I installed and ran Malwarebytes in Safemode. It pulled 2 instances and removed them (can't find logs).
I have run Microsoft Security Essentials scans, that pulled and removed:
Rogue:Win32/Winwebsec
TrojanDropper:Win32/Sirefef.gen!A
Backdoor:Win32/Cybot!cfg
I have run TDSSKiller. It pulled and removed a rootkit (can't find logs)
I have run Rogue-Killer. It has found several registry entries (hijacks)along with some TMP files it didn't like.
All of that and I am still having troubles.
Initially there was only one user on this computer. After scans and such I tried to create a new user as an administrator. I tried setting the other user (ccdc) as a standard user. I have no problems with that newly created user so far. However the initial user's (ccdc) icons continue to dissappear. I can run Rogue-Killer and the icons re-appear. When i reboot the dissappear again.
I'm pretty sure the rootkit is still there. I am not sure how to fix this. I've tried unhide.exe but that does not help either.
Thanks in advance for any and all help
I am attaching the OTL results:
OTL logfile created on: 8/19/2012 9:21:13 AM - Run 1
OTL by OldTimer - Version 3.2.58.0 Folder = E:\
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.87 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 48.37% Memory free
3.99 Gb Paging File | 2.92 Gb Available in Paging File | 73.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291.83 Gb Total Space | 199.48 Gb Free Space | 68.36% Space Free | Partition Type: NTFS
Drive D: | 6.26 Gb Total Space | 0.87 Gb Free Space | 13.97% Space Free | Partition Type: NTFS
Drive E: | 3.77 Gb Total Space | 0.37 Gb Free Space | 9.71% Space Free | Partition Type: FAT32
Computer Name: CCDC-PC | User Name: ccdc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/08/19 09:20:36 | 000,598,016 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2012/07/12 08:29:47 | 000,136,616 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/07/12 08:28:56 | 000,374,184 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/09/16 16:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2011/09/16 16:10:50 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/27 16:19:42 | 000,032,768 | ---- | M] (SHARP CORPORATION) -- C:\Program Files\Sharp\Sharpdesk\SharpTray.exe
PRC - [2008/05/26 03:28:04 | 000,704,512 | ---- | M] (SHARP CORPORATION) -- C:\Program Files\Sharp\Sharpdesk\FTPServer.exe
PRC - [2008/05/26 03:21:08 | 000,548,864 | ---- | M] (SHARP CORPORATION) -- C:\Program Files\Sharp\Sharpdesk\nsapp.exe
PRC - [2007/07/19 10:54:24 | 000,143,408 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\ImApp.exe
PRC - [2006/12/08 17:51:12 | 004,227,072 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
========== Modules (No Company Name) ==========
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/15 03:36:36 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011/06/15 03:36:27 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011/06/15 03:35:26 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011/06/15 03:35:06 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2008/07/28 10:51:40 | 000,131,072 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.SHDocVw\1.1.0.0__ab3d4581d2618b4b\Interop.SHDocVw.dll
MOD - [2008/07/28 10:51:39 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC\Kinkos.Jupiter.PlugIn.IEPlugIn\1.0.0.0__ab3d4581d2618b4b\Kinkos.Jupiter.PlugIn.IEPlugIn.dll
MOD - [2008/05/26 03:42:02 | 000,434,176 | ---- | M] () -- C:\Program Files\Sharp\Sharpdesk\SCprMfpif.dll
MOD - [2008/05/26 03:34:24 | 000,006,144 | ---- | M] () -- C:\Program Files\Sharp\Sharpdesk\discoveryps.dll
MOD - [2008/05/26 03:28:18 | 000,217,088 | ---- | M] () -- C:\Program Files\Sharp\Sharpdesk\FtpServerps.dll
MOD - [2007/07/19 10:56:06 | 000,065,594 | ---- | M] () -- C:\Program Files\IncrediMail\bin\ImAppRU.dll
MOD - [2007/07/19 10:54:32 | 000,073,780 | ---- | M] () -- C:\Program Files\IncrediMail\bin\ImComUtlU.dll
========== Win32 Services (SafeList) ==========
SRV - [2012/07/12 08:29:47 | 000,136,616 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/07/12 08:28:56 | 000,374,184 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/09/16 16:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2011/09/06 20:12:06 | 000,045,056 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/07/14 14:36:00 | 000,066,056 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus®
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/07/12 08:29:01 | 000,083,392 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/09/16 16:10:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/09/16 16:10:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/08/01 20:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/02/21 14:36:10 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/02/21 14:36:05 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/10/26 19:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/07/06 21:15:00 | 007,568,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006/11/02 03:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{18D5F9FB-0EC3-4BA8-888C-2943130A378C}: "URL" = http://delicious.com...p={searchTerms}
IE - HKCU\..\SearchScopes\{411504AC-7C41-4F75-9605-6572451E2CC3}: "URL" = http://search.yahoo....f-8&fr=chr-yie8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{6F7650C0-55D2-4944-8384-1B4431EDC203}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.co...}&iy=b&ychte=us
IE - HKCU\..\SearchScopes\{F20300DF-8181-4369-88FD-975DF2E07345}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.DictionaryBoss.com/Plugin: C:\Program Files\DictionaryBossEI\Installr\1.bin\NPv4EISB.dll (DictionaryBoss)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
O1 HOSTS File: ([2012/08/16 23:01:01 | 000,000,021 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [FtpServer.exe] C:\Program Files\Sharp\Sharpdesk\FtpServer.exe (SHARP CORPORATION)
O4 - HKLM..\Run: [IndexTray] C:\Program Files\Sharp\Sharpdesk\IndexTray.exe (SHARP CORPORATION)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SharpTray] C:\Program Files\Sharp\Sharpdesk\SharpTray.exe (SHARP CORPORATION)
O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akama...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} http://dlm.tools.aka...vex-2.2.1.0.cab (DownloadManager Control)
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} https://setup.bellso...aller_6-1-2.cab (Reg Error: Value error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.10 172.16.0.11 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB4CBB51-2559-4E46-B797-474800416431}: DhcpNameServer = 172.16.0.10 172.16.0.11 8.8.8.8 8.8.4.4
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\sds {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files\Sharp\Sharpdesk\ExplorerExtensions.dll (SHARP CORPORATION)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/08/19 08:43:30 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/17 07:42:32 | 000,000,000 | ---D | C] -- C:\Users\ccdc\Desktop\temp
[2012/08/16 22:27:06 | 000,000,000 | ---D | C] -- C:\Users\ccdc\AppData\Local\ElevatedDiagnostics
[2012/08/16 22:00:22 | 010,288,512 | ---- | C] (Microsoft Corporation) -- C:\Users\ccdc\Desktop\mseinstall.exe
[2012/08/16 21:29:06 | 000,000,000 | ---D | C] -- C:\Users\ccdc\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/08/16 18:51:59 | 000,000,000 | ---D | C] -- C:\Users\ccdc\Desktop\New Folder
[2012/08/16 18:18:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/16 18:18:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/08/19 09:13:55 | 000,388,160 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/19 09:13:54 | 000,004,896 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/19 09:13:54 | 000,004,896 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/19 09:13:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/19 09:13:36 | 2011,750,400 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/19 08:43:17 | 000,007,944 | ---- | M] () -- C:\Users\ccdc\AppData\Local\d3d9caps.dat
[2012/08/18 22:50:50 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{763DA8C3-9E2D-4ACB-8788-3E97DADC57CB}.job
[2012/08/17 18:39:40 | 000,069,408 | ---- | M] () -- C:\Users\ccdc\Documents\registrybeforechanges.reg
[2012/08/17 07:36:32 | 000,003,306 | ---- | M] () -- C:\Users\ccdc\Documents\cc_20120817_073627.reg
[2012/08/16 22:02:25 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/16 22:00:33 | 010,288,512 | ---- | M] (Microsoft Corporation) -- C:\Users\ccdc\Desktop\mseinstall.exe
[2012/08/16 21:31:41 | 000,630,558 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/16 21:31:41 | 000,113,894 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/16 21:28:11 | 000,000,940 | ---- | M] () -- C:\Users\ccdc\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/08/16 18:18:14 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/08/19 08:44:20 | 2011,750,400 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/17 18:39:40 | 000,069,408 | ---- | C] () -- C:\Users\ccdc\Documents\registrybeforechanges.reg
[2012/08/17 07:36:30 | 000,003,306 | ---- | C] () -- C:\Users\ccdc\Documents\cc_20120817_073627.reg
[2012/08/16 22:02:13 | 000,001,828 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/08/16 20:19:29 | 000,000,940 | ---- | C] () -- C:\Users\ccdc\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/08/16 18:18:14 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/11/18 15:51:16 | 000,000,304 | ---- | C] () -- C:\ProgramData\~H0WeK3WVEJ40SL
[2011/11/18 15:51:16 | 000,000,232 | ---- | C] () -- C:\ProgramData\~H0WeK3WVEJ40SLr
[2011/11/18 15:51:12 | 000,000,456 | ---- | C] () -- C:\ProgramData\H0WeK3WVEJ40SL
[2011/03/24 10:03:12 | 000,000,026 | ---- | C] () -- C:\Windows\FPKPMSV.INI
[2009/09/24 11:39:57 | 000,729,470 | ---- | C] () -- C:\Users\ccdc\AppData\Roaming\fontlst2.opf
[2008/01/10 09:38:36 | 000,007,944 | ---- | C] () -- C:\Users\ccdc\AppData\Local\d3d9caps.dat
[2007/04/13 11:28:08 | 000,000,092 | ---- | C] () -- C:\Users\ccdc\AppData\Local\fusioncache.dat
[2007/04/13 11:27:45 | 000,057,856 | ---- | C] () -- C:\Users\ccdc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
< End of report >