08-01 12:38 - 00000000 ____D C:\MyCaptures
2012-07-31 23:41 - 2012-07-31 23:41 - 00002125 ____A C:\Users\UpdatusUser\Desktop\Ubisoft Product Registration.lnk
2012-07-31 23:40 - 2002-10-17 10:35 - 00026096 ___RA (Microsoft Corporation) C:\Windows\SysWOW64\xmlinst.exe
2012-07-31 23:40 - 2002-04-24 12:43 - 00035840 ___RA C:\Windows\SysWOW64\comdlg32.oca
2012-07-31 23:40 - 2002-04-09 17:23 - 00029184 ___RA C:\Windows\SysWOW64\MSINET.oca
2012-07-31 23:40 - 2001-05-04 11:05 - 00505104 ___RA (Microsoft Corporation) C:\Windows\SysWOW64\msxml.dll
2012-07-31 23:40 - 2001-05-04 11:05 - 00028432 ___RA (Microsoft Corporation) C:\Windows\SysWOW64\msxmlr.dll
2012-07-31 23:40 - 2000-03-17 08:21 - 00069632 ___RA C:\Windows\SysWOW64\xmltok.dll
2012-07-31 23:40 - 2000-03-17 08:21 - 00036864 ___RA C:\Windows\SysWOW64\xmlparse.dll
2012-07-31 23:40 - 1998-06-18 00:00 - 00089360 ___RA (Microsoft Corporation) C:\Windows\SysWOW64\VB5DB.DLL


==================== 3 Months Modified Files ================================

2012-08-29 08:49 - 2009-07-14 07:10 - 01052374 ____A C:\Windows\WindowsUpdate.log
2012-08-29 08:35 - 2011-02-12 19:07 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-29 08:34 - 2009-07-14 06:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-29 08:34 - 2009-07-14 06:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-29 08:26 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-29 08:26 - 2009-07-14 06:51 - 00164496 ____A C:\Windows\setupact.log
2012-08-29 01:56 - 2011-02-12 19:07 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-29 01:51 - 2011-09-02 17:19 - 00000940 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-798918132-2086649113-474899973-1009UA.job
2012-08-29 00:55 - 2009-07-14 07:13 - 00797442 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-29 00:51 - 2011-09-02 17:19 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-798918132-2086649113-474899973-1009Core.job
2012-08-28 22:30 - 2012-08-29 08:47 - 01448001 ____A (Farbar) C:\FRST64.exe
2012-08-28 21:53 - 2012-08-28 09:15 - 00002016 ___AH C:\Users\Mark Nugent 2\My Documents\Default.rdp
2012-08-28 21:53 - 2012-08-28 09:15 - 00002016 ___AH C:\Users\Mark Nugent 2\Documents\Default.rdp
2012-08-28 21:48 - 2012-08-28 21:48 - 971892414 ____A C:\Users\Mark Nugent 2\Desktop\Frank Kern new way to add value.avi
2012-08-27 19:21 - 2012-08-27 19:21 - 00607260 ____A (Swearware) C:\Users\Mark Nugent 2\Downloads\dds.com
2012-08-24 08:20 - 2009-07-14 06:45 - 00498000 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-24 01:29 - 2009-12-29 12:39 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-23 16:54 - 2012-08-23 16:54 - 00285968 ____A C:\Windows\Minidump\082312-49764-01.dmp
2012-08-23 16:53 - 2010-01-11 21:25 - 743987935 ____A C:\Windows\MEMORY.DMP
2012-08-09 13:09 - 2012-03-27 14:49 - 00001122 ____A C:\Windows\System32\Thiefs Force Slave To bleep In Brutal Deepthroat And Double Penetration Gang Bang Sex Video - Free Porn Videos, Sex Movies - Cumshot, Group Sex, Double Penetrations, Fetish, Group Porn - 21.flv.lnk
2012-08-09 13:05 - 2012-03-02 11:54 - 00001089 ____A C:\Windows\System32\Nurse Sucking Cock Of Doctor Then Taking A Patient And Banging Her In Extreme Slave Bondage Sex - Free Porn Videos, Sex Movies - Rough, Spanked, Fetish, Slave, Bondage Porn - 237637 - DrTu.flv.lnk
2012-08-09 13:03 - 2012-01-17 13:22 - 00001212 ____A C:\Windows\System32\Jaelyn is a deviant Nubile that is extremely passionate about bleep. She likes it hard, she loves it rough, and she receives the cock like a prize winning champion. Jaelyn is a needle in.flv.lnk
2012-08-09 10:10 - 2009-12-19 00:45 - 00112469 ____A C:\Windows\DirectX.log
2012-08-08 19:59 - 2012-08-08 19:59 - 00459264 ____A (Electronic Arts Inc.) C:\Users\Mark Nugent 2\Application Data\qcofil.dll
2012-08-08 19:59 - 2012-08-08 19:59 - 00459264 ____A (Electronic Arts Inc.) C:\Users\Mark Nugent 2\AppData\Roaming\qcofil.dll
2012-08-08 19:59 - 2012-08-08 19:59 - 00000426 ____A C:\Windows\chrome_installer.log
2012-08-08 19:58 - 2012-08-08 19:58 - 00000012 ____A C:\Windows\srun.log
2012-08-07 16:49 - 2009-12-29 09:49 - 00000036 ____A C:\Windows\iltwain.ini
2012-08-07 13:18 - 2012-08-07 12:30 - 00002933 ____A C:\ecls.txt
2012-08-07 12:27 - 2012-08-07 12:27 - 00000138 ____A C:\Users\Mark Nugent 2\Desktop\eav_cmd_scan.bat
2012-08-06 14:45 - 2011-07-18 20:46 - 00073728 __ASH C:\Users\Mark Nugent 2\My Documents\Thumbs.db
2012-08-06 14:45 - 2011-07-18 20:46 - 00073728 __ASH C:\Users\Mark Nugent 2\Documents\Thumbs.db
2012-08-03 17:49 - 2011-11-05 16:52 - 00012365 ____A C:\Windows\TdiInstall.log
2012-08-03 17:40 - 2009-12-19 09:25 - 00656896 ____A C:\Windows\PFRO.log
2012-08-03 10:58 - 2009-07-14 04:34 - 00000566 ____A C:\Windows\win.ini
2012-08-01 12:38 - 2012-08-01 12:38 - 00000970 ____A C:\Users\UpdatusUser\Desktop\Quick Screen Capture.lnk
2012-08-01 12:32 - 2012-02-07 11:39 - 00000224 ____A C:\Windows\ScreenHunter.INI
2012-07-31 23:41 - 2012-07-31 23:41 - 00002125 ____A C:\Users\UpdatusUser\Desktop\Ubisoft Product Registration.lnk
2012-07-31 11:14 - 2010-10-23 18:19 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-07-31 11:14 - 2010-07-06 19:40 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-07-31 11:13 - 2010-07-06 19:40 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-07-26 09:14 - 2009-07-14 07:08 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-25 11:44 - 2011-02-02 21:32 - 00049152 ____A C:\Users\Mark Nugent 2\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-25 11:44 - 2011-02-02 21:32 - 00049152 ____A C:\Users\Mark Nugent 2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-25 11:44 - 2011-02-02 21:32 - 00049152 ____A C:\Users\Mark Nugent 2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-24 17:28 - 2012-07-24 17:27 - 11881936 ____A (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Mark Nugent 2\gosetup.exe
2012-07-18 20:15 - 2012-08-23 17:12 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-16 20:43 - 2012-07-16 20:43 - 00004096 __ASH C:\{8515CAFF-22A2-458D-86D9-8A02F6D1EB1C}.CBM
2012-07-16 20:43 - 2012-06-25 23:17 - 00476160 __ASH C:\{12834B0C-1948-48A1-B3D0-C0E69BA4319E}.CBM
2012-07-16 20:43 - 2012-06-18 19:29 - 00476160 __ASH C:\{5E49A369-CEC4-4458-93CB-DEE01D033D1B}.CBM
2012-07-16 13:25 - 2012-01-30 16:23 - 00472576 __ASH C:\EUMONBMP.SYS
2012-07-15 18:06 - 2012-07-15 17:39 - 457029659 ____A C:\Users\Mark Nugent 2\Downloads\backup-7.15.2012_10-16-28_mjnugent.tar.gz
2012-07-15 17:39 - 2012-07-15 17:20 - 457028371 ____A C:\Users\Mark Nugent 2\Downloads\backup-7.15.2012_10-16-28_mjnugent.tar.gz.part
2012-07-13 15:34 - 2010-07-06 19:40 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2012-07-12 04:05 - 2012-07-12 04:05 - 00263264 ____A C:\Windows\msxml4-KB2721691-enu.LOG
2012-07-07 21:06 - 2012-07-07 20:26 - 00001581 ____A C:\Windows\KB893803v2.log
2012-07-05 00:16 - 2012-08-23 17:13 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-05 00:13 - 2012-08-23 17:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-05 00:13 - 2012-08-23 17:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 23:16 - 2012-08-23 17:13 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 23:14 - 2012-08-23 17:13 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-06-27 09:06 - 2012-08-23 17:13 - 01494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-27 09:06 - 2012-08-23 17:13 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-27 09:06 - 2012-08-23 17:13 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-27 09:03 - 2012-08-23 17:13 - 09059840 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-27 09:03 - 2012-08-23 17:13 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-06-27 09:03 - 2012-08-23 17:13 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-27 09:02 - 2012-08-23 17:13 - 12297216 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-27 09:02 - 2012-08-23 17:13 - 02453504 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-27 09:02 - 2012-08-23 17:13 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-27 09:02 - 2012-08-23 17:13 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-27 07:53 - 2012-08-23 17:13 - 01231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-27 07:53 - 2012-08-23 17:13 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-27 07:53 - 2012-08-23 17:13 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-27 07:51 - 2012-08-23 17:13 - 06027776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-27 07:51 - 2012-08-23 17:13 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-06-27 07:51 - 2012-08-23 17:13 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-27 07:50 - 2012-08-23 17:13 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-27 07:50 - 2012-08-23 17:13 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-27 07:50 - 2012-08-23 17:13 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-27 07:50 - 2012-08-23 17:13 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-27 06:53 - 2012-08-23 17:13 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-27 06:10 - 2012-08-23 17:13 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-25 17:04 - 2012-06-25 17:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll
2012-06-23 11:29 - 2012-04-12 09:39 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-23 11:29 - 2011-05-30 21:09 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-22 17:47 - 2011-11-07 18:47 - 00003553 ____A C:\Users\Mark Nugent 2\Sti_Trace.log
2012-06-16 07:16 - 2012-08-23 17:13 - 00609792 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-06-16 07:15 - 2012-08-23 17:13 - 00911360 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-16 06:26 - 2012-08-23 17:13 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-16 06:26 - 2012-08-23 17:13 - 00428032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-06-09 07:43 - 2012-07-11 11:06 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-09 06:41 - 2012-07-11 11:06 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-06 21:59 - 2012-06-06 21:59 - 01070152 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2012-06-06 08:06 - 2012-07-11 11:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-06 08:06 - 2012-07-11 11:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-06 08:02 - 2012-07-11 11:06 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-06 07:05 - 2012-07-11 11:06 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-06 07:05 - 2012-07-11 11:06 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-06 07:03 - 2012-07-11 11:06 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-03 00:19 - 2012-06-19 16:29 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-03 00:19 - 2012-06-19 16:29 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-03 00:19 - 2012-06-19 16:29 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-03 00:19 - 2012-06-19 16:29 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-03 00:19 - 2012-06-19 16:29 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-03 00:15 - 2012-06-19 16:29 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-03 00:15 - 2012-06-19 16:29 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 16:19 - 2012-06-19 16:28 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 16:15 - 2012-06-19 16:28 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 07:50 - 2012-07-11 11:06 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-02 07:48 - 2012-07-11 11:06 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-02 07:48 - 2012-07-11 11:06 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 07:45 - 2012-07-11 11:06 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-02 07:44 - 2012-07-11 11:06 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-02 06:40 - 2012-07-11 11:06 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-02 06:40 - 2012-07-11 11:06 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-02 06:39 - 2012-07-11 11:06 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-02 06:34 - 2012-07-11 11:06 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-06-01 16:09 - 2010-04-02 16:39 - 00782910 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-01 15:59 - 2012-06-01 15:59 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ssadadb_01005.Wdf

ZeroAccess:
C:\Windows\Installer\{86f9b185-1901-f3e3-4918-4280736c5554}
C:\Windows\Installer\{86f9b185-1901-f3e3-4918-4280736c5554}\@
C:\Windows\Installer\{86f9b185-1901-f3e3-4918-4280736c5554}\L
C:\Windows\Installer\{86f9b185-1901-f3e3-4918-4280736c5554}\U
C:\Windows\Installer\{86f9b185-1901-f3e3-4918-4280736c5554}\L\00000004.@
C:\Windows\Installer\{86f9b185-1901-f3e3-4918-4280736c5554}\L\201d3dde
C:\Windows\Installer\{86f9b185-1901-f3e3-4918-4280736c5554}\U\00000004.@
C:\Windows\Installer\{86f9b185-1901-f3e3-4918-4280736c5554}\U\80000032.@

ZeroAccess:
C:\Users\Mark Nugent 2\AppData\Local\{86f9b185-1901-f3e3-4918-4280736c5554}
C:\Users\Mark Nugent 2\AppData\Local\{86f9b185-1901-f3e3-4918-4280736c5554}\@
C:\Users\Mark Nugent 2\AppData\Local\{86f9b185-1901-f3e3-4918-4280736c5554}\L
C:\Users\Mark Nugent 2\AppData\Local\{86f9b185-1901-f3e3-4918-4280736c5554}\U

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-08-23 17:19:35
Restore point made on: 2012-08-24 01:29:00

==================== Memory info ===========================

Percentage of memory in use: 7%
Total physical RAM: 16375.12 MB
Available physical RAM: 15156.24 MB
Total Pagefile: 16373.27 MB
Available Pagefile: 15145.94 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions ============================

1 Drive c: (Internal Drive) (Fixed) (Total:921.82 GB) (Free:210.86 GB) NTFS
3 Drive e: (RECOVERY) (Fixed) (Total:9.61 GB) (Free:0.33 GB) NTFS ==>[System with boot components (obtained from reading drive)]
9 Drive k: (2TB Drive On Desk) (Fixed) (Total:1863.02 GB) (Free:1833.14 GB) NTFS
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 Online 1863 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 78 MB 31 KB
Partition 2 Primary 9 GB 79 MB
Partition 3 Primary 921 GB 9 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 9 FAT Partition 78 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 E RECOVERY NTFS Partition 9 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Internal Dr NTFS Partition 921 GB Healthy

==================================================================================

Partitions of Disk 6:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1863 GB 1024 KB

==================================================================================

Disk: 6
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 K 2TB Drive O NTFS Partition 1863 GB Healthy

==================================================================================

Last Boot: 2012-08-27 01:11

==================== End Of Log =============================



Farbar Recovery Scan Tool Version: 28-08-2012
Ran by SYSTEM at 2012-08-29 08:56:23
Running from C:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-14 01:19] - [2009-07-14 03:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-14 01:19] - [2009-07-14 03:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:41 AM

Posted 29 August 2012 - 05:02 PM

The fix I'm going to give you is assuming you are using a USB, so adjust the instructions to save the fix directly to the C:\ drive as you had to do before and then run the fix from the C:\ drive while in the recovery environment


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
C:\Windows\Installer\{86f9b185-1901-f3e3-4918-4280736c5554}
C:\Users\Mark Nugent 2\AppData\Local\{86f9b185-1901-f3e3-4918-4280736c5554}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
replace:  C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.


NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 marknugent

marknugent
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 30 August 2012 - 04:00 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 29-08-2012 03
Ran by SYSTEM at 2012-08-30 09:00:53 Run:1
Running from C:\

==============================================

C:\Windows\Installer\{86f9b185-1901-f3e3-4918-4280736c5554} moved successfully.
C:\Users\Mark Nugent 2\AppData\Local\{86f9b185-1901-f3e3-4918-4280736c5554} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

Ran Combofix and after 10 mins or so my pc rebooted. I then saw the blue screen "writing log, do not start any programs". Certain programs did start as they are set up to on reboot. The blue screen just hung plus a message "Fatal error - could not start child process."

I rebooted the pc and ran Combofix again - same thing, hung at blue screen (no fatal error message this time). So, I have no combofix log. The pc seems to be fine. NOD32 not picking up any trojans.

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:41 AM

Posted 30 August 2012 - 08:52 PM

Please run ComboFix in safe mode and see if we can get a log


To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
  • go into your usual account

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 marknugent

marknugent
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 02 September 2012 - 06:00 AM

ComboFix 12-08-29.03 - Mark Nugent 2 02/09/2012 11:15:59.3.8 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.16375.14527 [GMT 1:00]
Running from: c:\users\Mark Nugent 2\Desktop\malware\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-08-02 to 2012-09-02 )))))))))))))))))))))))))))))))
.
.
2012-09-02 10:26 . 2012-09-02 10:26 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-09-02 10:26 . 2012-09-02 10:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-29 07:49 . 2012-08-29 07:49 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-29 07:48 . 2012-08-29 07:47 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-29 07:48 . 2012-08-29 07:48 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-29 06:53 . 2012-08-29 06:54 -------- d-----w- C:\FRST
2012-08-23 15:21 . 2012-08-23 15:21 110080 ----a-r- c:\users\Mark Nugent 2\AppData\Roaming\Microsoft\Installer\{F3D711FA-C72D-4688-95B3-C7A71DB2F1A0}\IconF7A21AF7.exe
2012-08-23 15:21 . 2012-08-23 15:21 110080 ----a-r- c:\users\Mark Nugent 2\AppData\Roaming\Microsoft\Installer\{F3D711FA-C72D-4688-95B3-C7A71DB2F1A0}\IconD7F16134.exe
2012-08-23 15:21 . 2012-08-23 15:21 110080 ----a-r- c:\users\Mark Nugent 2\AppData\Roaming\Microsoft\Installer\{F3D711FA-C72D-4688-95B3-C7A71DB2F1A0}\Icon5B4E0377.exe
2012-08-23 15:21 . 2012-08-23 15:21 -------- d-----w- C:\sh4ldr
2012-08-23 15:12 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-23 15:12 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-23 15:06 . 2012-08-23 15:21 -------- d-----w- c:\windows\F3D711FAC72D468895B3C7A71DB2F1A0.TMP
2012-08-09 08:15 . 2012-08-09 08:15 -------- d-----w- c:\windows\en
2012-08-09 08:12 . 2012-08-09 08:12 -------- d-----w- c:\program files\Windows Live
2012-08-09 08:12 . 2012-08-09 08:12 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-08-09 08:08 . 2012-08-09 08:08 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\2d65af891cd760601\DSETUP.dll
2012-08-09 08:08 . 2012-08-09 08:08 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\2d65af891cd760601\DXSETUP.exe
2012-08-09 08:08 . 2012-08-09 08:08 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\2d65af891cd760601\dsetup32.dll
2012-08-08 17:59 . 2012-08-08 17:59 -------- d-----w- c:\users\Mark Nugent 2\AppData\Local\{D812F46F-E182-11E1-8270-B8AC6F996F26}
2012-08-08 17:59 . 2012-08-08 17:59 -------- d-----w- c:\users\Mark Nugent 2\AppData\Local\{D812BA45-E182-11E1-8270-B8AC6F996F26}
2012-08-08 12:44 . 2012-08-08 12:44 -------- d-----w- c:\program files\Enigma Software Group
2012-08-08 12:44 . 2012-08-23 15:21 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-08-08 12:44 . 2012-08-23 15:06 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-08-06 11:41 . 2012-08-06 11:41 -------- d-----w- c:\windows\SysWow64\%APPDATA%
2012-08-04 18:32 . 2012-08-23 19:04 -------- d-----w- c:\users\Mark Nugent 2\AppData\Local\Windows Live
2012-08-03 15:49 . 2012-08-03 15:49 -------- d-----w- c:\users\Mark Nugent 2\AppData\Roaming\Birdstep Technology
2012-08-03 15:49 . 2011-03-23 15:17 10240 ----a-w- c:\windows\SysWow64\drivers\mdvrmng.sys
2012-08-03 15:49 . 2012-08-03 15:49 -------- d-----w- c:\program files (x86)\3 Mobile Broadband
2012-08-03 12:16 . 2012-08-03 12:16 -------- d-----w- c:\program files\Paint.NET
2012-08-03 12:15 . 2012-08-05 12:32 -------- d-----w- c:\users\Mark Nugent 2\AppData\Local\Paint.NET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-29 07:47 . 2010-09-12 12:32 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-23 23:29 . 2009-12-29 10:39 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-31 09:14 . 2010-10-23 16:19 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-07-31 09:14 . 2010-07-06 17:40 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-31 09:13 . 2010-07-06 17:40 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-07-13 13:34 . 2010-07-06 17:40 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-06-29 10:04 . 2012-08-06 22:46 9133488 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BFA9AB72-AAB2-42E9-BE2A-6D5880955858}\mpengine.dll
2012-06-25 15:04 . 2012-06-25 15:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-23 09:29 . 2012-04-12 07:39 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 09:29 . 2011-05-30 19:09 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-09 05:43 . 2012-07-11 09:06 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 19:59 . 2012-06-06 19:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06 . 2012-07-11 09:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 09:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 09:06 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 09:06 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 09:06 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 09:06 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Mark Nugent 2\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Mark Nugent 2\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Mark Nugent 2\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-06-07 3491264]
"CAHeadless"="c:\program files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe" [2009-09-18 615808]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIH2E.EXE" [2011-11-22 239488]
"Jing"="c:\program files (x86)\TechSmith\Jing\jing.exe" [2012-02-01 2918224]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-07-20 12218904]
"Spotify Web Helper"="c:\program files (x86)\Spotify\Data\SpotifyWebHelper.exe" [2012-08-24 1193176]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-07-27 109336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2009-04-09 241789]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-24 140520]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"Google Desktop Search"="c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-06 30192]
"CaddieSyncLauncher"="c:\program files (x86)\SkyGolf\SkyCaddie Desktop\CaddieSyncLauncher.exe" [2009-11-19 95744]
"ScanSnap WIA Service Checker"="c:\windows\SSDriver\fi5110\SsWiaChecker.exe" [2009-09-30 86016]
"SAOB Monitor"="c:\program files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2011-09-22 2537096]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-09-22 5551288]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"EaseUs Watch"="c:\program files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe" [2011-12-22 70792]
"EaseUs Tray"="c:\program files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe" [2011-12-26 743560]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"CTxfiHlp"="CTXFIHLP.EXE" [2011-08-11 24576]
"TkBellExe"="c:\program files (x86)\real\realplayer\update\realsched.exe" [2012-05-20 296056]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CtxfiReg"="CTXFIREG.exe" [2011-08-11 47104]
.
c:\users\Mark Nugent 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2011-9-20 142848]
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
Dropbox.lnk - c:\users\Mark Nugent 2\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-5-9 1014112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe [N/A]
CardMinder Viewer.lnk - c:\program files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe [2010-9-25 77824]
Conversion to PDF with ScanSnap Organizer.lnk - c:\program files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe [2010-9-25 15360]
NETGEAR WG311v3 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WG311v3\WG311v3.exe [2009-10-12 1785856]
ScanSnap Manager.lnk - c:\program files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe [2010-9-25 1146880]
Wireless Utility.lnk - c:\program files (x86)\Edimax\Common\RaUI.exe [2011-11-29 1638400]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-12 136176]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-12-18 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-12-18 79360]
R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2010-02-12 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2011-08-11 230488]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2011-08-11 1445976]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2011-08-11 95320]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-03-23 117248]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2011-03-23 13952]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [2011-03-23 421376]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-06 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-12 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 29720]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2010-05-14 271712]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2010-05-14 329952]
R3 LVUVC64;Logitech Webcam C160(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2010-05-14 6465760]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-29 114144]
R3 MRV6X64P;Vista 64-bits Native WiFi Driver;c:\windows\system32\DRIVERS\MRVW13C.sys [2007-05-03 244736]
R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2009-07-03 982016]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys [x]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2009-11-18 446976]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [2010-02-02 52224]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [2010-02-16 72192]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-07 1255736]
R3 X6va005;X6va005;c:\users\MARKNU~2\AppData\Local\Temp\005496E.tmp [x]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-12-22 57480]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-12-22 51336]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2011-10-16 1263200]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 136584]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-12-22 19592]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2011-12-22 189576]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 31016]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-10-16 3246040]
S2 BecHelperService;BecHelperService;c:\program files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2011-03-23 1740696]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 EaseUS Agent;EaseUS Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2011-12-22 61064]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-11-16 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-12-18 123200]
S2 Guard Agent;Guard Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2011-12-22 23176]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-04-23 154272]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]
S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-01 67400]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Edimax\Common\RaRegistry64.exe [2009-12-17 212256]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-08-17 656624]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]
S2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe [2010-08-04 55528]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-10-16 285280]
S3 chdrvr01;CH Control Manager Driver 1;c:\windows\system32\DRIVERS\chdrvr01.sys [2011-05-20 251224]
S3 chdrvr02;CH Control Manager Driver 2;c:\windows\system32\DRIVERS\chdrvr02.sys [2011-05-20 13016]
S3 chdrvr03;chdrvr03;c:\windows\system32\DRIVERS\chdrvr03.sys [2011-05-20 17496]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2011-08-11 230488]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2011-08-11 1445976]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2011-08-11 95320]
S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2011-08-11 1613400]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-03-23 86016]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-20 317480]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-10-06 737792]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 19:02 114688 ----a-w- c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-12 17:07]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-12 17:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Mark Nugent 2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Mark Nugent 2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Mark Nugent 2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Mark Nugent 2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-07-20 14:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-07-20 14:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-07-20 14:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-07-20 14:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2716216]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-11-04 980368]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-10-20 394768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.searchqu.com/406
mStart Page = hxxp://startsear.ch/?aff=1
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
Trusted Zone: ebay.co.uk\www
Trusted Zone: ebay.com\www
TCP: DhcpNameServer = 192.168.1.254
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Mark Nugent 2\AppData\Roaming\Mozilla\Firefox\Profiles\8ob2o9fb.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=179&systemid=406&sr=0&q=
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-{28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll
Wow6432Node-HKCU-Run-Sidebar - c:\program files (x86)\Windows Sidebar\Sidebar.exe
Wow6432Node-HKLM-Run-DivX Download Manager - c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\X6va005]
"ImagePath"="\??\c:\users\MARKNU~2\AppData\Local\Temp\005496E.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-798918132-2086649113-474899973-1009_Classes\Wow6432Node\CLSID\{6df26b6f-b4c5-41d6-bee5-337fccd436e9}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000096
"Therad"=dword:0000001c
"MData"=hex(0):9d,62,f1,12,47,25,1a,02,01,52,12,92,9c,a4,77,0b,44,8c,fd,70,d5,
95,d8,3a,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-798918132-2086649113-474899973-1009_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):93,94,5d,08,3e,37,b7,ef,eb,93,97,13,ab,7a,40,d1,95,53,2b,9d,5a,
a9,41,df,dc,a2,59,14,56,8e,51,13,d4,2c,22,40,bc,a8,f8,6c,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Citrix\GoToMyPC\g2svc.exe
c:\program files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Citrix\GoToMyPC\g2comm.exe
c:\program files (x86)\Citrix\GoToMyPC\g2pre.exe
c:\program files (x86)\Citrix\GoToMyPC\g2tray.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Edimax\Common\RaRegistry.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2012-09-02 11:35:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-02 10:35
.
Pre-Run: 351,963,983,872 bytes free
Post-Run: 351,936,499,712 bytes free
.
- - End Of File - - 0F9CF6202B6ECCB1FEEC6CE3187B2FB8

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:41 AM

Posted 02 September 2012 - 07:46 AM

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

DDS::
uStart Page = hxxp://www.searchqu.com/406
mStart Page = hxxp://startsear.ch/?aff=1

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT


  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 marknugent

marknugent
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 02 September 2012 - 08:16 AM

Hi - do I just download MBAM from the internet?

Mark

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:41 AM

Posted 02 September 2012 - 08:21 AM

my apologies, I thought you already had the program (I had two threads open at once)

please download it from here:

Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Edited by CatByte, 02 September 2012 - 08:21 AM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 marknugent

marknugent
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 02 September 2012 - 02:28 PM

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.02.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Mark Nugent 2 :: MARKSXPS8000 [administrator]

Protection: Enabled

02/09/2012 16:42:50
mbam-log-2012-09-02 (16-42-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 233352
Time elapsed: 2 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 5
HKCR\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MightyMagooText.Linker (PUP.MightyMagoo) -> Quarantined and deleted successfully.
HKCR\MightyMagooText.Linker.1 (PUP.MightyMagoo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bad: (http://startsear.ch/?aff=1) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)





C:\FRST\Quarantine\services.exe Win64/Patched.B.Gen trojan
C:\FRST\Quarantine\{86f9b185-1901-f3e3-4918-4280736c5554}\U\80000032.@ a variant of Win32/Sirefef.FD trojan
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\Qoobox\Quarantine\C\Users\Mark Nugent 2\AppData\Roaming\qcofil.dll.vir a variant of Win32/Medfos.CD trojan
C:\Users\Mark Nugent 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\22d3a818-18ed2183 a variant of Java/Exploit.CVE-2012-1723.BG trojan
C:\Users\Mark Nugent 2\Downloads\Programs\avc-free.exe Win32/OpenCandy application
C:\Users\Mark Nugent 2\Downloads\Programs\winamp561_full_emusic-7plus_en-us.exe Win32/OpenCandy application

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:41 AM

Posted 02 September 2012 - 02:41 PM

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Users\Mark Nugent 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\22d3a818-18ed2183 
C:\Users\Mark Nugent 2\Downloads\Programs\avc-free.exe 
C:\Users\Mark Nugent 2\Downloads\Programs\winamp561_full_emusic-7plus_en-us.exe 

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT



  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List installed programs.

Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.

NEXT


Please download Farbar Service Scanner to your desktop and run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.



NEXT



Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 marknugent

marknugent
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 03 September 2012 - 03:22 PM

ComboFix 12-09-03.07 - Mark Nugent 2 03/09/2012 19:49:42.5.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.16375.13242 [GMT 1:00]
Running from: c:\users\Mark Nugent 2\Desktop\malware\ComboFix.exe
Command switches used :: c:\users\Mark Nugent 2\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Mark Nugent 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\22d3a818-18ed2183"
"c:\users\Mark Nugent 2\Downloads\Programs\avc-free.exe"
"c:\users\Mark Nugent 2\Downloads\Programs\winamp561_full_emusic-7plus_en-us.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mark Nugent 2\AppData\Local\Temp\_MEI59122\_ctypes.pyd
c:\users\Mark Nugent 2\AppData\Local\Temp\_MEI59122\_elementtree.pyd
c:\users\Mark Nugent 2\AppData\Local\Temp\_MEI59122\_hashlib.pyd
c:\users\Mark Nugent 2\AppData\Local\Temp\_MEI59122\_socket.pyd
c:\users\Mark Nugent 2\AppData\Local\Temp\_MEI59122\_ssl.pyd
c:\users\Mark Nugent 2\AppData\Local\Temp\_MEI59122\pyexpat.pyd
c:\users\Mark Nugent 2\AppData\Local\Temp\_MEI59122\pysqlite2._sqlite.pyd
c:\users\Mark Nugent 2\AppData\Local\Temp\_MEI59122\python26.dll
c:\users\Mark Nugent 2\AppData\Local\Temp\_MEI59122\pythoncom26.dll
c:\users\Mark Nugent 2\AppData\Local\Temp\_MEI59122\PyWinTypes26.dll
c:\users\Mark Nugent 2\AppData\Local\Temp\_MEI59122\select.pyd
c:\users\Mark Nugent 2\AppData\Local\Temp\_MEI59122\unicodedata.pyd
c:\users\Mark Nugent 2\AppData\Local\Temp\_MEI59122\win32api.pyd
c:\users\Mark Nugent 2\AppData\Local\Temp\_MEI59122\win32com.shell.shell.pyd
c:\users\Mark Nugent 2\AppData\Local\Temp\_MEI59122\win32crypt.pyd
c:\users\Mark Nugent 2\AppData\Local\Temp\_MEI59122\win32event.pyd
c:\users\Mark Nugent 2\AppData\Local\Temp\_MEI59122\win32file.pyd
c:\users\Mark Nugent 2\AppData\Local\Temp\_MEI59122\win32inet.pyd
c:\users\Mark Nugent 2\AppData\Local\Temp\_MEI59122\win32pdh.pyd
c:\users\Mark Nugent 2\AppData\Local\Temp\_MEI59122\win32process.pyd
c:\users\Mark Nugent 2\AppData\Local\Temp\_MEI59122\windows._cacheinvalidation.pyd
c:\users\Mark Nugent 2\AppData\Local\Temp\_MEI59122\wx._controls_.pyd
c:\users\Mark Nugent 2\AppData\Local\Temp\_MEI59122\wx._core_.pyd
c:\users\Mark Nugent 2\AppData\Local\Temp\_MEI59122\wx._gdi_.pyd
c:\users\Mark Nugent 2\AppData\Local\Temp\_MEI59122\wx._html2.pyd
c:\users\Mark Nugent 2\AppData\Local\Temp\_MEI59122\wx._misc_.pyd
c:\users\Mark Nugent 2\AppData\Local\Temp\_MEI59122\wx._windows_.pyd
c:\users\Mark Nugent 2\AppData\Local\Temp\_MEI59122\wx._wizard.pyd
c:\users\Mark Nugent 2\AppData\Local\Temp\_MEI59122\wxbase293u_net_vc.dll
c:\users\Mark Nugent 2\AppData\Local\Temp\_MEI59122\wxbase293u_vc.dll
c:\users\Mark Nugent 2\AppData\Local\Temp\_MEI59122\wxmsw293u_adv_vc.dll
c:\users\Mark Nugent 2\AppData\Local\Temp\_MEI59122\wxmsw293u_core_vc.dll
c:\users\Mark Nugent 2\AppData\Local\Temp\_MEI59122\wxmsw293u_html_vc.dll
c:\users\Mark Nugent 2\AppData\Local\Temp\_MEI59122\wxmsw293u_webview_vc.dll
c:\users\Mark Nugent 2\Downloads\Programs\avc-free.exe
c:\users\Mark Nugent 2\Downloads\Programs\winamp561_full_emusic-7plus_en-us.exe
c:\users\MARKNU~2\AppData\Local\Temp\_MEI59122\_ctypes.pyd
c:\users\MARKNU~2\AppData\Local\Temp\_MEI59122\_elementtree.pyd
c:\users\MARKNU~2\AppData\Local\Temp\_MEI59122\_hashlib.pyd
c:\users\MARKNU~2\AppData\Local\Temp\_MEI59122\_socket.pyd
c:\users\MARKNU~2\AppData\Local\Temp\_MEI59122\_ssl.pyd
c:\users\MARKNU~2\AppData\Local\Temp\_MEI59122\pyexpat.pyd
c:\users\MARKNU~2\AppData\Local\Temp\_MEI59122\pysqlite2._sqlite.pyd
c:\users\MARKNU~2\AppData\Local\Temp\_MEI59122\python26.dll
c:\users\MARKNU~2\AppData\Local\Temp\_MEI59122\pythoncom26.dll
c:\users\MARKNU~2\AppData\Local\Temp\_MEI59122\PyWinTypes26.dll
c:\users\MARKNU~2\AppData\Local\Temp\_MEI59122\select.pyd
c:\users\MARKNU~2\AppData\Local\Temp\_MEI59122\unicodedata.pyd
c:\users\MARKNU~2\AppData\Local\Temp\_MEI59122\win32api.pyd
c:\users\MARKNU~2\AppData\Local\Temp\_MEI59122\win32com.shell.shell.pyd
c:\users\MARKNU~2\AppData\Local\Temp\_MEI59122\win32crypt.pyd
c:\users\MARKNU~2\AppData\Local\Temp\_MEI59122\win32event.pyd
c:\users\MARKNU~2\AppData\Local\Temp\_MEI59122\win32file.pyd
c:\users\MARKNU~2\AppData\Local\Temp\_MEI59122\win32inet.pyd
c:\users\MARKNU~2\AppData\Local\Temp\_MEI59122\win32pdh.pyd
c:\users\MARKNU~2\AppData\Local\Temp\_MEI59122\win32process.pyd
c:\users\MARKNU~2\AppData\Local\Temp\_MEI59122\windows._cacheinvalidation.pyd
c:\users\MARKNU~2\AppData\Local\Temp\_MEI59122\wx._controls_.pyd
c:\users\MARKNU~2\AppData\Local\Temp\_MEI59122\wx._core_.pyd
c:\users\MARKNU~2\AppData\Local\Temp\_MEI59122\wx._gdi_.pyd
c:\users\MARKNU~2\AppData\Local\Temp\_MEI59122\wx._html2.pyd
c:\users\MARKNU~2\AppData\Local\Temp\_MEI59122\wx._misc_.pyd
c:\users\MARKNU~2\AppData\Local\Temp\_MEI59122\wx._windows_.pyd
c:\users\MARKNU~2\AppData\Local\Temp\_MEI59122\wx._wizard.pyd
c:\users\MARKNU~2\AppData\Local\Temp\_MEI59122\wxbase293u_net_vc.dll
c:\users\MARKNU~2\AppData\Local\Temp\_MEI59122\wxbase293u_vc.dll
c:\users\MARKNU~2\AppData\Local\Temp\_MEI59122\wxmsw293u_adv_vc.dll
c:\users\MARKNU~2\AppData\Local\Temp\_MEI59122\wxmsw293u_core_vc.dll
c:\users\MARKNU~2\AppData\Local\Temp\_MEI59122\wxmsw293u_html_vc.dll
c:\users\MARKNU~2\AppData\Local\Temp\_MEI59122\wxmsw293u_webview_vc.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-08-03 to 2012-09-03 )))))))))))))))))))))))))))))))
.
.
2012-09-03 19:11 . 2012-09-03 19:11 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-09-03 19:11 . 2012-09-03 19:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-02 16:03 . 2012-09-02 16:03 -------- d-----w- c:\program files (x86)\ESET
2012-09-02 15:54 . 2012-08-28 00:49 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A614CE39-A409-4982-BF66-66A1399AD829}\mpengine.dll
2012-09-02 15:41 . 2012-09-02 15:41 -------- d-----w- c:\users\Mark Nugent 2\AppData\Roaming\Malwarebytes
2012-09-02 15:41 . 2012-09-02 15:41 -------- d-----w- c:\programdata\Malwarebytes
2012-09-02 15:41 . 2012-09-02 15:41 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-02 15:41 . 2012-07-03 12:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-29 07:49 . 2012-08-29 07:49 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-29 07:48 . 2012-08-29 07:47 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-29 07:48 . 2012-08-29 07:48 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-29 06:53 . 2012-08-29 06:54 -------- d-----w- C:\FRST
2012-08-23 15:21 . 2012-08-23 15:21 110080 ----a-r- c:\users\Mark Nugent 2\AppData\Roaming\Microsoft\Installer\{F3D711FA-C72D-4688-95B3-C7A71DB2F1A0}\IconF7A21AF7.exe
2012-08-23 15:21 . 2012-08-23 15:21 110080 ----a-r- c:\users\Mark Nugent 2\AppData\Roaming\Microsoft\Installer\{F3D711FA-C72D-4688-95B3-C7A71DB2F1A0}\IconD7F16134.exe
2012-08-23 15:21 . 2012-08-23 15:21 110080 ----a-r- c:\users\Mark Nugent 2\AppData\Roaming\Microsoft\Installer\{F3D711FA-C72D-4688-95B3-C7A71DB2F1A0}\Icon5B4E0377.exe
2012-08-23 15:21 . 2012-08-23 15:21 -------- d-----w- C:\sh4ldr
2012-08-23 15:12 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-23 15:12 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-23 15:06 . 2012-08-23 15:21 -------- d-----w- c:\windows\F3D711FAC72D468895B3C7A71DB2F1A0.TMP
2012-08-09 08:15 . 2012-08-09 08:15 -------- d-----w- c:\windows\en
2012-08-09 08:12 . 2012-08-09 08:12 -------- d-----w- c:\program files\Windows Live
2012-08-09 08:12 . 2012-08-09 08:12 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-08-09 08:08 . 2012-08-09 08:08 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\2d65af891cd760601\DSETUP.dll
2012-08-09 08:08 . 2012-08-09 08:08 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\2d65af891cd760601\DXSETUP.exe
2012-08-09 08:08 . 2012-08-09 08:08 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\2d65af891cd760601\dsetup32.dll
2012-08-08 17:59 . 2012-08-08 17:59 -------- d-----w- c:\users\Mark Nugent 2\AppData\Local\{D812F46F-E182-11E1-8270-B8AC6F996F26}
2012-08-08 17:59 . 2012-08-08 17:59 -------- d-----w- c:\users\Mark Nugent 2\AppData\Local\{D812BA45-E182-11E1-8270-B8AC6F996F26}
2012-08-08 12:44 . 2012-08-08 12:44 -------- d-----w- c:\program files\Enigma Software Group
2012-08-08 12:44 . 2012-08-23 15:21 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-08-08 12:44 . 2012-08-23 15:06 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-08-06 11:41 . 2012-08-06 11:41 -------- d-----w- c:\windows\SysWow64\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-29 07:47 . 2010-09-12 12:32 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-23 23:29 . 2009-12-29 10:39 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-31 09:14 . 2010-10-23 16:19 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-07-31 09:14 . 2010-07-06 17:40 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-31 09:13 . 2010-07-06 17:40 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-07-13 13:34 . 2010-07-06 17:40 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-06-25 15:04 . 2012-06-25 15:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-23 09:29 . 2012-04-12 07:39 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 09:29 . 2011-05-30 19:09 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-09 05:43 . 2012-07-11 09:06 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 19:59 . 2012-06-06 19:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06 . 2012-07-11 09:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 09:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 09:06 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 09:06 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 09:06 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 09:06 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-02_10.27.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-09-03 19:15 47116 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-01-24 10:26 . 2012-09-03 19:15 20436 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-798918132-2086649113-474899973-1009_UserData.bin
+ 2009-12-28 16:49 . 2012-09-03 07:29 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-28 16:49 . 2012-09-02 09:58 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-28 16:49 . 2012-09-03 07:29 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-28 16:49 . 2012-09-02 09:58 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-02 09:58 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-03 07:29 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-28 17:04 . 2012-09-03 19:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-28 17:04 . 2012-09-02 10:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-28 17:04 . 2012-09-03 19:15 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-28 17:04 . 2012-09-02 10:29 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-28 17:04 . 2012-09-02 10:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-28 17:04 . 2012-09-03 19:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-28 17:04 . 2012-09-03 19:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-28 17:04 . 2012-09-02 10:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-28 17:04 . 2012-09-02 10:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-28 17:04 . 2012-09-03 19:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-12 14:44 . 2012-09-02 00:49 3592 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2010-01-12 14:44 . 2012-09-03 00:01 3592 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-09-02 10:27 . 2012-09-02 10:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-03 19:13 . 2012-09-03 19:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-03 19:13 . 2012-09-03 19:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-09-02 10:27 . 2012-09-02 10:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-07 11:38 . 2012-09-03 19:16 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-08-07 11:38 . 2012-09-02 10:12 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-18 22:57 . 2012-09-03 19:15 100806 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 02:36 . 2012-09-03 07:40 676672 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-08-31 15:02 676672 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-09-03 07:40 130316 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-08-31 15:02 130316 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-09-02 10:10 453380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-09-03 19:11 453380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-09-03 19:16 2195456 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-02 10:12 2195456 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-02 10:12 1196032 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-03 19:16 1196032 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-23 01:30 . 2012-09-03 18:23 43699518 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-798918132-2086649113-474899973-1009-12288.dat
- 2011-06-23 01:30 . 2012-09-02 10:10 43699518 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-798918132-2086649113-474899973-1009-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{28387537-e3f9-4ed7-860c-11e69af4a8a0}"= "c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Mark Nugent 2\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Mark Nugent 2\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Mark Nugent 2\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-06-07 3491264]
"CAHeadless"="c:\program files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe" [2009-09-18 615808]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIH2E.EXE" [2011-11-22 239488]
"Jing"="c:\program files (x86)\TechSmith\Jing\jing.exe" [2012-02-01 2918224]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-07-20 12218904]
"Spotify Web Helper"="c:\program files (x86)\Spotify\Data\SpotifyWebHelper.exe" [2012-08-24 1193176]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-07-27 109336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2009-04-09 241789]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-24 140520]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"Google Desktop Search"="c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-06 30192]
"CaddieSyncLauncher"="c:\program files (x86)\SkyGolf\SkyCaddie Desktop\CaddieSyncLauncher.exe" [2009-11-19 95744]
"ScanSnap WIA Service Checker"="c:\windows\SSDriver\fi5110\SsWiaChecker.exe" [2009-09-30 86016]
"SAOB Monitor"="c:\program files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2011-09-22 2537096]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-09-22 5551288]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"EaseUs Watch"="c:\program files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe" [2011-12-22 70792]
"EaseUs Tray"="c:\program files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe" [2011-12-26 743560]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"CTxfiHlp"="CTXFIHLP.EXE" [2011-08-11 24576]
"TkBellExe"="c:\program files (x86)\real\realplayer\update\realsched.exe" [2012-05-20 296056]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CtxfiReg"="CTXFIREG.exe" [2011-08-11 47104]
.
c:\users\Mark Nugent 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2011-9-20 142848]
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
Dropbox.lnk - c:\users\Mark Nugent 2\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-5-9 1014112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe [N/A]
CardMinder Viewer.lnk - c:\program files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe [2010-9-25 77824]
Conversion to PDF with ScanSnap Organizer.lnk - c:\program files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe [2010-9-25 15360]
NETGEAR WG311v3 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WG311v3\WG311v3.exe [2009-10-12 1785856]
ScanSnap Manager.lnk - c:\program files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe [2010-9-25 1146880]
Wireless Utility.lnk - c:\program files (x86)\Edimax\Common\RaUI.exe [2011-11-29 1638400]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
2;2 EaseUS Agent;EaseUS Agent [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-12 136176]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-12-18 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-12-18 79360]
R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2010-02-12 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2011-08-11 230488]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2011-08-11 1445976]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2011-08-11 95320]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-03-23 117248]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2011-03-23 13952]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [2011-03-23 421376]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-06 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-12 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 29720]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2010-05-14 271712]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2010-05-14 329952]
R3 LVUVC64;Logitech Webcam C160(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2010-05-14 6465760]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-29 114144]
R3 MRV6X64P;Vista 64-bits Native WiFi Driver;c:\windows\system32\DRIVERS\MRVW13C.sys [2007-05-03 244736]
R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2009-07-03 982016]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys [x]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2009-11-18 446976]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [2010-02-02 52224]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [2010-02-16 72192]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-07 1255736]
R3 X6va005;X6va005;c:\users\MARKNU~2\AppData\Local\Temp\005496E.tmp [x]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-12-22 57480]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-12-22 51336]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2011-10-16 1263200]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 136584]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-12-22 19592]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2011-12-22 189576]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 31016]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-10-16 3246040]
S2 BecHelperService;BecHelperService;c:\program files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2011-03-23 1740696]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-11-16 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-12-18 123200]
S2 Guard Agent;Guard Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2011-12-22 23176]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-04-23 154272]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-01 67400]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Edimax\Common\RaRegistry64.exe [2009-12-17 212256]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-08-17 656624]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]
S2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe [2010-08-04 55528]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-10-16 285280]
S3 chdrvr01;CH Control Manager Driver 1;c:\windows\system32\DRIVERS\chdrvr01.sys [2011-05-20 251224]
S3 chdrvr02;CH Control Manager Driver 2;c:\windows\system32\DRIVERS\chdrvr02.sys [2011-05-20 13016]
S3 chdrvr03;chdrvr03;c:\windows\system32\DRIVERS\chdrvr03.sys [2011-05-20 17496]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2011-08-11 230488]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2011-08-11 1445976]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2011-08-11 95320]
S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2011-08-11 1613400]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-03-23 86016]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-20 317480]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-10-06 737792]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 19:02 114688 ----a-w- c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-12 17:07]
.
2012-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-12 17:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Mark Nugent 2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Mark Nugent 2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Mark Nugent 2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Mark Nugent 2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-07-20 14:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-07-20 14:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-07-20 14:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-07-20 14:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2716216]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-11-04 980368]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-10-20 394768]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.searchqu.com/406
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
Trusted Zone: ebay.co.uk\www
Trusted Zone: ebay.com\www
TCP: DhcpNameServer = 192.168.1.254
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Mark Nugent 2\AppData\Roaming\Mozilla\Firefox\Profiles\8ob2o9fb.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=179&systemid=406&sr=0&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\X6va005]
"ImagePath"="\??\c:\users\MARKNU~2\AppData\Local\Temp\005496E.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-798918132-2086649113-474899973-1009_Classes\Wow6432Node\CLSID\{6df26b6f-b4c5-41d6-bee5-337fccd436e9}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000096
"Therad"=dword:0000001c
"MData"=hex(0):9d,62,f1,12,47,25,1a,02,01,52,12,92,9c,a4,77,0b,44,8c,fd,70,d5,
95,d8,3a,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-798918132-2086649113-474899973-1009_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):93,94,5d,08,3e,37,b7,ef,eb,93,97,13,ab,7a,40,d1,95,53,2b,9d,5a,
a9,41,df,dc,a2,59,14,56,8e,51,13,d4,2c,22,40,bc,a8,f8,6c,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Citrix\GoToMyPC\g2svc.exe
c:\program files (x86)\Citrix\GoToMyPC\g2comm.exe
c:\program files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Citrix\GoToMyPC\g2pre.exe
c:\program files (x86)\Citrix\GoToMyPC\g2tray.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Edimax\Common\RaRegistry.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
c:\windows\SysWOW64\CTXFISPI.EXE
c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe
.
**************************************************************************
.
Completion time: 2012-09-03 21:00:23 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-03 20:00
ComboFix2.txt 2012-09-02 10:35
.
Pre-Run: 348,772,671,488 bytes free
Post-Run: 348,556,832,768 bytes free
.
- - End Of File - - DDCAEADF5FF18D7D4BAE0B134A46343E



MiniToolBox by Farbar Version: 23-07-2012
Ran by Mark Nugent 2 (administrator) on 03-09-2012 at 21:18:20
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
3Connect (Version: 3.0.0)
64 Bit HP CIO Components Installer (Version: 6.2.2)
ABBYY FineReader for ScanSnap ™ 4.1 (Version: 8.02.380.7259)
Ace of Spades (Version: 0.75.015)
Acrobat.com (Version: 2.0.0)
Acrobat.com (Version: 2.0.0.0)
Acronis True Image Home 2010 Online Backup (Version: 1.0.4039)
Acronis True Image Home 2011 (Version: 14.0.6942)
Adobe AIR (Version: 3.4.0.2540)
Adobe Download Manager (Version: 1.6.2.63)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.235)
Adobe Flash Player 11 Plugin (Version: 11.3.300.262)
Adobe Premiere Elements 8.0 (Version: 8.0)
Adobe Premiere Elements 8.0 (Version: 8.0.1)
Adobe Premiere Elements 8.0 Templates (Version: 8.0)
Adobe Reader 9.5.2 (Version: 9.5.2)
Adobe Shockwave Player 11.6 (Version: 11.6.1.629)
Any Video Converter 3.2.5
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
Applian Director (Version: 2.0)
Audacity 1.3.11 (Unicode)
Audials TV (Version: 1.3.10803.300)
AudialsOne (Version: 4.2.704.400)
AVS Update Manager 1.0
AVS Video Converter 8
AVS4YOU Software Navigator 1.4
Bandicam
Bandisoft MPEG-1 Decoder
Batch PDF Merger (Version: 1)
Batch PDF Merger (Version: v1)
Battlefield 3™ (Version: 1.3.0.0)
Battlelog Web Plugins (Version: 1.122.0)
BBC iPlayer Desktop (Version: 3.2.7)
BlackBerry Desktop Software 6.1 (Version: 6.1.0.35)
BlackBerry Device Software Updater (Version: 6.0.1.37)
BlackBerry Device Software v5.0.0 for the BlackBerry 9000 smartphone (Version: 5.0.0.681 (Platform 5.2.0.64))
Bonjour (Version: 3.0.0.10)
Bulk Rename Utility 2.7.1.2
Buzan's iMindMap V4.1 (Version: 4.1.2)
Call of Duty 2
Call of Duty 4: Modern Warfare
Call of Duty® 4 - Modern Warfare™ Demo (Version: 1.00.0000)
Call of Duty: Black Ops
Call of Duty: Black Ops - Multiplayer
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
Call of Duty: World at War
CameraHelperMsi (Version: 13.00.1774.0)
CamStudio OSS Desktop Recorder (Version: 2.6 Beta r294)
Camtasia Studio 6 (Version: 6.0.3)
Camtasia Studio 8 (Version: 8.0.2.918)
CardMinder (Version: V4.1L10)
CardMinder V4.1 (Version: 4.1.10.1)
CH Control Manager Software
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Cisco WebEx Meetings
Color LaserJet 2600n
ColorPic (Version: 4.1)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Creative 3DMIDI Player (Version: 1.11)
Creative Audio Control Panel (Version: 3.00)
Creative Console Launcher (Version: 2.61)
Creative Media Toolbox 6 (Shared Components) (Version: 2.80.12)
Creative Media Toolbox 6 (Version: 6.02)
Creative MediaSource 5 (Version: 5.26)
Creative Software AutoUpdate (Version: 1.40)
Creative Sound Blaster Properties x64 Edition (Version: 1.02)
Creative WaveStudio 7 (Version: 7.12)
Crysis
Crysis 2
CyberLink PowerDirector (Version: 8.0.2220)
D3DX10 (Version: 15.4.2368.0902)
Dell DataSafe Local Backup - Support Software (Version: 2.25)
Dell DataSafe Local Backup (Version: 9.3.36)
Dell DataSafe Online (Version: 1.2.0009)
Dell Dock (Version: 2.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Support Center (Support Software) (Version: 2.5.09100)
DirectXInstallService (Version: 9.0.2)
Dolby Digital Live Pack (Version: 3.00)
Dropbox (Version: 1.4.7)
DVD Shrink 3.2
DYMO Label Software
EaseUS Todo Backup Free 4.0 (Version: 4.0.0.1)
Edimax RT2860 Wireless LAN Card (Version: 1.5.5.0)
Edimax Wireless LAN Card (Version: 1.5.1.0)
EMC 10 Content (Version: 1.0.035)
EMCGadgets64 (Version: 1.0.302)
Emicsoft MTS Converter
Epson Download Navigator (Version: 1.0.0)
Epson Event Manager (Version: 2.50.0000)
EPSON Scan
EPSON WP-4515 Series Printer Uninstall
EpsonNet Print (Version: 2.4j)
Eraser 6.0.8.2273 (Version: 6.0.2273)
erLT (Version: 1.20.138.34)
ESET NOD32 Antivirus (Version: 4.0.474.0)
ESET Online Scanner v3
ESN Sonar (Version: 0.70.4)
Evernote v. 4.5.6 (Version: 4.5.6.6884)
Far Cry (Patch 1.4) (Version: 1.00.0000)
Far Cry (Version: 1.00.0000)
FileZilla Client 3.3.2 (Version: 3.3.2)
Free FLV to WMV Converter
Free RAR Extract Frog (Version: 2.15)
Free Video to MP3 Converter version 4.0
GameShadow (Version: 1.91.0000)
Google Chrome (Version: 21.0.1180.89)
Google Desktop (Version: 5.9.1005.12335)
Google Drive (Version: 1.3.3209.2688)
Google Earth (Version: 6.2.2.6613)
Google Update Helper (Version: 1.3.21.115)
GoToMeeting 5.1.0.880 (Version: 5.1.0.880)
GoToMyPC (Version: 7.2.635)
Half-Life 2: Episode One
Half-Life 2: Episode Two
Half-Life 2: Lost Coast
Half-Life® 2 (Version: 1.0.0.0)
Half-Life: Blue Shift
HandBrake 0.9.6 (Version: 0.9.6)
HTC BMP USB Driver (Version: 1.0.5375)
HTC Driver Installer (Version: 3.0.0.005)
Huawei modem
iCloud (Version: 1.1.0.40)
IIS 7.5 Express (Version: 7.5.1070)
ImgBurn (Version: 2.5.1.0)
Instant Eyedropper 1.75
Internet Download Manager
iTunes (Version: 10.6.3.25)
Java 7 Update 6 (Version: 7.0.60)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 27 (64-bit) (Version: 6.0.270)
Java™ 6 Update 31 (Version: 6.0.310)
Jing (Version: 2.6.12032.1)
Junk Mail filter update (Version: 15.4.3502.0922)
Lead and Gold - Gangs of the Wild West
Logitech Webcam Software (Version: 2.0)
Logitech Webcam Software Driver Package (Version: 12.10.1110)
LWS Facebook (Version: 13.00.1777.0)
LWS Gallery (Version: 13.00.1778.0)
LWS Help_main (Version: 13.00.1783.0)
LWS Launcher (Version: 13.00.1776.0)
LWS Motion Detection (Version: 13.00.1778.0)
LWS Pictures And Video (Version: 13.00.1778.0)
LWS Video Mask Maker (Version: 13.00.1774.0)
LWS VideoEffects (Version: 13.00.1774.0)
LWS Webcam Software (Version: 13.00.1774.0)
LWS WLM Plugin (Version: 1.00.1774.0)
LWS YouTube Plugin (Version: 13.00.1777.0)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Market Samurai (Version: 0.91.1)
Media Player Classic - Home Cinema v1.4.2499.0 x64 (Version: 1.4.2499.0)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft ASP.NET Web Pages (Version: 1.0.20105.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014)
Microsoft Save as XPS Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2008 R2 Management Objects (Version: 10.50.1600.1)
Microsoft SQL Server 2008 R2 Native Client (Version: 10.50.1600.1)
Microsoft SQL Server Compact 4.0 Web Tools ENU (Version: 4.0.8482.1)
Microsoft SQL Server Compact 4.0 x64 ENU (Version: 4.0.8482.1)
Microsoft SQL Server System CLR Types (Version: 10.50.1600.1)
Microsoft Sync Framework 2.0 Core Components (x64) ENU (Version: 2.0.1578.0)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU (Version: 2.0.1578.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Web Deploy 2.0 (Version: 2.0.1070)
Microsoft Web Platform Installer 3.0 (Version: 3.0.5)
Microsoft WebMatrix (Version: 1.0.1073)
Microsoft Works (Version: 9.7.0621)
Microsoft_VC90_CRT_x86 (Version: 1.0.0)
Miro (Version: 4.0.3)
Mozilla Firefox 15.0 (x86 en-GB) (Version: 15.0)
Mozilla Maintenance Service (Version: 15.0)
Mp3tag v2.49a (Version: v2.49a)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Multimedia Card Reader (Version: 1.4.915.1)
MySQL Connector Net 6.2.3 (Version: 6.2.3)
MySQL Server 5.1 (Version: 5.1.57)
NETGEAR WG311v3 PCI Adapter (Version: 1.00)
Network Guide EPSON WP-4515 Series
NVIDIA 3D Vision Controller Driver (Version: 280.19)
NVIDIA 3D Vision Controller Driver 295.73 (Version: 295.73)
NVIDIA 3D Vision Driver 295.73 (Version: 295.73)
NVIDIA Control Panel 295.73 (Version: 295.73)
NVIDIA Graphics Driver 295.73 (Version: 295.73)
NVIDIA HD Audio Driver 1.3.12.0 (Version: 1.3.12.0)
NVIDIA Install Application (Version: 2.1002.62.312)
NVIDIA PhysX (Version: 9.12.0209)
NVIDIA PhysX System Software 9.12.0209 (Version: 9.12.0209)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.9573)
NVIDIA Update 1.7.11 (Version: 1.7.11)
NVIDIA Update Components (Version: 1.7.11)
OpenAL
Origin (Version: 8.6.0.357)
Pacific Fighters (Version: 1.00.0000)
Paint.NET v3.5.10 (Version: 3.60.0)
Pamela Business 4.6 (Version: 4.6)
pdfsam (Version: 2.2.1)
PixiePack Codec Pack (Version: 1.1.1200.0)
PowerDVD DX (Version: 8.3.5424)
PunkBuster Services (Version: 0.991)
Quick Screen Capture 3.0 (Version: 3.0)
QuickTime (Version: 7.72.80.56)
R.U.S.E
R.U.S.E. Free Week End
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.4)
RealUpgrade 1.1 (Version: 1.1.0)
Replay Music (Version: 3.98)
Republic Heroes (Version: 1.00.0000)
RoboForm 7-7-9-9 (All Users) (Version: 7-7-9-9)
Roxio Activation Module (Version: 1.0)
Roxio BackOnTrack (Version: 1.3.0)
Roxio Central Audio (Version: 3.8.0)
Roxio Central Copy (Version: 3.8.0)
Roxio Central Core (Version: 3.8.0)
Roxio Central Data (Version: 3.8.0)
Roxio Central Tools (Version: 3.8.0)
Roxio Easy CD and DVD Burning (Version: 10.3)
Roxio Easy CD and DVD Burning (Version: 10.3.106)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio File Backup (Version: 1.3.0)
Roxio Update Manager (Version: 6.0.0)
ScanSnap (Version: 5.0.21.1)
ScanSnap Manager (Version: V5.0L21)
ScanSnap Organizer (Version: 4.1.11.3)
ScanSnap Organizer (Version: V4.1L11)
Shattered Horizon
Silent Hunter III (Version: 1.4.0000)
SimpleSYN 2.0 (Version: 2.0.3512)
SkyCaddie Desktop
SkyHawke CP210x USB to UART Bridge (Driver Removal)
Skype Click to Call (Version: 5.6.8442)
Skype™ 5.5 (Version: 5.5.124)
SmartSound Quicktracks for Premiere Elements 8.0 (Version: 3.11.3090)
SmartSound Quicktracks Plugin (Version: 3.0.3.0)
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
Sound Blaster X-Fi (Version: 1.0)
Spotify (Version: 0.4.9)
Spotify (Version: 0.8.3.222.g317ab79d)
SpyHunter (Version: 4.10.5.4085)
Star Wars Republic Commando (Version: 1.0)
Steam™ (Version: 1.0.0.0)
Swiftpage Email for Excel 1.0.8 (Version: 1.0.8)
Swiftpage for Outlook 2.1.2 (Version: 2.1.2)
swMSM (Version: 12.0.0.1)
SyncToy 2.1 (x64) (Version: 2.1.0)
TrueCrypt (Version: 7.1)
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
User's Guide EPSON WP-4515 Series
VD64Inst (Version: 1.00.0000)
VLC media player 1.1.11 (Version: 1.1.11)
VoiceOver Kit (Version: 1.40.128.0)
WebEx Training Manager for Firefox or Chrome (Version: 5.29.3202)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Encoder 9 Series (Version: 9.00.2980)
Windows Media Encoder 9 Series x64 Edition
Windows Media Encoder 9 Series x64 Edition (Version: 10.0.0.3809)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinFF 1.2
WinRAR archiver
Wisdom-soft Set up ScreenHunter 5.1 Free
XMind (Version: 3.2.1)
Xobni
Xobni Core (Version: 1.0.0)

**** End of log ****





Farbar Service Scanner Version: 06-08-2012
Ran by Mark Nugent 2 (administrator) on 03-09-2012 at 21:19:30
Running from "C:\Users\Mark Nugent 2\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



all seems to be fine with my pc.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users