ComboFix 12-08-13.01 - Becky 08/14/2012 18:26:44.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2138 [GMT -5:00] Running from: C:\Users\Becky\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Users\Becky\AppData\Local\Temp\libsqlitejdbc-7438075731227625271.lib C:\Users\Becky\AppData\Local\Temp\swt-gdip-win32-3448.dll C:\Users\Becky\AppData\Local\Temp\swt-win32-3448.dll C:\Users\Becky\AppData\Local\Temp\WindowsAPI.dll1872670950511303562.lib ---- Previous Run ------- C:\Users\Becky\AppData\Local\Temp\libsqlitejdbc-1793624134218640462.lib C:\Users\Becky\AppData\Local\Temp\swt-gdip-win32-3448.dll C:\Users\Becky\AppData\Local\Temp\swt-win32-3448.dll C:\Users\Becky\AppData\Local\Temp\WindowsAPI.dll7805677073704264177.lib C:\Windows\SysWow64\URTTemp\regtlib.exe C:\Windows\TEMP\{396CC58F-F7FD-4375-A0B2-1614E50D05B6}\fpb.tmp C:\Windows\TEMP\{BB6F57CD-12B6-4E38-A7DC-554A4176CCCC}\InstallFlashPlayer.exe C:\Windows\TEMP\FP_AX_CAB_INSTALLER.exe -- Previous Run -- Infected copy of C:\Windows\system32\Services.exe was found and disinfected Restored copy from - C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe -------- ((((((((((((((((((((((((( Files Created from 2012-07-14 to 2012-08-14 ))))))))))))))))))))))))))))))) 2012-08-14 23:35:31 . 2012-08-14 23:35:31 -------- d-----w- C:\Users\Default\AppData\Local\temp 2012-08-13 23:24:54 . 2012-08-13 23:24:54 -------- d-----w- C:\_OTL 2012-08-12 00:01:15 . 2012-08-12 00:01:15 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-08-09 13:36:13 . 2012-08-09 13:36:13 -------- d-----w- C:\Users\Becky\AppData\Roaming\Malwarebytes 2012-08-09 13:36:02 . 2012-08-09 13:36:02 -------- d-----w- C:\ProgramData\Malwarebytes 2012-08-09 13:36:01 . 2012-08-09 13:36:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-08-09 13:36:01 . 2012-07-03 18:46:44 24904 ----a-w- C:\Windows\system32\drivers\mbam.sys 2012-08-08 12:05:13 . 2012-07-03 16:21:52 54072 ----a-w- C:\Windows\system32\drivers\aswRdr2.sys 2012-07-16 11:54:47 . 2012-07-16 11:54:47 -------- d-----w- C:\Windows\SysWow64\Adobe 2012-07-16 02:14:04 . 2012-07-22 19:54:29 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-16 02:14:04 . 2012-07-22 19:54:29 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2012-07-14 20:34:28 . 2011-10-27 13:06:50 59701280 ----a-w- C:\Windows\system32\MRT.exe 2012-07-03 16:21:52 . 2011-05-03 20:26:54 355856 ----a-w- C:\Windows\system32\drivers\aswSP.sys 2012-07-03 16:21:52 . 2011-05-03 20:26:49 958400 ----a-w- C:\Windows\system32\drivers\aswSnx.sys 2012-07-03 16:21:52 . 2011-05-03 20:26:49 59728 ----a-w- C:\Windows\system32\drivers\aswTdi.sys 2012-07-03 16:21:52 . 2011-05-03 20:26:47 71064 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys 2012-07-03 16:21:51 . 2011-05-03 20:26:54 25232 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys 2012-07-03 16:21:32 . 2011-05-03 20:26:39 41224 ----a-w- C:\Windows\avastSS.scr 2012-07-03 16:21:28 . 2011-05-03 20:26:39 227648 ----a-w- C:\Windows\SysWow64\aswBoot.exe 2012-07-03 16:21:18 . 2011-05-03 20:26:47 285328 ----a-w- C:\Windows\system32\aswBoot.exe 2012-06-12 03:08:36 . 2012-07-14 20:37:58 3148800 ----a-w- C:\Windows\system32\win32k.sys 2012-06-09 05:43:10 . 2012-07-10 20:18:45 14172672 ----a-w- C:\Windows\system32\shell32.dll 2012-06-06 13:49:03 . 2011-12-05 16:00:00 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2012-06-06 06:06:16 . 2012-07-10 20:18:52 2004480 ----a-w- C:\Windows\system32\msxml6.dll 2012-06-06 06:06:16 . 2012-07-10 20:18:51 1881600 ----a-w- C:\Windows\system32\msxml3.dll 2012-06-06 06:02:54 . 2012-07-10 20:18:35 1133568 ----a-w- C:\Windows\system32\cdosys.dll 2012-06-06 05:05:52 . 2012-07-10 20:18:51 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 . 2012-07-10 20:18:51 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-06 05:03:06 . 2012-07-10 20:18:35 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-06-02 22:19:46 . 2012-06-21 12:30:52 38424 ----a-w- C:\Windows\system32\wups.dll 2012-06-02 22:19:43 . 2012-06-21 12:31:27 2428952 ----a-w- C:\Windows\system32\wuaueng.dll 2012-06-02 22:19:42 . 2012-06-21 12:31:27 57880 ----a-w- C:\Windows\system32\wuauclt.exe 2012-06-02 22:19:42 . 2012-06-21 12:31:27 44056 ----a-w- C:\Windows\system32\wups2.dll 2012-06-02 22:19:23 . 2012-06-21 12:30:52 701976 ----a-w- C:\Windows\system32\wuapi.dll 2012-06-02 22:15:31 . 2012-06-21 12:31:27 2622464 ----a-w- C:\Windows\system32\wucltux.dll 2012-06-02 22:15:08 . 2012-06-21 12:30:52 99840 ----a-w- C:\Windows\system32\wudriver.dll 2012-06-02 20:19:42 . 2012-06-21 12:30:26 186752 ----a-w- C:\Windows\system32\wuwebv.dll 2012-06-02 20:15:12 . 2012-06-21 12:30:26 36864 ----a-w- C:\Windows\system32\wuapp.exe 2012-06-02 05:50:10 . 2012-07-10 20:18:39 458704 ----a-w- C:\Windows\system32\drivers\cng.sys 2012-06-02 05:48:16 . 2012-07-10 20:18:39 95600 ----a-w- C:\Windows\system32\drivers\ksecdd.sys 2012-06-02 05:48:16 . 2012-07-10 20:18:39 151920 ----a-w- C:\Windows\system32\drivers\ksecpkg.sys 2012-06-02 05:45:31 . 2012-07-10 20:18:39 340992 ----a-w- C:\Windows\system32\schannel.dll 2012-06-02 05:44:21 . 2012-07-10 20:18:39 307200 ----a-w- C:\Windows\system32\ncrypt.dll 2012-06-02 04:40:42 . 2012-07-10 20:18:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 . 2012-07-10 20:18:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:39:10 . 2012-07-10 20:18:39 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 . 2012-07-10 20:18:39 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-05-22 01:32:51 . 2010-10-20 05:56:58 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll ((((((((((((((((((((((((((((( SnapShot@2012-08-14_01.35.38 ))))))))))))))))))))))))))))))))))))))))) - 2012-08-11 23:59:55 . 2012-08-14 01:28:04 65536 C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2012-08-11 23:59:55 . 2012-08-14 23:36:48 65536 C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54:17 . 2012-08-14 01:28:04 49152 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54:17 . 2012-08-14 23:36:48 49152 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-10-20 05:41:43 . 2012-08-14 11:57:46 51682 C:\Windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10:35 . 2012-08-14 14:45:46 40938 C:\Windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-05-03 20:00:11 . 2012-08-14 14:45:46 14662 C:\Windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-349544032-3572062138-3487510370-1001_UserData.bin - 2011-05-03 20:43:57 . 2012-08-14 01:30:45 16384 C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-05-03 20:43:57 . 2012-08-14 14:46:32 16384 C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-05-03 20:43:57 . 2012-08-14 01:30:45 32768 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-05-03 20:43:57 . 2012-08-14 14:46:32 32768 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-05-03 20:43:57 . 2012-08-14 14:46:32 16384 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-05-03 20:43:57 . 2012-08-14 01:30:45 16384 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-05-03 20:01:35 . 2012-08-14 22:59:34 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-05-03 20:01:35 . 2012-08-14 01:30:46 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-05-03 20:01:35 . 2012-08-14 01:30:46 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-05-03 20:01:35 . 2012-08-14 22:59:34 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2012-08-14 01:27:46 . 2012-08-14 01:27:46 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-08-14 23:36:32 . 2012-08-14 23:36:32 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-08-14 23:36:32 . 2012-08-14 23:36:32 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-08-14 01:27:46 . 2012-08-14 01:27:46 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-05-03 23:09:21 . 2012-08-14 23:20:20 322858 C:\Windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2009-07-14 02:36:59 . 2012-08-14 23:22:01 633180 C:\Windows\system32\perfh009.dat - 2009-07-14 02:36:59 . 2012-08-14 01:10:52 633180 C:\Windows\system32\perfh009.dat + 2009-07-14 02:36:59 . 2012-08-14 23:22:01 110782 C:\Windows\system32\perfc009.dat - 2009-07-14 02:36:59 . 2012-08-14 01:10:52 110782 C:\Windows\system32\perfc009.dat - 2009-07-14 05:01:48 . 2012-08-14 01:27:10 824414 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01:48 . 2012-08-14 23:35:57 824414 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 04:54:17 . 2012-08-14 23:36:48 1048576 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54:17 . 2012-08-14 01:28:04 1048576 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ZumoDrive"="C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2011-05-04 18:33:13 2080] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Norton Online Backup"="C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 22:33:10 1155928] "avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2012-07-03 16:21:30 4273976] "MaxMenuMgr"="C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 19:35:10 185640] "HP Quick Launch"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 20:20:36 586296] "ZumoDrive"="C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2011-05-04 18:33:13 2080] "FUFAXSTM"="C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 05:00:00 847872] "EEventManager"="C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 15:12:12 976320] "LTCM Client"="C:\Program Files (x86)\LTCM Client\ltcmClient.exe" [2009-08-05 17:36:18 1596096] "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 07:37:53 843712] "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 02:28:32 59240] "HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 01:55:54 49208] "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 19:02:04 254696] "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2012-04-19 01:56:22 421888] "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-06-06 13:49:04 296056] "Malwarebytes' Anti-Malware"="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 18:46:44 462920] C:\Users\Becky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Event Reminder.lnk - C:\Program Files (x86)\The Print Shop 23.1\Remind.exe [2010-6-21 344064] Snapfish PictureMover.lnk - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-28 1040952] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 19:27:14 138576] R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-06 13:48:17 136176] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 23:10:28 86072] R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 21:33:00 103992] R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 22:24:12 315392] R3 BTMCOM;Bluetooth Serial Port;C:\Windows\system32\Drivers\btmcom.sys [2010-06-30 19:02:30 52736] R3 BTMHID;BTMHID;C:\Windows\system32\DRIVERS\btmhid.sys [2010-06-30 19:02:34 34176] R3 BTMUSB;Motorola Bluetooth Radio Service;C:\Windows\system32\Drivers\btmusb.sys [2010-08-25 02:34:20 479616] R3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-06 13:48:17 136176] R3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 20:17:02 113120] R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 20:35:28 5434368] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys [2010-05-07 19:19:58 245792] R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 21:01:11 292864] R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 21:01:11 1485312] R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 21:01:11 740864] R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 11:07:05 59392] R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2011-05-05 02:36:14 1255736] R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 00:39:20 23040] R3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys [2009-07-14 00:35:37 25088] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys [2009-06-10 20:35:33 389120] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 00:07:22 59904] S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 22:07:14 759048] S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 13:10:42 63928] S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 02:14:26 98208] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys [2012-07-03 16:21:52 71064] S2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files\Motorola\Bluetooth\obexsrv.exe [2010-07-16 21:08:06 679176] S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 05:00:00 166400] S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 05:00:00 128512] S2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-05-01 19:35:54 181544] S2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 02:51:08 291896] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 22:07:50 94264] S2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 20:20:34 26680] S2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 23:53:00 13672] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 18:46:44 655944] S2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 08:02:22 399344] S2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 04:01:32 2320920] S3 Bluetooth Device Manager;Bluetooth Device Manager;C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe [2010-07-27 01:32:22 4150536] S3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files\Motorola\Bluetooth\audiosrv.exe [2010-07-15 19:22:50 1188616] S3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys [2010-09-29 06:55:54 31088] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-03-24 08:40:44 1028096] S3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 20:54:54 56344] S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys [2011-05-04 18:32:58 158976] S3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-03-05 19:57:18 271872] S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [2012-07-03 18:46:44 24904] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys [2010-11-05 01:57:54 1041760] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-03-23 01:57:20 347680] Contents of the 'Scheduled Tasks' folder 2012-08-14 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-06 13:48:22 . 2012-06-06 13:48:17] 2012-08-14 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-06 13:48:22 . 2012-06-06 13:48:17] 2012-07-29 C:\Windows\Tasks\HPCeeScheduleForBECKY-HP$.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15:40 . 2010-09-14 05:15:40] 2012-08-09 C:\Windows\Tasks\HPCeeScheduleForBecky.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15:40 . 2010-09-14 05:15:40] --------- X64 Entries ----------- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-07-03 16:21:16 133400 ----a-w- C:\Program Files\AVAST Software\Avast\ashShA64.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter] @="{D25B32FE-CB96-491A-98FF-AD59DA382D69}" [HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}] 2010-09-23 04:53:46 2210304 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter] @="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}" [HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}] 2010-09-23 04:53:46 2210304 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter] @="{B3C78E40-6B64-47C3-AE34-60B770881EB8}" [HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}] 2010-09-23 04:53:46 2210304 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter] @="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}" [HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}] 2010-09-23 04:53:46 2210304 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter] @="{855156F0-2A0F-11DE-8C30-0800200C9A66}" [HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}] 2010-09-23 04:53:46 2210304 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-09-22 00:37:08 6489704] "BTMTrayAgent"="C:\Program Files\Motorola\Bluetooth\btmshell.dll" [2010-09-11 01:50:28 21681928] "HPWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 21:33:00 8192] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2010-08-26 00:45:04 161304] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2010-08-26 00:44:54 386584] "Persistence"="C:\Windows\system32\igfxpers.exe" [2010-08-26 00:45:00 415256] "EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 11:25:44 1612880] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0