Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Start and sluggish


  • This topic is locked This topic is locked
70 replies to this topic

#1 rickdweaver

rickdweaver

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 22 December 2012 - 02:55 AM

I'm new to this forum but hope that someone could help me. I recently got an infection that seemed to make my laptop sluggish and slow coming up. I ran several AntiVirus programs and not found anything. I and ran combofix and here is the log: Even though it says it removed it after it reboots the temp files are back. Hopefully someone can help me with this.

ComboFix 12-12-22.01 - Ricks-Laptop 12/22/2012 1:05.7.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8073.5868 [GMT -6:00]
Running from: c:\users\Ricks-Laptop\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\RICKS-~1\AppData\Local\Temp\_MEI31362\_ctypes.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI31362\_elementtree.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI31362\_hashlib.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI31362\_socket.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI31362\_ssl.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI31362\pyexpat.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI31362\pysqlite2._sqlite.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI31362\python26.dll
c:\users\RICKS-~1\AppData\Local\Temp\_MEI31362\pythoncom26.dll
c:\users\RICKS-~1\AppData\Local\Temp\_MEI31362\PyWinTypes26.dll
c:\users\RICKS-~1\AppData\Local\Temp\_MEI31362\select.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI31362\unicodedata.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI31362\win32api.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI31362\win32com.shell.shell.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI31362\win32crypt.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI31362\win32event.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI31362\win32file.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI31362\win32inet.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI31362\win32pdh.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI31362\win32process.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI31362\win32profile.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI31362\win32security.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI31362\win32ts.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI31362\windows._cacheinvalidation.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI31362\wx._controls_.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI31362\wx._core_.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI31362\wx._gdi_.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI31362\wx._html2.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI31362\wx._misc_.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI31362\wx._windows_.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI31362\wx._wizard.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI31362\wxbase293u_net_vc.dll
c:\users\RICKS-~1\AppData\Local\Temp\_MEI31362\wxbase293u_vc.dll
c:\users\RICKS-~1\AppData\Local\Temp\_MEI31362\wxmsw293u_adv_vc.dll
c:\users\RICKS-~1\AppData\Local\Temp\_MEI31362\wxmsw293u_core_vc.dll
c:\users\RICKS-~1\AppData\Local\Temp\_MEI31362\wxmsw293u_html_vc.dll
c:\users\RICKS-~1\AppData\Local\Temp\_MEI31362\wxmsw293u_webview_vc.dll
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI31362\_ctypes.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI31362\_elementtree.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI31362\_hashlib.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI31362\_socket.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI31362\_ssl.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI31362\pyexpat.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI31362\pysqlite2._sqlite.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI31362\python26.dll
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI31362\pythoncom26.dll
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI31362\PyWinTypes26.dll
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI31362\select.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI31362\unicodedata.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI31362\win32api.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI31362\win32com.shell.shell.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI31362\win32crypt.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI31362\win32event.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI31362\win32file.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI31362\win32inet.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI31362\win32pdh.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI31362\win32process.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI31362\win32profile.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI31362\win32security.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI31362\win32ts.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI31362\windows._cacheinvalidation.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI31362\wx._controls_.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI31362\wx._core_.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI31362\wx._gdi_.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI31362\wx._html2.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI31362\wx._misc_.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI31362\wx._windows_.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI31362\wx._wizard.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI31362\wxbase293u_net_vc.dll
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI31362\wxbase293u_vc.dll
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI31362\wxmsw293u_adv_vc.dll
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI31362\wxmsw293u_core_vc.dll
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI31362\wxmsw293u_html_vc.dll
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI31362\wxmsw293u_webview_vc.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-11-22 to 2012-12-22 )))))))))))))))))))))))))))))))
.
.
2012-12-22 07:12 . 2012-12-22 07:12 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-22 07:12 . 2012-12-22 07:12 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-12-22 07:12 . 2012-12-22 07:12 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2012-12-22 07:12 . 2012-12-22 07:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-22 05:53 . 2012-12-22 07:12 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ADAC6E95-6A1D-4366-B80E-17BD81B8173B}\offreg.dll
2012-12-22 05:17 . 2012-07-11 22:59 50 ----a-w- c:\users\Ricks-Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\subit.bat
2012-12-22 02:37 . 2012-12-22 02:37 -------- d-----w- c:\programdata\ZDManagerService
2012-12-22 02:37 . 2012-12-22 02:37 -------- d-----w- c:\program files (x86)\ZD Systems
2012-12-21 15:53 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ADAC6E95-6A1D-4366-B80E-17BD81B8173B}\mpengine.dll
2012-12-21 01:16 . 2009-09-04 23:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2012-12-21 01:14 . 2012-12-21 01:14 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2012-12-21 01:14 . 2012-12-21 01:22 -------- d-----w- c:\program files (x86)\Winamp
2012-12-21 01:14 . 2012-12-21 01:14 -------- d-----w- c:\users\Ricks-Laptop\AppData\Roaming\OpenCandy
2012-12-20 19:48 . 2012-12-20 19:57 629439888 ----a-w- C:\Granny's Bathwater - 18th Amendment - 1974.bin
2012-12-18 00:07 . 2012-12-18 00:07 -------- d-----w- c:\users\Ricks-Laptop\AppData\Roaming\DVRemoteDesktop
2012-12-15 00:47 . 2012-12-15 00:47 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-15 00:47 . 2012-12-15 00:47 -------- d-----w- c:\program files\iTunes
2012-12-15 00:47 . 2012-12-15 00:47 -------- d-----w- c:\program files (x86)\iTunes
2012-12-15 00:47 . 2012-12-15 00:47 -------- d-----w- c:\program files\iPod
2012-12-13 21:17 . 2012-12-13 21:17 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-12-13 21:17 . 2012-12-13 21:17 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-13 18:36 . 2012-12-22 07:02 -------- d-----r- c:\users\Ricks-Laptop\My Stuff
2012-12-13 18:31 . 2012-12-22 07:14 -------- d-----w- c:\users\Ricks-Laptop\AppData\Roaming\cubby
2012-12-13 18:31 . 2012-12-22 07:02 -------- d-----r- c:\users\Ricks-Laptop\My Cubby
2012-12-13 03:35 . 2012-12-13 03:38 49 ----a-w- C:\restore_tmb.bat
2012-12-13 00:01 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-13 00:01 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-13 00:01 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-13 00:01 . 2012-11-05 21:35 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-13 00:01 . 2012-11-05 20:41 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-13 00:01 . 2012-11-05 20:32 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-13 00:01 . 2012-11-05 20:32 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-08 02:59 . 2012-12-08 03:15 -------- d-----w- c:\program files (x86)\LeapFrog
2012-12-08 02:59 . 2012-12-08 02:59 -------- d-----w- c:\programdata\Leapfrog
2012-12-05 01:53 . 2012-12-05 01:52 218216 ----a-w- c:\windows\SysWow64\atsckernel.exe
2012-12-05 01:53 . 2012-12-05 01:52 135272 ----a-w- c:\windows\SysWow64\atashost.exe
2012-12-05 01:52 . 2012-12-05 03:24 -------- d-----w- c:\programdata\WebEx
2012-12-02 00:43 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-12-02 00:43 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-12-02 00:43 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2012-12-02 00:43 . 2012-08-24 18:04 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-12-02 00:43 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-12-02 00:43 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-12-02 00:43 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-12-02 00:43 . 2012-08-24 16:57 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-12-02 00:43 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-12-02 00:43 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-12-02 00:43 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-12-01 00:14 . 2012-12-01 00:14 -------- d-----w- c:\users\Ricks-Laptop\AppData\Local\Windows Live Writer
2012-12-01 00:14 . 2012-12-01 00:14 -------- d-----w- c:\users\Ricks-Laptop\AppData\Roaming\Windows Live Writer
2012-11-26 00:57 . 2012-11-26 00:57 63384 ----a-r- c:\users\Ricks-Laptop\AppData\Roaming\Microsoft\Installer\{43D1B973-3D12-42ba-9E6E-56A8FEFF5250}\ARPPRODUCTICON.exe
2012-11-26 00:57 . 2012-11-26 00:57 -------- d-----w- c:\users\Ricks-Laptop\AppData\Local\DIRECTV Player
2012-11-23 07:31 . 2012-12-13 18:40 -------- d-----w- c:\users\Ricks-Laptop\AppData\Roaming\Download Manager
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-20 14:58 . 2012-02-28 00:22 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-13 21:17 . 2012-02-27 18:56 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-12-13 21:17 . 2012-02-22 07:36 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-12-13 21:15 . 2012-04-12 15:23 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-13 21:15 . 2012-02-22 07:23 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-12 19:51 . 2012-04-04 06:33 88008 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-11-12 19:51 . 2012-04-04 06:33 35240 ----a-w- c:\windows\system32\LMIport.dll
2012-11-12 19:51 . 2012-04-04 06:33 83880 ----a-w- c:\windows\system32\LMIinit.dll
2012-10-25 09:12 . 2012-10-25 09:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 09:12 . 2012-10-25 09:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-10-24 05:23 . 2012-10-24 05:23 405504 ----a-r- c:\users\Ricks-Laptop\AppData\Roaming\Microsoft\Installer\{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}\ARPPRODUCTICON.exe
2012-10-24 05:17 . 2012-10-24 05:23 81904 ----a-w- c:\windows\system32\pbadrvdll.dll
2012-10-24 05:17 . 2012-10-24 05:23 80368 ----a-w- c:\windows\SysWow64\pbadrvdll.dll
2012-10-24 05:17 . 2012-10-24 05:23 32240 ----a-w- c:\windows\system32\drivers\PBADRV.SYS
2012-10-24 05:17 . 2006-12-08 20:42 155136 ----a-w- c:\windows\system32\bioapi100.dll
2012-10-24 05:17 . 2006-12-08 20:41 239104 ----a-w- c:\windows\system32\bioapi_mds300.dll
2012-10-23 03:04 . 2012-10-23 03:04 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-10-16 08:38 . 2012-11-28 08:51 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 08:51 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 08:51 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-14 13:25 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-14 13:25 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-14 13:25 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 13:25 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-08 17:42 . 2012-10-08 17:42 831848 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-10-08 17:42 . 2012-10-08 17:42 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-08 17:42 . 2012-10-08 17:42 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-08 17:42 . 2012-10-08 17:42 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-08 17:42 . 2012-10-08 17:42 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-08 17:42 . 2012-10-08 17:42 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-08 17:42 . 2012-10-08 17:42 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-08 17:42 . 2012-02-22 08:57 973672 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-10-08 17:42 . 2012-10-08 17:42 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-08 17:42 . 2012-10-08 17:42 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-08 17:42 . 2012-10-08 17:42 30056 ----a-w- c:\windows\system32\drivers\nvpciflt.sys
2012-10-08 17:42 . 2012-10-08 17:42 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-08 17:42 . 2012-10-08 17:42 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-08 17:42 . 2012-10-08 17:42 247144 ----a-w- c:\windows\system32\nvinitx.dll
2012-10-08 17:42 . 2012-10-08 17:42 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-08 17:42 . 2012-10-08 17:42 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-08 17:42 . 2012-10-08 17:42 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-08 17:42 . 2012-10-08 17:42 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-08 17:42 . 2012-10-08 17:42 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-08 17:42 . 2012-10-08 17:42 202600 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-10-08 17:42 . 2012-10-08 17:42 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-08 17:42 . 2012-10-08 17:42 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-08 17:42 . 2012-02-22 08:57 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-08 17:42 . 2012-10-08 17:42 284008 ----a-w- c:\windows\system32\drivers\nvkflt.sys
2012-10-08 17:42 . 2012-10-08 17:42 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-08 17:42 . 2012-10-08 17:42 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-08 17:42 . 2012-08-22 15:19 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-04 16:40 . 2012-12-13 00:00 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-14 13:25 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-14 13:25 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-14 13:25 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-14 13:25 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-14 13:25 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-14 13:25 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-14 13:25 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-14 13:25 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-14 13:25 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-14 13:25 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-14 13:25 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-10-02 19:51 . 2011-06-05 14:53 3536817 ----a-w- c:\windows\system32\nvcoproc.bin
2012-10-02 19:51 . 2011-06-05 12:53 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2011-06-05 12:53 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2011-06-05 14:53 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2011-06-05 12:53 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2011-06-05 12:53 866664 ----a-w- c:\windows\system32\nv3dappshext.dll
2012-10-02 19:50 . 2011-06-05 12:53 55144 ----a-w- c:\windows\system32\nv3dappshextr.dll
2012-10-02 19:50 . 2011-06-05 12:53 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-02 19:50 . 2011-06-05 12:53 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 19:15 . 2012-10-02 19:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-09-25 22:47 . 2012-11-14 13:24 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-14 13:24 95744 ----a-w- c:\windows\system32\synceng.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-02-03 22:24 1005712 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-02-03 22:24 1005712 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-02-03 22:24 1005712 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Ricks-Laptop\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Ricks-Laptop\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Ricks-Laptop\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Ricks-Laptop\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCShowServer"="c:\users\Ricks-Laptop\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" [2012-10-15 525240]
"LogMeIn Cubby"="c:\users\Ricks-Laptop\AppData\Roaming\cubby\cubby.exe" [2012-12-15 4640720]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-11-28 59280]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-11-08 16070136]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2012-11-28 59280]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-11-28 59280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-18 50472]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2012-09-28 298376]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-08-09 112408]
"googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-02-03 1059472]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-07-31 41944]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-07-30 640480]
.
c:\users\Ricks-Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ricks-Laptop\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-5-8 506904]
subit.bat [2012-7-11 50]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-5-8 506904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
2;2 UNS;Intel® Management and Security Application User Notification Service [x]
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-02-28 867064]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\accelern.sys [2011-07-22 27760]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys [2011-01-03 72808]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-28 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-10-08 30056]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-21 283200]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2012-10-08 284008]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2012-12-05 135272]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2011-12-02 1043872]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2011-12-02 36768]
S2 DFEPService;Dell Feature Enhancement Pack Service;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe [2012-05-08 2279960]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-06-29 171688]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2012-05-21 212984]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-11-12 375728]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928]
S2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe [2003-04-19 8192]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-30 846448]
S2 ZDManager Service;ZDManager Service;c:\program files (x86)\ZD Systems\ZD Manager\ZDManagerService.exe [2012-11-07 176640]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-09-16 172960]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2011-12-02 45672]
S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7x64.sys [2011-01-03 74984]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys [2011-03-23 83560]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NAL
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 21:15]
.
2012-12-22 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df64.exe [2012-01-16 14:37]
.
2012-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-28 01:42]
.
2012-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-28 01:42]
.
2012-12-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957982405-1193651691-2118451127-1001Core.job
- c:\users\Ricks-Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-27 18:46]
.
2012-12-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957982405-1193651691-2118451127-1001UA.job
- c:\users\Ricks-Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-27 18:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-02-03 22:18 1271440 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-02-03 22:18 1271440 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-02-03 22:18 1271440 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Ricks-Laptop\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Ricks-Laptop\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Ricks-Laptop\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Ricks-Laptop\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-11-08 22:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-11-08 22:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-11-08 22:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-11-08 22:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-10-08 2041192]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 392472]
"DFEPApplication"="c:\program files\Dell\Feature Enhancement Pack\DFEPApplication.exe" [2012-05-08 7078424]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2011-01-18 6492672]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2012-03-21 626552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
LSP: %SystemRoot%\system32\vsocklib.dll
Trusted Zone: mnmgo.com\true
TCP: DhcpNameServer = 192.168.1.1
DPF: {173D9E48-B527-4AA0-A929-30B446002AA8} - hxxp://216.229.75.194:5000/DVRemoteAx.cab
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://dell.com/support/troubleshooting/Content/Ode/pcd86.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\windows\sysWOW64\SDIOAssist.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\users\Ricks-Laptop\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
.
**************************************************************************
.
Completion time: 2012-12-22 01:19:48 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-22 07:19
ComboFix2.txt 2012-12-22 05:36
ComboFix3.txt 2012-12-22 05:17
ComboFix4.txt 2012-12-22 04:46
ComboFix5.txt 2012-12-22 07:04
.
Pre-Run: 462,323,990,528 bytes free
Post-Run: 461,946,294,272 bytes free
.
- - End Of File - - 41B31BDB6EB26F6552CED92F0BD63B3E

BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:40 PM

Posted 26 December 2012 - 10:33 AM

Greetings Rick and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.


===================================================


Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:

===================================================


Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me some time to review the information you have provided. I will post back as soon as possible.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:40 PM

Posted 26 December 2012 - 11:58 AM

Hi Rick,

Thank you for your continued patience.

A few clarifications. Are these entries known to you?

c:\users\Ricks-Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\subit.bat
c:\programdata\ZDManagerService
c:\program files (x86)\ZD Systems



Please do this for me.


===================================================


Running TDSSKiller with Changed Parameters

--------------------

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    Posted Image

  • Check Loaded Modules and Detect TDLFS file system. Do not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


    Posted Image
  • Click Start Scan and allow the scan process to run


    Posted Image

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue


    Posted Image

  • Click Reboot computer
  • Please copy and paste the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Do you recognize entries?
  • TDSSKiller log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:40 PM

Posted 29 December 2012 - 11:57 AM

Hi Rick,


===================================================


3 Day Bump

It has been more than 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:40 PM

Posted 01 January 2013 - 06:16 PM

Reposted PM


I appologize for not following up. I have been very sick for the last week or so and am getting better finally.

You had asked:

"A few clarifications. Are these entries known to you?

c:\users\Ricks-Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\subit.bat
c:\programdata\ZDManagerService
c:\program files (x86)\ZD Systems"

The subit.bat file is a file in the startup folder and I am aware of it. It is a batch file I created that runs a subst command assigning a logical drive letter to a particular folder on the laptop that I sync to occationally. So that is no issue. The other entires are suspicious and I suspect are a problem. After the infection I see occationally a little web based "tab" will come up on a web page called "Z 7 Coupons" and it has an "X" in the top right hand corner which I suspect will activate it. The fact that this mysterious "popup" has a "Z" in it and these entries also use "Z" may be related. Most of my experience with anything using "ZD" in it usually refers to "Ziff Davis or ZDNet" which is a ligit site but I understand that may be why they use it.

I ran tdskiller and it found nothing.

Let me know if you want to go forward with this.


Thanks for your time.... Happy New Year!

Rick
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:40 PM

Posted 01 January 2013 - 06:20 PM

Hi Rick,

Please see Item #4 here to setup email notification to your email address.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:40 PM

Posted 02 January 2013 - 11:36 AM

HI Rick,

Let's run Combofix again but we will need to do it with a fresh download as instructed below.


===================================================


Re-installing and Running ComboFix

--------------------

I would like you to delete Combofix and then re-install it. We will then run the program again with the new copy.

  • Right click on the ComboFix Icon Posted Image on your desktop and select Delete.
  • Please download ComboFix from one of these locations and save it to your desktop:

    Bleepingcomputer

    ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe.
  • When finished, it will produce a log. Please include the C:\Combofix.txt log in your next reply.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Combofix log
  • What are your current symptoms after running this?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 rickdweaver

rickdweaver
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 02 January 2013 - 12:44 PM

ComboFix 13-01-02.02 - Ricks-Laptop 01/02/2013 11:31:03.8.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8073.5735 [GMT -6:00]
Running from: c:\users\Ricks-Laptop\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\RICKS-~1\AppData\Local\Temp\_MEI9962\_ctypes.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI9962\_elementtree.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI9962\_hashlib.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI9962\_socket.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI9962\_ssl.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI9962\pyexpat.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI9962\pysqlite2._sqlite.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI9962\python26.dll
c:\users\RICKS-~1\AppData\Local\Temp\_MEI9962\pythoncom26.dll
c:\users\RICKS-~1\AppData\Local\Temp\_MEI9962\PyWinTypes26.dll
c:\users\RICKS-~1\AppData\Local\Temp\_MEI9962\select.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI9962\unicodedata.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI9962\win32api.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI9962\win32com.shell.shell.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI9962\win32crypt.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI9962\win32event.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI9962\win32file.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI9962\win32inet.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI9962\win32pdh.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI9962\win32process.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI9962\win32profile.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI9962\win32security.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI9962\win32ts.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI9962\windows._cacheinvalidation.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI9962\wx._controls_.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI9962\wx._core_.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI9962\wx._gdi_.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI9962\wx._html2.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI9962\wx._misc_.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI9962\wx._windows_.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI9962\wx._wizard.pyd
c:\users\RICKS-~1\AppData\Local\Temp\_MEI9962\wxbase293u_net_vc.dll
c:\users\RICKS-~1\AppData\Local\Temp\_MEI9962\wxbase293u_vc.dll
c:\users\RICKS-~1\AppData\Local\Temp\_MEI9962\wxmsw293u_adv_vc.dll
c:\users\RICKS-~1\AppData\Local\Temp\_MEI9962\wxmsw293u_core_vc.dll
c:\users\RICKS-~1\AppData\Local\Temp\_MEI9962\wxmsw293u_html_vc.dll
c:\users\RICKS-~1\AppData\Local\Temp\_MEI9962\wxmsw293u_webview_vc.dll
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI9962\_ctypes.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI9962\_elementtree.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI9962\_hashlib.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI9962\_socket.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI9962\_ssl.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI9962\pyexpat.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI9962\pysqlite2._sqlite.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI9962\python26.dll
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI9962\pythoncom26.dll
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI9962\PyWinTypes26.dll
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI9962\select.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI9962\unicodedata.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI9962\win32api.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI9962\win32com.shell.shell.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI9962\win32crypt.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI9962\win32event.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI9962\win32file.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI9962\win32inet.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI9962\win32pdh.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI9962\win32process.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI9962\win32profile.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI9962\win32security.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI9962\win32ts.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI9962\windows._cacheinvalidation.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI9962\wx._controls_.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI9962\wx._core_.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI9962\wx._gdi_.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI9962\wx._html2.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI9962\wx._misc_.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI9962\wx._windows_.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI9962\wx._wizard.pyd
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI9962\wxbase293u_net_vc.dll
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI9962\wxbase293u_vc.dll
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI9962\wxmsw293u_adv_vc.dll
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI9962\wxmsw293u_core_vc.dll
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI9962\wxmsw293u_html_vc.dll
c:\users\Ricks-Laptop\AppData\Local\Temp\_MEI9962\wxmsw293u_webview_vc.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-12-02 to 2013-01-02 )))))))))))))))))))))))))))))))
.
.
2013-01-02 17:34 . 2013-01-02 17:34 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-01-02 17:34 . 2013-01-02 17:34 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-01-02 17:34 . 2013-01-02 17:34 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2013-01-02 17:34 . 2013-01-02 17:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-01 20:40 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FF357AE2-77C0-43C8-B75C-47D6F1980BDD}\mpengine.dll
2012-12-30 04:29 . 2012-12-30 04:29 -------- d-----w- c:\users\Ricks-Laptop\AppData\Local\Programs
2012-12-23 05:38 . 2012-12-23 05:38 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-23 05:35 . 2012-12-23 05:35 32152 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2012-12-23 05:35 . 2012-12-23 05:35 -------- d-----w- c:\users\Teri
2012-12-22 09:42 . 2012-12-14 22:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-22 09:00 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 09:00 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-22 09:00 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 09:00 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-22 08:50 . 2013-01-01 21:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-22 07:20 . 2012-12-22 07:45 -------- d-----w- c:\programdata\HitmanPro
2012-12-22 05:17 . 2012-07-11 22:59 50 ----a-w- c:\users\Ricks-Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\subit.bat
2012-12-22 02:37 . 2012-12-27 06:08 -------- d-----w- c:\programdata\ZDManagerService
2012-12-22 02:37 . 2012-12-22 02:37 -------- d-----w- c:\program files (x86)\ZD Systems
2012-12-21 01:16 . 2009-09-04 23:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2012-12-21 01:14 . 2012-12-21 01:14 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2012-12-21 01:14 . 2012-12-21 01:22 -------- d-----w- c:\program files (x86)\Winamp
2012-12-21 01:14 . 2012-12-21 01:14 -------- d-----w- c:\users\Ricks-Laptop\AppData\Roaming\OpenCandy
2012-12-20 19:48 . 2012-12-20 19:57 629439888 ----a-w- C:\Granny's Bathwater - 18th Amendment - 1974.bin
2012-12-18 00:07 . 2012-12-18 00:07 -------- d-----w- c:\users\Ricks-Laptop\AppData\Roaming\DVRemoteDesktop
2012-12-15 00:47 . 2012-12-15 00:47 -------- d-----w- c:\program files\iTunes
2012-12-15 00:47 . 2012-12-15 00:47 -------- d-----w- c:\program files (x86)\iTunes
2012-12-15 00:47 . 2012-12-15 00:47 -------- d-----w- c:\program files\iPod
2012-12-13 21:17 . 2012-12-13 21:17 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-12-13 21:17 . 2012-12-13 21:17 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-13 18:36 . 2013-01-02 15:29 -------- d-----r- c:\users\Ricks-Laptop\My Stuff
2012-12-13 18:31 . 2013-01-02 15:29 -------- d-----r- c:\users\Ricks-Laptop\My Cubby
2012-12-13 18:31 . 2013-01-02 08:58 -------- d-----w- c:\users\Ricks-Laptop\AppData\Roaming\cubby
2012-12-13 03:35 . 2012-12-13 03:38 49 ----a-w- C:\restore_tmb.bat
2012-12-13 00:01 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-13 00:01 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-13 00:01 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-08 02:59 . 2012-12-08 03:15 -------- d-----w- c:\program files (x86)\LeapFrog
2012-12-08 02:59 . 2012-12-08 02:59 -------- d-----w- c:\programdata\Leapfrog
2012-12-05 01:53 . 2012-12-05 01:52 218216 ----a-w- c:\windows\SysWow64\atsckernel.exe
2012-12-05 01:53 . 2012-12-05 01:52 135272 ----a-w- c:\windows\SysWow64\atashost.exe
2012-12-05 01:52 . 2012-12-05 03:24 -------- d-----w- c:\programdata\WebEx
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-20 14:58 . 2012-02-28 00:22 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-13 21:17 . 2012-02-27 18:56 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-12-13 21:17 . 2012-02-22 07:36 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-12-13 21:15 . 2012-04-12 15:23 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-13 21:15 . 2012-02-22 07:23 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-26 00:57 . 2012-11-26 00:57 63384 ----a-r- c:\users\Ricks-Laptop\AppData\Roaming\Microsoft\Installer\{43D1B973-3D12-42ba-9E6E-56A8FEFF5250}\ARPPRODUCTICON.exe
2012-11-12 19:51 . 2012-04-04 06:33 88008 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-11-12 19:51 . 2012-04-04 06:33 35240 ----a-w- c:\windows\system32\LMIport.dll
2012-11-12 19:51 . 2012-04-04 06:33 83880 ----a-w- c:\windows\system32\LMIinit.dll
2012-10-25 09:12 . 2012-10-25 09:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 09:12 . 2012-10-25 09:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-10-24 05:23 . 2012-10-24 05:23 405504 ----a-r- c:\users\Ricks-Laptop\AppData\Roaming\Microsoft\Installer\{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}\ARPPRODUCTICON.exe
2012-10-24 05:17 . 2012-10-24 05:23 81904 ----a-w- c:\windows\system32\pbadrvdll.dll
2012-10-24 05:17 . 2012-10-24 05:23 80368 ----a-w- c:\windows\SysWow64\pbadrvdll.dll
2012-10-24 05:17 . 2012-10-24 05:23 32240 ----a-w- c:\windows\system32\drivers\PBADRV.SYS
2012-10-24 05:17 . 2006-12-08 20:42 155136 ----a-w- c:\windows\system32\bioapi100.dll
2012-10-24 05:17 . 2006-12-08 20:41 239104 ----a-w- c:\windows\system32\bioapi_mds300.dll
2012-10-23 03:04 . 2012-10-23 03:04 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-10-16 08:38 . 2012-11-28 08:51 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 08:51 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 08:51 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-14 13:25 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-14 13:25 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-14 13:25 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 13:25 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-08 17:42 . 2012-10-08 17:42 831848 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-10-08 17:42 . 2012-10-08 17:42 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-08 17:42 . 2012-10-08 17:42 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-08 17:42 . 2012-10-08 17:42 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-08 17:42 . 2012-10-08 17:42 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-08 17:42 . 2012-10-08 17:42 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-08 17:42 . 2012-10-08 17:42 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-08 17:42 . 2012-02-22 08:57 973672 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-10-08 17:42 . 2012-10-08 17:42 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-08 17:42 . 2012-10-08 17:42 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-08 17:42 . 2012-10-08 17:42 30056 ----a-w- c:\windows\system32\drivers\nvpciflt.sys
2012-10-08 17:42 . 2012-10-08 17:42 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-08 17:42 . 2012-10-08 17:42 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-08 17:42 . 2012-10-08 17:42 247144 ----a-w- c:\windows\system32\nvinitx.dll
2012-10-08 17:42 . 2012-10-08 17:42 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-08 17:42 . 2012-10-08 17:42 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-08 17:42 . 2012-10-08 17:42 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-08 17:42 . 2012-10-08 17:42 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-08 17:42 . 2012-10-08 17:42 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-08 17:42 . 2012-10-08 17:42 202600 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-10-08 17:42 . 2012-10-08 17:42 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-08 17:42 . 2012-10-08 17:42 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-08 17:42 . 2012-02-22 08:57 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-08 17:42 . 2012-10-08 17:42 284008 ----a-w- c:\windows\system32\drivers\nvkflt.sys
2012-10-08 17:42 . 2012-10-08 17:42 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-08 17:42 . 2012-10-08 17:42 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-08 17:42 . 2012-08-22 15:19 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-02-03 22:24 1005712 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-02-03 22:24 1005712 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-02-03 22:24 1005712 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Ricks-Laptop\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Ricks-Laptop\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Ricks-Laptop\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Ricks-Laptop\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCShowServer"="c:\users\Ricks-Laptop\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" [2012-10-15 525240]
"LogMeIn Cubby"="c:\users\Ricks-Laptop\AppData\Roaming\cubby\cubby.exe" [2012-12-15 4640720]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-11-28 59280]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-11-08 16070136]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2012-11-28 59280]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-11-28 59280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-18 50472]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2012-09-28 298376]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-08-09 112408]
"googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-02-03 1059472]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-07-31 41944]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-07-30 640480]
.
c:\users\Teri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-5-8 506904]
.
c:\users\Ricks-Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ricks-Laptop\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-21 28538560]
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-5-8 506904]
subit.bat [2012-7-11 50]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-5-8 506904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
2;2 UNS;Intel® Management and Security Application User Notification Service [x]
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-02-28 867064]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\accelern.sys [2011-07-22 27760]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2012-12-23 32152]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys [2011-01-03 72808]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-28 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-10-08 30056]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-21 283200]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2012-10-08 284008]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2012-12-05 135272]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2011-12-02 1043872]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2011-12-02 36768]
S2 DFEPService;Dell Feature Enhancement Pack Service;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe [2012-05-08 2279960]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-06-29 171688]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2012-05-21 212984]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-11-12 375728]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe [2003-04-19 8192]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-30 846448]
S2 ZDManager Service;ZDManager Service;c:\program files (x86)\ZD Systems\ZD Manager\ZDManagerService.exe [2012-11-07 176640]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-09-16 172960]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2011-12-02 45672]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7x64.sys [2011-01-03 74984]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys [2011-03-23 83560]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NAL
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 21:15]
.
2013-01-02 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df64.exe [2012-01-16 14:37]
.
2013-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-28 01:42]
.
2013-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-28 01:42]
.
2013-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957982405-1193651691-2118451127-1001Core.job
- c:\users\Ricks-Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-27 18:46]
.
2013-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957982405-1193651691-2118451127-1001UA.job
- c:\users\Ricks-Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-27 18:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-02-03 22:18 1271440 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-02-03 22:18 1271440 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-02-03 22:18 1271440 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Ricks-Laptop\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Ricks-Laptop\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Ricks-Laptop\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Ricks-Laptop\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-11-08 22:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-11-08 22:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-11-08 22:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-11-08 22:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-10-08 2041192]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 392472]
"DFEPApplication"="c:\program files\Dell\Feature Enhancement Pack\DFEPApplication.exe" [2012-05-08 7078424]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2011-01-18 6492672]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2012-03-21 626552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
LSP: %SystemRoot%\system32\vsocklib.dll
Trusted Zone: mnmgo.com\true
TCP: DhcpNameServer = 192.168.1.1
DPF: {173D9E48-B527-4AA0-A929-30B446002AA8} - hxxp://216.229.75.194:5000/DVRemoteAx.cab
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://dell.com/support/troubleshooting/Content/Ode/pcd86.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-12462183.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\windows\sysWOW64\SDIOAssist.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\users\Ricks-Laptop\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
.
**************************************************************************
.
Completion time: 2013-01-02 11:43:32 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-02 17:43
ComboFix2.txt 2012-12-22 07:19
ComboFix3.txt 2012-12-22 05:36
ComboFix4.txt 2012-12-22 05:17
ComboFix5.txt 2013-01-02 17:30
.
Pre-Run: 462,549,929,984 bytes free
Post-Run: 462,898,044,928 bytes free
.
- - End Of File - - 7376E44019E859C682B86260760A1D31

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:40 PM

Posted 02 January 2013 - 01:00 PM

Hi Rick,

Great, thanks for the information.

We need to look at your Master Boot Record (MBR) before Windows has a chance to load up. Some of the more sophisticated malware uses the Windows boot up process to hide itself. We want to take a snapshot before it gets a chance to do that. If you run into problems completing this, which is fairly common, don't try to battle it too much. We have other options.

Please do this for me.


===================================================


xPUD MBR Report Using USB Device

--------------------

Start this from a clean computer. You will need a USB drive with no less than 64 mb of space.

  • Insert your USB drive. Caution: The next step will remove all information from your USB device.
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Download xPUD 0.9.2 iso, saving the file to your Desktop. (please allow a few seconds for the download window to appear)
  • Download UNetbootin and save it to your Desktop as well. (please allow a few seconds for the download window to appear)
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded.
  • Press Run
  • Select the Diskimage Option then click the Browse Button located on the right side of the textbox field.


    Posted Image

  • Browse to and double click the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot, instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Right click this dumpit link, select "save link/target as", and save the file directly to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Use the arrow down key on your keyboard to highlight USB, the press Enter
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • Click on sdb1 (sdb1 represents the USB drive). If it is not there remove the USB device for 5 seconds then reinsert.
  • Double click on the Dumpit file
  • A black window will pop-up and it will dump and zip the MBR to your USB drive.
  • Press Enter to exit the black window.
  • Click on Home tab and choose Power Off to turn off xPUD.
  • Remove the USB drive and insert it back on your working computer.
  • Locate the mbr.zip file in your USB drive and attach it when you reply.

===================================================


Things I would like to see in your next reply. :thumbsup2:

  • mbr.zip

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 rickdweaver

rickdweaver
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 03 January 2013 - 01:53 AM

Sorry but I was unable to do this. The only thumb drive I have is has small partition with some proprietary software on it and I can overwrite it. I try to complete this on the larger partition but it wouldn't boot? You mentioned another way?

#11 rickdweaver

rickdweaver
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 03 January 2013 - 02:24 AM

FYI... For whatever reason my notebook will not reboot normally. It wants to run a system repair and if I let it it doesn't find a solution. If I F8 the OS and choose "last known good configuration" it does come up but the video drivers are absent and I have reset the video resolution. It does "reload" the several drivers but and seems to work properly but if I reboot again it does the same thing... It trys to startup and then tells me there is a problems with the boot area of the drive and suggests a "system repair". Only if I F8 it and choose "last knows good Config" does it come up now and I have to reset the video resolution and it automatically installs several drivers (ie. PCI, Video maybe sound etc). I really didn't do anything but try to boot to the USB Drive I ran those commands on. It appeared to boot into a "linux" area when I tried so I just got out of it and then this started happening? This is getting very wierd. Any suggestions. I went into system restore to look at restore points and there is only one from 10:00am on Jan 2 which was done automatically. Also very wierd. I've copied all my files out to the cloud for safe keeping until we get this resolved including all the drivers for the pc in case we get hosed and have to re-load the OS... Hopefully thats not the case but I'll wait to hear from you.

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:40 PM

Posted 03 January 2013 - 09:18 AM

Hi Rick,

I've copied all my files out to the cloud for safe keeping until we get this resolved

Hopefully we will be able to resolve this without reformat/reinstall but this was excellent thinking on your part. :thumbsup: These types of symptoms are common and don't often indicate an unrecoverable condition. We have lots of ways and lots of tools in our bag to do battle with.

Let's try to do this first before we continue on the xPUD path. See if you can complete the following.


===================================================


Farbar's Recovery Scan Tool

--------------------

For this step you will need a USB flash drive and start on a clean computer.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC and we will enter the System Recovery Options one of the two following ways:

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
Once you are in the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in Notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select Computer and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • FRST.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 rickdweaver

rickdweaver
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 03 January 2013 - 01:14 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-12-2012
Ran by SYSTEM at 03-01-2013 12:07:21
Running from G:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet004

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2011-09-16] (LogMeIn, Inc.)
HKLM\...\Run: [DFEPApplication] C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7078424 2012-05-08] (Dell Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [6492672 2011-01-18] (Dell Inc.)
HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [626552 2012-03-20] (Alps Electric Co., Ltd.)
HKLM\...\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start [312936 2011-06-05] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet [1692264 2011-05-04] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [298376 2012-09-28] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [112408 2011-08-08] (Intel Corporation)
HKLM-x32\...\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart [3739648 2007-01-01] (Google)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [462993 2010-03-12] (Creative Technology Ltd)
HKLM-x32\...\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1059472 2012-02-03] (Carbonite, Inc.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [41944 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [640480 2012-07-30] (Adobe Systems Inc.)
HKU\Ricks-Laptop\...\Run: [PCShowServer] "C:\Users\Ricks-Laptop\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" [525240 2012-10-15] (NDS Technologies)
HKU\Ricks-Laptop\...\Run: [LogMeIn Cubby] "C:\Users\Ricks-Laptop\AppData\Roaming\cubby\cubby.exe" -hidden [4640720 2012-12-14] (LogMeIn, Inc.)
HKU\Ricks-Laptop\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59280 2012-11-28] (Apple Inc.)
HKU\Ricks-Laptop\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [16070136 2012-11-08] (Google)
HKU\Ricks-Laptop\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd)
HKU\Ricks-Laptop\...\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59280 2012-11-28] (Apple Inc.)
HKU\Ricks-Laptop\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59280 2012-11-28] (Apple Inc.)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 192.168.1.1
AppInit_DLLs: C:\Windows\System32\nvinitx.dll C:\Windows\System32\nvinitx.dll
Startup: C:\Users\Default\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\LogMeInRemoteUser\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Ricks-Laptop\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Ricks-Laptop\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Ricks-Laptop\Start Menu\Programs\Startup\subit.bat ()
Startup: C:\Users\Teri\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)

==================== Services (Whitelisted) ===================

2 DFEPService; "C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe" [2279960 2012-05-08] (Dell Inc.)
2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [375728 2012-11-12] (LogMeIn, Inc.)
2 LMIMaint; "C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe" [147888 2012-11-12] (LogMeIn, Inc.)
2 LogMeIn; "C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe" [407424 2011-09-16] (LogMeIn, Inc.)
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)
2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] ()
2 tcsd_win32.exe; "C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe" [1637888 2011-10-08] ()
2 ZDManager Service; "C:\Program Files (x86)\ZD Systems\ZD Manager\ZDManagerService.exe" /run [176640 2012-11-07] ()

==================== Drivers (Whitelisted) =====================

1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-08-21] (DT Soft Ltd)
3 HBtnKey; C:\Windows\System32\Drivers\HBtnKey.sys [20424 2011-07-19] (Dell Inc.)
3 hitmanpro37; C:\Windows\System32\Drivers\hitmanpro37.sys [32152 2012-12-22] ()
2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2011-09-16] (LogMeIn, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
1 nvkflt; C:\Windows\System32\Drivers\nvkflt.sys [284008 2012-10-08] (NVIDIA Corporation)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [867064 2012-02-27] (Duplex Secure Ltd.)
2 VMparport; C:\Windows\System32\Drivers\VMparport.sys [31344 2012-01-18] (VMware, Inc.)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
4 LMIRfsClientNP; [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-01-03 12:07 - 2013-01-03 12:07 - 00000000 ____D C:\FRST
2013-01-02 23:35 - 2013-01-03 10:01 - 00000000 ____D C:\Users\All Users\NVIDIA
2013-01-02 23:33 - 2011-06-05 07:22 - 20465256 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2013-01-02 23:33 - 2011-06-05 07:22 - 18580072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2013-01-02 23:33 - 2011-06-05 07:22 - 15051368 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-01-02 23:33 - 2011-06-05 07:22 - 13076328 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2013-01-02 23:33 - 2011-06-05 07:22 - 13011560 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-01-02 23:33 - 2011-06-05 07:22 - 12842600 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2013-01-02 23:33 - 2011-06-05 07:22 - 10061416 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-01-02 23:33 - 2011-06-05 07:22 - 08106088 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2013-01-02 23:33 - 2011-06-05 07:22 - 06597736 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2013-01-02 23:33 - 2011-06-05 07:22 - 06029928 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-01-02 23:33 - 2011-06-05 07:22 - 04936808 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-01-02 23:33 - 2011-06-05 07:22 - 03182184 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2013-01-02 23:33 - 2011-06-05 07:22 - 02954856 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-01-02 23:33 - 2011-06-05 07:22 - 02871400 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2013-01-02 23:33 - 2011-06-05 07:22 - 02579560 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-01-02 23:33 - 2011-06-05 07:22 - 02207336 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2013-01-02 23:33 - 2011-06-05 07:22 - 01970280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-01-02 23:33 - 2011-06-05 07:22 - 00067176 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2013-01-02 23:33 - 2011-06-05 07:22 - 00057960 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2013-01-02 23:08 - 2013-01-02 23:08 - 00285960 ____A C:\Windows\Minidump\010313-25927-01.dmp
2013-01-02 23:02 - 2013-01-02 23:34 - 00000000 ____D C:\Windows\LastGood
2013-01-02 22:58 - 2013-01-02 22:58 - 00285960 ____A C:\Windows\Minidump\010313-25303-01.dmp
2013-01-02 22:55 - 2013-01-03 10:01 - 00002652 ____A C:\Windows\PFRO.log
2013-01-02 16:47 - 2013-01-02 23:07 - 365842633 ____A C:\Windows\MEMORY.DMP
2013-01-02 16:47 - 2013-01-02 16:47 - 00285960 ____A C:\Windows\Minidump\010213-25911-01.dmp
2013-01-02 16:15 - 2013-01-02 18:25 - 00000000 ____D C:\Users\Ricks-Laptop\Desktop\Bleeping Computer
2013-01-02 13:25 - 2013-01-02 18:26 - 00000000 ____D C:\Program Files\VuePrint
2013-01-02 13:19 - 2013-01-02 13:19 - 00110424 ____A C:\Users\Ricks-Laptop\AppData\Local\GDIPFONTCACHEV1.DAT
2013-01-02 09:43 - 2013-01-02 09:43 - 00038001 ____A C:\ComboFix.txt
2012-12-30 03:01 - 2012-12-30 03:03 - 00419672 ____A C:\Windows\System32\FNTCACHE.DAT
2012-12-29 20:29 - 2013-01-01 13:13 - 00001118 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-12-26 23:16 - 2012-12-26 23:16 - 03896461 ____A C:\Users\Ricks-Laptop\Downloads\GoGirlfr.wmv
2012-12-22 23:59 - 2012-12-22 23:59 - 00000000 ____D C:\Users\Teri\AppData\Roaming\Malwarebytes
2012-12-22 23:00 - 2013-01-03 10:01 - 00001196 ____A C:\Windows\setupact.log
2012-12-22 23:00 - 2012-12-22 23:00 - 00000000 ____A C:\Windows\setuperr.log
2012-12-22 21:53 - 2012-12-22 21:53 - 00000085 ____A C:\Users\Teri\AppData\Local\ZDManager.ini
2012-12-22 21:50 - 2012-12-23 00:01 - 00000238 ____A C:\Users\Teri\Desktop\Teri Apple Account Info.txt
2012-12-22 21:38 - 2012-12-22 21:38 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-22 21:36 - 2012-12-23 00:06 - 00000000 ____D C:\Users\Teri\AppData\Roaming\Apple Computer
2012-12-22 21:36 - 2012-12-22 21:52 - 00000000 ____D C:\Users\Teri\AppData\Roaming\Adobe
2012-12-22 21:36 - 2012-12-22 21:36 - 00110424 ____A C:\Users\Teri\AppData\Local\GDIPFONTCACHEV1.DAT
2012-12-22 21:36 - 2012-12-22 21:36 - 00000000 ____D C:\Users\Teri\AppData\Roaming\Macromedia
2012-12-22 21:36 - 2012-12-22 21:36 - 00000000 ____D C:\Users\Teri\AppData\Roaming\Creative
2012-12-22 21:36 - 2012-12-22 21:36 - 00000000 ____D C:\Users\Teri\AppData\Local\LogMeIn
2012-12-22 21:36 - 2012-12-22 21:36 - 00000000 ____D C:\Users\Teri\AppData\Local\Apple Computer
2012-12-22 21:36 - 2012-12-22 21:36 - 00000000 ____D C:\Users\Teri\AppData\Local\Adobe
2012-12-22 21:35 - 2013-01-02 18:26 - 00000000 ____D C:\users\Teri
2012-12-22 21:35 - 2012-12-22 21:36 - 00000000 ____D C:\Users\Teri\AppData\Local\Google
2012-12-22 21:35 - 2012-12-22 21:35 - 00032152 ____A C:\Windows\System32\Drivers\hitmanpro37.sys
2012-12-22 21:35 - 2012-12-22 21:35 - 00000020 __ASH C:\Users\Teri\ntuser.ini
2012-12-22 21:35 - 2012-09-24 22:50 - 00000000 ____D C:\Users\Teri\AppData\LocalGoogle
2012-12-22 21:35 - 2012-04-12 00:02 - 00000000 ____D C:\Users\Teri\AppData\Local\Microsoft Help
2012-12-22 21:32 - 2012-12-22 21:32 - 00000171 ____A C:\Users\Ricks-Laptop\Desktop\Restore iPhone.url
2012-12-22 01:42 - 2012-12-14 14:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-12-22 01:00 - 2012-12-16 09:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-22 01:00 - 2012-12-16 06:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-22 01:00 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-12-22 01:00 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-12-22 00:50 - 2013-01-01 13:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-22 00:42 - 2012-12-22 00:43 - 13485902 ____A C:\Users\Ricks-Laptop\Downloads\mbar-1.01.0.1011.zip
2012-12-21 23:57 - 2012-12-21 23:59 - 00000205 ____A C:\Users\Ricks-Laptop\Desktop\Bleeping Comp Forum.url
2012-12-21 23:20 - 2012-12-21 23:45 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-12-21 21:40 - 2013-01-02 16:54 - 00000085 ____A C:\Users\Ricks-Laptop\AppData\Local\ZDManager.ini
2012-12-21 21:16 - 2013-01-03 10:03 - 01465868 ____A C:\Windows\WindowsUpdate.log
2012-12-21 19:06 - 2012-12-21 19:06 - 00040514 ____A C:\ComboFix 12 21-12.txt
2012-12-21 18:41 - 2012-12-21 18:41 - 05012825 ____A (Swearware) C:\Users\Ricks-Laptop\Downloads\ComboFix.exe
2012-12-21 18:37 - 2012-12-26 22:08 - 00000000 ____D C:\Users\All Users\ZDManagerService
2012-12-21 18:37 - 2012-12-21 18:37 - 00000000 ____D C:\Program Files (x86)\ZD Systems
2012-12-20 21:56 - 2012-12-20 22:24 - 00000000 ____D C:\Users\Ricks-Laptop\Desktop\Jess
2012-12-20 17:16 - 2009-09-04 15:29 - 01892184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2012-12-20 17:14 - 2012-12-20 17:22 - 00000000 ____D C:\Program Files (x86)\Winamp
2012-12-20 17:14 - 2012-12-20 17:14 - 00000000 ____D C:\Users\Ricks-Laptop\AppData\Roaming\OpenCandy
2012-12-20 11:57 - 2012-12-20 11:57 - 00001024 ____A C:\Granny's Bathwater - 18th Amendment - 1974.cue
2012-12-20 11:57 - 2012-12-20 11:57 - 00000450 ____A C:\Granny's Bathwater - 18th Amendment - 1974.cdt
2012-12-20 11:48 - 2012-12-20 11:57 - 629439888 ____A C:\Granny's Bathwater - 18th Amendment - 1974.bin
2012-12-18 22:58 - 2012-12-18 22:58 - 00000143 ____A C:\Users\Ricks-Laptop\Desktop\Granny's Bathwater with Carmine Delligatti.url
2012-12-14 16:47 - 2012-12-14 16:47 - 00000000 ____D C:\Program Files\iTunes
2012-12-14 16:47 - 2012-12-14 16:47 - 00000000 ____D C:\Program Files\iPod
2012-12-14 16:47 - 2012-12-14 16:47 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-12-13 13:17 - 2012-12-13 13:17 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-12-13 13:17 - 2012-12-13 13:17 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-12-13 13:17 - 2012-12-13 13:17 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-12-13 13:17 - 2012-12-13 13:17 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-12-13 10:36 - 2013-01-03 10:02 - 00000000 ___RD C:\Users\Ricks-Laptop\My Stuff
2012-12-13 10:31 - 2013-01-03 10:02 - 00000000 ___RD C:\Users\Ricks-Laptop\My Cubby
2012-12-13 10:31 - 2013-01-02 23:39 - 00000000 ____D C:\Users\Ricks-Laptop\AppData\Roaming\cubby
2012-12-13 10:31 - 2012-12-13 10:31 - 00001769 ____A C:\Users\Ricks-Laptop\Desktop\Cubby.lnk
2012-12-13 07:34 - 2012-12-13 07:34 - 00027463 ____A C:\Users\Ricks-Laptop\Downloads\Quote_639651631.html
2012-12-13 01:02 - 2012-11-13 23:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-12-13 01:02 - 2012-11-13 22:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-12-13 01:02 - 2012-11-13 22:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-12-13 01:02 - 2012-11-13 22:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-12-13 01:02 - 2012-11-13 22:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-12-13 01:02 - 2012-11-13 22:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-12-13 01:02 - 2012-11-13 22:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-12-13 01:02 - 2012-11-13 21:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-12-13 01:02 - 2012-11-13 21:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-12-13 01:02 - 2012-11-13 21:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-12-13 01:02 - 2012-11-13 21:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-12-13 01:02 - 2012-11-13 21:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-12-13 01:02 - 2012-11-13 21:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-12-13 01:02 - 2012-11-13 21:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-12-13 01:02 - 2012-11-13 21:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-12-13 01:02 - 2012-11-13 21:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-12-13 01:02 - 2012-11-13 18:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-12-13 01:02 - 2012-11-13 18:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-12-13 01:02 - 2012-11-13 18:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-12-13 01:02 - 2012-11-13 17:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-12-13 01:02 - 2012-11-13 17:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-12-13 01:02 - 2012-11-13 17:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-12-13 01:02 - 2012-11-13 17:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-12-13 01:02 - 2012-11-13 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-12-13 01:02 - 2012-11-13 17:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-12-13 01:02 - 2012-11-13 17:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-12-13 01:02 - 2012-11-13 17:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-12-13 01:02 - 2012-11-13 17:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-12-13 01:02 - 2012-11-13 17:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-12-13 01:02 - 2012-11-13 17:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-12-13 01:02 - 2012-11-13 17:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-12-13 01:02 - 2012-11-13 17:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-12-12 19:35 - 2012-12-12 19:38 - 00000049 ____A C:\restore_tmb.bat
2012-12-12 18:50 - 2012-12-12 18:50 - 00037705 ____A C:\ComboFix - 12-12-12.txt
2012-12-12 16:01 - 2012-11-21 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-12-12 16:01 - 2012-11-08 21:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-12-12 16:01 - 2012-11-08 20:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-12-12 16:00 - 2012-11-01 21:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2012-12-12 16:00 - 2012-11-01 21:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2012-12-12 16:00 - 2012-10-04 09:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-12-12 16:00 - 2012-10-04 09:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-12-12 16:00 - 2012-10-04 09:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-12-12 16:00 - 2012-10-04 09:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-12-12 16:00 - 2012-10-04 09:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-12-12 16:00 - 2012-10-04 09:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-12-12 16:00 - 2012-10-04 09:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-12-12 16:00 - 2012-10-04 09:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 09:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 08:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-12-12 16:00 - 2012-10-04 08:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-12-12 16:00 - 2012-10-04 08:47 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-12-12 16:00 - 2012-10-04 08:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 08:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 07:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-12-12 16:00 - 2012-10-04 06:46 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-12-12 16:00 - 2012-10-04 06:46 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-12-12 16:00 - 2012-10-04 06:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-12-12 16:00 - 2012-10-04 06:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-12-12 16:00 - 2012-10-04 06:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 06:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 06:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-12-12 16:00 - 2012-10-04 06:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-12-09 16:01 - 2012-12-13 19:33 - 00000865 ____A C:\Users\Ricks-Laptop\Desktop\New Text Document (2).txt
2012-12-07 18:59 - 2012-12-07 19:15 - 00000000 ____D C:\Program Files (x86)\LeapFrog
2012-12-07 18:59 - 2012-12-07 18:59 - 00000000 ____D C:\Users\All Users\Leapfrog
2012-12-04 17:53 - 2012-12-04 17:52 - 00218216 ____A (Cisco WebEx LLC) C:\Windows\SysWOW64\atsckernel.exe
2012-12-04 17:53 - 2012-12-04 17:52 - 00135272 ____A (Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
2012-12-04 17:52 - 2012-12-04 19:24 - 00000000 ____D C:\Users\All Users\WebEx

==================== One Month Modified Files and Folders =======

2013-01-03 12:07 - 2013-01-03 12:07 - 00000000 ____D C:\FRST
2013-01-03 10:03 - 2012-12-21 21:16 - 01465868 ____A C:\Windows\WindowsUpdate.log
2013-01-03 10:02 - 2012-12-13 10:36 - 00000000 ___RD C:\Users\Ricks-Laptop\My Stuff
2013-01-03 10:02 - 2012-12-13 10:31 - 00000000 ___RD C:\Users\Ricks-Laptop\My Cubby
2013-01-03 10:02 - 2012-08-21 07:36 - 00000000 ___SD C:\Users\Ricks-Laptop\Google Drive
2013-01-03 10:02 - 2012-02-27 12:56 - 00000000 ___RD C:\Users\Ricks-Laptop\Dropbox
2013-01-03 10:02 - 2012-02-27 12:55 - 00000000 ____D C:\Users\Ricks-Laptop\AppData\Roaming\Dropbox
2013-01-03 10:01 - 2013-01-02 23:35 - 00000000 ____D C:\Users\All Users\NVIDIA
2013-01-03 10:01 - 2013-01-02 22:55 - 00002652 ____A C:\Windows\PFRO.log
2013-01-03 10:01 - 2012-12-22 23:00 - 00001196 ____A C:\Windows\setupact.log
2013-01-03 10:01 - 2012-02-28 14:28 - 00000000 ____D C:\Users\All Users\VMware
2013-01-03 10:01 - 2012-02-27 17:42 - 00000906 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-01-03 10:01 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-01-03 09:33 - 2012-04-16 07:47 - 00003214 ____A C:\Users\Ricks-Laptop\Desktop\New Text Document.txt
2013-01-03 09:27 - 2012-02-27 10:46 - 00000936 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957982405-1193651691-2118451127-1001UA.job
2013-01-03 09:14 - 2012-04-12 07:23 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-01-03 09:12 - 2012-02-27 17:42 - 00000910 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-01-03 02:41 - 2012-02-27 22:23 - 00000428 ____A C:\Windows\Tasks\Defraggler Volume C Task.job
2013-01-02 23:39 - 2012-12-13 10:31 - 00000000 ____D C:\Users\Ricks-Laptop\AppData\Roaming\cubby
2013-01-02 23:34 - 2013-01-02 23:02 - 00000000 ____D C:\Windows\LastGood
2013-01-02 23:34 - 2012-02-22 01:14 - 00000000 ____D C:\Users\All Users\NVIDIA Corporation
2013-01-02 23:34 - 2012-02-22 01:14 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-01-02 23:34 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help
2013-01-02 23:33 - 2012-02-22 01:14 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-01-02 23:21 - 2009-07-13 20:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-01-02 23:21 - 2009-07-13 20:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-01-02 23:08 - 2013-01-02 23:08 - 00285960 ____A C:\Windows\Minidump\010313-25927-01.dmp
2013-01-02 23:08 - 2012-02-27 22:53 - 00000000 ____D C:\Windows\Minidump
2013-01-02 23:07 - 2013-01-02 16:47 - 365842633 ____A C:\Windows\MEMORY.DMP
2013-01-02 22:58 - 2013-01-02 22:58 - 00285960 ____A C:\Windows\Minidump\010313-25303-01.dmp
2013-01-02 22:55 - 2012-02-27 11:54 - 00000000 ____D C:\Users\All Users\LogMeIn
2013-01-02 21:27 - 2012-02-27 10:46 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957982405-1193651691-2118451127-1001Core.job
2013-01-02 18:26 - 2013-01-02 13:25 - 00000000 ____D C:\Program Files\VuePrint
2013-01-02 18:26 - 2012-12-22 21:35 - 00000000 ____D C:\users\Teri
2013-01-02 18:26 - 2012-05-22 05:16 - 00000000 ____D C:\Windows\ERDNT
2013-01-02 18:26 - 2012-02-28 06:15 - 00000000 ____D C:\Users\All Users\FLEXnet
2013-01-02 18:25 - 2013-01-02 16:15 - 00000000 ____D C:\Users\Ricks-Laptop\Desktop\Bleeping Computer
2013-01-02 18:25 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-01-02 18:24 - 2012-05-22 05:16 - 00000000 ____D C:\Qoobox
2013-01-02 16:54 - 2012-12-21 21:40 - 00000085 ____A C:\Users\Ricks-Laptop\AppData\Local\ZDManager.ini
2013-01-02 16:48 - 2012-02-27 10:28 - 00000000 ____D C:\users\Ricks-Laptop
2013-01-02 16:47 - 2013-01-02 16:47 - 00285960 ____A C:\Windows\Minidump\010213-25911-01.dmp
2013-01-02 13:44 - 2012-10-06 16:47 - 00000000 ____D C:\Users\Ricks-Laptop\AppData\Local\CrashDumps
2013-01-02 13:19 - 2013-01-02 13:19 - 00110424 ____A C:\Users\Ricks-Laptop\AppData\Local\GDIPFONTCACHEV1.DAT
2013-01-02 09:43 - 2013-01-02 09:43 - 00038001 ____A C:\ComboFix.txt
2013-01-01 13:13 - 2012-12-29 20:29 - 00001118 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-01-01 13:13 - 2012-12-22 00:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-30 03:03 - 2012-12-30 03:01 - 00419672 ____A C:\Windows\System32\FNTCACHE.DAT
2012-12-26 23:47 - 2012-03-17 18:28 - 00000194 ____A C:\Windows\vuepro32.ini
2012-12-26 23:16 - 2012-12-26 23:16 - 03896461 ____A C:\Users\Ricks-Laptop\Downloads\GoGirlfr.wmv
2012-12-26 22:16 - 2012-02-27 12:56 - 00001049 ____A C:\Users\Ricks-Laptop\Desktop\Dropbox.lnk
2012-12-26 22:08 - 2012-12-21 18:37 - 00000000 ____D C:\Users\All Users\ZDManagerService
2012-12-23 00:06 - 2012-12-22 21:36 - 00000000 ____D C:\Users\Teri\AppData\Roaming\Apple Computer
2012-12-23 00:01 - 2012-12-22 21:50 - 00000238 ____A C:\Users\Teri\Desktop\Teri Apple Account Info.txt
2012-12-22 23:59 - 2012-12-22 23:59 - 00000000 ____D C:\Users\Teri\AppData\Roaming\Malwarebytes
2012-12-22 23:00 - 2012-12-22 23:00 - 00000000 ____A C:\Windows\setuperr.log
2012-12-22 21:53 - 2012-12-22 21:53 - 00000085 ____A C:\Users\Teri\AppData\Local\ZDManager.ini
2012-12-22 21:52 - 2012-12-22 21:36 - 00000000 ____D C:\Users\Teri\AppData\Roaming\Adobe
2012-12-22 21:38 - 2012-12-22 21:38 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-22 21:36 - 2012-12-22 21:36 - 00110424 ____A C:\Users\Teri\AppData\Local\GDIPFONTCACHEV1.DAT
2012-12-22 21:36 - 2012-12-22 21:36 - 00000000 ____D C:\Users\Teri\AppData\Roaming\Macromedia
2012-12-22 21:36 - 2012-12-22 21:36 - 00000000 ____D C:\Users\Teri\AppData\Roaming\Creative
2012-12-22 21:36 - 2012-12-22 21:36 - 00000000 ____D C:\Users\Teri\AppData\Local\LogMeIn
2012-12-22 21:36 - 2012-12-22 21:36 - 00000000 ____D C:\Users\Teri\AppData\Local\Apple Computer
2012-12-22 21:36 - 2012-12-22 21:36 - 00000000 ____D C:\Users\Teri\AppData\Local\Adobe
2012-12-22 21:36 - 2012-12-22 21:35 - 00000000 ____D C:\Users\Teri\AppData\Local\Google
2012-12-22 21:35 - 2012-12-22 21:35 - 00032152 ____A C:\Windows\System32\Drivers\hitmanpro37.sys
2012-12-22 21:35 - 2012-12-22 21:35 - 00000020 __ASH C:\Users\Teri\ntuser.ini
2012-12-22 21:32 - 2012-12-22 21:32 - 00000171 ____A C:\Users\Ricks-Laptop\Desktop\Restore iPhone.url
2012-12-22 00:43 - 2012-12-22 00:42 - 13485902 ____A C:\Users\Ricks-Laptop\Downloads\mbar-1.01.0.1011.zip
2012-12-21 23:59 - 2012-12-21 23:57 - 00000205 ____A C:\Users\Ricks-Laptop\Desktop\Bleeping Comp Forum.url
2012-12-21 23:45 - 2012-12-21 23:20 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-12-21 23:14 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-12-21 21:52 - 2012-02-27 14:38 - 00005658 ____A C:\Users\Ricks-Laptop\Desktop\Misc stuff.txt
2012-12-21 21:39 - 2009-07-13 21:08 - 00024226 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-12-21 21:17 - 2012-08-02 08:45 - 00000000 ____D C:\Windows\pss
2012-12-21 19:06 - 2012-12-21 19:06 - 00040514 ____A C:\ComboFix 12 21-12.txt
2012-12-21 18:41 - 2012-12-21 18:41 - 05012825 ____A (Swearware) C:\Users\Ricks-Laptop\Downloads\ComboFix.exe
2012-12-21 18:37 - 2012-12-21 18:37 - 00000000 ____D C:\Program Files (x86)\ZD Systems
2012-12-21 18:28 - 2012-05-04 08:30 - 00000000 ____D C:\Program Files (x86)\Citrix
2012-12-20 22:24 - 2012-12-20 21:56 - 00000000 ____D C:\Users\Ricks-Laptop\Desktop\Jess
2012-12-20 17:22 - 2012-12-20 17:14 - 00000000 ____D C:\Program Files (x86)\Winamp
2012-12-20 17:14 - 2012-12-20 17:14 - 00000000 ____D C:\Users\Ricks-Laptop\AppData\Roaming\OpenCandy
2012-12-20 17:05 - 2012-04-11 20:55 - 00000000 ____D C:\Users\Ricks-Laptop\AppData\Roaming\Audacity
2012-12-20 15:27 - 2012-02-28 07:13 - 00000000 ____D C:\Users\Ricks-Laptop\AppData\Roaming\vlc
2012-12-20 11:57 - 2012-12-20 11:57 - 00001024 ____A C:\Granny's Bathwater - 18th Amendment - 1974.cue
2012-12-20 11:57 - 2012-12-20 11:57 - 00000450 ____A C:\Granny's Bathwater - 18th Amendment - 1974.cdt
2012-12-20 11:57 - 2012-12-20 11:48 - 629439888 ____A C:\Granny's Bathwater - 18th Amendment - 1974.bin
2012-12-20 06:58 - 2012-02-27 16:22 - 67413224 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-12-18 22:58 - 2012-12-18 22:58 - 00000143 ____A C:\Users\Ricks-Laptop\Desktop\Granny's Bathwater with Carmine Delligatti.url
2012-12-16 09:11 - 2012-12-22 01:00 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-16 06:45 - 2012-12-22 01:00 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-16 06:13 - 2012-12-22 01:00 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-12-16 06:13 - 2012-12-22 01:00 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-12-14 16:47 - 2012-12-14 16:47 - 00000000 ____D C:\Program Files\iTunes
2012-12-14 16:47 - 2012-12-14 16:47 - 00000000 ____D C:\Program Files\iPod
2012-12-14 16:47 - 2012-12-14 16:47 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-12-14 16:47 - 2012-10-26 16:33 - 00001788 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-12-14 14:49 - 2012-12-22 01:42 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-12-14 14:31 - 2009-07-13 21:13 - 00787154 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-13 19:33 - 2012-12-09 16:01 - 00000865 ____A C:\Users\Ricks-Laptop\Desktop\New Text Document (2).txt
2012-12-13 17:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-12-13 13:18 - 2012-02-27 16:59 - 00000000 ____D C:\Users\Ricks-Laptop\AppData\Roaming\DAEMON Tools Lite
2012-12-13 13:17 - 2012-12-13 13:17 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-12-13 13:17 - 2012-12-13 13:17 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-12-13 13:17 - 2012-12-13 13:17 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-12-13 13:17 - 2012-12-13 13:17 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-12-13 13:17 - 2012-02-27 10:56 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2012-12-13 13:17 - 2012-02-21 23:36 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-12-13 13:15 - 2012-04-12 07:23 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-12-13 13:15 - 2012-02-27 14:46 - 00000000 ____D C:\Users\All Users\Adobe
2012-12-13 13:15 - 2012-02-21 23:23 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-12-13 10:40 - 2012-11-22 23:31 - 00000000 ____D C:\Users\Ricks-Laptop\AppData\Roaming\Download Manager
2012-12-13 10:31 - 2012-12-13 10:31 - 00001769 ____A C:\Users\Ricks-Laptop\Desktop\Cubby.lnk
2012-12-13 07:34 - 2012-12-13 07:34 - 00027463 ____A C:\Users\Ricks-Laptop\Downloads\Quote_639651631.html
2012-12-13 03:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-12-13 01:07 - 2012-02-27 17:03 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-12-12 19:38 - 2012-12-12 19:35 - 00000049 ____A C:\restore_tmb.bat
2012-12-12 18:50 - 2012-12-12 18:50 - 00037705 ____A C:\ComboFix - 12-12-12.txt
2012-12-08 00:17 - 2012-11-20 22:13 - 00000219 ____A C:\Users\Ricks-Laptop\Desktop\DNS Setup 1.url
2012-12-07 19:15 - 2012-12-07 18:59 - 00000000 ____D C:\Program Files (x86)\LeapFrog
2012-12-07 18:59 - 2012-12-07 18:59 - 00000000 ____D C:\Users\All Users\Leapfrog
2012-12-04 20:24 - 2012-02-27 10:43 - 00000000 ____D C:\Utils
2012-12-04 19:24 - 2012-12-04 17:52 - 00000000 ____D C:\Users\All Users\WebEx
2012-12-04 17:52 - 2012-12-04 17:53 - 00218216 ____A (Cisco WebEx LLC) C:\Windows\SysWOW64\atsckernel.exe
2012-12-04 17:52 - 2012-12-04 17:53 - 00135272 ____A (Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 8149.02 MB
Available physical RAM: 7306.55 MB
Total Pagefile: 8147.21 MB
Available Pagefile: 7293.87 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (Drive) (Fixed) (Total:687.3 GB) (Free:419.35 GB) NTFS
3 Drive f: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
4 Drive g: () (Removable) (Total:3.8 GB) (Free:3.8 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (RECOVERY) (Fixed) (Total:11.3 GB) (Free:4.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 3072 KB
Disk 1 Online 3913 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 11 GB 40 MB
Partition 3 Primary 687 GB 11 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 FAT Partition 39 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y RECOVERY NTFS Partition 11 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C Drive NTFS Partition 687 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3898 MB 17 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 3898 MB Healthy

=========================================================

Last Boot: 2012-12-26 22:08

==================== End Of Log =============================

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:40 PM

Posted 03 January 2013 - 01:45 PM

Hi Rick,

Thank you for the information. What I would like you to do is go through the process again so you are booted into Normal Mode. While there please do the following.


===================================================


Run sfc /scannow from Elevated Command

--------------------

  • Click Start and Type cmd
  • Right click on Posted Image and select Posted Image
  • If you are prompted for an administrator password or for a confirmation, type the password, or click Allow
  • Type the following at the Command Prompt and press Enter

    • sfc /scannow
  • Upon completion, if you are notified corrupted files were found and repaired please do the following
  • Navigate to the following location, zip the file and attach it to your response

    C:\Windows\Logs\CBS\CBS.log
  • If sfc /scannow detected corrupted files please reboot your computer to see if you notice any difference

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • CBS.log (if present)
  • Did you boot properly?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 rickdweaver

rickdweaver
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 03 January 2013 - 02:13 PM

Yes it did boot properly after I reinstalled the video drivers. SFC did not find any corrupt files so there is no log.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users