Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

System appears to be heavilly infected with malware [Solved]


  • This topic is locked This topic is locked

#1
oysterCAKE

oysterCAKE

    Member

  • Member
  • PipPip
  • 12 posts
Hello,

My system appears to be Malware infected, though a number of security softwares have failed me.
The system as a whole, sporadically, runs slowly. Not always, sometimes after booting up, sometimes for a few minutes while running, sometimes after an hour of use the computer will become bogged down and require a restart. Some of the most mundane actions, such as opening a new tab, playing a YouTube video, trying to type a message, opening up notepad, will have either the program locked up, or cause the system to get stuck thinking for any amount of time, on occasion up to about a minute.
Installing new software seems to cause my computer particular grief, the unpacking of files at the start taking ten times as long as it should.
I believe that the problem comes from my secondary hard disk, the D:/ drive (C:/ is an SSD mostly just for windows), as I've formatted the C:/ and reinstalled windows a number of times, but within a week or two the system is back to it's old ways.

I am running Windows 7 64bit, and the security software that I've scanned with are G-Data and Norton 360; neither of which came up with anything seemingly relevant (Norton gave me a few tracking cookies). On previous installs of Windows, I've tried Avast!, AVG free, SuperAntiSpyware and Spybot a go, but none of them helped. On this install I also ran combofix, but uninstalled afterwards when realising that it was completely above my head.

If you were to help me, you'd have my eternal gratitude... OTL scan pasted below.

Many thanks,

Alex

OTL logfile created on: 20/06/2012 23:54:02 - Run 2
OTL by OldTimer - Version 3.2.50.0 Folder = D:\Users\Alex Harvey\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 6.42 Gb Available Physical Memory | 80.24% Memory free
15.99 Gb Paging File | 14.19 Gb Available in Paging File | 88.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55.80 Gb Total Space | 20.29 Gb Free Space | 36.36% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 850.30 Gb Free Space | 91.28% Space Free | Partition Type: NTFS
Drive E: | 4.72 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 3.73 Gb Total Space | 3.63 Gb Free Space | 97.31% Space Free | Partition Type: FAT32

Computer Name: ALEXHARVEY-PC | User Name: Alex Harvey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/20 23:50:06 | 000,596,992 | ---- | M] (OldTimer Tools) -- D:\Users\Alex Harvey\Downloads\OTL(1).exe
PRC - [2012/06/19 15:54:13 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
PRC - [2012/06/17 16:26:43 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/06/12 23:45:13 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Users\Alex Harvey\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2012/04/04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/19 15:54:12 | 009,459,912 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
MOD - [2012/06/17 16:26:43 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/06 03:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/04/05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/06/19 15:54:13 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/17 16:26:43 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/20 17:37:29 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/04/04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/06 06:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/06 02:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/23 13:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/01/18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam C210(UVC)
DRV:64bit: - [2011/11/29 03:28:28 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/07 15:39:32 | 000,187,912 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MAudioFastTrackPro.sys -- (MAUSBFASTTRACKPRO)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/01/07 09:20:00 | 000,676,864 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 A7 ED A6 E1 48 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:0.1.2008d
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Alex Harvey\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Alex Harvey\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/06/13 00:59:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/20 18:57:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/20 18:57:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/20 18:57:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/20 18:57:09 | 000,000,000 | ---D | M]

[2012/06/11 19:58:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex Harvey\AppData\Roaming\Mozilla\Extensions
[2012/06/11 19:58:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex Harvey\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/06/11 20:51:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex Harvey\AppData\Roaming\Mozilla\Firefox\Profiles\er66w0qp.default\extensions
[2012/06/20 19:36:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/11 19:59:16 | 000,000,000 | ---D | M] (Art Pack 1: Popular - Top Downs) -- C:\USERS\ALEX HARVEY\APPDATA\ROAMING\GREYFIRST\CELTX\PROFILES\FU9IHFQO.DEFAULT\EXTENSIONS\[email protected]
[2012/06/11 19:59:16 | 000,000,000 | ---D | M] (Art Pack 10: Exterior) -- C:\USERS\ALEX HARVEY\APPDATA\ROAMING\GREYFIRST\CELTX\PROFILES\FU9IHFQO.DEFAULT\EXTENSIONS\[email protected]
[2012/06/11 19:59:16 | 000,000,000 | ---D | M] (Art Pack 11: Sci-Fi and Horror Pack) -- C:\USERS\ALEX HARVEY\APPDATA\ROAMING\GREYFIRST\CELTX\PROFILES\FU9IHFQO.DEFAULT\EXTENSIONS\[email protected]
[2012/06/11 19:59:16 | 000,000,000 | ---D | M] (Art Pack 12: Characters, Animals, Exterior Pack) -- C:\USERS\ALEX HARVEY\APPDATA\ROAMING\GREYFIRST\CELTX\PROFILES\FU9IHFQO.DEFAULT\EXTENSIONS\[email protected]
[2012/06/11 19:59:16 | 000,000,000 | ---D | M] (Art Pack 2: Popular - Fronts and Sides) -- C:\USERS\ALEX HARVEY\APPDATA\ROAMING\GREYFIRST\CELTX\PROFILES\FU9IHFQO.DEFAULT\EXTENSIONS\[email protected]
[2012/06/11 19:59:16 | 000,000,000 | ---D | M] (Art Pack 3: Sound FX & Speech Bubbles) -- C:\USERS\ALEX HARVEY\APPDATA\ROAMING\GREYFIRST\CELTX\PROFILES\FU9IHFQO.DEFAULT\EXTENSIONS\[email protected]
[2012/06/11 19:59:16 | 000,000,000 | ---D | M] (Art Pack 4: Equipment) -- C:\USERS\ALEX HARVEY\APPDATA\ROAMING\GREYFIRST\CELTX\PROFILES\FU9IHFQO.DEFAULT\EXTENSIONS\[email protected]
[2012/06/11 19:59:16 | 000,000,000 | ---D | M] (Art Pack 5: Arrows) -- C:\USERS\ALEX HARVEY\APPDATA\ROAMING\GREYFIRST\CELTX\PROFILES\FU9IHFQO.DEFAULT\EXTENSIONS\[email protected]
[2012/06/11 19:59:16 | 000,000,000 | ---D | M] (Art Pack 6: Kitchen) -- C:\USERS\ALEX HARVEY\APPDATA\ROAMING\GREYFIRST\CELTX\PROFILES\FU9IHFQO.DEFAULT\EXTENSIONS\[email protected]
[2012/06/11 19:59:15 | 000,000,000 | ---D | M] (Art Pack 7: Bedroom and Bathroom) -- C:\USERS\ALEX HARVEY\APPDATA\ROAMING\GREYFIRST\CELTX\PROFILES\FU9IHFQO.DEFAULT\EXTENSIONS\[email protected]
[2012/06/11 19:59:15 | 000,000,000 | ---D | M] (Art Pack 8: Living Room) -- C:\USERS\ALEX HARVEY\APPDATA\ROAMING\GREYFIRST\CELTX\PROFILES\FU9IHFQO.DEFAULT\EXTENSIONS\[email protected]
[2012/06/11 19:59:15 | 000,000,000 | ---D | M] (Art Pack 9: Office) -- C:\USERS\ALEX HARVEY\APPDATA\ROAMING\GREYFIRST\CELTX\PROFILES\FU9IHFQO.DEFAULT\EXTENSIONS\[email protected]
[2012/06/11 19:59:15 | 000,000,000 | ---D | M] (Full Screen Mode) -- C:\USERS\ALEX HARVEY\APPDATA\ROAMING\GREYFIRST\CELTX\PROFILES\FU9IHFQO.DEFAULT\EXTENSIONS\[email protected]
[2012/06/11 19:59:15 | 000,000,000 | ---D | M] (Plot View) -- C:\USERS\ALEX HARVEY\APPDATA\ROAMING\GREYFIRST\CELTX\PROFILES\FU9IHFQO.DEFAULT\EXTENSIONS\[email protected]
[2012/06/11 19:59:15 | 000,000,000 | ---D | M] (Performance Tracker) -- C:\USERS\ALEX HARVEY\APPDATA\ROAMING\GREYFIRST\CELTX\PROFILES\FU9IHFQO.DEFAULT\EXTENSIONS\[email protected]
[2012/06/10 21:22:44 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- D:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2012/06/10 21:22:44 | 000,000,000 | ---D | M] (Default Shot Palette) -- D:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2012/06/10 21:22:44 | 000,000,000 | ---D | M] (DOM Inspector) -- D:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2012/06/17 16:26:43 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2005/09/01 11:34:42 | 001,312,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPSWF32.dll
[2012/06/01 16:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/01 16:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Alex Harvey\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Alex Harvey\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Alex Harvey\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Alex Harvey\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Alex Harvey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Alex Harvey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Calendar = C:\Users\Alex Harvey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Alex Harvey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Alex Harvey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/20 22:37:51 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysNative\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Spotify] C:\Users\Alex Harvey\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Alex Harvey\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - Startup: C:\Users\Alex Harvey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Alex Harvey\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D5D45E5-ECA3-4819-89DC-A623FC981394}: DhcpNameServer = 192.168.1.254
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/22 14:08:16 | 000,000,110 | -H-- | M] () - J:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/20 23:14:24 | 000,000,000 | ---D | C] -- C:\Users\Alex Harvey\AppData\Local\Native Instruments
[2012/06/20 23:12:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\{544A9B13-F375-4543-8198-54A1542E6015}
[2012/06/20 22:48:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/20 22:38:05 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/06/20 22:02:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/20 20:20:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012/06/20 19:55:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/06/20 19:48:01 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012/06/20 19:18:45 | 096,035,168 | ---- | C] (Native Instruments ) -- C:\Users\Alex Harvey\Desktop\Battery 3 3.2.3 Setup PC.exe
[2012/06/20 19:06:21 | 000,000,000 | -H-D | C] -- C:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
[2012/06/20 19:06:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments
[2012/06/20 19:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Native Instruments
[2012/06/20 19:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
[2012/06/20 19:06:11 | 000,000,000 | ---D | C] -- C:\Program Files\Native Instruments
[2012/06/20 18:57:01 | 000,000,000 | ---D | C] -- C:\Users\Alex Harvey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NI Service Center
[2012/06/20 18:57:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NI Service Center
[2012/06/20 18:41:34 | 000,000,000 | ---D | C] -- C:\Users\Alex Harvey\AppData\Roaming\REAPER
[2012/06/19 19:29:53 | 000,106,648 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2012/06/19 19:07:21 | 000,059,768 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2012/06/19 19:06:01 | 000,122,744 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2012/06/19 19:05:29 | 000,054,136 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2012/06/19 19:04:59 | 000,065,912 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2012/06/19 19:02:26 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA
[2012/06/19 19:02:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\G Data
[2012/06/19 19:02:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\G Data
[2012/06/19 18:59:36 | 000,000,000 | ---D | C] -- C:\Users\Alex Harvey\AppData\Local\Downloaded Installations
[2012/06/19 16:00:22 | 000,000,000 | ---D | C] -- C:\Users\Alex Harvey\AppData\Local\Macromedia
[2012/06/19 15:54:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/06/13 12:25:39 | 000,000,000 | ---D | C] -- C:\Users\Alex Harvey\AppData\Roaming\Apple Computer
[2012/06/13 01:07:11 | 000,000,000 | ---D | C] -- C:\Users\Alex Harvey\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/06/13 00:59:19 | 000,000,000 | ---D | C] -- C:\Users\Alex Harvey\AppData\Roaming\DivX
[2012/06/13 00:58:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2012/06/13 00:58:33 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2012/06/13 00:58:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2012/06/13 00:55:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2012/06/13 00:49:36 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2012/06/13 00:49:32 | 000,000,000 | ---D | C] -- C:\Users\Alex Harvey\AppData\Roaming\LibreOffice
[2012/06/13 00:12:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 3.5
[2012/06/12 23:49:54 | 000,000,000 | ---D | C] -- C:\Users\Alex Harvey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/06/12 23:45:17 | 000,000,000 | ---D | C] -- C:\Users\Alex Harvey\AppData\Local\Google
[2012/06/12 22:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/06/12 22:46:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/06/12 22:46:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/06/12 22:43:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012/06/12 22:42:52 | 000,000,000 | ---D | C] -- C:\Users\Alex Harvey\AppData\Local\Apple
[2012/06/12 22:42:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/06/12 22:42:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/06/12 21:58:44 | 000,000,000 | ---D | C] -- C:\Users\Alex Harvey\AppData\Roaming\PACE Anti-Piracy
[2012/06/12 21:58:44 | 000,000,000 | ---D | C] -- C:\Users\Alex Harvey\AppData\Local\PACE Anti-Piracy
[2012/06/12 21:58:44 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2012/06/12 21:58:42 | 000,000,000 | ---D | C] -- D:\Users\Alex Harvey\Documents\Adobe
[2012/06/12 21:53:16 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012/06/12 21:51:48 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/06/12 21:46:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Story
[2012/06/12 21:44:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2012/06/12 21:44:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2012/06/12 21:44:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name
[2012/06/12 21:41:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/06/12 21:40:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2012/06/12 21:40:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012/06/12 21:34:02 | 000,000,000 | ---D | C] -- C:\Adobe
[2012/06/12 21:31:34 | 000,000,000 | ---D | C] -- C:\Users\Alex Harvey\AppData\Local\Adobe
[2012/06/12 21:25:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/06/12 21:25:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/06/12 21:24:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/06/12 21:06:53 | 000,000,000 | ---D | C] -- D:\Users\Alex Harvey\Documents\Film stuff
[2012/06/12 20:35:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments Battery 3
[2012/06/12 20:27:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2012/06/12 20:24:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Native Instruments
[2012/06/12 20:24:17 | 001,870,336 | ---- | C] (Native Instruments Software Synthesis GmbH) -- C:\Windows\SysWow64\bconvert.dll
[2012/06/12 20:24:17 | 000,393,216 | ---- | C] (Native Instruments Software GmbH) -- C:\Windows\SysWow64\NI_IRC_1_2.dll
[2012/06/12 20:24:17 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\REX Shared Library.dll
[2012/06/12 20:24:17 | 000,061,440 | ---- | C] (Native Instruments Software GmbH) -- C:\Windows\SysWow64\NI_DFD_1_5.dll
[2012/06/12 18:58:50 | 000,000,000 | ---D | C] -- C:\Users\Alex Harvey\AppData\Roaming\BitTorrent
[2012/06/12 18:58:50 | 000,000,000 | ---D | C] -- C:\Users\Alex Harvey\AppData\Local\BitTorrent
[2012/06/12 18:58:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER
[2012/06/12 18:58:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Propellerhead Software
[2012/06/12 17:34:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/06/12 17:20:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/06/12 17:20:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/06/11 21:42:15 | 000,000,000 | ---D | C] -- C:\Users\Alex Harvey\AppData\Roaming\Macromedia
[2012/06/11 21:42:15 | 000,000,000 | ---D | C] -- C:\Users\Alex Harvey\AppData\Roaming\Adobe
[2012/06/11 21:40:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012/06/11 20:37:47 | 000,000,000 | ---D | C] -- C:\Users\Alex Harvey\.thumbnails
[2012/06/11 20:36:23 | 000,000,000 | ---D | C] -- C:\Users\Alex Harvey\AppData\Local\fontconfig
[2012/06/11 20:36:14 | 000,000,000 | ---D | C] -- C:\Users\Alex Harvey\.gimp-2.8
[2012/06/11 20:36:12 | 000,000,000 | ---D | C] -- C:\Users\Alex Harvey\AppData\Local\gegl-0.2
[2012/06/11 20:35:42 | 000,000,000 | R--D | C] -- C:\Users\Alex Harvey\Dropbox
[2012/06/11 20:28:52 | 000,000,000 | ---D | C] -- C:\Users\Alex Harvey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/06/11 20:28:29 | 000,000,000 | ---D | C] -- C:\Users\Alex Harvey\AppData\Roaming\Dropbox
[2012/06/11 19:58:53 | 000,000,000 | ---D | C] -- C:\Users\Alex Harvey\AppData\Roaming\Greyfirst
[2012/06/11 19:58:53 | 000,000,000 | ---D | C] -- C:\Users\Alex Harvey\AppData\Local\Greyfirst
[2012/06/11 05:26:29 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/06/10 21:22:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Celtx
[2012/06/10 21:17:08 | 000,000,000 | ---D | C] -- C:\Users\Alex Harvey\AppData\Local\AMD
[2012/06/10 21:16:43 | 000,000,000 | ---D | C] -- C:\Users\Alex Harvey\AppData\Roaming\ATI
[2012/06/10 21:16:43 | 000,000,000 | ---D | C] -- C:\Users\Alex Harvey\AppData\Local\ATI
[2012/06/10 21:16:43 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/06/10 21:04:43 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012/06/10 21:03:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012/06/10 21:03:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/06/10 21:03:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012/06/10 21:03:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2012/06/10 21:03:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/06/10 21:01:48 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012/06/10 20:58:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2012/06/10 20:58:43 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/06/10 20:58:42 | 000,000,000 | ---D | C] -- C:\Users\Alex Harvey\AppData\Local\Spotify
[2012/06/10 20:58:42 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/06/10 20:58:04 | 000,000,000 | ---D | C] -- C:\AMD
[2012/06/10 20:56:01 | 000,000,000 | ---D | C] -- C:\Users\Alex Harvey\AppData\Roaming\Spotify
[2012/06/10 20:55:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M-Audio
[2012/06/10 20:54:55 | 000,000,000 | ---D | C] -- C:\Program Files\M-Audio
[2012/06/10 20:50:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2012/06/10 20:50:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\logishrd
[2012/06/10 20:48:58 | 000,000,000 | ---D | C] -- C:\Users\Alex Harvey\AppData\Roaming\Mozilla
[2012/06/10 20:48:58 | 000,000,000 | ---D | C] -- C:\Users\Alex Harvey\AppData\Local\Mozilla
[2012/06/10 20:48:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/06/10 20:48:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/06/10 20:48:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/06/10 20:42:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/06/10 20:42:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belkin
[2012/06/10 20:42:22 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/06/10 20:42:21 | 000,000,000 | ---D | C] -- C:\Windows\{4626E3EA-85B3-464E-B296-F3F5488D8B08}
[2012/06/10 20:40:42 | 000,000,000 | R--D | C] -- C:\Users\Alex Harvey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/06/10 20:40:42 | 000,000,000 | R--D | C] -- C:\Users\Alex Harvey\Searches
[2012/06/10 20:40:42 | 000,000,000 | R--D | C] -- C:\Users\Alex Harvey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/06/10 20:40:42 | 000,000,000 | -H-D | C] -- C:\Users\Alex Harvey\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/06/10 20:40:35 | 000,000,000 | ---D | C] -- C:\Users\Alex Harvey\AppData\Roaming\Identities
[2012/06/10 20:40:33 | 000,000,000 | R--D | C] -- C:\Users\Alex Harvey\Contacts
[2012/06/10 20:40:32 | 000,000,000 | ---D | C] -- C:\Users\Alex Harvey\AppData\Local\VirtualStore
[2012/06/10 20:40:28 | 000,000,000 | --SD | C] -- C:\Users\Alex Harvey\AppData\Roaming\Microsoft
[2012/06/10 20:40:28 | 000,000,000 | R--D | C] -- C:\Users\Alex Harvey\Saved Games
[2012/06/10 20:40:28 | 000,000,000 | R--D | C] -- C:\Users\Alex Harvey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/06/10 20:40:28 | 000,000,000 | R--D | C] -- C:\Users\Alex Harvey\Links
[2012/06/10 20:40:28 | 000,000,000 | R--D | C] -- C:\Users\Alex Harvey\Favorites
[2012/06/10 20:40:28 | 000,000,000 | R--D | C] -- C:\Users\Alex Harvey\Desktop
[2012/06/10 20:40:28 | 000,000,000 | R--D | C] -- C:\Users\Alex Harvey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/06/10 20:40:28 | 000,000,000 | -HSD | C] -- C:\Users\Alex Harvey\AppData\Local\Temporary Internet Files
[2012/06/10 20:40:28 | 000,000,000 | -HSD | C] -- C:\Users\Alex Harvey\Templates
[2012/06/10 20:40:28 | 000,000,000 | -HSD | C] -- C:\Users\Alex Harvey\Start Menu
[2012/06/10 20:40:28 | 000,000,000 | -HSD | C] -- C:\Users\Alex Harvey\SendTo
[2012/06/10 20:40:28 | 000,000,000 | -HSD | C] -- C:\Users\Alex Harvey\Recent
[2012/06/10 20:40:28 | 000,000,000 | -HSD | C] -- C:\Users\Alex Harvey\PrintHood
[2012/06/10 20:40:28 | 000,000,000 | -HSD | C] -- C:\Users\Alex Harvey\NetHood
[2012/06/10 20:40:28 | 000,000,000 | -HSD | C] -- C:\Users\Alex Harvey\My Documents
[2012/06/10 20:40:28 | 000,000,000 | -HSD | C] -- C:\Users\Alex Harvey\Local Settings
[2012/06/10 20:40:28 | 000,000,000 | -HSD | C] -- C:\Users\Alex Harvey\AppData\Local\History
[2012/06/10 20:40:28 | 000,000,000 | -HSD | C] -- C:\Users\Alex Harvey\Cookies
[2012/06/10 20:40:28 | 000,000,000 | -HSD | C] -- C:\Users\Alex Harvey\Application Data
[2012/06/10 20:40:28 | 000,000,000 | -HSD | C] -- C:\Users\Alex Harvey\AppData\Local\Application Data
[2012/06/10 20:40:28 | 000,000,000 | -H-D | C] -- C:\Users\Alex Harvey\AppData
[2012/06/10 20:40:28 | 000,000,000 | ---D | C] -- C:\Users\Alex Harvey\AppData\Local\Temp
[2012/06/10 20:40:28 | 000,000,000 | ---D | C] -- C:\Users\Alex Harvey\AppData\Local\Microsoft
[2012/06/10 20:40:28 | 000,000,000 | ---D | C] -- C:\Users\Alex Harvey\AppData\Roaming\Media Center Programs
[2012/06/10 20:40:20 | 000,000,000 | ---D | C] -- C:\Recovery
[2012/06/10 20:40:18 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/06/10 20:27:21 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/06/10 20:27:03 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2012/06/20 23:50:12 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2090271790-766607625-3301924082-1000Core.job
[2012/06/20 23:50:09 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2090271790-766607625-3301924082-1000UA.job
[2012/06/20 23:16:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/20 23:12:03 | 000,000,783 | ---- | M] () -- C:\Users\Public\Desktop\Battery 3.lnk
[2012/06/20 23:02:31 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/20 23:02:12 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/20 22:54:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/20 22:54:36 | 2145,394,687 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/20 22:37:51 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/20 19:18:45 | 096,035,168 | ---- | M] (Native Instruments ) -- C:\Users\Alex Harvey\Desktop\Battery 3 3.2.3 Setup PC.exe
[2012/06/20 19:14:30 | 011,583,006 | ---- | M] () -- C:\Users\Alex Harvey\Desktop\Battery3ArtistKits_Win.zip.incomplete
[2012/06/20 19:06:13 | 000,001,059 | ---- | M] () -- C:\Users\Public\Desktop\Service Center.lnk
[2012/06/20 17:10:32 | 000,684,629 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2012/06/20 17:10:32 | 000,040,874 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2012/06/19 19:29:53 | 000,106,648 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2012/06/19 19:07:21 | 000,059,768 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2012/06/19 19:06:01 | 000,122,744 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2012/06/19 19:05:29 | 000,054,136 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2012/06/19 19:04:59 | 000,065,912 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2012/06/19 18:00:41 | 000,004,110 | ---- | M] () -- C:\Users\Alex Harvey\AppData\Local\recently-used.xbel
[2012/06/16 03:44:57 | 000,731,650 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/16 03:44:57 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/16 03:44:57 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/13 23:59:34 | 000,080,092 | ---- | M] () -- D:\Users\Alex Harvey\Documents\knowle west eddy.jpg
[2012/06/13 23:32:18 | 004,927,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/13 00:59:51 | 000,002,116 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2012/06/13 00:59:51 | 000,001,818 | ---- | M] () -- C:\Users\Alex Harvey\Desktop\DivX Movies.lnk
[2012/06/13 00:58:55 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2012/06/13 00:12:59 | 000,000,885 | ---- | M] () -- C:\Users\Public\Desktop\LibreOffice 3.5.lnk
[2012/06/12 22:28:22 | 000,000,956 | ---- | M] () -- C:\Users\Alex Harvey\Dropbox - Shortcut.lnk
[2012/06/12 21:25:34 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/06/12 18:59:48 | 000,000,664 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2012/06/12 18:59:48 | 000,000,664 | ---- | M] () -- C:\Users\Alex Harvey\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2012/06/12 18:58:37 | 000,000,696 | ---- | M] () -- C:\Users\Public\Desktop\REAPER.lnk
[2012/06/12 17:24:29 | 000,001,437 | ---- | M] () -- C:\Users\Alex Harvey\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/06/11 22:48:53 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/06/11 22:48:51 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/06/11 20:35:42 | 000,001,007 | ---- | M] () -- C:\Users\Alex Harvey\Desktop\Dropbox.lnk
[2012/06/11 20:29:03 | 000,001,017 | ---- | M] () -- C:\Users\Alex Harvey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/10 21:22:47 | 000,000,762 | ---- | M] () -- C:\Users\Public\Desktop\Celtx.lnk
[2012/06/10 21:22:47 | 000,000,762 | ---- | M] () -- C:\Users\Alex Harvey\Application Data\Microsoft\Internet Explorer\Quick Launch\Celtx.lnk
[2012/06/10 21:08:43 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012/06/10 20:58:41 | 000,001,797 | ---- | M] () -- C:\Users\Alex Harvey\Desktop\Spotify.lnk
[2012/06/10 20:48:54 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/10 20:30:21 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/06/10 20:30:21 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012/06/10 20:27:58 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

========== Files Created - No Company Name ==========

[2012/06/20 23:12:03 | 000,000,783 | ---- | C] () -- C:\Users\Public\Desktop\Battery 3.lnk
[2012/06/20 19:13:45 | 011,583,006 | ---- | C] () -- C:\Users\Alex Harvey\Desktop\Battery3ArtistKits_Win.zip.incomplete
[2012/06/20 19:06:13 | 000,001,059 | ---- | C] () -- C:\Users\Public\Desktop\Service Center.lnk
[2012/06/19 22:18:35 | 000,684,629 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2012/06/19 22:18:35 | 000,040,874 | ---- | C] () -- C:\Windows\SysWow64\nmp.map
[2012/06/19 18:00:41 | 000,004,110 | ---- | C] () -- C:\Users\Alex Harvey\AppData\Local\recently-used.xbel
[2012/06/13 23:59:33 | 000,080,092 | ---- | C] () -- D:\Users\Alex Harvey\Documents\knowle west eddy.jpg
[2012/06/13 00:59:51 | 000,001,818 | ---- | C] () -- C:\Users\Alex Harvey\Desktop\DivX Movies.lnk
[2012/06/13 00:58:55 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2012/06/13 00:58:37 | 000,002,116 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2012/06/13 00:12:59 | 000,000,885 | ---- | C] () -- C:\Users\Public\Desktop\LibreOffice 3.5.lnk
[2012/06/12 23:45:44 | 000,000,932 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2090271790-766607625-3301924082-1000UA.job
[2012/06/12 23:45:21 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2090271790-766607625-3301924082-1000Core.job
[2012/06/12 22:42:48 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/06/12 22:28:22 | 000,000,956 | ---- | C] () -- C:\Users\Alex Harvey\Dropbox - Shortcut.lnk
[2012/06/12 21:25:34 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/06/12 18:59:16 | 000,000,664 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2012/06/12 18:59:16 | 000,000,664 | ---- | C] () -- C:\Users\Alex Harvey\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2012/06/12 18:58:37 | 000,000,696 | ---- | C] () -- C:\Users\Public\Desktop\REAPER.lnk
[2012/06/11 22:48:53 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/06/11 22:48:51 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/06/11 21:40:52 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/11 20:35:42 | 000,001,007 | ---- | C] () -- C:\Users\Alex Harvey\Desktop\Dropbox.lnk
[2012/06/11 20:29:03 | 000,001,017 | ---- | C] () -- C:\Users\Alex Harvey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/10 21:22:47 | 000,000,762 | ---- | C] () -- C:\Users\Public\Desktop\Celtx.lnk
[2012/06/10 21:22:47 | 000,000,762 | ---- | C] () -- C:\Users\Alex Harvey\Application Data\Microsoft\Internet Explorer\Quick Launch\Celtx.lnk
[2012/06/10 21:08:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/06/10 21:05:15 | 000,000,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012/06/10 20:58:41 | 000,001,797 | ---- | C] () -- C:\Users\Alex Harvey\Desktop\Spotify.lnk
[2012/06/10 20:58:41 | 000,001,783 | ---- | C] () -- C:\Users\Alex Harvey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2012/06/10 20:48:54 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/10 20:48:53 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/06/10 20:47:09 | 000,001,437 | ---- | C] () -- C:\Users\Alex Harvey\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/06/10 20:40:48 | 000,001,409 | ---- | C] () -- C:\Users\Alex Harvey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/06/10 20:40:43 | 000,001,443 | ---- | C] () -- C:\Users\Alex Harvey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/06/10 20:40:28 | 000,000,290 | ---- | C] () -- C:\Users\Alex Harvey\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/06/10 20:40:28 | 000,000,272 | ---- | C] () -- C:\Users\Alex Harvey\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/06/10 20:30:12 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/06/10 20:30:09 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/06/10 20:27:58 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/06/10 20:27:03 | 2145,394,687 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/06 02:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/06 02:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/09/12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2012/06/13 01:31:30 | 000,000,000 | ---D | M] -- C:\Users\Alex Harvey\AppData\Roaming\BitTorrent
[2012/06/20 22:55:55 | 000,000,000 | ---D | M] -- C:\Users\Alex Harvey\AppData\Roaming\Dropbox
[2012/06/11 19:58:53 | 000,000,000 | ---D | M] -- C:\Users\Alex Harvey\AppData\Roaming\Greyfirst
[2012/06/13 00:49:32 | 000,000,000 | ---D | M] -- C:\Users\Alex Harvey\AppData\Roaming\LibreOffice
[2012/06/12 21:58:44 | 000,000,000 | ---D | M] -- C:\Users\Alex Harvey\AppData\Roaming\PACE Anti-Piracy
[2012/06/20 23:48:07 | 000,000,000 | ---D | M] -- C:\Users\Alex Harvey\AppData\Roaming\REAPER
[2012/06/20 23:00:02 | 000,000,000 | ---D | M] -- C:\Users\Alex Harvey\AppData\Roaming\Spotify
[2012/06/13 01:07:11 | 000,000,000 | ---D | M] -- C:\Users\Alex Harvey\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2009/07/14 06:08:49 | 000,007,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • Please tell me if you have your original Windows CD/DVD available
  • When in doubt, please stop and ask first. There's no harm in asking questions!

If you have since resolved the original problem you were having, I would appreciate you letting me know. If not please perform the following steps below so I can have a look at the current condition of your machine.

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • When asked if you want to download Avast's virus definitions please select Yes.
    Note: If avast! antivirus is already installed, just do the next step.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.
  • Also on Desktop there should be a file called MBR.dat after that, zip it and then attach it here

How to add an attachment to a new topic or reply
  • 0

#3
oysterCAKE

oysterCAKE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi Render, I appreciate the help here... especially from someone with a Laibach avatar ;)

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-24 19:31:36
-----------------------------
19:31:36.379 OS Version: Windows x64 6.1.7601 Service Pack 1
19:31:36.379 Number of processors: 4 586 0x100
19:31:36.380 ComputerName: ALEXHARVEY-PC UserName: Alex Harvey
19:31:40.378 Initialize success
19:33:53.991 AVAST engine defs: 12062400
19:35:16.867 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:35:16.869 Disk 0 Vendor: CSSD-V60GB2 1.0 Size: 57241MB BusType: 11
19:35:16.871 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
19:35:16.873 Disk 1 Vendor: Hitachi_HDS5C1010CLA382 JC4OA3MA Size: 953869MB BusType: 11
19:35:16.877 Disk 0 MBR read successfully
19:35:16.879 Disk 0 MBR scan
19:35:16.883 Disk 0 Windows 7 default MBR code
19:35:16.886 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:35:16.891 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 57139 MB offset 206848
19:35:16.898 Disk 0 scanning C:\Windows\system32\drivers
19:35:20.617 Service scanning
19:35:31.617 Modules scanning
19:35:31.639 Disk 0 trace - called modules:
19:35:31.649 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
19:35:31.867 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b12060]
19:35:31.872 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa80073fe2b0]
19:35:31.876 5 ACPI.sys[fffff88000f527a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007449060]
19:35:41.031 AVAST engine scan C:\Windows
19:35:41.481 AVAST engine scan C:\Windows\system32
19:39:24.525 AVAST engine scan C:\Windows\system32\drivers
19:39:33.146 AVAST engine scan C:\Users\Alex Harvey
19:41:09.070 AVAST engine scan C:\ProgramData
19:41:32.381 Scan finished successfully
19:44:53.336 Disk 0 MBR has been saved successfully to "C:\Users\Alex Harvey\Desktop\MBR.dat"
19:44:53.341 The log file has been saved successfully to "C:\Users\Alex Harvey\Desktop\aswMBR.txt"
  • 0

#4
oysterCAKE

oysterCAKE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
sorry, failed at attaching

Attached Files

  • Attached File  MBR.zip   559bytes   109 downloads

  • 0

#5
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

aswMBR log looks perfect. Lets clear temporary files first and then MBAM scan:

We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

  • Please double click on Posted Image on your Desktop (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Under the Custom Scans/Fixes box copy and paste this in (Please carefully select all text in code box beginning with : ):

    :OTL
      	
    :Files
    ipconfig /flushdns /c
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
    
    :Reg
    
    :Commands
    [emptytemp]
    [reboot]
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

NEXT...

Posted Image Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here and double click on mbam-setup.exe to install the application

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Click on Check for Updates button.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#6
oysterCAKE

oysterCAKE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
OTL log:
All processes killed
========== OTL ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
D:\Users\Alex Harvey\Downloads\cmd.bat deleted successfully.
D:\Users\Alex Harvey\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
D:\Users\Alex Harvey\Downloads\cmd.bat deleted successfully.
D:\Users\Alex Harvey\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
D:\Users\Alex Harvey\Downloads\cmd.bat deleted successfully.
D:\Users\Alex Harvey\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
D:\Users\Alex Harvey\Downloads\cmd.bat deleted successfully.
D:\Users\Alex Harvey\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
D:\Users\Alex Harvey\Downloads\cmd.bat deleted successfully.
D:\Users\Alex Harvey\Downloads\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Alex Harvey
->Temp folder emptied: 2618136241 bytes
->Temporary Internet Files folder emptied: 74127526 bytes
->FireFox cache emptied: 711876087 bytes
->Google Chrome cache emptied: 159896610 bytes
->Flash cache emptied: 76375 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7298 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36030670 bytes
RecycleBin emptied: 18653764 bytes

Total Files Cleaned = 3,451.00 mb


OTL by OldTimer - Version 3.2.53.0 log created on 06252012_005015

Files\Folders moved on Reboot...
C:\Users\Alex Harvey\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Alex Harvey\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
  • 0

#7
oysterCAKE

oysterCAKE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
and MBAM didn't detect anything malicious:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.24.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Alex Harvey :: ALEXHARVEY-PC [administrator]

Protection: Enabled

25/06/2012 01:04:32
mbam-log-2012-06-25 (01-04-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204769
Time elapsed: 1 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#8
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please download ComboFix from Here or Here to your Desktop.

Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.

  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image
  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection
  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" for further review

Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall.
  • 0

#9
oysterCAKE

oysterCAKE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Did the combo-fix, combofix had my computer restart... after it had finished; I couldn't run any installed program: Attempting to gave me the message "Illegal operation attemted on reg key that has been marked for deletion". Rebooted the computer, which took unusually long (5-10 minutes). Now everything runs again, though Firefox did tell me it wasn't the default browser anymore.
During the reboot I got a "waiting for explore.exe - playing shutdown sound", if that has any relevance.

Combo-fix, while telling me that it had made one, doesn't appear to have left a log.

Shall I run it again?

EDIT:
found a log in C:\combo-fix\combofix.txt

ComboFix 12-06-25.02 - Alex Harvey 25/06/2012 12:27:23.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8189.6723 [GMT 1:00]
Running from: C:\Users\Alex Harvey\Desktop\Combo-Fix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((( Files Created from 2012-05-25 to 2012-06-25 )))))))))))))))))))))))))))))))


2012-06-25 11:33:26 . 2012-06-25 11:33:26 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-06-25 00:02:55 . 2012-06-25 00:02:55 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-25 00:02:47 . 2012-06-25 00:03:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-25 00:02:47 . 2012-04-04 14:56:40 24904 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-06-23 22:22:25 . 2012-06-23 22:22:25 -------- d-----w- C:\Program Files\Microsoft Silverlight
2012-06-23 22:22:25 . 2012-06-23 22:22:25 -------- d-----w- C:\Program Files (x86)\Microsoft Silverlight
2012-06-23 18:07:49 . 2012-06-23 18:07:49 -------- d-----w- C:\Program Files (x86)\Tobias Erichsen
2012-06-23 18:07:09 . 2012-06-23 18:07:09 -------- d-----w- C:\Program Files\Bonjour Print Services
2012-06-23 18:05:45 . 2012-06-23 18:05:46 -------- d-----w- C:\Program Files\Bonjour
2012-06-23 18:05:45 . 2012-06-23 18:05:46 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-06-22 21:20:42 . 2011-02-19 12:05:15 1139200 ----a-w- C:\Windows\system32\FntCache.dll
2012-06-22 21:20:41 . 2011-02-19 12:04:17 902656 ----a-w- C:\Windows\system32\d2d1.dll
2012-06-22 21:20:38 . 2011-02-19 06:30:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-06-22 15:40:00 . 2012-05-31 04:04:02 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2018CDD1-8007-45A3-84D0-45F3D1CB6F53}\mpengine.dll
2012-06-22 15:30:56 . 2012-06-02 22:19:43 2428952 ----a-w- C:\Windows\system32\wuaueng.dll
2012-06-22 15:30:56 . 2012-06-02 22:19:42 57880 ----a-w- C:\Windows\system32\wuauclt.exe
2012-06-22 15:30:56 . 2012-06-02 22:19:42 44056 ----a-w- C:\Windows\system32\wups2.dll
2012-06-22 15:30:56 . 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\system32\wucltux.dll
2012-06-22 15:29:39 . 2012-06-02 22:19:46 38424 ----a-w- C:\Windows\system32\wups.dll
2012-06-22 15:29:39 . 2012-06-02 22:19:23 701976 ----a-w- C:\Windows\system32\wuapi.dll
2012-06-22 15:29:39 . 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\system32\wudriver.dll
2012-06-22 15:28:17 . 2012-06-02 14:19:42 186752 ----a-w- C:\Windows\system32\wuwebv.dll
2012-06-22 15:28:17 . 2012-06-02 14:15:12 36864 ----a-w- C:\Windows\system32\wuapp.exe
2012-06-21 15:10:46 . 2012-06-21 15:11:07 -------- d-----w- C:\Program Files (x86)\GIMP-2.0
2012-06-20 22:12:08 . 2012-06-20 22:12:09 -------- dc-h--w- C:\ProgramData\{544A9B13-F375-4543-8198-54A1542E6015}
2012-06-20 19:20:31 . 2012-06-20 21:10:31 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-06-20 18:55:08 . 2012-06-20 21:37:03 -------- d-----w- C:\ProgramData\Norton
2012-06-20 18:06:21 . 2012-06-20 18:06:21 -------- dc-h--w- C:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
2012-06-20 18:06:12 . 2012-06-20 18:06:12 -------- d-----w- C:\Program Files\Common Files\Native Instruments
2012-06-20 18:06:11 . 2012-06-20 22:11:58 -------- d-----w- C:\Program Files\Native Instruments
2012-06-20 18:06:11 . 2012-06-20 18:06:11 -------- d-----w- C:\ProgramData\Native Instruments
2012-06-19 21:18:35 . 2012-06-20 16:10:32 684629 ----a-w- C:\Windows\SysWow64\sig.bin
2012-06-19 18:29:53 . 2012-06-19 18:29:53 106648 ----a-w- C:\Windows\system32\drivers\GRD.sys
2012-06-19 18:07:21 . 2012-06-19 18:07:21 59768 ----a-w- C:\Windows\system32\drivers\PktIcpt.sys
2012-06-19 18:06:01 . 2012-06-19 18:06:01 122744 ----a-w- C:\Windows\system32\drivers\MiniIcpt.sys
2012-06-19 18:05:29 . 2012-06-19 18:05:29 54136 ----a-w- C:\Windows\system32\drivers\GDBehave.sys
2012-06-19 18:04:59 . 2012-06-19 18:04:59 65912 ----a-w- C:\Windows\system32\drivers\gdwfpcd64.sys
2012-06-19 18:02:26 . 2012-06-20 19:22:18 -------- d-----w- C:\ProgramData\G DATA
2012-06-19 18:02:26 . 2012-06-20 19:22:18 -------- d-----w- C:\Program Files (x86)\Common Files\G Data
2012-06-19 18:02:26 . 2012-06-19 18:02:26 -------- d-----w- C:\Program Files (x86)\G Data
2012-06-19 14:54:10 . 2012-06-19 14:54:10 -------- d-----w- C:\Windows\system32\Macromed
2012-06-13 11:39:09 . 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\system32\rdpwsx.dll
2012-06-13 11:39:09 . 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\system32\rdpcorekmts.dll
2012-06-13 11:39:09 . 2012-04-26 05:34:27 9216 ----a-w- C:\Windows\system32\rdrmemptylst.exe
2012-06-13 11:39:01 . 2012-05-01 05:40:20 209920 ----a-w- C:\Windows\system32\profsvc.dll
2012-06-12 23:58:33 . 2012-06-12 23:58:43 -------- d-----w- C:\Program Files\DivX
2012-06-12 23:58:28 . 2012-06-12 23:58:43 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
2012-06-12 23:55:30 . 2012-06-12 23:59:51 -------- d-----w- C:\Program Files (x86)\DivX
2012-06-12 23:49:36 . 2012-06-13 00:05:54 -------- d-----w- C:\ProgramData\DivX
2012-06-12 21:47:13 . 2012-06-12 21:47:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-06-12 21:47:13 . 2012-06-12 21:47:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-06-12 21:47:13 . 2012-06-12 21:47:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-06-12 21:47:13 . 2012-06-12 21:47:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-06-12 21:47:13 . 2012-06-12 21:47:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-06-12 21:47:13 . 2012-06-12 21:47:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-06-12 21:47:13 . 2012-06-12 21:47:12 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-06-12 21:46:47 . 2012-06-12 21:47:12 -------- d-----w- C:\Program Files (x86)\QuickTime
2012-06-12 21:46:47 . 2012-06-12 21:46:47 -------- d-----w- C:\ProgramData\Apple Computer
2012-06-12 21:43:17 . 2012-06-12 21:43:17 -------- d-----w- C:\Program Files (x86)\Common Files\Apple
2012-06-12 21:42:46 . 2012-06-12 21:42:48 -------- d-----w- C:\Program Files (x86)\Apple Software Update
2012-06-12 21:42:46 . 2012-06-12 21:42:46 -------- d-----w- C:\ProgramData\Apple
2012-06-12 20:58:44 . 2012-06-12 20:58:44 -------- d-----w- C:\ProgramData\PACE Anti-Piracy
2012-06-12 20:53:16 . 2012-06-12 21:20:52 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2012-06-12 20:46:13 . 2012-06-12 20:46:13 -------- d-----w- C:\Program Files (x86)\Adobe Story
2012-06-12 20:44:34 . 2011-11-29 02:28:28 55856 ------w- C:\Windows\system32\drivers\PxHlpa64.sys
2012-06-12 20:44:34 . 2009-06-23 02:00:00 10224 ------w- C:\Windows\system32\drivers\cdralw2k.sys
2012-06-12 20:44:34 . 2009-06-23 02:00:00 10224 ------w- C:\Windows\system32\drivers\cdr4_xp.sys
2012-06-12 20:44:33 . 2012-06-12 23:58:44 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2012-06-12 20:44:33 . 2012-06-12 20:44:33 -------- d-----w- C:\Program Files (x86)\My Company Name
2012-06-12 20:44:33 . 2012-06-12 20:44:33 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared
2012-06-12 20:41:57 . 2012-06-12 21:18:56 -------- d-----w- C:\Program Files\Common Files\Adobe
2012-06-12 20:40:14 . 2012-06-12 21:12:12 -------- d-----w- C:\Program Files (x86)\Common Files\Adobe AIR
2012-06-12 20:34:02 . 2012-06-12 20:51:48 -------- d-----w- C:\Adobe
2012-06-12 20:25:21 . 2012-06-12 21:18:36 -------- d-----w- C:\Program Files (x86)\Common Files\Adobe
2012-06-12 19:27:25 . 2012-06-12 19:27:25 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2012-06-12 19:24:21 . 2012-06-20 22:11:59 -------- d-----w- C:\Program Files (x86)\Common Files\Native Instruments
2012-06-12 19:24:17 . 2006-09-03 13:36:14 61440 ----a-w- C:\Windows\SysWow64\NI_DFD_1_5.dll
2012-06-12 19:24:17 . 2006-09-03 13:36:14 393216 ----a-w- C:\Windows\SysWow64\NI_IRC_1_2.dll
2012-06-12 19:24:17 . 2006-09-03 13:36:14 233472 ----a-w- C:\Windows\SysWow64\REX Shared Library.dll
2012-06-12 19:24:17 . 2006-09-03 13:36:14 1870336 ----a-w- C:\Windows\SysWow64\bconvert.dll
2012-06-12 17:58:37 . 2012-06-12 17:58:37 -------- d-----w- C:\Program Files (x86)\Common Files\Propellerhead Software
2012-06-12 16:40:31 . 2011-03-25 03:29:26 343040 ----a-w- C:\Windows\system32\drivers\usbhub.sys
2012-06-12 16:40:31 . 2011-03-25 03:29:14 98816 ----a-w- C:\Windows\system32\drivers\usbccgp.sys
2012-06-12 16:40:31 . 2011-03-25 03:29:14 325120 ----a-w- C:\Windows\system32\drivers\usbport.sys
2012-06-12 16:40:31 . 2011-03-25 03:29:04 52736 ----a-w- C:\Windows\system32\drivers\usbehci.sys
2012-06-12 16:40:31 . 2011-03-25 03:29:04 25600 ----a-w- C:\Windows\system32\drivers\usbohci.sys
2012-06-12 16:40:31 . 2011-03-25 03:29:03 30720 ----a-w- C:\Windows\system32\drivers\usbuhci.sys
2012-06-12 16:40:31 . 2011-03-25 03:28:59 7936 ----a-w- C:\Windows\system32\drivers\usbd.sys
2012-06-12 16:39:20 . 2011-03-11 06:41:37 189824 ----a-w- C:\Windows\system32\drivers\storport.sys
2012-06-12 16:39:20 . 2011-03-11 06:41:34 1659776 ----a-w- C:\Windows\system32\drivers\ntfs.sys
2012-06-12 16:39:20 . 2011-03-11 06:41:26 410496 ----a-w- C:\Windows\system32\drivers\iaStorV.sys
2012-06-12 16:39:20 . 2011-03-11 06:41:12 27008 ----a-w- C:\Windows\system32\drivers\amdxata.sys
2012-06-12 16:39:20 . 2011-03-11 06:33:29 2565632 ----a-w- C:\Windows\system32\esent.dll
2012-06-12 16:39:20 . 2011-03-11 06:30:28 96768 ----a-w- C:\Windows\system32\fsutil.exe
2012-06-12 16:39:20 . 2011-03-11 05:33:09 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2012-06-12 16:39:20 . 2011-03-11 05:31:07 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2012-06-12 16:39:19 . 2011-03-11 06:41:34 166272 ----a-w- C:\Windows\system32\drivers\nvstor.sys
2012-06-12 16:39:19 . 2011-03-11 06:41:34 148352 ----a-w- C:\Windows\system32\drivers\nvraid.sys
2012-06-12 16:39:19 . 2011-03-11 06:41:12 107904 ----a-w- C:\Windows\system32\drivers\amdsata.sys
2012-06-12 16:34:10 . 2012-06-12 16:34:10 -------- d-----w- C:\Program Files (x86)\Microsoft.NET
2012-06-12 16:20:35 . 2012-06-12 16:20:35 -------- d-----w- C:\Windows\SysWow64\Wat
2012-06-12 16:20:35 . 2012-06-12 16:20:35 -------- d-----w- C:\Windows\system32\Wat
2012-06-11 21:43:42 . 2012-03-01 06:46:16 23408 ----a-w- C:\Windows\system32\drivers\fs_rec.sys
2012-06-11 21:43:42 . 2012-03-01 06:38:27 220672 ----a-w- C:\Windows\system32\wintrust.dll
2012-06-11 21:43:42 . 2012-03-01 06:33:50 81408 ----a-w- C:\Windows\system32\imagehlp.dll
2012-06-11 21:43:42 . 2012-03-01 06:28:47 5120 ----a-w- C:\Windows\system32\wmi.dll
2012-06-11 21:43:42 . 2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-06-11 21:43:42 . 2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-06-11 21:43:42 . 2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-06-11 20:40:45 . 2012-06-23 19:16:55 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-11 20:40:45 . 2012-06-23 19:16:55 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-11 20:40:45 . 2012-06-11 20:40:45 -------- d-----w- C:\Windows\SysWow64\Macromed
2012-06-11 18:04:47 . 2011-10-01 05:45:21 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2012-06-11 18:03:44 . 2011-03-12 12:08:49 1465344 ----a-w- C:\Windows\system32\XpsPrint.dll
2012-06-11 18:03:44 . 2011-03-12 11:23:45 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2012-06-11 18:03:42 . 2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\system32\mfc42u.dll
2012-06-11 18:03:42 . 2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\system32\mfc42.dll
2012-06-11 18:03:42 . 2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2012-06-11 18:03:41 . 2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2012-06-11 18:01:50 . 2011-08-17 05:26:46 613888 ----a-w- C:\Windows\system32\psisdecd.dll
2012-06-11 18:00:54 . 2011-02-23 04:55:04 90624 ----a-w- C:\Windows\system32\drivers\bowser.sys
2012-06-11 17:56:15 . 2011-11-19 14:58:00 77312 ----a-w- C:\Windows\system32\packager.dll
2012-06-11 17:56:15 . 2011-11-19 14:01:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-06-11 04:26:29 . 2012-06-10 19:40:23 -------- d-----w- C:\Windows\Panther
2012-06-10 20:16:43 . 2012-06-10 20:16:43 -------- d-----w- C:\ProgramData\ATI


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-04-18 19:56:30 . 2012-04-18 19:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-18 19:56:30 . 2012-04-18 19:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-04-06 05:22:40 . 2012-04-06 05:22:40 11174400 ----a-w- C:\Windows\system32\drivers\atikmdag.sys
2012-04-06 02:22:00 . 2012-04-06 02:22:00 159744 ----a-w- C:\Windows\system32\atiapfxx.exe
2012-04-06 02:21:52 . 2012-04-06 02:21:52 909312 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-04-06 02:20:04 . 2012-04-06 02:20:04 1067520 ----a-w- C:\Windows\system32\aticfx64.dll
2012-04-06 02:16:52 . 2012-04-06 02:16:52 442368 ----a-w- C:\Windows\system32\ATIDEMGX.dll
2012-04-06 02:16:46 . 2012-04-06 02:16:46 503808 ----a-w- C:\Windows\system32\atieclxx.exe
2012-04-06 02:16:02 . 2012-04-06 02:16:02 236544 ----a-w- C:\Windows\system32\atiesrxx.exe
2012-04-06 02:14:44 . 2012-04-06 02:14:44 120320 ----a-w- C:\Windows\system32\atitmm64.dll
2012-04-06 02:14:30 . 2012-04-06 02:14:30 21504 ----a-w- C:\Windows\system32\atimuixx.dll
2012-04-06 02:14:26 . 2012-04-06 02:14:26 59392 ----a-w- C:\Windows\system32\atiedu64.dll
2012-04-06 02:14:20 . 2012-04-06 02:14:20 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-04-06 02:13:42 . 2012-04-06 02:13:42 6800896 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-04-06 02:10:50 . 2012-04-06 02:10:50 26181632 ----a-w- C:\Windows\system32\atio6axx.dll
2012-04-06 02:00:10 . 2011-04-20 00:27:00 64000 ----a-w- C:\Windows\system32\coinst.dll
2012-04-06 01:54:46 . 2012-04-06 01:54:46 7479296 ----a-w- C:\Windows\system32\atidxx64.dll
2012-04-06 01:50:56 . 2012-04-06 01:50:56 19753984 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-04-06 01:35:24 . 2012-04-06 01:35:24 1120768 ----a-w- C:\Windows\system32\atiumd6v.dll
2012-04-06 01:34:50 . 2012-04-06 01:34:50 1831424 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2012-04-06 01:34:34 . 2012-04-06 01:34:34 4731904 ----a-w- C:\Windows\system32\atiumd6a.dll
2012-04-06 01:34:04 . 2012-04-06 01:34:04 6203392 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-04-06 01:30:16 . 2012-04-06 01:30:16 51200 ----a-w- C:\Windows\system32\aticalrt64.dll
2012-04-06 01:30:14 . 2012-04-06 01:30:14 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-04-06 01:30:08 . 2012-04-06 01:30:08 44544 ----a-w- C:\Windows\system32\aticalcl64.dll
2012-04-06 01:30:06 . 2012-04-06 01:30:06 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-04-06 01:29:54 . 2012-04-06 01:29:54 16090624 ----a-w- C:\Windows\system32\aticaldd64.dll
2012-04-06 01:25:30 . 2012-04-06 01:25:30 13764096 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-04-06 01:23:24 . 2012-04-06 01:23:24 7431680 ----a-w- C:\Windows\system32\atiumd64.dll
2012-04-06 01:22:54 . 2012-04-06 01:22:54 4795904 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-04-06 01:11:28 . 2012-04-06 01:11:28 514560 ----a-w- C:\Windows\system32\atiadlxx.dll
2012-04-06 01:11:20 . 2012-04-06 01:11:20 360448 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-04-06 01:11:06 . 2012-04-06 01:11:06 17408 ----a-w- C:\Windows\system32\atig6pxx.dll
2012-04-06 01:11:04 . 2012-04-06 01:11:04 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-04-06 01:11:04 . 2012-04-06 01:11:04 14848 ----a-w- C:\Windows\system32\atiglpxx.dll
2012-04-06 01:11:00 . 2012-04-06 01:11:00 41984 ----a-w- C:\Windows\system32\atig6txx.dll
2012-04-06 01:10:52 . 2012-04-06 01:10:52 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-04-06 01:10:44 . 2012-04-06 01:10:44 343040 ----a-w- C:\Windows\system32\drivers\atikmpag.sys
2012-04-06 01:09:56 . 2012-04-06 01:09:56 54784 ----a-w- C:\Windows\system32\atiuxp64.dll
2012-04-06 01:09:48 . 2012-04-06 01:09:48 41984 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-04-06 01:09:42 . 2012-04-06 01:09:42 44544 ----a-w- C:\Windows\system32\atiu9p64.dll
2012-04-06 01:09:34 . 2012-04-06 01:09:34 32256 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-04-06 01:09:02 . 2012-04-06 01:09:02 53248 ----a-w- C:\Windows\system32\drivers\ati2erec.dll
2012-04-06 01:06:08 . 2012-04-06 01:06:08 54784 ----a-w- C:\Windows\system32\atimpc64.dll
2012-04-06 01:06:08 . 2012-04-06 01:06:08 54784 ----a-w- C:\Windows\system32\amdpcom64.dll
2012-04-06 01:06:04 . 2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-04-06 01:06:04 . 2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-04-05 21:34:26 . 2012-04-05 21:34:26 187392 ----a-w- C:\Windows\system32\clinfo.exe
2012-04-05 21:34:10 . 2012-04-05 21:34:10 74752 ----a-w- C:\Windows\system32\OpenVideo64.dll
2012-04-05 21:34:04 . 2012-04-05 21:34:04 64512 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-04-05 21:33:56 . 2012-04-05 21:33:56 63488 ----a-w- C:\Windows\system32\OVDecode64.dll
2012-04-05 21:33:52 . 2012-04-05 21:33:52 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-04-05 21:33:44 . 2012-04-05 21:33:44 16457216 ----a-w- C:\Windows\system32\amdocl64.dll
2012-04-05 21:32:56 . 2012-04-05 21:32:56 13007872 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-04-05 21:32:08 . 2012-04-05 21:32:08 54784 ----a-w- C:\Windows\system32\OpenCL.dll
2012-04-05 21:32:04 . 2012-04-05 21:32:04 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32:48 94208 ----a-w- C:\Users\Alex Harvey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32:48 94208 ----a-w- C:\Users\Alex Harvey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32:48 94208 ----a-w- C:\Users\Alex Harvey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="C:\Users\Alex Harvey\AppData\Roaming\Spotify\Spotify.exe" [2012-06-10 19:58:41 9478320]
"Spotify Web Helper"="C:\Users\Alex Harvey\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-06-10 19:58:40 932528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 00:24:32 641664]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 05:53:50 843712]
"SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 12:37:14 517096]
"AdobeCS5.5ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 06:08:56 1523360]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 20:28:32 59240]
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2012-04-18 19:56:22 421888]
"DivXUpdate"="C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 23:08:12 1259376]
"Malwarebytes' Anti-Malware"="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 14:56:38 462408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 13:27:14 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 19:16:57 250056]
R3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 15:26:43 113120]
R3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 12:37:14 517096]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 05:53:50 63928]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-05 20:57:34 361984]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 15:04:30 53888]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 14:56:40 654408]
S2 rtpMIDIService;rtpMIDIService;C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe [2011-07-01 13:43:12 1131008]
S2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 05:44:52 450848]
S3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys [x]
S3 LVUVC64;Logitech Webcam C210(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys [x]
S3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;C:\Windows\system32\DRIVERS\MAudioFastTrackPro.sys [x]
S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [x]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\system32\DRIVERS\RTL8192su.sys [x]
S3 teVirtualMIDI64;teVirtualMIDI - Virtual MIDI Driver x64;C:\Windows\system32\DRIVERS\teVirtualMIDI64.sys [x]


Contents of the 'Scheduled Tasks' folder

2012-06-25 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-11 20:40:45 . 2012-06-23 19:16:57]

2012-06-24 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2090271790-766607625-3301924082-1000Core.job
- C:\Users\Alex Harvey\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-12 22:45:19 . 2012-06-12 22:45:13]

2012-06-25 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2090271790-766607625-3301924082-1000UA.job
- C:\Users\Alex Harvey\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-12 22:45:19 . 2012-06-12 22:45:13]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32:50 97792 ----a-w- C:\Users\Alex Harvey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32:50 97792 ----a-w- C:\Users\Alex Harvey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32:50 97792 ----a-w- C:\Users\Alex Harvey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32:50 97792 ----a-w- C:\Users\Alex Harvey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"M-Audio Taskbar Icon"="C:\Windows\system32\M-AudioTaskBarIcon.exe" [2010-12-07 14:39:40 798728]
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 05:09:46 446392]

------- Supplementary Scan -------

uLocal Page = C:\Windows\system32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - C:\Users\Alex Harvey\AppData\Roaming\Mozilla\Firefox\Profiles\er66w0qp.default\

Edited by oysterCAKE, 25 June 2012 - 06:02 AM.

  • 0

#10
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
You can select FF as default browser if you wish now. CF reset some settings to default states.

It looks like this not entire CF log. Please open CF log once again and make sure that you select and copy all content.
  • 0

Advertisements


#11
oysterCAKE

oysterCAKE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Double checked the log; it's the same as I posted. Though this is the log in C:\combo-fix\combofix.txt. The C:\combo-fix.txt log that the program told me it had made didn't appear.
  • 0

#12
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. Please run CF once again as described above and post new log.
  • 0

#13
oysterCAKE

oysterCAKE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
ComboFix 12-06-25.03 - Alex Harvey 25/06/2012 14:32:45.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8189.6843 [GMT 1:00]
Running from: c:\users\Alex Harvey\Desktop\combo-fix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-25 to 2012-06-25 )))))))))))))))))))))))))))))))
.
.
2012-06-25 13:39 . 2012-06-25 13:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-25 00:02 . 2012-06-25 00:02 -------- d-----w- c:\programdata\Malwarebytes
2012-06-25 00:02 . 2012-06-25 00:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-25 00:02 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-23 22:22 . 2012-06-23 22:22 -------- d-----w- c:\program files\Microsoft Silverlight
2012-06-23 22:22 . 2012-06-23 22:22 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-06-23 18:07 . 2012-06-23 18:07 -------- d-----w- c:\program files (x86)\Tobias Erichsen
2012-06-23 18:07 . 2012-06-23 18:07 -------- d-----w- c:\program files\Bonjour Print Services
2012-06-23 18:05 . 2012-06-23 18:05 -------- d-----w- c:\program files\Bonjour
2012-06-23 18:05 . 2012-06-23 18:05 -------- d-----w- c:\program files (x86)\Bonjour
2012-06-22 21:20 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-06-22 21:20 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-06-22 21:20 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-06-22 15:40 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2018CDD1-8007-45A3-84D0-45F3D1CB6F53}\mpengine.dll
2012-06-22 15:30 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 15:30 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 15:30 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 15:30 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 15:29 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 15:29 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 15:29 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 15:28 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 15:28 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 15:10 . 2012-06-21 15:11 -------- d-----w- c:\program files (x86)\GIMP-2.0
2012-06-20 22:12 . 2012-06-20 22:12 -------- dc-h--w- c:\programdata\{544A9B13-F375-4543-8198-54A1542E6015}
2012-06-20 19:20 . 2012-06-20 21:10 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-06-20 18:55 . 2012-06-20 21:37 -------- d-----w- c:\programdata\Norton
2012-06-20 18:06 . 2012-06-20 18:06 -------- dc-h--w- c:\programdata\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
2012-06-20 18:06 . 2012-06-20 18:06 -------- d-----w- c:\program files\Common Files\Native Instruments
2012-06-20 18:06 . 2012-06-20 22:11 -------- d-----w- c:\program files\Native Instruments
2012-06-20 18:06 . 2012-06-20 18:06 -------- d-----w- c:\programdata\Native Instruments
2012-06-19 21:18 . 2012-06-20 16:10 684629 ----a-w- c:\windows\SysWow64\sig.bin
2012-06-19 18:29 . 2012-06-19 18:29 106648 ----a-w- c:\windows\system32\drivers\GRD.sys
2012-06-19 18:07 . 2012-06-19 18:07 59768 ----a-w- c:\windows\system32\drivers\PktIcpt.sys
2012-06-19 18:06 . 2012-06-19 18:06 122744 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2012-06-19 18:05 . 2012-06-19 18:05 54136 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2012-06-19 18:04 . 2012-06-19 18:04 65912 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys
2012-06-19 18:02 . 2012-06-20 19:22 -------- d-----w- c:\programdata\G DATA
2012-06-19 18:02 . 2012-06-20 19:22 -------- d-----w- c:\program files (x86)\Common Files\G Data
2012-06-19 18:02 . 2012-06-19 18:02 -------- d-----w- c:\program files (x86)\G Data
2012-06-19 14:54 . 2012-06-19 14:54 -------- d-----w- c:\windows\system32\Macromed
2012-06-13 11:39 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 11:39 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 11:39 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 11:39 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-12 23:58 . 2012-06-12 23:58 -------- d-----w- c:\program files\DivX
2012-06-12 23:58 . 2012-06-12 23:58 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2012-06-12 23:55 . 2012-06-12 23:59 -------- d-----w- c:\program files (x86)\DivX
2012-06-12 23:49 . 2012-06-13 00:05 -------- d-----w- c:\programdata\DivX
2012-06-12 21:47 . 2012-06-12 21:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-06-12 21:47 . 2012-06-12 21:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-06-12 21:47 . 2012-06-12 21:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-06-12 21:47 . 2012-06-12 21:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-06-12 21:47 . 2012-06-12 21:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-06-12 21:47 . 2012-06-12 21:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-06-12 21:47 . 2012-06-12 21:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-06-12 21:46 . 2012-06-12 21:47 -------- d-----w- c:\program files (x86)\QuickTime
2012-06-12 21:46 . 2012-06-12 21:46 -------- d-----w- c:\programdata\Apple Computer
2012-06-12 21:43 . 2012-06-12 21:43 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-06-12 21:42 . 2012-06-12 21:42 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-06-12 21:42 . 2012-06-12 21:42 -------- d-----w- c:\programdata\Apple
2012-06-12 20:58 . 2012-06-12 20:58 -------- d-----w- c:\programdata\PACE Anti-Piracy
2012-06-12 20:53 . 2012-06-12 21:20 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-06-12 20:46 . 2012-06-12 20:46 -------- d-----w- c:\program files (x86)\Adobe Story
2012-06-12 20:44 . 2011-11-29 02:28 55856 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2012-06-12 20:44 . 2009-06-23 02:00 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
2012-06-12 20:44 . 2009-06-23 02:00 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2012-06-12 20:44 . 2012-06-12 23:58 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2012-06-12 20:44 . 2012-06-12 20:44 -------- d-----w- c:\program files (x86)\My Company Name
2012-06-12 20:44 . 2012-06-12 20:44 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared
2012-06-12 20:41 . 2012-06-12 21:18 -------- d-----w- c:\program files\Common Files\Adobe
2012-06-12 20:40 . 2012-06-12 21:12 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-06-12 20:34 . 2012-06-12 20:51 -------- d-----w- C:\Adobe
2012-06-12 20:25 . 2012-06-12 21:18 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-06-12 19:27 . 2012-06-12 19:27 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-06-12 19:24 . 2012-06-20 22:11 -------- d-----w- c:\program files (x86)\Common Files\Native Instruments
2012-06-12 19:24 . 2006-09-03 13:36 61440 ----a-w- c:\windows\SysWow64\NI_DFD_1_5.dll
2012-06-12 19:24 . 2006-09-03 13:36 393216 ----a-w- c:\windows\SysWow64\NI_IRC_1_2.dll
2012-06-12 19:24 . 2006-09-03 13:36 233472 ----a-w- c:\windows\SysWow64\REX Shared Library.dll
2012-06-12 19:24 . 2006-09-03 13:36 1870336 ----a-w- c:\windows\SysWow64\bconvert.dll
2012-06-12 17:58 . 2012-06-12 17:58 -------- d-----w- c:\program files (x86)\Common Files\Propellerhead Software
2012-06-12 16:40 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-06-12 16:40 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-06-12 16:40 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2012-06-12 16:40 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-06-12 16:40 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2012-06-12 16:40 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2012-06-12 16:40 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-06-12 16:39 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2012-06-12 16:39 . 2011-03-11 06:41 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-06-12 16:39 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2012-06-12 16:39 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2012-06-12 16:39 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2012-06-12 16:39 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2012-06-12 16:39 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2012-06-12 16:39 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2012-06-12 16:39 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2012-06-12 16:39 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2012-06-12 16:39 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2012-06-12 16:34 . 2012-06-12 16:34 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-06-12 16:20 . 2012-06-12 16:20 -------- d-----w- c:\windows\SysWow64\Wat
2012-06-12 16:20 . 2012-06-12 16:20 -------- d-----w- c:\windows\system32\Wat
2012-06-11 21:43 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-06-11 21:43 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-06-11 21:43 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-06-11 21:43 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-06-11 21:43 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-06-11 21:43 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-06-11 21:43 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-06-11 20:40 . 2012-06-23 19:16 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-11 20:40 . 2012-06-23 19:16 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-11 20:40 . 2012-06-11 20:40 -------- d-----w- c:\windows\SysWow64\Macromed
2012-06-11 18:04 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-06-11 18:03 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2012-06-11 18:03 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-06-11 18:03 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2012-06-11 18:03 . 2011-03-11 06:34 1395712 ----a-w- c:\windows\system32\mfc42.dll
2012-06-11 18:03 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2012-06-11 18:03 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2012-06-11 18:01 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-06-11 18:00 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-06-11 17:56 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-06-11 17:56 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-06-11 04:26 . 2012-06-10 19:40 -------- d-----w- c:\windows\Panther
2012-06-10 20:16 . 2012-06-10 20:16 -------- d-----w- c:\programdata\ATI
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-18 19:56 . 2012-04-18 19:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 19:56 . 2012-04-18 19:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2012-04-06 02:21 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2012-04-06 02:20 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-04-06 02:13 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2011-04-20 00:27 64000 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2012-04-06 01:54 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-04-06 01:34 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23 7431680 ----a-w- c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-04-06 01:22 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2012-04-06 01:09 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-04-06 01:09 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:09 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2012-04-06 01:09 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-04-05 21:34 . 2012-04-05 21:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-05 21:34 . 2012-04-05 21:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-05 21:34 . 2012-04-05 21:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-05 21:33 . 2012-04-05 21:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-05 21:33 . 2012-04-05 21:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-05 21:33 . 2012-04-05 21:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-05 21:32 . 2012-04-05 21:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-05 21:32 . 2012-04-05 21:32 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-04-05 21:32 . 2012-04-05 21:32 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-25_11.43.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-06-25 11:58 27982 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-25 11:58 30998 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-06-11 17:46 . 2012-06-25 11:58 6738 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2090271790-766607625-3301924082-1000_UserData.bin
- 2012-06-25 11:34 . 2012-06-25 11:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-25 13:40 . 2012-06-25 13:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-25 11:34 . 2012-06-25 11:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-25 13:40 . 2012-06-25 13:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-14 20:43 . 2012-06-25 12:45 251914 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2012-06-10 21:47 . 2012-06-25 11:33 460936 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-06-10 21:47 . 2012-06-25 13:39 460936 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-06-25 11:33 384444 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-25 13:39 384444 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-06-10 20:07 . 2012-06-25 13:40 25380364 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2090271790-766607625-3301924082-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Alex Harvey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Alex Harvey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Alex Harvey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="c:\users\Alex Harvey\AppData\Roaming\Spotify\Spotify.exe" [2012-06-10 9478320]
"Spotify Web Helper"="c:\users\Alex Harvey\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-06-10 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-05 361984]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 rtpMIDIService;rtpMIDIService;c:\program files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe [2011-07-01 1131008]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 LVUVC64;Logitech Webcam C210(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\DRIVERS\MAudioFastTrackPro.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
S3 teVirtualMIDI64;teVirtualMIDI - Virtual MIDI Driver x64;c:\windows\system32\DRIVERS\teVirtualMIDI64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-11 19:16]
.
2012-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2090271790-766607625-3301924082-1000Core.job
- c:\users\Alex Harvey\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-12 22:45]
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2090271790-766607625-3301924082-1000UA.job
- c:\users\Alex Harvey\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-12 22:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Alex Harvey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Alex Harvey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Alex Harvey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Alex Harvey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2010-12-07 798728]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Alex Harvey\AppData\Roaming\Mozilla\Firefox\Profiles\er66w0qp.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
.
**************************************************************************
.
Completion time: 2012-06-25 14:49:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-25 13:49
ComboFix2.txt 2012-06-20 21:48
.
Pre-Run: 20,797,714,432 bytes free
Post-Run: 20,720,910,336 bytes free
.
- - End Of File - - 783DEE7A1B4D4C647D492E6370A4F515
  • 0

#14
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
So far all logs looks clean.

We should proceed with general antimalware scan which can take quite a long time so please be patient.

Download Virus Removal Tool (VRT) from Here to your desktop
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(Please be patient as this scan can take a few hours)
Posted Image

Allow VRT to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun VRT and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0

#15
oysterCAKE

oysterCAKE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Installed and ran Kaspersky. During installation, in between the files extracting and the program installing, the installer disappeared for 5+ minutes, during that time the system went into slow down and then lock up. When the installer came back, everything was fine.

The automatic scan didn't detect any threats, so no log to produce on what it deleted.

Manual Disinfection; Start gathering system information clicked - gets to 56% then goes back to showing the "start gathering system information" button. It did leave a log, attached

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP