Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Rootkit issue: sirefef

Started by wtibard , May 28 2012 05:50 PM

This topic is locked

#1
wtibard

Posted 28 May 2012 - 05:50 PM

Member

Member
13 posts

I have run a number of malware removal programs with a great amount of success at removing everything except a rootkit called sirefef HO and a trojan dropper called sirefef FQ. I am told (by Avast at least) that access is denied to taking action on these files. Also, every time I run a thorough scan and then restart the computer my computer fails to restart and needs to be returned to a restore point previous to the malware removal scan. I'm not sure what to do next. Please help. thanks.

The following additional information might be helpful or not.
I am using Windows 7 Home edition. I originally had Google search redirections that led me to believe I had an infection. I normally run and use Superantispyware and Malwarebytes but both eventually came back clean after removing minor threats and the redirection continued. I then ran MSEssentials which led to my computer crashing. AVG would not run.Finally, I ran Avast which determined the name of the rootkit but did not remain stable after a reboot. currently my firewall will not work (I keep getting error messages) and my computer refuses to start up normally without returning to a restore point. Below is the OTL log:

OTL logfile created on: 5/28/2012 8:57:07 PM - Run 2
OTL by OldTimer - Version 3.2.43.2 Folder = C:\Users\Josh and Lydia\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 58.51% Memory free
7.93 Gb Paging File | 6.34 Gb Available in Paging File | 79.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.11 Gb Total Space | 152.67 Gb Free Space | 33.84% Space Free | Partition Type: NTFS

Computer Name: JOSHANDLYDIA-PC | User Name: Josh and Lydia | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Josh and Lydia\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)

========== Modules (No Company Name) ==========

MOD - \\.\globalroot\systemroot\syswow64\mswsock.dll ()
MOD - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll ()
MOD - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll ()

========== Win32 Services (SafeList) ==========

Edited by wtibard, 28 May 2012 - 07:06 PM.

#2
JSntgRvr

Posted 28 May 2012 - 08:28 PM

Global Moderator

Global Moderator
11,579 posts

Hi and

The log is incomplete, please run OTL post it again.

Create a Windows 7 System Repair Disc

Note: the below can only be done if your machine has a a type of CD/R or DVD/R optical drive installed. Also depending on the exact type of OEM your machine has you may be unable to actually create a SRD.

Click on Start(Windows 7 Orb) >> Run...(or the Windows key and R together) to bring up the Run box, then copy/paste the following command into the box and click on OK:

recdisc.exe
Allow the UAC(User Account Control) prompt via selecting Yes.
You should now see a menu like the below:-

Put a blank rewritable CD/DVD in your optical(CD/DVD) drive and then click on Create disc.
Note: If a AutoPlay window pops up, just close it.
When the SRD has been created you will see the below:-

Now click on Close >> OK. Leave the disc in the drive as we will be using it shortly.
You now have a Windows 7 System Repair Disc.

#3
wtibard

Posted 29 May 2012 - 05:43 AM

Member

Topic Starter
Member
13 posts

I ran the log again, here it is below. Thanks. I will try and create the two disc you mentioned above.

OTL logfile created on: 5/29/2012 7:38:23 AM - Run 3
OTL by OldTimer - Version 3.2.43.2 Folder = C:\Users\Josh and Lydia\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.50 Gb Available Physical Memory | 62.94% Memory free
7.93 Gb Paging File | 6.49 Gb Available in Paging File | 81.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.11 Gb Total Space | 152.67 Gb Free Space | 33.84% Space Free | Partition Type: NTFS

Computer Name: JOSHANDLYDIA-PC | User Name: Josh and Lydia | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/28 18:16:24 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Josh and Lydia\Downloads\OTL.exe

========== Modules (No Company Name) ==========

MOD - [2010/11/20 08:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2007/06/15 14:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
MOD - [2007/06/01 21:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/11 19:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2009/12/07 20:16:34 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Stopped] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/09/08 10:44:16 | 000,008,704 | ---- | M] (Vodafone) [Auto | Stopped] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
SRV - [2010/07/28 14:39:22 | 001,156,440 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/04/02 21:34:12 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/09 23:20:36 | 000,096,896 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/06/15 21:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/03/31 06:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/08 04:23:18 | 000,235,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbwwan.sys -- (ZTEusbwwan)
DRV:64bit: - [2010/09/08 04:23:18 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV:64bit: - [2010/09/08 04:23:18 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2010/09/08 04:23:18 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2010/09/08 04:23:18 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2010/09/01 08:33:12 | 000,075,776 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vodafone_K3805-z_dc_enum.sys -- (vodafone_K3805-z_dc_enum)
DRV:64bit: - [2010/08/25 13:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/08/12 00:07:46 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/06/09 19:09:08 | 000,024,576 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FlyUsb.sys -- (FlyUsb)
DRV:64bit: - [2010/01/30 15:33:11 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
DRV:64bit: - [2009/10/15 05:23:19 | 000,117,760 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009/10/04 21:33:59 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/23 01:08:07 | 000,056,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009/08/21 02:48:17 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/08/18 07:06:36 | 000,011,776 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009/08/11 23:38:01 | 001,799,680 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009/08/06 17:24:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/20 05:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 21:18:06 | 000,281,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb) Brother MFC Serial Interface Driver(WDM)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/09 04:11:31 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/06/18 16:18:10 | 000,015,928 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby)
DRV:64bit: - [2009/06/10 16:41:10 | 000,015,360 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSIb.sys -- (BrUsbSIb) Brother MFC Serial USB Driver(WDM)
DRV:64bit: - [2009/06/10 16:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/13 13:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009/05/08 16:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2008/12/08 21:35:52 | 000,061,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2008/05/23 21:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2008/03/07 07:46:30 | 000,112,512 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010/01/28 17:46:44 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/01/28 17:46:42 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/02 21:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag....q={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag....q={searchTerms}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...search&AF=14542
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.co...erms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADRA_enUS484
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.2.9
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13
FF - prefs.js..keyword.URL: "http://search.icq.co...b_ver=1.2.9&q="
FF - prefs.js..network.proxy.ftp: ":0"
FF - prefs.js..network.proxy.gopher: ":0"
FF - prefs.js..network.proxy.http: ":0"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: ":0"
FF - prefs.js..network.proxy.ssl: ":0"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Josh and Lydia\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Josh and Lydia\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Josh and Lydia\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Josh and Lydia\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

[2011/02/08 09:37:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Josh and Lydia\AppData\Roaming\Mozilla\Extensions
[2011/02/08 09:37:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Josh and Lydia\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2012/05/28 20:24:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Josh and Lydia\AppData\Roaming\Mozilla\Firefox\Profiles\2cbmo09v.default\extensions
[2012/05/28 20:24:39 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Josh and Lydia\AppData\Roaming\Mozilla\Firefox\Profiles\2cbmo09v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012/05/15 18:01:24 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Josh and Lydia\AppData\Roaming\Mozilla\Firefox\Profiles\2cbmo09v.default\extensions\[email protected]
[2011/03/30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Josh and Lydia\AppData\Roaming\Mozilla\Firefox\Profiles\2cbmo09v.default\searchplugins\icqplugin.xml
[2012/05/28 20:23:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/28 20:23:06 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/28 20:23:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2012/05/28 20:23:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2012/05/28 20:23:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/05/04 06:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/04 01:53:56 | 000,182,160 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2011/10/06 18:59:33 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2011/10/06 18:59:33 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2011/10/06 18:59:33 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2011/10/06 18:59:33 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2011/10/06 18:59:33 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2011/10/06 18:59:33 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
[2011/10/06 18:59:33 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll

========== Chrome ==========

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Josh and Lydia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U21 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Reader Library (Enabled) = C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Babylon Chrome OCR = C:\Users\Josh and Lydia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\
CHR - Extension: avast! WebRep = C:\Users\Josh and Lydia\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Skype Click to Call = C:\Users\Josh and Lydia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\

Hosts file not found
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Google Update] C:\Users\Josh and Lydia\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Josh and Lydia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Josh and Lydia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Josh and Lydia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {2FF8D282-F78A-4A33-ABC2-49E72A341482} http://riteaid.store...eUpload1_10.CAB (SFImageUpload1_10.ImageUpload)
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective....torLauncher.cab (Keynote Connector Launcher 2)
O16 - DPF: {705EC6D4-B138-4079-A307-EF13E4889A82} https://vpn2.sra.com...ies/instweb.cab (CSD ActiveX Installer)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://srameeting.w...ex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: CabBuilder http://ak.imgag.com/...llerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80C9912D-A3B9-4796-97A8-30241B99A5F4}: NameServer = 196.207.36.251 196.207.36.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A42A0B7A-AEBA-43EE-8393-A2D9B7E8EE57}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4FF99CE-6B0F-4E75-AB37-397441F5785D}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{03c9580f-3cb6-11e0-9f75-e0cb4ea60c55}\Shell - "" = AutoRun
O33 - MountPoints2\{03c9580f-3cb6-11e0-9f75-e0cb4ea60c55}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{03c95812-3cb6-11e0-9f75-e0cb4ea60c55}\Shell - "" = AutoRun
O33 - MountPoints2\{03c95812-3cb6-11e0-9f75-e0cb4ea60c55}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{03c95818-3cb6-11e0-9f75-e0cb4ea60c55}\Shell - "" = AutoRun
O33 - MountPoints2\{03c95818-3cb6-11e0-9f75-e0cb4ea60c55}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{03c9581a-3cb6-11e0-9f75-e0cb4ea60c55}\Shell - "" = AutoRun
O33 - MountPoints2\{03c9581a-3cb6-11e0-9f75-e0cb4ea60c55}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{1dd4b61c-2ba0-11e0-9e59-e0cb4ea60c55}\Shell - "" = AutoRun
O33 - MountPoints2\{1dd4b61c-2ba0-11e0-9e59-e0cb4ea60c55}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1dd4b620-2ba0-11e0-9e59-e0cb4ea60c55}\Shell - "" = AutoRun
O33 - MountPoints2\{1dd4b620-2ba0-11e0-9e59-e0cb4ea60c55}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{1dd4b65d-2ba0-11e0-9e59-e0cb4ea60c55}\Shell - "" = AutoRun
O33 - MountPoints2\{1dd4b65d-2ba0-11e0-9e59-e0cb4ea60c55}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{5068b2cc-2e8d-11e0-90da-e0cb4ea60c55}\Shell - "" = AutoRun
O33 - MountPoints2\{5068b2cc-2e8d-11e0-90da-e0cb4ea60c55}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{5068b2cf-2e8d-11e0-90da-e0cb4ea60c55}\Shell - "" = AutoRun
O33 - MountPoints2\{5068b2cf-2e8d-11e0-90da-e0cb4ea60c55}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{5068b2ea-2e8d-11e0-90da-e0cb4ea60c55}\Shell - "" = AutoRun
O33 - MountPoints2\{5068b2ea-2e8d-11e0-90da-e0cb4ea60c55}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{5068b2ec-2e8d-11e0-90da-e0cb4ea60c55}\Shell - "" = AutoRun
O33 - MountPoints2\{5068b2ec-2e8d-11e0-90da-e0cb4ea60c55}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{5c27377e-3c6b-11e0-9e8f-e0cb4ea60c55}\Shell - "" = AutoRun
O33 - MountPoints2\{5c27377e-3c6b-11e0-9e8f-e0cb4ea60c55}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{5c273786-3c6b-11e0-9e8f-e0cb4ea60c55}\Shell - "" = AutoRun
O33 - MountPoints2\{5c273786-3c6b-11e0-9e8f-e0cb4ea60c55}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{7f754e1c-40f8-11e0-9218-e0cb4ea60c55}\Shell - "" = AutoRun
O33 - MountPoints2\{7f754e1c-40f8-11e0-9218-e0cb4ea60c55}\Shell\AutoRun\command - "" = D:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{7f754e41-40f8-11e0-9218-e0cb4ea60c55}\Shell - "" = AutoRun
O33 - MountPoints2\{7f754e41-40f8-11e0-9218-e0cb4ea60c55}\Shell\AutoRun\command - "" = D:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a8fe2da0-2e0f-11e0-9d7f-e0cb4ea60c55}\Shell - "" = AutoRun
O33 - MountPoints2\{a8fe2da0-2e0f-11e0-9d7f-e0cb4ea60c55}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{a8fe2dad-2e0f-11e0-9d7f-e0cb4ea60c55}\Shell - "" = AutoRun
O33 - MountPoints2\{a8fe2dad-2e0f-11e0-9d7f-e0cb4ea60c55}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{ba5cf029-40fc-11e0-bd1a-e0cb4ea60c55}\Shell - "" = AutoRun
O33 - MountPoints2\{ba5cf029-40fc-11e0-bd1a-e0cb4ea60c55}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{ba5cf034-40fc-11e0-bd1a-e0cb4ea60c55}\Shell - "" = AutoRun
O33 - MountPoints2\{ba5cf034-40fc-11e0-bd1a-e0cb4ea60c55}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{c27b18c2-4007-11df-9de6-e0cb4ea60c55}\Shell - "" = AutoRun
O33 - MountPoints2\{c27b18c2-4007-11df-9de6-e0cb4ea60c55}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup_vmb_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=consrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: helpsvc - C:\Windows\SysNative\helpsvc.dll (Oak Technology Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/28 18:10:33 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/28 18:09:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/05/28 18:09:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/05/28 17:34:09 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/05/28 17:34:09 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/05/28 17:19:26 | 000,000,000 | ---D | C] -- C:\Users\Josh and Lydia\AppData\Roaming\SpeedyPC Software
[2012/05/28 17:19:26 | 000,000,000 | ---D | C] -- C:\Users\Josh and Lydia\AppData\Roaming\DriverCure
[2012/05/28 17:19:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/05/23 20:13:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/05/23 20:13:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/05/23 19:36:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/05/23 19:36:20 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012/05/23 19:36:20 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/05/23 19:36:20 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/05/23 19:36:20 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/05/23 17:29:00 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/05/23 15:43:10 | 000,000,000 | ---D | C] -- C:\Users\Josh and Lydia\AppData\Roaming\AVG2012
[2012/05/23 15:41:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/05/22 21:14:41 | 000,000,000 | ---D | C] -- C:\Users\Josh and Lydia\AppData\Local\AVG Secure Search
[2012/05/22 21:14:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/05/22 21:14:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/05/22 21:14:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/05/22 21:13:40 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/05/22 21:13:40 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/05/22 21:12:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/05/22 21:07:43 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/05/19 07:52:05 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/05/19 07:52:05 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/05/19 07:52:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/05/19 07:52:05 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/05/19 07:52:05 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/05/19 07:52:04 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/05/19 07:52:04 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/05/18 09:15:14 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/05/18 09:15:14 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/05/17 21:02:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/05/17 20:36:53 | 000,000,000 | ---D | C] -- C:\1eabf5ff9f15662cf7967fd7f8ec1c
[2012/05/16 18:33:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/16 18:31:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/05/16 14:14:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7M
[2012/05/16 14:13:52 | 000,000,000 | ---D | C] -- C:\Users\Josh and Lydia\AppData\Roaming\ICQ
[2012/05/16 14:13:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7M
[2012/05/16 12:08:41 | 000,000,000 | ---D | C] -- C:\Users\Josh and Lydia\AppData\Roaming\Google
[2012/05/16 12:06:28 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/05/16 12:06:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012/05/16 12:05:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/05/16 11:33:23 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/05/16 11:32:51 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/05/16 11:32:50 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/16 11:32:49 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/05/15 14:30:09 | 000,000,000 | ---D | C] -- C:\Users\Josh and Lydia\AppData\Roaming\SUPERAntiSpyware.com
[2012/05/15 14:29:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/05/15 14:29:07 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/05/15 13:42:59 | 000,000,000 | ---D | C] -- C:\avrescue
[2012/05/15 11:47:52 | 000,000,000 | ---D | C] -- C:\Users\Josh and Lydia\AppData\Roaming\Avira
[2012/05/15 11:45:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2012/05/15 11:44:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/05/15 11:44:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012/05/10 07:30:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard
[2012/05/10 07:28:08 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2012/05/08 12:55:28 | 000,000,000 | ---D | C] -- C:\Users\Josh and Lydia\AppData\Roaming\Malwarebytes
[2012/05/08 12:55:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/08 12:55:25 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/08 12:55:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/08 12:55:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/07 21:00:18 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2012/05/04 20:42:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/05/04 20:42:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012/05/04 09:06:15 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/05/04 09:06:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/05/03 19:33:26 | 000,000,000 | ---D | C] -- C:\Users\Josh and Lydia\Documents\Photobook Designer Projects
[2012/05/03 19:33:26 | 000,000,000 | ---D | C] -- C:\Users\Josh and Lydia\AppData\Roaming\Photobook Designer
[2012/05/03 19:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photobook Designer
[2012/05/03 19:06:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Photobook Designer
[2012/05/03 06:18:46 | 000,000,000 | ---D | C] -- C:\Users\Josh and Lydia\AppData\Roaming\HpUpdate
[2012/05/03 06:18:41 | 000,778,088 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPM5912.dll
[2012/05/03 06:18:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012/05/03 06:17:36 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012/05/03 06:17:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2012/05/03 06:15:40 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012/05/03 06:13:44 | 000,000,000 | ---D | C] -- C:\Users\Josh and Lydia\AppData\Local\HP
[2012/05/02 18:21:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/05/02 18:20:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/05/02 18:20:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/05/02 18:20:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/05/02 14:23:09 | 000,000,000 | ---D | C] -- C:\Users\Josh and Lydia\AppData\Roaming\MyPublisher
[2012/05/02 14:23:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPublisher
[2010/08/27 08:00:32 | 011,099,662 | ---- | C] (http://www.ojosoft.com ) -- C:\Users\Josh and Lydia\AppData\Local\mkv-converter.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\Josh and Lydia\Desktop\*.tmp files -> C:\Users\Josh and Lydia\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/28 18:10:09 | 000,001,066 | ---- | M] () -- C:\Users\Josh and Lydia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/05/28 18:09:56 | 000,000,886 | ---- | M] () -- C:\Users\Josh and Lydia\Desktop\NTREGOPT.lnk
[2012/05/28 18:09:56 | 000,000,867 | ---- | M] () -- C:\Users\Josh and Lydia\Desktop\ERUNT.lnk
[2012/05/28 17:16:37 | 000,730,448 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/28 17:16:37 | 000,627,066 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/28 17:16:37 | 000,107,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/28 17:12:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/28 17:12:08 | 3193,765,888 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/28 17:01:27 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/28 17:01:27 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/28 16:53:48 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2012/05/28 16:53:45 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/23 20:07:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat(295).dat
[2012/05/23 19:49:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/23 19:38:05 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2593247150-68266997-1352798338-1001UA.job
[2012/05/23 19:36:05 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012/05/23 19:36:05 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/05/23 19:36:05 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/05/23 19:36:05 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/05/23 19:36:05 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/05/22 18:00:54 | 000,008,222 | ---- | M] () -- C:\Users\Josh and Lydia\Desktop\{DA8D3CEA-4A1C-4B5E-A09A-FB9E8DFF5087}.pdf
[2012/05/22 07:38:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2593247150-68266997-1352798338-1001Core.job
[2012/05/19 12:07:13 | 000,429,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/17 21:16:50 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
[2012/05/17 21:16:49 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
[2012/05/17 20:14:44 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/05/17 14:23:48 | 429,997,103 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/05/17 14:17:25 | 000,000,000 | -HS- | M] () -- C:\Windows\SysNative\dds_trash_log.cmd
[2012/05/17 14:15:30 | 000,050,000 | ---- | M] () -- C:\Windows\SysNative\drivers\jepphzzw.sys
[2012/05/17 13:58:13 | 000,748,034 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/05/16 18:38:15 | 000,002,276 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012/05/16 18:38:08 | 000,001,288 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012/05/16 14:14:31 | 000,001,775 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7M.lnk
[2012/05/16 12:06:04 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/05/08 11:16:18 | 000,002,048 | ---- | M] () -- C:\Users\Josh and Lydia\AppData\Roaming\Photobook Designer Prefs
[2012/05/08 10:28:29 | 000,074,003 | ---- | M] () -- C:\Users\Josh and Lydia\Desktop\standard-fingerprint-form-fd-258.pdf
[2012/05/04 09:06:15 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/05/04 09:06:15 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/05/03 19:07:24 | 000,002,013 | ---- | M] () -- C:\Users\Public\Desktop\Photobook Designer.lnk
[2012/05/03 06:18:40 | 000,002,166 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8600.lnk
[2012/05/03 06:18:40 | 000,001,860 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8600.lnk
[2012/05/03 06:15:27 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2012/05/02 14:42:47 | 262,779,211 | ---- | M] () -- C:\Users\Josh and Lydia\Documents\Knowing_God_mp3.zip
[2012/05/02 14:23:31 | 000,001,239 | ---- | M] () -- C:\Users\Josh and Lydia\Desktop\MyPublisher.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\Josh and Lydia\Desktop\*.tmp files -> C:\Users\Josh and Lydia\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/28 18:10:09 | 000,001,066 | ---- | C] () -- C:\Users\Josh and Lydia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/05/28 18:09:56 | 000,000,886 | ---- | C] () -- C:\Users\Josh and Lydia\Desktop\NTREGOPT.lnk
[2012/05/28 18:09:56 | 000,000,867 | ---- | C] () -- C:\Users\Josh and Lydia\Desktop\ERUNT.lnk
[2012/05/22 18:00:54 | 000,008,222 | ---- | C] () -- C:\Users\Josh and Lydia\Desktop\{DA8D3CEA-4A1C-4B5E-A09A-FB9E8DFF5087}.pdf
[2012/05/17 14:15:30 | 000,050,000 | ---- | C] () -- C:\Windows\SysNative\drivers\jepphzzw.sys
[2012/05/17 11:56:01 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/05/16 14:14:31 | 000,001,775 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7M.lnk
[2012/05/16 12:06:04 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/05/16 12:06:04 | 000,001,981 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/05/08 10:28:28 | 000,074,003 | ---- | C] () -- C:\Users\Josh and Lydia\Desktop\standard-fingerprint-form-fd-258.pdf
[2012/05/07 21:01:24 | 000,000,000 | -HS- | C] () -- C:\Windows\SysNative\dds_trash_log.cmd
[2012/05/03 19:33:36 | 000,002,048 | ---- | C] () -- C:\Users\Josh and Lydia\AppData\Roaming\Photobook Designer Prefs
[2012/05/03 19:06:53 | 000,002,013 | ---- | C] () -- C:\Users\Public\Desktop\Photobook Designer.lnk
[2012/05/03 06:18:57 | 000,000,962 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2012/05/03 06:18:40 | 000,002,166 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8600.lnk
[2012/05/03 06:18:40 | 000,001,860 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8600.lnk
[2012/05/03 06:15:27 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/05/02 14:38:43 | 262,779,211 | ---- | C] () -- C:\Users\Josh and Lydia\Documents\Knowing_God_mp3.zip
[2012/05/02 14:23:31 | 000,001,269 | ---- | C] () -- C:\Users\Josh and Lydia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPublisher.lnk
[2012/05/02 14:23:31 | 000,001,239 | ---- | C] () -- C:\Users\Josh and Lydia\Desktop\MyPublisher.lnk
[2012/01/26 10:15:36 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\Youruan_DVD to AVI Converter.dat
[2011/06/07 16:23:41 | 000,000,000 | ---- | C] () -- C:\Users\Josh and Lydia\AppData\Local\{600A1A9F-19E6-4C74-AE92-779974DCAEED}
[2011/02/25 13:36:18 | 000,748,034 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/31 07:06:48 | 000,003,584 | ---- | C] () -- C:\Users\Josh and Lydia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/08 05:07:40 | 000,159,464 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2010/08/25 13:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 13:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 13:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/06 13:25:27 | 000,004,096 | -H-- | C] () -- C:\Users\Josh and Lydia\AppData\Local\keyfile3.drm

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:C8710ECA
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:E0F39939
@Alternate Data Stream - 224 bytes -> C:\ProgramData\TEMP:FAB64002
@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:71612023
@Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:C22674B6
@Alternate Data Stream - 210 bytes -> C:\ProgramData\TEMP:F84B8DB5
@Alternate Data Stream - 196 bytes -> C:\ProgramData\TEMP:260575F1
@Alternate Data Stream - 191 bytes -> C:\ProgramData\TEMP:462A7C89
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:BF6C81B2
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:88A44CC1
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:4F7FE589
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:83BAA24B
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:8B4B9596
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:9491C9C7
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:E6C6EB3B
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:9BAC4211
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:C76CFF82
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:D3A89E47
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:5080697C
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:73AFBB96
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:041C0562
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:E91ADC66
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:6BFA43EB
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:109734F6
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:EC0A74A1
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:B1381B34
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:A7DA2BCD
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:5197985B
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:95970EA3
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:B1FBBD09
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:1ECED34B

< End of report >

#4
JSntgRvr

Posted 29 May 2012 - 09:26 AM

Global Moderator

Global Moderator
11,579 posts

The computer is infected with a backdoor Trojan known as ZeroAccess.

Backdoor Trojans are software programs that give an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge. Backdoor Trojan functionality allows unauthorized remote access to the infected computer while running in the background. A backdoor compromises system integrity by making changes to the system that allow it to be used by the attacker for malicious purposes unknown to the user.

If this computer is ever used for on-line banking, I suggest you do the following IMMEDIATELY:
Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.
Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information. Please refrain from using this computer for online-banking/financial purpose until we give it all clear

Please double-click OTL.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the quote below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O33 - MountPoints2\{03c9580f-3cb6-11e0-9f75-e0cb4ea60c55}\Shell - "" = AutoRun
O33 - MountPoints2\{03c9580f-3cb6-11e0-9f75-e0cb4ea60c55}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{03c95812-3cb6-11e0-9f75-e0cb4ea60c55}\Shell - "" = AutoRun
O33 - MountPoints2\{03c95812-3cb6-11e0-9f75-e0cb4ea60c55}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{03c95818-3cb6-11e0-9f75-e0cb4ea60c55}\Shell - "" = AutoRun
O33 - MountPoints2\{03c95818-3cb6-11e0-9f75-e0cb4ea60c55}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{03c9581a-3cb6-11e0-9f75-e0cb4ea60c55}\Shell - "" = AutoRun
O33 - MountPoints2\{03c9581a-3cb6-11e0-9f75-e0cb4ea60c55}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{1dd4b61c-2ba0-11e0-9e59-e0cb4ea60c55}\Shell - "" = AutoRun
O33 - MountPoints2\{1dd4b61c-2ba0-11e0-9e59-e0cb4ea60c55}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1dd4b620-2ba0-11e0-9e59-e0cb4ea60c55}\Shell - "" = AutoRun
O33 - MountPoints2\{1dd4b620-2ba0-11e0-9e59-e0cb4ea60c55}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{1dd4b65d-2ba0-11e0-9e59-e0cb4ea60c55}\Shell - "" = AutoRun
O33 - MountPoints2\{1dd4b65d-2ba0-11e0-9e59-e0cb4ea60c55}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{5068b2cc-2e8d-11e0-90da-e0cb4ea60c55}\Shell - "" = AutoRun
O33 - MountPoints2\{5068b2cc-2e8d-11e0-90da-e0cb4ea60c55}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{5068b2cf-2e8d-11e0-90da-e0cb4ea60c55}\Shell - "" = AutoRun
O33 - MountPoints2\{5068b2cf-2e8d-11e0-90da-e0cb4ea60c55}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{5068b2ea-2e8d-11e0-90da-e0cb4ea60c55}\Shell - "" = AutoRun
O33 - MountPoints2\{5068b2ea-2e8d-11e0-90da-e0cb4ea60c55}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{5068b2ec-2e8d-11e0-90da-e0cb4ea60c55}\Shell - "" = AutoRun
O33 - MountPoints2\{5068b2ec-2e8d-11e0-90da-e0cb4ea60c55}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{5c27377e-3c6b-11e0-9e8f-e0cb4ea60c55}\Shell - "" = AutoRun
O33 - MountPoints2\{5c27377e-3c6b-11e0-9e8f-e0cb4ea60c55}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{5c273786-3c6b-11e0-9e8f-e0cb4ea60c55}\Shell - "" = AutoRun
O33 - MountPoints2\{5c273786-3c6b-11e0-9e8f-e0cb4ea60c55}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{7f754e1c-40f8-11e0-9218-e0cb4ea60c55}\Shell - "" = AutoRun
O33 - MountPoints2\{7f754e1c-40f8-11e0-9218-e0cb4ea60c55}\Shell\AutoRun\command - "" = D:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{7f754e41-40f8-11e0-9218-e0cb4ea60c55}\Shell - "" = AutoRun
O33 - MountPoints2\{7f754e41-40f8-11e0-9218-e0cb4ea60c55}\Shell\AutoRun\command - "" = D:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a8fe2da0-2e0f-11e0-9d7f-e0cb4ea60c55}\Shell - "" = AutoRun
O33 - MountPoints2\{a8fe2da0-2e0f-11e0-9d7f-e0cb4ea60c55}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{a8fe2dad-2e0f-11e0-9d7f-e0cb4ea60c55}\Shell - "" = AutoRun
O33 - MountPoints2\{a8fe2dad-2e0f-11e0-9d7f-e0cb4ea60c55}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{ba5cf029-40fc-11e0-bd1a-e0cb4ea60c55}\Shell - "" = AutoRun
O33 - MountPoints2\{ba5cf029-40fc-11e0-bd1a-e0cb4ea60c55}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{ba5cf034-40fc-11e0-bd1a-e0cb4ea60c55}\Shell - "" = AutoRun
O33 - MountPoints2\{ba5cf034-40fc-11e0-bd1a-e0cb4ea60c55}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{c27b18c2-4007-11df-9de6-e0cb4ea60c55}\Shell - "" = AutoRun
O33 - MountPoints2\{c27b18c2-4007-11df-9de6-e0cb4ea60c55}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup_vmb_lite.exe /checkApplicationPresence
O38 - SubSystems\\Windows: (ServerDll=consrv:ConServerDllInitialization,2)
NetSvcs:64bit: helpsvc - C:\Windows\SysNative\helpsvc.dll (Oak Technology Inc.)
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:C8710ECA
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:E0F39939
@Alternate Data Stream - 224 bytes -> C:\ProgramData\TEMP:FAB64002
@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:71612023
@Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:C22674B6
@Alternate Data Stream - 210 bytes -> C:\ProgramData\TEMP:F84B8DB5
@Alternate Data Stream - 196 bytes -> C:\ProgramData\TEMP:260575F1
@Alternate Data Stream - 191 bytes -> C:\ProgramData\TEMP:462A7C89
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:BF6C81B2
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:88A44CC1
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:4F7FE589
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:83BAA24B
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:8B4B9596
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:9491C9C7
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:E6C6EB3B
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:9BAC4211
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:C76CFF82
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:D3A89E47
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:5080697C
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:73AFBB96
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:041C0562
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:E91ADC66
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:6BFA43EB
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:109734F6
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:EC0A74A1
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:B1381B34
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:A7DA2BCD
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:5197985B
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:95970EA3
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:B1FBBD09
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:1ECED34B

:Commands
[EMPTYTEMP]
[EMPTYJAVA]
[RESETHOSTS]
[REBOOT]
Return to OTL, right click in the "Custom Scans/Fixes" window and choose Paste.
Click the red Run Fix button.
The computer will restart
A report will be produced and saved in the C:\_OTL\MovedFiles folder. Open that report and post its contents in a reply.

Please re-run OTL and post the resulting report.

#5
wtibard

Posted 29 May 2012 - 03:18 PM

Member

Topic Starter
Member
13 posts

I ran the quote in OTL and then started the fix. My computer rebooted and then failed to start. It did eventually restore but without OTL and there was no log. What should I do next?

#6
JSntgRvr

Posted 29 May 2012 - 07:35 PM

Global Moderator

Global Moderator
11,579 posts

Re-run OTL and post the resulting report. Were you able to produce the Recovery CD?

#7
wtibard

Posted 29 May 2012 - 08:19 PM

Member

Topic Starter
Member
13 posts

scratch that....I cannot get the computer to restart. I did once, but a family member turned it off on me and now I can no longer get it to restart. I did make the recovery disc and it is in the optical drive, but I can't figure out how to access it.

#8
JSntgRvr

Posted 29 May 2012 - 09:35 PM

Global Moderator

Global Moderator
11,579 posts

Let try this application:

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Click on Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.

As an alternate to the Advanced Boot Options, you can use the Recovery CD you made. The computer must be set to boot from the CD drive. In some computers you need to tap F12 and choose to boot from the CD drive, in others is the Esc key. Please consult your computer's documentation.

#9
wtibard

Posted 30 May 2012 - 07:58 PM

Member

Topic Starter
Member
13 posts

Here is the scan result:

Scan result of Farbar Recovery Scan Tool Version: 29-05-2012 02
Ran by SYSTEM at 30-05-2012 21:38:16
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-29] (ELAN Microelectronic Corp.)
HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-08-31] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-08-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-08-25] (Intel Corporation)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-07-12] ()
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6998656 2009-10-26] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2009-08-19] (ASUS)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [2245120 2009-09-16] (VIA)
HKLM-x32\...\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd [x]
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [554328 2010-07-28] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM-x32\...\Run: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe [906648 2010-07-12] (Sony Corporation)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1230704 2011-03-21] ()
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [650080 2011-03-15] (Sony Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent [272384 2010-09-08] (Vodafone)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4241512 2012-03-06] (AVAST Software)
HKU\Josh and Lydia\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [x]
HKU\Josh and Lydia\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\Josh and Lydia\...\Run: [Google Update] "C:\Users\Josh and Lydia\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-03-20] (Google Inc.)
HKU\Josh and Lydia\...\Run: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN1B31R1WC05KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1 [2676584 2011-09-09] (Hewlett-Packard Co.)
HKU\Josh and Lydia\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4786048 2012-05-01] (SUPERAntiSpyware.com)
HKU\Josh and Lydia\...\Run: [ICQ] "C:\Program Files (x86)\ICQ7M\ICQ.exe" silent loginmode=4 [127040 2012-05-16] (ICQ, LLC.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{80C9912D-A3B9-4796-97A8-30241B99A5F4}: [NameServer]196.207.36.251 196.207.36.254
SubSystems: [Windows] ATTENTION! ====> ZeroAccess
Startup: C:\Users\All Users\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\Users\All Users\Start Menu\Programs\Startup\SRS Premium Sound.lnk
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)
Startup: C:\Users\Josh and Lydia\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
2 ASLDRService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS)
2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-11-09] (ASUS)
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44768 2012-03-06] (AVAST Software)
2 McciCMService; "C:\Program Files (x86)\Common Files\Motive\McciCMService.exe" [319488 2010-01-28] (Alcatel-Lucent)
2 McciCMService64; "C:\Program Files\Common Files\Motive\McciCMService.exe" [517632 2010-02-02] (Alcatel-Lucent)
3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [64856 2009-02-26] (Microsoft Corporation)
3 Sony SCSI Helper Service; "C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe" [73728 2010-04-02] (Sony Corporation)
2 VmbService; "C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe" [8704 2010-09-08] (Vodafone)
2 superproserver; C:\Windows\System32\mbr.dll [x]

========================== Drivers (Whitelisted) =============

2 ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [15416 2009-07-02] (ASUS)
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [24408 2012-03-06] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [69976 2012-03-06] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [53080 2012-03-06] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [819032 2012-03-06] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [337240 2012-03-06] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59224 2012-03-06] (AVAST Software)
3 FlyUsb; C:\Windows\System32\Drivers\FlyUsb.sys [24576 2010-06-09] (LeapFrog)
3 grmnusb; C:\Windows\System32\Drivers\grmnusb.sys [20520 2009-05-08] (GARMIN Corp.)
3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [112512 2008-03-07] (Huawei Technologies Co., Ltd.)
3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )
0 lullaby; C:\Windows\System32\Drivers\lullaby.sys [15928 2009-06-18] (Windows ® Win 7 DDK provider)
3 massfilter; C:\Windows\System32\Drivers\massfilter.sys [11776 2009-08-18] (ZTE Incorporated)
3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2010-01-28] (Printing Communications Assoc., Inc. (PCAUSA))
3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2010-01-28] (Printing Communications Assoc., Inc. (PCAUSA))
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 SNP2UVC; C:\Windows\System32\Drivers\SNP2UVC.sys [1799680 2009-08-11] ()
3 vodafone_K3805-z_dc_enum; C:\Windows\System32\Drivers\vodafone_K3805-z_dc_enum.sys [75776 2010-09-01] (Vodafone)
3 ZTEusbmdm6k; C:\Windows\System32\Drivers\ZTEusbmdm6k.sys [121344 2010-09-08] (ZTE Incorporated)
3 ZTEusbnmea; C:\Windows\System32\Drivers\ZTEusbnmea.sys [121344 2010-09-08] (ZTE Incorporated)
3 ZTEusbser6k; C:\Windows\System32\Drivers\ZTEusbser6k.sys [121344 2010-09-08] (ZTE Incorporated)
3 ZTEusbvoice; C:\Windows\System32\Drivers\ZTEusbvoice.sys [121344 2010-09-08] (ZTE Incorporated)
3 ZTEusbwwan; C:\Windows\System32\Drivers\ZTEusbwwan.sys [235520 2010-09-08] (ZTE Incorporated)
3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [x]
3 huawei_enumerator; C:\Windows\System32\DRIVERS\ew_jubusenum.sys [x]
3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]
3 tmlwf; [x]
3 tmwfp; [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: qcmerced
NETSVC: passthru
NETSVC: cpqvcagent
NETSVC: s217bus
NETSVC: dcstor32
NETSVC: superproserver

============ One Month Created Files and Folders ==============

2012-05-29 09:37 - 2012-05-29 09:37 - 0000000 ____D C:\_OTL
2012-05-28 16:56 - 2012-05-28 16:56 - 0000248 ____A C:\Users\Josh and Lydia\Desktop\comic.txt
2012-05-28 14:21 - 2012-05-28 14:21 - 0078470 ____A C:\Users\Josh and Lydia\Downloads\Extras.Txt
2012-05-28 14:20 - 2012-05-29 03:40 - 0159936 ____A C:\Users\Josh and Lydia\Downloads\OTL.Txt
2012-05-28 14:10 - 2012-05-28 14:10 - 0000000 ____D C:\Windows\ERDNT
2012-05-28 14:09 - 2012-05-29 13:56 - 0000000 ____D C:\Program Files (x86)\ERUNT
2012-05-28 13:34 - 2012-05-28 14:25 - 0000000 ____D C:\sh4ldr
2012-05-28 13:34 - 2012-05-28 13:34 - 0000000 ____D C:\Program Files\Enigma Software Group
2012-05-28 13:19 - 2012-05-28 14:29 - 0000000 ____D C:\Users\All Users\SpeedyPC Software
2012-05-28 13:19 - 2012-05-28 13:19 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Roaming\SpeedyPC Software
2012-05-28 13:19 - 2012-05-28 13:19 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Roaming\DriverCure
2012-05-23 16:14 - 2012-05-23 16:14 - 0001843 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-05-23 16:14 - 2012-05-23 16:14 - 0000000 ____A C:\Windows\SysWOW64\config.nt
2012-05-23 16:14 - 2012-03-06 15:15 - 0258520 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-05-23 16:14 - 2012-03-06 15:04 - 0819032 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-05-23 16:14 - 2012-03-06 15:04 - 0337240 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-05-23 16:14 - 2012-03-06 15:02 - 0053080 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-05-23 16:14 - 2012-03-06 15:01 - 0069976 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-05-23 16:14 - 2012-03-06 15:01 - 0059224 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-05-23 16:14 - 2012-03-06 15:01 - 0024408 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-05-23 16:13 - 2012-05-29 16:24 - 0000000 ____D C:\Users\All Users\AVAST Software
2012-05-23 16:13 - 2012-05-29 16:24 - 0000000 ____D C:\Program Files\AVAST Software
2012-05-23 16:13 - 2012-03-06 15:15 - 0201352 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-05-23 16:13 - 2012-03-06 15:15 - 0041184 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-05-23 15:36 - 2012-05-23 15:36 - 0476960 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-05-23 15:36 - 2012-05-23 15:36 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-05-23 15:36 - 2012-05-23 15:36 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-05-23 15:36 - 2012-05-23 15:36 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-05-23 11:43 - 2012-05-28 15:55 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Roaming\AVG2012
2012-05-23 11:41 - 2012-05-28 15:55 - 0000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-05-22 17:14 - 2012-05-25 12:20 - 0000000 ____D C:\Users\All Users\AVG Secure Search
2012-05-22 17:14 - 2012-05-22 17:14 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Local\AVG Secure Search
2012-05-22 17:13 - 2012-05-28 15:55 - 0000000 ____D C:\Users\All Users\AVG2012
2012-05-22 17:13 - 2012-05-22 17:13 - 0000000 ___HD C:\$AVG
2012-05-22 17:12 - 2012-05-25 12:18 - 0000000 ____D C:\Program Files (x86)\AVG
2012-05-22 17:07 - 2012-05-29 16:30 - 0000000 ____D C:\Users\All Users\MFAData
2012-05-22 14:00 - 2012-05-22 14:00 - 0008222 ____A C:\Users\Josh and Lydia\Desktop\{DA8D3CEA-4A1C-4B5E-A09A-FB9E8DFF5087}.pdf
2012-05-19 03:52 - 2012-02-27 22:39 - 1494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-19 03:52 - 2012-02-27 22:39 - 1188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-19 03:52 - 2012-02-27 22:39 - 0134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-19 03:52 - 2012-02-27 22:36 - 9020928 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-19 03:52 - 2012-02-27 22:36 - 9020928 ____A (Microsoft Corporation) C:\Windows\System32\mshtml(312).dll
2012-05-19 03:52 - 2012-02-27 22:36 - 0702464 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-05-19 03:52 - 2012-02-27 22:36 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-19 03:52 - 2012-02-27 22:35 - 2453504 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-19 03:52 - 2012-02-27 22:35 - 12264448 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-19 03:52 - 2012-02-27 22:35 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-19 03:52 - 2012-02-27 22:35 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-19 03:52 - 2012-02-27 21:38 - 1231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-19 03:52 - 2012-02-27 21:38 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-19 03:52 - 2012-02-27 21:38 - 0132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-19 03:52 - 2012-02-27 21:35 - 5998080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-19 03:52 - 2012-02-27 21:35 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-05-19 03:52 - 2012-02-27 21:35 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds(317).dll
2012-05-19 03:52 - 2012-02-27 21:35 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-19 03:52 - 2012-02-27 21:34 - 2073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-19 03:52 - 2012-02-27 21:34 - 10992640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-19 03:52 - 2012-02-27 21:34 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-19 03:52 - 2012-02-27 21:34 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-19 03:52 - 2012-02-27 20:31 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-19 03:52 - 2012-02-27 19:52 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-18 07:27 - 2012-05-18 09:10 - 0021535 ____A C:\Users\Josh and Lydia\Documents\Website Favorites.docx
2012-05-18 05:15 - 2012-01-24 22:38 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-05-18 05:15 - 2012-01-24 22:38 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-05-17 17:02 - 2012-05-29 16:27 - 0000000 ____D C:\Windows\System32\SPReview
2012-05-17 16:36 - 2012-05-17 17:01 - 0000000 ____D C:\1eabf5ff9f15662cf7967fd7f8ec1c
2012-05-17 10:23 - 2012-05-17 10:24 - 0277704 ____A C:\Windows\Minidump\051712-28594-01.dmp
2012-05-17 10:20 - 2012-05-17 10:20 - 0271040 ____A C:\Windows\Minidump\051712-37533-01.dmp
2012-05-17 10:16 - 2012-05-17 10:16 - 0277704 ____A C:\Windows\Minidump\051712-30872-01.dmp
2012-05-17 10:15 - 2012-05-17 10:15 - 0050000 ____A C:\Windows\System32\Drivers\jepphzzw.sys
2012-05-17 10:12 - 2012-05-17 10:12 - 0277704 ____A C:\Windows\Minidump\051712-34835-01.dmp
2012-05-17 10:01 - 2012-05-17 10:01 - 0065536 __ASH C:\Windows\System32\config\components{038bcce4-9ebb-11e1-80ba-e0cb4ea60c55}.TxR.blf
2012-05-17 07:56 - 2012-05-17 16:14 - 0001945 ____A C:\Windows\epplauncher.mif
2012-05-16 14:31 - 2012-05-29 16:24 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-16 10:14 - 2012-05-16 10:14 - 0001775 ____A C:\Users\Public\Desktop\ICQ7M.lnk
2012-05-16 10:13 - 2012-05-29 16:30 - 0000000 ____D C:\Program Files (x86)\ICQ7M
2012-05-16 10:13 - 2012-05-23 11:42 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Roaming\ICQ
2012-05-16 08:08 - 2012-05-16 08:17 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Roaming\Google
2012-05-16 08:06 - 2012-05-29 16:24 - 0000000 ____D C:\Users\All Users\Google
2012-05-16 08:06 - 2012-05-18 09:20 - 0000000 ____D C:\Program Files\Google
2012-05-16 08:06 - 2012-05-16 08:06 - 0001981 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-05-16 07:33 - 2012-03-02 22:35 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-16 07:33 - 2012-03-02 21:31 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-16 07:32 - 2012-03-30 22:05 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-16 07:32 - 2012-03-30 20:39 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-16 07:32 - 2012-03-30 20:39 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-16 07:32 - 2012-03-30 19:10 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-16 07:32 - 2012-03-16 23:58 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-15 10:34 - 2012-03-30 03:35 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-15 10:30 - 2012-05-29 16:26 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Roaming\SUPERAntiSpyware.com
2012-05-15 10:29 - 2012-05-29 16:24 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-05-15 10:29 - 2012-05-15 10:29 - 0001810 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-05-15 09:42 - 2012-05-15 09:42 - 0000000 ____D C:\avrescue
2012-05-15 07:47 - 2012-05-15 07:47 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Roaming\Avira
2012-05-15 07:45 - 2012-05-15 14:01 - 0000000 ____D C:\Program Files (x86)\Ask.com
2012-05-15 07:44 - 2012-05-15 07:45 - 0000000 ____D C:\Users\All Users\Avira
2012-05-15 07:44 - 2012-05-15 07:44 - 0000000 ____D C:\Program Files (x86)\Avira
2012-05-10 03:30 - 2012-05-29 16:23 - 0000000 ____D C:\Program Files (x86)\Hewlett-Packard
2012-05-10 03:28 - 2012-05-29 16:26 - 0000000 ____D C:\Windows\Hewlett-Packard
2012-05-08 08:55 - 2012-05-29 16:24 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-05-08 08:55 - 2012-05-29 16:24 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-08 08:55 - 2012-05-15 13:55 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Roaming\Malwarebytes
2012-05-08 08:55 - 2012-05-08 08:55 - 0001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-08 08:55 - 2012-04-04 11:56 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-05-08 06:28 - 2012-05-08 06:28 - 0074003 ____A C:\Users\Josh and Lydia\Desktop\standard-fingerprint-form-fd-258.pdf
2012-05-07 17:01 - 2012-05-17 10:17 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-05-04 16:42 - 2012-05-04 16:42 - 0000000 ____D C:\Program Files (x86)\7-Zip
2012-05-04 05:06 - 2012-05-29 16:27 - 0000000 ____D C:\Windows\System32\Macromed
2012-05-04 05:06 - 2012-05-04 05:06 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-04 02:45 - 2012-05-04 03:43 - 104857600 ____A C:\Users\Josh and Lydia\Downloads\DS_C1_D1.part5.rar
2012-05-03 15:33 - 2012-05-08 07:16 - 0002048 ____A C:\Users\Josh and Lydia\AppData\Roaming\Photobook Designer Prefs
2012-05-03 15:33 - 2012-05-04 13:11 - 0000000 ____D C:\Users\Josh and Lydia\Documents\Photobook Designer Projects
2012-05-03 15:33 - 2012-05-03 15:33 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Roaming\Photobook Designer
2012-05-03 15:06 - 2012-05-29 16:24 - 0000000 ____D C:\Program Files (x86)\Photobook Designer
2012-05-03 15:06 - 2012-05-03 15:07 - 0002013 ____A C:\Users\Public\Desktop\Photobook Designer.lnk
2012-05-03 11:49 - 2012-05-03 11:50 - 7162094 ____A C:\Users\Josh and Lydia\Downloads\159587.docx
2012-05-03 02:18 - 2012-05-24 03:45 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Roaming\HpUpdate
2012-05-03 02:18 - 2012-05-03 02:18 - 0002166 ____A C:\Users\Public\Desktop\HP Officejet Pro 8600.lnk
2012-05-03 02:18 - 2012-05-03 02:18 - 0001860 ____A C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8600.lnk
2012-05-03 02:18 - 2011-09-09 12:22 - 0778088 ____A (Hewlett-Packard Co.) C:\Windows\System32\HPDiscoPM5912.dll
2012-05-03 02:17 - 2012-05-29 16:30 - 0000000 ____D C:\Program Files (x86)\HP
2012-05-03 02:17 - 2012-05-29 16:24 - 0000000 ____D C:\Users\All Users\HP
2012-05-03 02:15 - 2012-05-29 16:30 - 0000000 ____D C:\Program Files\HP
2012-05-03 02:15 - 2012-05-03 02:15 - 0000057 ____A C:\Users\All Users\Ament.ini
2012-05-03 02:13 - 2012-05-29 16:24 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Local\HP
2012-05-02 14:21 - 2012-05-02 14:21 - 0001745 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-05-02 14:20 - 2012-05-29 16:30 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-05-02 14:20 - 2012-05-29 16:24 - 0000000 ____D C:\Program Files\iTunes
2012-05-02 14:20 - 2012-05-29 16:24 - 0000000 ____D C:\Program Files\iPod
2012-05-02 10:38 - 2012-05-02 10:42 - 262779211 ____A C:\Users\Josh and Lydia\Documents\Knowing_God_mp3.zip
2012-05-02 10:23 - 2012-05-29 16:26 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Roaming\MyPublisher
2012-05-02 10:23 - 2012-05-29 16:24 - 0000000 ____D C:\Program Files (x86)\MyPublisher
2012-05-02 10:23 - 2012-05-02 10:23 - 0001239 ____A C:\Users\Josh and Lydia\Desktop\MyPublisher.lnk

============ 3 Months Modified Files and Folders =============

2012-05-30 21:38 - 2012-05-30 21:37 - 0000000 ____D C:\FRST
2012-05-29 18:15 - 2010-04-02 01:37 - 3193765888 __ASH C:\hiberfil.sys
2012-05-29 17:55 - 2010-09-10 17:42 - 3589562 ____A C:\Windows\ntbtlog.txt
2012-05-29 16:33 - 2010-04-01 09:44 - 0000000 ____D C:\users\Josh and Lydia
2012-05-29 16:33 - 2010-01-30 11:35 - 0000000 ____D C:\Users\All Users\P4G
2012-05-29 16:33 - 2010-01-30 11:35 - 0000000 ____D C:\Program Files\P4G
2012-05-29 16:33 - 2010-01-30 11:00 - 0000000 ____D C:\Program Files\Elantech
2012-05-29 16:33 - 2009-07-13 23:44 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-05-29 16:33 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2012-05-29 16:33 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2012-05-29 16:31 - 2010-08-23 16:21 - 0000000 ____D C:\Windows\A13A764803C54B6AB7C118CB04588E52.TMP
2012-05-29 16:31 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-05-29 16:30 - 2012-05-22 17:07 - 0000000 ____D C:\Users\All Users\MFAData
2012-05-29 16:30 - 2012-05-16 10:13 - 0000000 ____D C:\Program Files (x86)\ICQ7M
2012-05-29 16:30 - 2012-05-03 02:17 - 0000000 ____D C:\Program Files (x86)\HP
2012-05-29 16:30 - 2012-05-03 02:15 - 0000000 ____D C:\Program Files\HP
2012-05-29 16:30 - 2012-05-02 14:20 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-05-29 16:30 - 2011-10-14 07:24 - 0000000 ____D C:\Program Files (x86)\Bonjour
2012-05-29 16:30 - 2011-02-08 05:36 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Roaming\Mozilla
2012-05-29 16:30 - 2010-09-26 07:24 - 0000000 ____D C:\Program Files (x86)\DivX
2012-05-29 16:30 - 2010-01-30 11:28 - 0000000 ____D C:\Program Files (x86)\AmIcoSingLun
2012-05-29 16:29 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-05-29 16:28 - 2010-01-30 11:21 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2012-05-29 16:28 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\winrm
2012-05-29 16:28 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\WCN
2012-05-29 16:28 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\slmgr
2012-05-29 16:28 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2012-05-29 16:28 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
2012-05-29 16:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Web
2012-05-29 16:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Vss
2012-05-29 16:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\spp
2012-05-29 16:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Speech
2012-05-29 16:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\NetworkList
2012-05-29 16:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\MUI
2012-05-29 16:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Msdtc
2012-05-29 16:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2012-05-29 16:27 - 2012-05-17 17:02 - 0000000 ____D C:\Windows\System32\SPReview
2012-05-29 16:27 - 2012-05-04 05:06 - 0000000 ____D C:\Windows\System32\Macromed
2012-05-29 16:27 - 2011-10-06 14:20 - 0000000 ____D C:\Windows\System32\EventProviders
2012-05-29 16:27 - 2010-01-30 11:31 - 0000000 ____D C:\Windows\System32\SRSLabs
2012-05-29 16:27 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\winrm
2012-05-29 16:27 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\WCN
2012-05-29 16:27 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\slmgr
2012-05-29 16:27 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2012-05-29 16:27 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\WindowsPowerShell
2012-05-29 16:27 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\WinBioPlugIns
2012-05-29 16:27 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Performance
2012-05-29 16:27 - 2009-07-13 20:45 - 0000000 ____D C:\Windows\Setup
2012-05-29 16:27 - 2009-07-13 20:45 - 0000000 ____D C:\Windows\ServiceProfiles
2012-05-29 16:27 - 2009-07-13 19:20 - 0000000 __RSD C:\Windows\Media
2012-05-29 16:27 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\InstallShield
2012-05-29 16:27 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\IME
2012-05-29 16:27 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2012-05-29 16:27 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\com
2012-05-29 16:27 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-05-29 16:27 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\spp
2012-05-29 16:27 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\spool
2012-05-29 16:27 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Speech
2012-05-29 16:27 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\SMI
2012-05-29 16:27 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\oobe
2012-05-29 16:27 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NetworkList
2012-05-29 16:27 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\MUI
2012-05-29 16:27 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Msdtc
2012-05-29 16:27 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\migwiz
2012-05-29 16:27 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\IME
2012-05-29 16:27 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Dism
2012-05-29 16:27 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\com
2012-05-29 16:27 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Speech
2012-05-29 16:27 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\servicing
2012-05-29 16:27 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\security
2012-05-29 16:27 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\schemas
2012-05-29 16:27 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Resources
2012-05-29 16:27 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2012-05-29 16:27 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-05-29 16:27 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PLA
2012-05-29 16:26 - 2012-05-15 10:30 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Roaming\SUPERAntiSpyware.com
2012-05-29 16:26 - 2012-05-10 03:28 - 0000000 ____D C:\Windows\Hewlett-Packard
2012-05-29 16:26 - 2012-05-02 10:23 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Roaming\MyPublisher
2012-05-29 16:26 - 2012-01-26 06:37 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Roaming\Digiarty
2012-05-29 16:26 - 2011-10-12 07:23 - 0000000 ___RD C:\Users\Josh and Lydia\Dropbox
2012-05-29 16:26 - 2011-10-12 07:05 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Roaming\Dropbox
2012-05-29 16:26 - 2011-03-19 05:17 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Roaming\LEGO Company
2012-05-29 16:26 - 2011-02-26 22:08 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Roaming\FLEXnet
2012-05-29 16:26 - 2011-02-19 13:04 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Roaming\Vodafone
2012-05-29 16:26 - 2010-09-27 11:33 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Roaming\Cisco
2012-05-29 16:26 - 2010-08-31 06:31 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Roaming\Big Fish Games
2012-05-29 16:26 - 2010-08-03 16:23 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Roaming\ERS Game Studios
2012-05-29 16:26 - 2010-05-10 11:53 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Roaming\Skype
2012-05-29 16:26 - 2010-04-10 10:33 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Roaming\ERS G-Studio
2012-05-29 16:26 - 2010-04-04 08:46 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Roaming\U3
2012-05-29 16:26 - 2010-04-02 09:31 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Roaming\Sony Corporation
2012-05-29 16:26 - 2010-04-01 09:54 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Roaming\Macromedia
2012-05-29 16:26 - 2010-04-01 09:54 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Roaming\Adobe
2012-05-29 16:26 - 2010-04-01 09:47 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Roaming\Roxio
2012-05-29 16:26 - 2010-04-01 09:45 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Local\VirtualStore
2012-05-29 16:26 - 2010-04-01 09:44 - 0000000 ____D C:\Users\Josh and Lydia\AppData\LocalLow
2012-05-29 16:26 - 2009-07-28 21:20 - 0000000 ____D C:\Windows\ASUS
2012-05-29 16:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\IME
2012-05-29 16:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Help
2012-05-29 16:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Globalization
2012-05-29 16:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Branding
2012-05-29 16:25 - 2011-08-27 07:46 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Local\Proxure
2012-05-29 16:25 - 2011-02-08 05:36 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Local\Mozilla
2012-05-29 16:24 - 2012-05-23 16:13 - 0000000 ____D C:\Users\All Users\AVAST Software
2012-05-29 16:24 - 2012-05-23 16:13 - 0000000 ____D C:\Program Files\AVAST Software
2012-05-29 16:24 - 2012-05-16 14:31 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-29 16:24 - 2012-05-16 08:06 - 0000000 ____D C:\Users\All Users\Google
2012-05-29 16:24 - 2012-05-15 10:29 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-05-29 16:24 - 2012-05-08 08:55 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-05-29 16:24 - 2012-05-08 08:55 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-29 16:24 - 2012-05-03 15:06 - 0000000 ____D C:\Program Files (x86)\Photobook Designer
2012-05-29 16:24 - 2012-05-03 02:17 - 0000000 ____D C:\Users\All Users\HP
2012-05-29 16:24 - 2012-05-03 02:13 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Local\HP
2012-05-29 16:24 - 2012-05-02 14:20 - 0000000 ____D C:\Program Files\iTunes
2012-05-29 16:24 - 2012-05-02 14:20 - 0000000 ____D C:\Program Files\iPod
2012-05-29 16:24 - 2012-05-02 10:23 - 0000000 ____D C:\Program Files (x86)\MyPublisher
2012-05-29 16:24 - 2012-01-27 04:26 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Local\MagicSoftware
2012-05-29 16:24 - 2012-01-27 04:26 - 0000000 ____D C:\Program Files (x86)\MagicDVDRipper
2012-05-29 16:24 - 2011-10-06 14:59 - 0000000 ____D C:\Program Files (x86)\QuickTime
2012-05-29 16:24 - 2011-09-10 09:30 - 0000000 ____D C:\Users\All Users\ICQ
2012-05-29 16:24 - 2011-06-24 23:08 - 0000000 ____D C:\Users\All Users\Big Fish Games
2012-05-29 16:24 - 2011-03-19 05:14 - 0000000 ____D C:\Program Files (x86)\Unity
2012-05-29 16:24 - 2011-03-19 05:14 - 0000000 ____D C:\Program Files (x86)\LEGO Company
2012-05-29 16:24 - 2011-02-25 10:54 - 0000000 ____D C:\Program Files (x86)\Vodafone
2012-05-29 16:24 - 2011-02-25 08:11 - 0000000 ____D C:\Users\All Users\FLEXnet
2012-05-29 16:24 - 2011-02-08 05:22 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-05-29 16:24 - 2011-02-08 05:13 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Local\Google
2012-05-29 16:24 - 2010-09-26 07:25 - 0000000 ____D C:\Program Files\DivX
2012-05-29 16:24 - 2010-09-26 07:23 - 0000000 ____D C:\Users\All Users\DivX
2012-05-29 16:24 - 2010-09-20 15:23 - 0000000 ____D C:\Users\All Users\InterAction studios
2012-05-29 16:24 - 2010-08-23 16:20 - 0000000 ____D C:\Program Files\DIFX
2012-05-29 16:24 - 2010-08-23 16:19 - 0000000 ____D C:\Users\All Users\Leapfrog
2012-05-29 16:24 - 2010-08-23 16:19 - 0000000 ____D C:\Program Files (x86)\LeapFrog
2012-05-29 16:24 - 2010-08-22 16:35 - 0000000 ____D C:\Users\All Users\!SASCORE
2012-05-29 16:24 - 2010-07-15 11:03 - 0000000 ____D C:\Users\All Users\Hewlett-Packard
2012-05-29 16:24 - 2010-06-17 11:00 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Local\Microsoft Games
2012-05-29 16:24 - 2010-06-07 04:42 - 0000000 ____D C:\Program Files (x86)\support.com
2012-05-29 16:24 - 2010-05-26 07:32 - 0000000 ____D C:\Users\All Users\WebEx
2012-05-29 16:24 - 2010-05-10 11:52 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-05-29 16:24 - 2010-05-10 11:52 - 0000000 ____D C:\Users\All Users\Skype
2012-05-29 16:24 - 2010-05-05 12:44 - 0000000 ____D C:\Program Files (x86)\Sprint_Activation
2012-05-29 16:24 - 2010-05-05 12:43 - 0000000 ____D C:\Program Files\Sprint_Activation
2012-05-29 16:24 - 2010-04-02 08:47 - 0000000 ____D C:\Program Files (x86)\Sony
2012-05-29 16:24 - 2010-04-02 08:46 - 0000000 ____D C:\Users\All Users\Sony Corporation
2012-05-29 16:24 - 2010-04-01 14:16 - 0000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-05-29 16:24 - 2010-04-01 14:15 - 0000000 ____D C:\Users\All Users\Apple Computer
2012-05-29 16:24 - 2010-04-01 14:15 - 0000000 ____D C:\Program Files\Common Files\Apple
2012-05-29 16:24 - 2010-04-01 14:14 - 0000000 ____D C:\Users\All Users\Apple
2012-05-29 16:24 - 2010-04-01 12:28 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2012-05-29 16:24 - 2010-04-01 12:26 - 0000000 ____D C:\Program Files\Microsoft Office
2012-05-29 16:24 - 2010-04-01 12:26 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2012-05-29 16:24 - 2010-04-01 10:12 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Local\ASUS
2012-05-29 16:24 - 2010-04-01 10:12 - 0000000 ____D C:\Users\All Users\ASUS
2012-05-29 16:24 - 2010-04-01 09:49 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Local\Best_Buy®
2012-05-29 16:24 - 2010-01-30 11:35 - 0000000 ____D C:\Program Files\ASUS
2012-05-29 16:24 - 2010-01-30 11:31 - 0000000 ____D C:\Program Files\SRS Labs
2012-05-29 16:24 - 2010-01-30 11:30 - 0000000 ____D C:\Program Files (x86)\VIA
2012-05-29 16:24 - 2010-01-30 11:26 - 0000000 ____D C:\Program Files\Common Files\Intel
2012-05-29 16:24 - 2010-01-30 11:17 - 0000000 ____D C:\Program Files\Windows Live
2012-05-29 16:24 - 2010-01-30 11:17 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-29 16:24 - 2010-01-30 11:16 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-05-29 16:24 - 2010-01-30 11:15 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-05-29 16:24 - 2010-01-30 11:13 - 0000000 ____D C:\Users\All Users\Uninstall
2012-05-29 16:24 - 2010-01-30 11:13 - 0000000 ____D C:\Users\All Users\InstallShield
2012-05-29 16:24 - 2010-01-30 11:13 - 0000000 ____D C:\Users\All Users\Adobe
2012-05-29 16:24 - 2010-01-30 11:13 - 0000000 ____D C:\Program Files (x86)\Roxio
2012-05-29 16:24 - 2010-01-30 11:04 - 0000000 ____D C:\Program Files (x86)\Microsoft Works
2012-05-29 16:24 - 2010-01-30 11:03 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2012-05-29 16:24 - 2009-07-13 23:45 - 0000000 ____D C:\Program Files\Windows Journal
2012-05-29 16:24 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Defender
2012-05-29 16:24 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Reference Assemblies
2012-05-29 16:24 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\MSBuild
2012-05-29 16:24 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Microsoft Games
2012-05-29 16:24 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\DVD Maker
2012-05-29 16:24 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-05-29 16:24 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-05-29 16:24 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Defender
2012-05-29 16:24 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Reference Assemblies
2012-05-29 16:24 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\MSBuild
2012-05-29 16:24 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Default
2012-05-29 16:24 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Windows NT
2012-05-29 16:24 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
2012-05-29 16:24 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\SpeechEngines
2012-05-29 16:24 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-05-29 16:24 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files (x86)\Windows NT
2012-05-29 16:23 - 2012-05-10 03:30 - 0000000 ____D C:\Program Files (x86)\Hewlett-Packard
2012-05-29 16:23 - 2012-01-14 01:54 - 0000000 ____D C:\Program Files (x86)\Calibre2
2012-05-29 16:23 - 2011-10-06 14:57 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2012-05-29 16:23 - 2011-08-18 17:56 - 0000000 ____D C:\Lexmark
2012-05-29 16:23 - 2011-05-03 04:49 - 0000000 ____D C:\Program Files (x86)\AC3Filter
2012-05-29 16:23 - 2011-02-08 05:13 - 0000000 ____D C:\Program Files (x86)\Google
2012-05-29 16:23 - 2011-02-01 07:06 - 0000000 ____D C:\Program Files (x86)\Cell C
2012-05-29 16:23 - 2010-08-27 04:10 - 0000000 ____D C:\Program Files (x86)\Conduit
2012-05-29 16:23 - 2010-07-29 03:35 - 0000000 ____D C:\Garmin
2012-05-29 16:23 - 2010-04-16 04:34 - 0000000 ____D C:\Program Files (x86)\Java
2012-05-29 16:23 - 2010-04-07 13:22 - 0000000 ____D C:\Program Files (x86)\bfgclient
2012-05-29 16:23 - 2010-04-01 12:25 - 0000000 __RHD C:\MSOCache
2012-05-29 16:23 - 2010-01-30 11:28 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-05-29 16:23 - 2010-01-30 11:21 - 0000000 ____D C:\Program Files (x86)\Intel
2012-05-29 16:23 - 2010-01-30 11:21 - 0000000 ____D C:\Program Files (x86)\ASUS
2012-05-29 16:23 - 2010-01-30 11:21 - 0000000 ____D C:\Intel
2012-05-29 16:23 - 2010-01-30 11:13 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-05-29 16:23 - 2009-07-13 19:18 - 0000000 __SHD C:\$Recycle.Bin
2012-05-29 13:56 - 2012-05-28 14:09 - 0000000 ____D C:\Program Files (x86)\ERUNT
2012-05-29 13:15 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-05-29 09:37 - 2012-05-29 09:37 - 0000000 ____D C:\_OTL
2012-05-29 03:40 - 2012-05-28 14:20 - 0159936 ____A C:\Users\Josh and Lydia\Downloads\OTL.Txt
2012-05-28 16:56 - 2012-05-28 16:56 - 0000248 ____A C:\Users\Josh and Lydia\Desktop\comic.txt
2012-05-28 15:55 - 2012-05-23 11:43 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Roaming\AVG2012
2012-05-28 15:55 - 2012-05-23 11:41 - 0000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-05-28 15:55 - 2012-05-22 17:13 - 0000000 ____D C:\Users\All Users\AVG2012
2012-05-28 14:29 - 2012-05-28 13:19 - 0000000 ____D C:\Users\All Users\SpeedyPC Software
2012-05-28 14:25 - 2012-05-28 13:34 - 0000000 ____D C:\sh4ldr
2012-05-28 14:21 - 2012-05-28 14:21 - 0078470 ____A C:\Users\Josh and Lydia\Downloads\Extras.Txt
2012-05-28 14:10 - 2012-05-28 14:10 - 0000000 ____D C:\Windows\ERDNT
2012-05-28 13:34 - 2012-05-28 13:34 - 0000000 ____D C:\Program Files\Enigma Software Group
2012-05-28 13:19 - 2012-05-28 13:19 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Roaming\SpeedyPC Software
2012-05-28 13:19 - 2012-05-28 13:19 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Roaming\DriverCure
2012-05-25 12:20 - 2012-05-22 17:14 - 0000000 ____D C:\Users\All Users\AVG Secure Search
2012-05-25 12:18 - 2012-05-22 17:12 - 0000000 ____D C:\Program Files (x86)\AVG
2012-05-24 03:45 - 2012-05-03 02:18 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Roaming\HpUpdate
2012-05-23 23:00 - 2010-01-30 11:05 - 1999984 ____A C:\Windows\WindowsUpdate.log
2012-05-23 22:49 - 2011-02-08 05:14 - 0000914 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-05-23 22:38 - 2011-03-20 07:54 - 0000944 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2593247150-68266997-1352798338-1001UA.job
2012-05-23 16:15 - 2009-07-13 20:45 - 0010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-23 16:15 - 2009-07-13 20:45 - 0010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-23 16:14 - 2012-05-23 16:14 - 0001843 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-05-23 16:14 - 2012-05-23 16:14 - 0000000 ____A C:\Windows\SysWOW64\config.nt
2012-05-23 16:07 - 2009-07-13 21:38 - 0067584 ___AS C:\Windows\bootstat(298).dat
2012-05-23 15:36 - 2012-05-23 15:36 - 0476960 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-05-23 15:36 - 2012-05-23 15:36 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-05-23 15:36 - 2012-05-23 15:36 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-05-23 15:36 - 2012-05-23 15:36 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-05-23 15:36 - 2010-04-16 04:34 - 0472864 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-05-23 14:46 - 2009-07-13 21:13 - 0730448 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-23 14:39 - 2011-02-08 05:14 - 0000910 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-05-23 14:39 - 2010-04-03 10:08 - 0045056 ____A C:\Windows\System32\acovcnt.exe
2012-05-23 14:39 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-23 14:39 - 2009-07-13 20:51 - 0152216 ____A C:\Windows\setupact.log
2012-05-23 12:36 - 2011-04-19 00:44 - 0015469 ____A C:\Users\Josh and Lydia\Desktop\US Shopping List.docx
2012-05-23 11:42 - 2012-05-16 10:13 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Roaming\ICQ
2012-05-23 10:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\tracing
2012-05-22 17:14 - 2012-05-22 17:14 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Local\AVG Secure Search
2012-05-22 17:13 - 2012-05-22 17:13 - 0000000 ___HD C:\$AVG
2012-05-22 16:45 - 2010-04-02 09:32 - 0000000 ____D C:\Users\Josh and Lydia\Documents\Business
2012-05-22 14:00 - 2012-05-22 14:00 - 0008222 ____A C:\Users\Josh and Lydia\Desktop\{DA8D3CEA-4A1C-4B5E-A09A-FB9E8DFF5087}.pdf
2012-05-22 03:38 - 2011-03-20 07:54 - 0000892 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2593247150-68266997-1352798338-1001Core.job
2012-05-19 08:07 - 2009-07-13 20:45 - 0429032 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-18 13:58 - 2010-04-05 12:38 - 0000000 ____D C:\Users\Josh and Lydia\Movies
2012-05-18 09:20 - 2012-05-16 08:06 - 0000000 ____D C:\Program Files\Google
2012-05-18 09:20 - 2010-04-01 11:44 - 0054616 ____A C:\Windows\PFRO.log
2012-05-18 09:10 - 2012-05-18 07:27 - 0021535 ____A C:\Users\Josh and Lydia\Documents\Website Favorites.docx
2012-05-18 04:18 - 2011-08-18 16:34 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Local\ElevatedDiagnostics
2012-05-17 17:30 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Portable Devices
2012-05-17 17:30 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Portable Devices
2012-05-17 17:30 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sppui
2012-05-17 17:30 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Setup
2012-05-17 17:30 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\oobe
2012-05-17 17:30 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\manifeststore
2012-05-17 17:30 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\es-ES
2012-05-17 17:30 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\da-DK
2012-05-17 17:30 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\cs-CZ
2012-05-17 17:30 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2012-05-17 17:30 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sppui
2012-05-17 17:30 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Setup
2012-05-17 17:30 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\manifeststore
2012-05-17 17:30 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\es-ES
2012-05-17 17:30 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\da-DK
2012-05-17 17:30 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\cs-CZ
2012-05-17 17:30 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\AdvancedInstallers
2012-05-17 17:16 - 2009-07-13 18:36 - 0175616 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll
2012-05-17 17:16 - 2009-07-13 18:36 - 0152576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2012-05-17 17:01 - 2012-05-17 16:36 - 0000000 ____D C:\1eabf5ff9f15662cf7967fd7f8ec1c
2012-05-17 16:14 - 2012-05-17 07:56 - 0001945 ____A C:\Windows\epplauncher.mif
2012-05-17 10:24 - 2012-05-17 10:23 - 0277704 ____A C:\Windows\Minidump\051712-28594-01.dmp
2012-05-17 10:23 - 2012-02-27 13:47 - 429997103 ____A C:\Windows\MEMORY.DMP
2012-05-17 10:23 - 2011-02-02 23:06 - 0000000 ____D C:\Windows\Minidump
2012-05-17 10:20 - 2012-05-17 10:20 - 0271040 ____A C:\Windows\Minidump\051712-37533-01.dmp
2012-05-17 10:17 - 2012-05-07 17:01 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-05-17 10:16 - 2012-05-17 10:16 - 0277704 ____A C:\Windows\Minidump\051712-30872-01.dmp
2012-05-17 10:15 - 2012-05-17 10:15 - 0050000 ____A C:\Windows\System32\Drivers\jepphzzw.sys
2012-05-17 10:12 - 2012-05-17 10:12 - 0277704 ____A C:\Windows\Minidump\051712-34835-01.dmp
2012-05-17 10:01 - 2012-05-17 10:01 - 0065536 __ASH C:\Windows\System32\config\components{038bcce4-9ebb-11e1-80ba-e0cb4ea60c55}.TxR.blf
2012-05-17 09:58 - 2011-02-25 09:36 - 0748034 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-05-16 14:38 - 2010-01-30 11:35 - 0002276 ____A C:\Windows\System32\AutoRunFilter.ini
2012-05-16 14:38 - 2010-01-30 11:35 - 0001288 ____A C:\Windows\System32\ServiceFilter.ini
2012-05-16 10:14 - 2012-05-16 10:14 - 0001775 ____A C:\Users\Public\Desktop\ICQ7M.lnk
2012-05-16 08:17 - 2012-05-16 08:08 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Roaming\Google
2012-05-16 08:06 - 2012-05-16 08:06 - 0001981 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-05-16 08:05 - 2010-04-05 07:30 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Local\Adobe
2012-05-15 14:01 - 2012-05-15 07:45 - 0000000 ____D C:\Program Files (x86)\Ask.com
2012-05-15 13:55 - 2012-05-08 08:55 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Roaming\Malwarebytes
2012-05-15 11:57 - 2011-08-08 07:05 - 0000000 ____D C:\Users\Josh and Lydia\Documents\Editing Work
2012-05-15 11:01 - 2010-05-22 12:37 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-15 11:00 - 2010-01-30 11:03 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-05-15 10:29 - 2012-05-15 10:29 - 0001810 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-05-15 09:42 - 2012-05-15 09:42 - 0000000 ____D C:\avrescue
2012-05-15 07:47 - 2012-05-15 07:47 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Roaming\Avira
2012-05-15 07:45 - 2012-05-15 07:44 - 0000000 ____D C:\Users\All Users\Avira
2012-05-15 07:44 - 2012-05-15 07:44 - 0000000 ____D C:\Program Files (x86)\Avira
2012-05-08 12:24 - 2009-07-13 21:08 - 0032558 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-08 08:55 - 2012-05-08 08:55 - 0001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-08 07:25 - 2011-02-11 05:13 - 0000000 ____D C:\Users\Josh and Lydia\Documents\Barnabas
2012-05-08 07:16 - 2012-05-03 15:33 - 0002048 ____A C:\Users\Josh and Lydia\AppData\Roaming\Photobook Designer Prefs
2012-05-08 06:28 - 2012-05-08 06:28 - 0074003 ____A C:\Users\Josh and Lydia\Desktop\standard-fingerprint-form-fd-258.pdf
2012-05-07 17:00 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\sysprep
2012-05-04 16:42 - 2012-05-04 16:42 - 0000000 ____D C:\Program Files (x86)\7-Zip
2012-05-04 13:11 - 2012-05-03 15:33 - 0000000 ____D C:\Users\Josh and Lydia\Documents\Photobook Designer Projects
2012-05-04 05:06 - 2012-05-04 05:06 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-04 05:06 - 2011-07-10 06:20 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-04 03:43 - 2012-05-04 02:45 - 104857600 ____A C:\Users\Josh and Lydia\Downloads\DS_C1_D1.part5.rar
2012-05-03 15:33 - 2012-05-03 15:33 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Roaming\Photobook Designer
2012-05-03 15:07 - 2012-05-03 15:06 - 0002013 ____A C:\Users\Public\Desktop\Photobook Designer.lnk
2012-05-03 11:50 - 2012-05-03 11:49 - 7162094 ____A C:\Users\Josh and Lydia\Downloads\159587.docx
2012-05-03 02:18 - 2012-05-03 02:18 - 0002166 ____A C:\Users\Public\Desktop\HP Officejet Pro 8600.lnk
2012-05-03 02:18 - 2012-05-03 02:18 - 0001860 ____A C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8600.lnk
2012-05-03 02:15 - 2012-05-03 02:15 - 0000057 ____A C:\Users\All Users\Ament.ini
2012-05-02 14:21 - 2012-05-02 14:21 - 0001745 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-05-02 10:42 - 2012-05-02 10:38 - 262779211 ____A C:\Users\Josh and Lydia\Documents\Knowing_God_mp3.zip
2012-05-02 10:23 - 2012-05-02 10:23 - 0001239 ____A C:\Users\Josh and Lydia\Desktop\MyPublisher.lnk
2012-04-27 05:42 - 2012-04-27 05:42 - 2583552 ____A C:\Users\Josh and Lydia\Downloads\163356LR.doc
2012-04-27 04:10 - 2012-04-27 04:08 - 2573824 ____A C:\Users\Josh and Lydia\Downloads\163356.doc
2012-04-27 02:32 - 2010-08-28 08:42 - 0000000 ____D C:\Users\Josh and Lydia\Documents\Recipes
2012-04-26 03:39 - 2012-04-19 07:20 - 0000000 ____D C:\Users\Josh and Lydia\Desktop\ROSE AFRICA PICS
2012-04-25 09:56 - 2012-04-16 06:10 - 0015493 ____A C:\Users\Josh and Lydia\Desktop\Housesitting List.docx
2012-04-24 03:03 - 2011-07-31 11:52 - 0000000 ____D C:\Users\Josh and Lydia\Documents\Josh
2012-04-23 04:39 - 2012-04-23 03:38 - 0000000 ____D C:\Users\Josh and Lydia\Desktop\for rose
2012-04-23 03:50 - 2010-07-02 16:41 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Roaming\calibre
2012-04-23 01:27 - 2012-04-16 06:52 - 0010480 ____A C:\Users\Josh and Lydia\Desktop\Cleaning List.docx
2012-04-16 06:28 - 2012-04-16 06:28 - 0012515 ____A C:\Users\Josh and Lydia\Documents\citybug booking.docx
2012-04-16 05:20 - 2012-04-16 05:20 - 0081920 ____A C:\Users\Josh and Lydia\Documents\Penhurst_mission_retreats-2012__2_.doc
2012-04-09 11:27 - 2012-04-09 11:27 - 0002747 ____A C:\Users\Public\Desktop\SMS.lnk
2012-04-09 11:27 - 2012-04-09 11:27 - 0002158 ____A C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
2012-04-09 11:27 - 2011-02-25 09:53 - 0000000 ____D C:\Users\All Users\Vodafone
2012-04-09 11:02 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-04-08 23:15 - 2012-04-08 23:14 - 6222336 ____A C:\Users\Josh and Lydia\Downloads\163592.doc
2012-04-08 23:14 - 2012-04-08 23:14 - 0888320 ____A C:\Users\Josh and Lydia\Downloads\161163.doc
2012-04-08 09:01 - 2012-04-08 09:01 - 0208081 ____A C:\Users\Josh and Lydia\Documents\Rose ID.pdf
2012-04-04 11:56 - 2012-05-08 08:55 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-03-31 09:35 - 2012-03-31 09:35 - 0031744 ____A C:\Users\Josh and Lydia\Desktop\EDB_Remote_Access Alumni.doc
2012-03-30 22:05 - 2012-05-16 07:32 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 20:39 - 2012-05-16 07:32 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-16 07:32 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 19:10 - 2012-05-16 07:32 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 03:35 - 2012-05-15 10:34 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-28 20:52 - 2012-03-28 20:52 - 3288972 ____A C:\Users\Josh and Lydia\Desktop\healthinsuranceforms.zip
2012-03-25 22:31 - 2012-03-25 22:28 - 28897792 ____A C:\Users\Josh and Lydia\Downloads\161474.doc
2012-03-25 22:28 - 2012-03-25 22:28 - 3923456 ____A C:\Users\Josh and Lydia\Downloads\161305.doc
2012-03-25 22:28 - 2012-03-25 22:28 - 0307200 ____A C:\Users\Josh and Lydia\Downloads\163447.doc
2012-03-25 22:28 - 2012-03-25 22:27 - 0283648 ____A C:\Users\Josh and Lydia\Downloads\158915.doc
2012-03-25 22:27 - 2012-03-25 22:27 - 2148864 ____A C:\Users\Josh and Lydia\Downloads\156291.doc
2012-03-25 05:23 - 2012-03-25 05:23 - 0077824 ____A C:\Users\Josh and Lydia\Downloads\R305A120303.doc
2012-03-24 03:24 - 2012-03-24 03:24 - 0000022 ____A C:\Users\Josh and Lydia\Downloads\therestoftheforms.zip
2012-03-20 03:49 - 2012-03-20 03:48 - 3560448 ____A C:\Users\Josh and Lydia\Downloads\162073.doc
2012-03-20 03:48 - 2012-03-20 03:47 - 1737728 ____A C:\Users\Josh and Lydia\Downloads\160809.doc
2012-03-20 03:48 - 2012-03-20 03:47 - 1185635 ____A C:\Users\Josh and Lydia\Downloads\159875.docx
2012-03-20 03:47 - 2012-03-20 03:47 - 2385408 ____A C:\Users\Josh and Lydia\Downloads\157290.doc
2012-03-20 03:47 - 2012-03-20 03:47 - 1359417 ____A C:\Users\Josh and Lydia\Downloads\157554.docx
2012-03-18 23:40 - 2012-03-18 15:28 - 19047600 ____A C:\Users\Josh and Lydia\Downloads\Braimoh_CarbonSeq12_final.docx
2012-03-18 17:48 - 2012-03-18 15:28 - 0078336 ____A C:\Users\Josh and Lydia\Downloads\Braimoh_Stylesheet_Updated 3-10-12.doc
2012-03-16 23:58 - 2012-05-16 07:32 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-16 06:47 - 2012-03-16 06:47 - 0013262 ____A C:\Users\Josh and Lydia\Downloads\AT85985964.docx
2012-03-14 17:18 - 2012-03-14 17:18 - 0045056 ____A C:\Users\Josh and Lydia\Downloads\Foreword.doc
2012-03-12 22:22 - 2010-04-01 12:25 - 0000000 ____D C:\Users\Josh and Lydia\AppData\Local\Microsoft Help
2012-03-10 22:07 - 2012-03-10 22:07 - 0268800 ____A C:\Users\Josh and Lydia\Downloads\Chapter 9.doc
2012-03-10 22:07 - 2012-03-10 22:07 - 0096256 ____A C:\Users\Josh and Lydia\Downloads\Chapter 8.doc
2012-03-08 11:20 - 2012-03-08 11:20 - 0285696 ____A C:\Users\Josh and Lydia\Documents\80th_Registration_Form[1].doc
2012-03-08 01:02 - 2012-03-08 00:16 - 0049664 ____A C:\Users\Josh and Lydia\Downloads\RP120724-C3.doc
2012-03-08 00:51 - 2012-03-08 00:16 - 0043008 ____A C:\Users\Josh and Lydia\Downloads\RP120724-C1.doc
2012-03-08 00:22 - 2012-03-08 00:21 - 4987374 ____A C:\Users\Josh and Lydia\Downloads\Chapter 6.docx
2012-03-08 00:21 - 2012-03-08 00:21 - 0645120 ____A C:\Users\Josh and Lydia\Downloads\Chapter 5.doc
2012-03-08 00:20 - 2012-03-08 00:20 - 0161066 ____A C:\Users\Josh and Lydia\Downloads\Chapter 4.docx
2012-03-07 22:14 - 2012-03-07 22:14 - 0011942 ____A C:\Users\Josh and Lydia\Documents\Joshua Bell Metro Story.docx
2012-03-07 20:58 - 2012-03-07 20:58 - 0081920 ____A C:\Users\Josh and Lydia\Downloads\RICH MO STATEMENT.XLS
2012-03-07 17:08 - 2012-03-07 17:05 - 0003948 ____A C:\Windows\IE9_main.log
2012-03-07 17:02 - 2009-07-13 18:34 - 0000478 ____A C:\Windows\win.ini
2012-03-06 15:15 - 2012-05-23 16:14 - 0258520 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-03-06 15:15 - 2012-05-23 16:13 - 0201352 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-03-06 15:15 - 2012-05-23 16:13 - 0041184 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-03-06 15:04 - 2012-05-23 16:14 - 0819032 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-03-06 15:04 - 2012-05-23 16:14 - 0337240 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-03-06 15:02 - 2012-05-23 16:14 - 0053080 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-03-06 15:01 - 2012-05-23 16:14 - 0069976 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-03-06 15:01 - 2012-05-23 16:14 - 0059224 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-03-06 15:01 - 2012-05-23 16:14 - 0024408 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-03-02 22:35 - 2012-05-16 07:33 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-02 21:31 - 2012-05-16 07:33 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 4061.09 MB
Available physical RAM: 3487.25 MB
Total Pagefile: 4059.23 MB
Available Pagefile: 3477.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:451.11 GB) (Free:157.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
3 Drive e: () (Removable) (Total:7.45 GB) (Free:7.42 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 7633 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 1024 KB
Partition 2 Primary 451 GB 14 GB

======================================================================================================

Disk: 0
Partition 1
Type : 1C
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 451 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7633 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E FAT32 Removable 7633 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-05-29 11:52

======================= End Of Log ==========================

#10
JSntgRvr

Posted 31 May 2012 - 09:40 AM

Global Moderator

Global Moderator
11,579 posts

Download the enclosed file: [attachment=58088:fixlist.txt]

Save it in the USB drive, next to FRST64.

Run FRST64 as you did before, except that this time around, click on the Fix button and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Attempt to boot in Normal mode. If able to, run Combofix as follows:

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  
  -----------------------------------------------------------
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on combofix.exe & follow the prompts.
Install the Recovery Console if prompted.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" .

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

#11
wtibard

Posted 31 May 2012 - 06:37 PM

Member

Topic Starter
Member
13 posts

Here is the fixlog:
Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 29-05-2012 02
Ran by SYSTEM at 2012-05-31 20:16:03 Run:1
Running from E:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.

==== End of Fixlog ====

#12
wtibard

Posted 31 May 2012 - 07:04 PM

Member

Topic Starter
Member
13 posts

here is the combofix log:
ComboFix 12-05-31.02 - Josh and Lydia 05/31/2012 20:39:08.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2205 [GMT -4:00]
Running from: c:\users\Josh and Lydia\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\ASPG_icon.ico
c:\users\Josh and Lydia\AppData\Roaming\FFSJ
c:\users\Josh and Lydia\AppData\Roaming\FFSJ\FFSJ.cfg
c:\users\Josh and Lydia\AppData\Roaming\Roaming
c:\users\Josh and Lydia\AppData\Roaming\Roaming\Nevosoft\Vampireville\settings.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-05-01 to 2012-06-01 )))))))))))))))))))))))))))))))
.
.
2012-06-01 00:49 . 2012-06-01 00:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-31 05:37 . 2012-05-31 05:39 -------- d-----w- C:\FRST
2012-05-29 17:37 . 2012-05-29 17:37 -------- d-----w- C:\_OTL
2012-05-28 22:09 . 2012-05-29 21:56 -------- d-----w- c:\program files (x86)\ERUNT
2012-05-28 21:34 . 2012-05-28 22:25 -------- d-----w- C:\sh4ldr
2012-05-28 21:34 . 2012-05-28 21:34 -------- d-----w- c:\program files\Enigma Software Group
2012-05-28 21:19 . 2012-05-28 21:19 -------- d-----w- c:\users\Josh and Lydia\AppData\Roaming\SpeedyPC Software
2012-05-28 21:19 . 2012-05-28 21:19 -------- d-----w- c:\users\Josh and Lydia\AppData\Roaming\DriverCure
2012-05-28 21:19 . 2012-05-28 22:29 -------- d-----w- c:\programdata\SpeedyPC Software
2012-05-24 00:14 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-05-24 00:14 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-05-24 00:14 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-05-24 00:14 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-05-24 00:14 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-05-24 00:14 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-05-24 00:14 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-05-24 00:13 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-05-24 00:13 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-05-24 00:13 . 2012-05-30 00:24 -------- d-----w- c:\programdata\AVAST Software
2012-05-24 00:13 . 2012-05-30 00:24 -------- d-----w- c:\program files\AVAST Software
2012-05-23 23:36 . 2012-05-30 00:23 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-05-23 23:36 . 2012-05-23 23:36 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-23 19:43 . 2012-05-28 23:55 -------- d-----w- c:\users\Josh and Lydia\AppData\Roaming\AVG2012
2012-05-23 19:41 . 2012-05-28 23:55 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-05-23 01:14 . 2012-05-23 01:14 -------- d-----w- c:\users\Josh and Lydia\AppData\Local\AVG Secure Search
2012-05-23 01:14 . 2012-05-25 20:20 -------- d-----w- c:\programdata\AVG Secure Search
2012-05-23 01:14 . 2012-05-28 23:55 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-05-23 01:14 . 2012-05-23 01:14 -------- d--h--w- c:\programdata\Common Files
2012-05-23 01:13 . 2012-05-28 23:55 -------- d-----w- c:\programdata\AVG2012
2012-05-23 01:13 . 2012-05-23 01:13 -------- d-----w- C:\$AVG
2012-05-23 01:12 . 2012-05-25 20:18 -------- d-----w- c:\program files (x86)\AVG
2012-05-23 01:07 . 2012-05-30 00:30 -------- d-----w- c:\programdata\MFAData
2012-05-18 13:15 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-05-18 13:15 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-05-18 01:02 . 2012-05-30 00:27 -------- d-----w- c:\windows\system32\SPReview
2012-05-18 00:36 . 2012-05-18 01:01 -------- d-----w- C:\1eabf5ff9f15662cf7967fd7f8ec1c
2012-05-17 18:15 . 2012-05-17 18:15 50000 ----a-w- c:\windows\system32\drivers\jepphzzw.sys
2012-05-16 22:31 . 2012-05-30 00:24 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-16 18:13 . 2012-05-23 19:42 -------- d-----w- c:\users\Josh and Lydia\AppData\Roaming\ICQ
2012-05-16 18:13 . 2012-05-30 00:30 -------- d-----w- c:\program files (x86)\ICQ7M
2012-05-16 16:06 . 2012-05-18 17:20 -------- d-----w- c:\program files\Google
2012-05-16 16:05 . 2012-05-30 00:23 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-05-16 15:33 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-16 15:33 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-16 15:32 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-16 15:32 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-16 15:32 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-16 15:32 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-16 15:32 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-15 18:34 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-15 18:34 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-15 18:34 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-15 18:34 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-15 18:34 . 2010-11-20 13:24 2164224 ----a-w- c:\program files\Windows Journal\Journal.exe
2012-05-15 18:34 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-15 18:34 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-15 18:30 . 2012-05-30 00:26 -------- d-----w- c:\users\Josh and Lydia\AppData\Roaming\SUPERAntiSpyware.com
2012-05-15 18:29 . 2012-05-30 00:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-15 17:42 . 2012-05-15 17:42 -------- d-----w- C:\avrescue
2012-05-15 15:47 . 2012-05-15 15:47 -------- d-----w- c:\users\Josh and Lydia\AppData\Roaming\Avira
2012-05-15 15:45 . 2012-05-15 22:01 -------- d-----w- c:\program files (x86)\Ask.com
2012-05-15 15:44 . 2012-05-15 15:45 -------- d-----w- c:\programdata\Avira
2012-05-15 15:44 . 2012-05-15 15:44 -------- d-----w- c:\program files (x86)\Avira
2012-05-10 11:30 . 2012-05-30 00:23 -------- d-----w- c:\program files (x86)\Hewlett-Packard
2012-05-10 11:28 . 2012-05-30 00:26 -------- d-----w- c:\windows\Hewlett-Packard
2012-05-08 16:55 . 2012-05-15 21:55 -------- d-----w- c:\users\Josh and Lydia\AppData\Roaming\Malwarebytes
2012-05-08 16:55 . 2012-05-30 00:24 -------- d-----w- c:\programdata\Malwarebytes
2012-05-08 16:55 . 2012-05-30 00:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-08 16:55 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-08 01:01 . 2012-05-17 18:17 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-05-05 00:42 . 2012-05-05 00:42 -------- d-----w- c:\program files (x86)\7-Zip
2012-05-04 13:06 . 2012-05-04 13:06 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-04 13:06 . 2012-05-30 00:27 -------- d-----w- c:\windows\system32\Macromed
2012-05-03 23:33 . 2012-05-03 23:33 -------- d-----w- c:\users\Josh and Lydia\AppData\Roaming\Photobook Designer
2012-05-03 23:06 . 2012-05-30 00:24 -------- d-----w- c:\program files (x86)\Photobook Designer
2012-05-03 10:18 . 2012-05-24 11:45 -------- d-----w- c:\users\Josh and Lydia\AppData\Roaming\HpUpdate
2012-05-03 10:18 . 2011-09-09 20:22 778088 ----a-w- c:\windows\system32\HPDiscoPM5912.dll
2012-05-03 10:17 . 2012-05-30 00:24 -------- d-----w- c:\programdata\HP
2012-05-03 10:17 . 2012-05-30 00:30 -------- d-----w- c:\program files (x86)\HP
2012-05-03 10:15 . 2012-05-30 00:30 -------- d-----w- c:\program files\HP
2012-05-03 10:13 . 2012-05-30 00:24 -------- d-----w- c:\users\Josh and Lydia\AppData\Local\HP
2012-05-02 22:20 . 2012-05-30 00:24 -------- d-----w- c:\program files\iPod
2012-05-02 22:20 . 2012-05-30 00:30 -------- d-----w- c:\program files (x86)\iTunes
2012-05-02 22:20 . 2012-05-30 00:24 -------- d-----w- c:\program files\iTunes
2012-05-02 18:23 . 2012-05-30 00:26 -------- d-----w- c:\users\Josh and Lydia\AppData\Roaming\MyPublisher
2012-05-02 18:23 . 2012-05-30 00:24 -------- d-----w- c:\program files (x86)\MyPublisher
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-23 23:36 . 2010-04-16 12:34 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-23 22:39 . 2010-04-03 18:08 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-05-18 01:16 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-05-18 01:16 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-05-04 13:06 . 2011-07-10 14:20 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-13 08:46 . 2012-05-04 00:32 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{833CEF8D-C1C0-44C1-8D6F-CDE2FD0AC9D9}\mpengine.dll
2009-04-08 18:31 . 2009-04-08 18:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 05:45 . 2008-08-12 05:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Josh and Lydia\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Josh and Lydia\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Josh and Lydia\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2011-09-09 2676584]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-01 4786048]
"ICQ"="c:\program files (x86)\ICQ7M\ICQ.exe" [2012-05-16 127040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-07-13 498160]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2009-08-20 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-17 2245120]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-07-28 554328]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Reader Library Launcher"="c:\program files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-13 906648]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2011-03-15 650080]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"MobileBroadband"="c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2010-09-08 272384]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
c:\users\Josh and Lydia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Josh and Lydia\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2010-1-30 12862]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-1-30 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-08 135664]
R2 VmbService;Vodafone Mobile Broadband Service;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2010-09-08 8704]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-08 135664]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [x]
R3 ZTEusbwwan;ZTE MBN Miniport;c:\windows\system32\DRIVERS\ZTEusbwwan.sys [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-02-02 517632]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
S3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-08 13:13]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-08 13:13]
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2593247150-68266997-1352798338-1001Core.job
- c:\users\Josh and Lydia\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 15:54]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2593247150-68266997-1352798338-1001UA.job
- c:\users\Josh and Lydia\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 15:54]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Josh and Lydia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Josh and Lydia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Josh and Lydia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Josh and Lydia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
qcmerced
passthru
cpqvcagent
s217bus
dcstor32
superproserver
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 10.0.1.1
TCP: Interfaces\{80C9912D-A3B9-4796-97A8-30241B99A5F4}: NameServer = 196.207.36.251 196.207.36.254
DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
Toolbar-Locked - (no file)
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
AddRemove-{FBBC4667-2521-4E78-B1BD-8706F774549B} - c:\programdata\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\Best Buy Software Installer Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\windows\AsScrPro.exe
.
**************************************************************************
.
Completion time: 2012-05-31 21:01:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-01 01:01
.
Pre-Run: 169,361,481,728 bytes free
Post-Run: 169,195,294,720 bytes free
.
- - End Of File - - 6931A4AAEF43E5236D52848E5BF3EE96

#13
JSntgRvr

Posted 31 May 2012 - 10:24 PM

Global Moderator

Global Moderator
11,579 posts

How is the restart process?

Download the enclosed file: [attachment=58107:CFScript.txt]

Save it next to Combofix.

Posted Image

Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.

Malwarebytes' Anti-Malware

Posted Image

Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

First please Disable any Antivirus you have active, as shown in This topic.
Note: Don't forget to re-enable it after the scan.
Next hold down Control then click on the following link to open a new window to ESET online scannner.
Select the option YES, I accept the Terms of Use then click on Start.

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:

Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Now click on Start.
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on Finish.
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

#14
wtibard

Posted 01 June 2012 - 12:09 PM

Member

Topic Starter
Member
13 posts

The startup is working again.

Here is the next combofix log:
ComboFix 12-06-01.01 - Josh and Lydia 06/01/2012 8:55.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2573 [GMT -4:00]
Running from: c:\users\Josh and Lydia\Desktop\ComboFix.exe
Command switches used :: c:\users\Josh and Lydia\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\sh4ldr
c:\sh4ldr\shldr.mbr
.
.
((((((((((((((((((((((((( Files Created from 2012-05-01 to 2012-06-01 )))))))))))))))))))))))))))))))
.
.
2012-06-01 13:03 . 2012-06-01 13:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-01 13:03 . 2012-06-01 13:03 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-05-31 05:37 . 2012-05-31 05:39 -------- d-----w- C:\FRST
2012-05-29 17:37 . 2012-05-29 17:37 -------- d-----w- C:\_OTL
2012-05-28 22:09 . 2012-05-29 21:56 -------- d-----w- c:\program files (x86)\ERUNT
2012-05-28 21:34 . 2012-05-28 21:34 -------- d-----w- c:\program files\Enigma Software Group
2012-05-28 21:19 . 2012-05-28 21:19 -------- d-----w- c:\users\Josh and Lydia\AppData\Roaming\SpeedyPC Software
2012-05-28 21:19 . 2012-05-28 21:19 -------- d-----w- c:\users\Josh and Lydia\AppData\Roaming\DriverCure
2012-05-28 21:19 . 2012-05-28 22:29 -------- d-----w- c:\programdata\SpeedyPC Software
2012-05-24 00:14 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-05-24 00:14 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-05-24 00:14 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-05-24 00:14 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-05-24 00:14 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-05-24 00:14 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-05-24 00:14 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-05-24 00:13 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-05-24 00:13 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-05-24 00:13 . 2012-05-30 00:24 -------- d-----w- c:\programdata\AVAST Software
2012-05-24 00:13 . 2012-05-30 00:24 -------- d-----w- c:\program files\AVAST Software
2012-05-23 23:36 . 2012-05-30 00:23 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-05-23 23:36 . 2012-05-23 23:36 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-23 19:43 . 2012-05-28 23:55 -------- d-----w- c:\users\Josh and Lydia\AppData\Roaming\AVG2012
2012-05-23 19:41 . 2012-05-28 23:55 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-05-23 01:14 . 2012-05-23 01:14 -------- d-----w- c:\users\Josh and Lydia\AppData\Local\AVG Secure Search
2012-05-23 01:14 . 2012-05-25 20:20 -------- d-----w- c:\programdata\AVG Secure Search
2012-05-23 01:14 . 2012-05-28 23:55 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-05-23 01:14 . 2012-05-23 01:14 -------- d--h--w- c:\programdata\Common Files
2012-05-23 01:13 . 2012-05-28 23:55 -------- d-----w- c:\programdata\AVG2012
2012-05-23 01:13 . 2012-05-23 01:13 -------- d-----w- C:\$AVG
2012-05-23 01:12 . 2012-05-25 20:18 -------- d-----w- c:\program files (x86)\AVG
2012-05-23 01:07 . 2012-05-30 00:30 -------- d-----w- c:\programdata\MFAData
2012-05-18 13:15 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-05-18 13:15 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-05-18 01:02 . 2012-05-30 00:27 -------- d-----w- c:\windows\system32\SPReview
2012-05-18 00:36 . 2012-05-18 01:01 -------- d-----w- C:\1eabf5ff9f15662cf7967fd7f8ec1c
2012-05-17 18:15 . 2012-05-17 18:15 50000 ----a-w- c:\windows\system32\drivers\jepphzzw.sys
2012-05-16 22:31 . 2012-05-30 00:24 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-16 18:13 . 2012-05-23 19:42 -------- d-----w- c:\users\Josh and Lydia\AppData\Roaming\ICQ
2012-05-16 18:13 . 2012-05-30 00:30 -------- d-----w- c:\program files (x86)\ICQ7M
2012-05-16 16:06 . 2012-05-18 17:20 -------- d-----w- c:\program files\Google
2012-05-16 16:05 . 2012-05-30 00:23 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-05-16 15:33 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-16 15:33 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-16 15:32 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-16 15:32 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-16 15:32 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-16 15:32 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-16 15:32 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-15 18:34 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-15 18:34 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-15 18:34 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-15 18:34 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-15 18:34 . 2010-11-20 13:24 2164224 ----a-w- c:\program files\Windows Journal\Journal.exe
2012-05-15 18:34 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-15 18:34 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-15 18:30 . 2012-05-30 00:26 -------- d-----w- c:\users\Josh and Lydia\AppData\Roaming\SUPERAntiSpyware.com
2012-05-15 18:29 . 2012-06-01 12:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-15 17:42 . 2012-05-15 17:42 -------- d-----w- C:\avrescue
2012-05-15 15:47 . 2012-05-15 15:47 -------- d-----w- c:\users\Josh and Lydia\AppData\Roaming\Avira
2012-05-15 15:45 . 2012-05-15 22:01 -------- d-----w- c:\program files (x86)\Ask.com
2012-05-15 15:44 . 2012-05-15 15:45 -------- d-----w- c:\programdata\Avira
2012-05-15 15:44 . 2012-05-15 15:44 -------- d-----w- c:\program files (x86)\Avira
2012-05-10 11:30 . 2012-05-30 00:23 -------- d-----w- c:\program files (x86)\Hewlett-Packard
2012-05-10 11:28 . 2012-05-30 00:26 -------- d-----w- c:\windows\Hewlett-Packard
2012-05-08 16:55 . 2012-05-15 21:55 -------- d-----w- c:\users\Josh and Lydia\AppData\Roaming\Malwarebytes
2012-05-08 16:55 . 2012-05-30 00:24 -------- d-----w- c:\programdata\Malwarebytes
2012-05-08 16:55 . 2012-05-30 00:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-08 16:55 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-08 01:01 . 2012-05-17 18:17 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-05-05 00:42 . 2012-05-05 00:42 -------- d-----w- c:\program files (x86)\7-Zip
2012-05-04 13:06 . 2012-05-04 13:06 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-04 13:06 . 2012-05-30 00:27 -------- d-----w- c:\windows\system32\Macromed
2012-05-04 00:32 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{833CEF8D-C1C0-44C1-8D6F-CDE2FD0AC9D9}\mpengine.dll
2012-05-03 23:33 . 2012-05-03 23:33 -------- d-----w- c:\users\Josh and Lydia\AppData\Roaming\Photobook Designer
2012-05-03 23:06 . 2012-05-30 00:24 -------- d-----w- c:\program files (x86)\Photobook Designer
2012-05-03 10:18 . 2012-05-24 11:45 -------- d-----w- c:\users\Josh and Lydia\AppData\Roaming\HpUpdate
2012-05-03 10:18 . 2011-09-09 20:22 778088 ----a-w- c:\windows\system32\HPDiscoPM5912.dll
2012-05-03 10:17 . 2012-05-30 00:24 -------- d-----w- c:\programdata\HP
2012-05-03 10:17 . 2012-05-30 00:30 -------- d-----w- c:\program files (x86)\HP
2012-05-03 10:15 . 2012-05-30 00:30 -------- d-----w- c:\program files\HP
2012-05-03 10:13 . 2012-05-30 00:24 -------- d-----w- c:\users\Josh and Lydia\AppData\Local\HP
2012-05-02 22:20 . 2012-05-30 00:24 -------- d-----w- c:\program files\iPod
2012-05-02 22:20 . 2012-05-30 00:30 -------- d-----w- c:\program files (x86)\iTunes
2012-05-02 22:20 . 2012-05-30 00:24 -------- d-----w- c:\program files\iTunes
2012-05-02 18:23 . 2012-05-30 00:26 -------- d-----w- c:\users\Josh and Lydia\AppData\Roaming\MyPublisher
2012-05-02 18:23 . 2012-05-30 00:24 -------- d-----w- c:\program files (x86)\MyPublisher
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-01 13:05 . 2010-04-03 18:08 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-05-23 23:36 . 2010-04-16 12:34 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-18 01:16 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-05-18 01:16 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-05-04 13:06 . 2011-07-10 14:20 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2009-04-08 18:31 . 2009-04-08 18:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 05:45 . 2008-08-12 05:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-01_00.53.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-06-01 13:07 42756 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-04-01 17:46 . 2012-06-01 13:07 24866 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2593247150-68266997-1352798338-1001_UserData.bin
- 2010-04-01 19:40 . 2012-06-01 00:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-01 19:40 . 2012-06-01 13:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2012-06-01 12:53 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-04-01 19:40 . 2012-06-01 00:54 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-04-01 19:40 . 2012-06-01 13:09 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-04-01 19:40 . 2012-06-01 00:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-01 19:40 . 2012-06-01 13:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-01 17:42 . 2012-06-01 13:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-01 17:42 . 2012-06-01 00:55 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-01 17:42 . 2012-06-01 00:55 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-01 17:42 . 2012-06-01 13:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-06-01 00:51 . 2012-06-01 00:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-01 13:04 . 2012-06-01 13:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-01 13:04 . 2012-06-01 13:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-01 00:51 . 2012-06-01 00:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-06-01 13:05 294912 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-01 00:51 294912 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-01 21:53 . 2012-06-01 03:08 377792 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-06-01 00:25 627316 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-01 12:53 627316 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-01 00:25 107600 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-06-01 12:53 107600 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-06-01 00:50 396268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-01 13:04 396268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-06-01 00:51 3112960 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-01 13:05 3112960 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:45 . 2012-06-01 00:56 7112398 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-06-01 00:58 7112398 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:54 . 2012-06-01 00:51 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-01 13:05 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Josh and Lydia\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Josh and Lydia\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Josh and Lydia\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2011-09-09 2676584]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-01 4786048]
"ICQ"="c:\program files (x86)\ICQ7M\ICQ.exe" [2012-05-16 127040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-07-13 498160]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2009-08-20 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-17 2245120]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-07-28 554328]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Reader Library Launcher"="c:\program files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-13 906648]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2011-03-15 650080]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"MobileBroadband"="c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2010-09-08 272384]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
c:\users\Josh and Lydia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Josh and Lydia\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2010-1-30 12862]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-1-30 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-08 135664]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-08 135664]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [x]
R3 ZTEusbwwan;ZTE MBN Miniport;c:\windows\system32\DRIVERS\ZTEusbwwan.sys [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-02-02 517632]
S2 VmbService;Vodafone Mobile Broadband Service;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2010-09-08 8704]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
S3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-08 13:13]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-08 13:13]
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2593247150-68266997-1352798338-1001Core.job
- c:\users\Josh and Lydia\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 15:54]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2593247150-68266997-1352798338-1001UA.job
- c:\users\Josh and Lydia\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 15:54]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Josh and Lydia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Josh and Lydia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Josh and Lydia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Josh and Lydia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
qcmerced
passthru
cpqvcagent
s217bus
dcstor32
superproserver
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 10.0.1.1
TCP: Interfaces\{80C9912D-A3B9-4796-97A8-30241B99A5F4}: NameServer = 196.207.36.251 196.207.36.254
DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
.
**************************************************************************
.
Completion time: 2012-06-01 09:14:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-01 13:14
ComboFix2.txt 2012-06-01 01:01
.
Pre-Run: 169,314,287,616 bytes free
Post-Run: 169,013,391,360 bytes free
.
- - End Of File - - 67D6FC7F6E39053EC3D6966826AAC71F

Here is the Malwarebytes log:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.01.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Josh and Lydia :: JOSHANDLYDIA-PC [administrator]

6/1/2012 9:28:51 AM
mbam-log-2012-06-01 (09-28-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217457
Time elapsed: 4 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Here is the ESET log:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

and the threats ESET found:
C:\Windows\assembly\temp\U\80000032.@ a variant of Win32/Sirefef.EU trojan
C:\Windows\assembly\temp\U\80000064.@ Win64/Sirefef.AC trojan

#15
JSntgRvr

Posted 01 June 2012 - 10:55 PM

Global Moderator

Global Moderator
11,579 posts

Download the enclosed file: [attachment=58116:CFScript.txt]

Save it next to Combofix overwriting the previous one.

Posted Image

Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.

How is the computer doing?