Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

win32/olmarik.tdl4 trojan Need help to remove [Solved]

Started by DAVID0205 , May 09 2013 07:37 AM

  • This topic is locked This topic is locked

#1
DAVID0205
Posted 09 May 2013 - 07:37 AM

DAVID0205

    Member

  • Member
  • PipPip
  • 16 posts
Eset has detected the following "win32/olmarik.tdl4 Trojan. It can not quarantine it or nor do I know what to do to clean it. I ran combofix yesterday but nothing helped me there. Any help would be appreciated.

OTL logfile created on: 5/9/2013 8:17:05 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David Blankenship\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.93 Gb Total Physical Memory | 5.51 Gb Available Physical Memory | 69.52% Memory free
15.86 Gb Paging File | 12.89 Gb Available in Paging File | 81.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 911.41 Gb Total Space | 783.84 Gb Free Space | 86.00% Space Free | Partition Type: NTFS
Drive Z: | 1861.71 Gb Total Space | 1204.95 Gb Free Space | 64.72% Space Free | Partition Type: NTFS

Computer Name: DWB-PC | User Name: David Blankenship | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/09 08:15:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David Blankenship\Desktop\OTL.exe
PRC - [2013/05/03 07:25:16 | 004,573,184 | ---- | M] (Spotify Ltd) -- C:\Program Files (x86)\Spotify\spotify.exe
PRC - [2013/05/03 07:25:14 | 001,105,408 | ---- | M] (Spotify Ltd) -- C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/01/26 07:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\David Blankenship\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/12/18 14:08:44 | 003,478,752 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
PRC - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/15 05:27:40 | 000,308,368 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/12/06 19:00:12 | 001,176,464 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2012/12/06 18:59:24 | 001,181,584 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 12.0\QBW32.EXE
PRC - [2012/12/06 18:17:04 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/08/26 15:17:24 | 002,938,736 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe
PRC - [2011/08/19 21:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2011/08/19 21:30:02 | 000,679,936 | ---- | M] (Intuit, Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 12.0\QBDBMgrN.exe
PRC - [2010/12/10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- c:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2010/12/09 15:49:40 | 000,415,232 | ---- | M] () -- C:\UPS\WSTD\WSTDMessaging.exe
PRC - [2010/12/09 15:40:28 | 000,024,576 | ---- | M] () -- C:\UPS\WSTD\UPSNA1Msgr.exe
PRC - [2010/08/12 14:16:26 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2010/05/05 21:24:42 | 000,609,312 | ---- | M] () -- C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
PRC - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
PRC - [2009/12/09 04:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe
PRC - [2009/10/13 13:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/10/13 13:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/07/20 16:07:10 | 000,124,416 | ---- | M] (IOI) -- C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
PRC - [2008/12/01 17:37:32 | 000,331,776 | ---- | M] (EMC) -- C:\Program Files (x86)\Retrospect\Retrospect Client\retroclient.exe
PRC - [2008/12/01 17:36:40 | 000,061,440 | ---- | M] (EMC) -- C:\Program Files (x86)\Retrospect\Retrospect Client\RemotSvc.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/03 07:25:14 | 024,985,600 | ---- | M] () -- C:\Program Files (x86)\Spotify\Data\libcef.dll
MOD - [2013/03/06 08:24:38 | 012,700,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\be794c59743c08f79144dcb474736cdf\System.Windows.Forms.ni.dll
MOD - [2013/03/06 08:24:34 | 000,786,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\a595bfbd401ddaea721588f5e88af1a9\System.Runtime.Remoting.ni.dll
MOD - [2013/03/06 08:24:30 | 001,631,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\d8e2d3037c3d36f5a7c763970400e79c\System.Drawing.ni.dll
MOD - [2013/03/06 08:24:29 | 000,958,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\3249b5065782afda9ed38b3796d96072\System.Configuration.ni.dll
MOD - [2013/03/06 08:23:20 | 007,561,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\130613a664d9a4237b5b22c3c80f6d96\System.Xml.ni.dll
MOD - [2013/03/06 08:23:11 | 009,937,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\84371136df209abcd5fbf89db89f2e97\System.ni.dll
MOD - [2013/03/06 08:23:04 | 016,544,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\506bcca8d286f754825f3f1b0bf64894\mscorlib.ni.dll
MOD - [2013/02/13 04:28:00 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\a59cf850ee6b2a003167700b648ba9c7\System.Windows.Forms.ni.dll
MOD - [2013/01/09 04:36:11 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013/01/09 04:36:11 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll
MOD - [2013/01/09 04:36:11 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll
MOD - [2013/01/09 04:35:50 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/09 04:35:38 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/09 04:35:35 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/09 04:35:35 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/09 04:35:31 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/12/06 18:59:54 | 000,138,128 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 12.0\QBMAPILibrary.dll
MOD - [2012/12/06 18:59:50 | 000,020,880 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 12.0\QBCompressor.DLL
MOD - [2012/12/06 18:59:44 | 000,042,384 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 12.0\mbpopup.dll
MOD - [2012/12/06 18:59:30 | 000,268,688 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 12.0\boost_regex-vc90-mt-p-1_33.dll
MOD - [2012/12/06 18:59:30 | 000,176,528 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 12.0\boost_serialization-vc90-mt-p-1_33.dll
MOD - [2012/12/06 18:59:28 | 000,380,304 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 12.0\BackupLib.dll
MOD - [2012/11/28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/19 21:30:50 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 12.0\zlib1.dll
MOD - [2010/12/09 15:49:40 | 000,415,232 | ---- | M] () -- C:\UPS\WSTD\WSTDMessaging.exe
MOD - [2010/12/09 15:40:28 | 000,024,576 | ---- | M] () -- C:\UPS\WSTD\UPSNA1Msgr.exe
MOD - [2010/12/09 15:40:26 | 000,045,056 | ---- | M] () -- C:\UPS\WSTD\POLICYMGR\UPS.Components.NA1MessengerServer.dll
MOD - [2010/12/09 15:39:44 | 000,024,576 | ---- | M] () -- C:\UPS\WSTD\POLICYMGR\Microsoft.ApplicationBlocks.Data.dll
MOD - [2010/12/09 15:39:42 | 000,053,248 | ---- | M] () -- C:\UPS\WSTD\POLICYMGR\UPS.Components.PolicyHolder.dll
MOD - [2010/12/09 14:57:30 | 000,018,432 | ---- | M] () -- C:\UPS\WSTD\UPSResourceManager.dll
MOD - [2010/11/04 18:58:06 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/05/05 21:24:44 | 000,151,584 | ---- | M] () -- C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyHook.dll
MOD - [2010/05/05 21:24:42 | 000,609,312 | ---- | M] () -- C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
MOD - [2009/06/12 18:37:38 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Gateway Photo Frame\IOIUSBLib.dll
MOD - [2009/06/12 18:37:36 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Gateway Photo Frame\IOIHIDLib.dll
MOD - [2009/06/10 16:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/02/27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


========== Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Fishbowl\database\bin\fb_inet_server.exe -- (FirebirdServerDefaultInstance)
SRV:64bit: - [2012/09/06 15:40:42 | 000,080,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
SRV:64bit: - [2010/08/12 14:18:40 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2010/08/12 14:16:26 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/04/26 08:22:32 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/06 18:17:04 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2012/11/07 07:26:38 | 000,147,888 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2012/11/07 07:26:31 | 000,375,728 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/07/09 01:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/09/16 14:10:50 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2011/08/19 21:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2011/08/19 21:30:58 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2011/08/19 21:30:02 | 000,679,936 | ---- | M] (Intuit, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 12.0\QBDBMgrN.exe -- (QuickBooksDB22)
SRV - [2010/12/10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$UPSWSDBSERVER)
SRV - [2010/11/20 05:19:22 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 05:19:22 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 05:18:04 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/01/15 16:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/12/09 04:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection)
SRV - [2009/10/13 13:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/08 08:50:52 | 000,122,880 | ---- | M] (EMC Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Retrospect\Retrospect Client\rthlpsvc.exe -- (Retrospect Helper)
SRV - [2008/12/01 17:36:40 | 000,061,440 | ---- | M] (EMC) [Auto | Running] -- C:\Program Files (x86)\Retrospect\Retrospect Client\RemotSvc.exe -- (Retrospect Client)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/07 07:26:31 | 000,088,008 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/29 02:23:42 | 000,321,992 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0153.sys -- (RsFx0153)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/16 14:10:50 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2011/09/16 14:10:24 | 000,014,944 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\radpms.sys -- (radpms)
DRV:64bit: - [2011/09/16 14:10:24 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/29 13:31:26 | 000,171,152 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2010/07/29 13:31:26 | 000,168,544 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010/07/29 13:31:26 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010/07/29 13:31:26 | 000,050,624 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2010/07/29 13:31:26 | 000,033,632 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
DRV:64bit: - [2010/07/28 21:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/04/29 07:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb)
DRV:64bit: - [2010/03/04 08:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/02 17:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/12/09 04:39:52 | 000,537,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:18:06 | 000,281,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:41:10 | 000,015,360 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BrUsbSIb.sys -- (BrUsbSIb)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/09/16 14:10:50 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACGW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1336249084-732204899-1046760360-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1336249084-732204899-1046760360-1010\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1336249084-732204899-1046760360-1010\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-1336249084-732204899-1046760360-1010\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...GW_enUS400US400
IE - HKU\S-1-5-21-1336249084-732204899-1046760360-1010\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-1336249084-732204899-1046760360-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1336249084-732204899-1046760360-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@itstructures.com/ffactivex: C:\Program Files\Firefox ActiveX Plugin\npffax.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013/04/26 09:07:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/10/13 10:23:47 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - homepage: http://www.google.com/
CHR - Extension: YouTube = C:\Users\David Blankenship\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\David Blankenship\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: First user = C:\Users\David Blankenship\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/05/08 16:29:17 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe Acrobat Create PDF Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKU\S-1-5-21-1336249084-732204899-1046760360-1010\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1336249084-732204899-1046760360-1010\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Seagull Drivers] ssdal_nc.exe startup File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe (IOI)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [NA1Messenger] C:\UPS\WSTD\UPSNA1Msgr.exe ()
O4 - HKLM..\Run: [QuickBooksDB22] C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 12.0\QBDBMgrN.exe (Intuit, Inc.)
O4 - HKU\S-1-5-21-1336249084-732204899-1046760360-1010..\Run: [Akamai NetSession Interface] C:\Users\David Blankenship\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-1336249084-732204899-1046760360-1010..\Run: [Spotify] C:\Program Files (x86)\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-1336249084-732204899-1046760360-1010..\Run: [Spotify Web Helper] C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1336249084-732204899-1046760360-1010\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1336249084-732204899-1046760360-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1336249084-732204899-1046760360-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (Reg Error: Key error.)
O16:64bit: - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Reg Error: Key error.)
O16:64bit: - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell...r/SysProExe.CAB (Reg Error: Key error.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.0)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.0)
O16:64bit: - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=928 (Performance Viewer Activex Control)
O16 - DPF: {495DEA80-49C2-4891-94CD-C2016615D16F} http://www.catalogds...3/pvcadview.cab (ProductView Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://cbrichardell...ex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=928 (Performance Viewer Activex Control)
O16 - DPF: FirstViewer http://204.64.21.87/...ts/FirstVwr.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.50
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA55A990-4430-48A6-B1FA-FF4BDC8A4468}: DhcpNameServer = 10.0.0.50
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA55A990-4430-48A6-B1FA-FF4BDC8A4468}: Domain = CLBLANKENSHIP
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA55A990-4430-48A6-B1FA-FF4BDC8A4468}: NameServer = 10.0.0.50
O18:64bit: - Protocol\Handler\intu-help-qb5 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 12.0\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/09 08:15:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\David Blankenship\Desktop\OTL.exe
[2013/05/09 07:28:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/05/02 07:55:25 | 000,000,000 | ---D | C] -- C:\Users\David Blankenship\Desktop\CBREGRSM
[2013/05/02 07:38:56 | 000,000,000 | ---D | C] -- C:\Users\David Blankenship\Desktop\Employee Insurance Information
[2013/04/26 15:51:53 | 000,000,000 | ---D | C] -- C:\Users\David Blankenship\AppData\Roaming\SolidDocuments
[2013/04/10 03:01:26 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/04/10 03:01:25 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/04/10 03:01:22 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/04/10 03:01:18 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/04/10 03:01:18 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/04/10 03:01:18 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/04/10 03:01:17 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/04/10 03:01:16 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/04/10 03:01:16 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/04/10 03:01:15 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/04/10 03:01:15 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/04/10 03:01:15 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/04/10 03:01:11 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/04/10 03:01:11 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/04/10 03:01:10 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/04/09 21:23:40 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/04/09 21:23:39 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/04/09 21:23:38 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/04/09 21:23:38 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/04/09 21:23:37 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/04/09 21:23:37 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/04/09 21:21:04 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/04/09 21:21:02 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/04/09 21:21:02 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/04/09 21:21:01 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/04/09 21:21:01 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/04/09 21:21:00 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll

========== Files - Modified Within 30 Days ==========

[2013/05/09 08:15:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David Blankenship\Desktop\OTL.exe
[2013/05/09 08:04:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/09 07:39:15 | 000,000,619 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013/05/09 07:37:55 | 000,015,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/09 07:37:55 | 000,015,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/09 07:29:36 | 000,000,241 | ---- | M] () -- C:\Windows\wstdUPSWSHIP.INI
[2013/05/09 07:28:12 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/09 07:28:12 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/09 07:27:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/09 07:27:08 | 2090,160,127 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/08 19:03:16 | 000,000,528 | -H-- | M] () -- C:\Windows\tasks\C.L. Blankenship, Inc. 1343746116.job
[2013/05/08 18:00:00 | 000,000,498 | -H-- | M] () -- C:\Windows\tasks\C.L. Blankenship, Inc. 1338898788.job
[2013/05/08 16:29:17 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/05/08 16:12:32 | 005,067,786 | R--- | M] (Swearware) -- C:\Users\David Blankenship\Desktop\ComboFix.exe
[2013/05/06 13:37:26 | 005,158,628 | ---- | M] () -- C:\Users\David Blankenship\Desktop\VEHICLE INSURANCE CARDS EXPIRE 5-25-14.pdf
[2013/05/03 12:58:25 | 000,230,910 | ---- | M] () -- C:\Users\David Blankenship\Desktop\C.L. BLANKENSHIP INC._pdf
[2013/05/03 11:24:07 | 000,063,534 | ---- | M] () -- C:\Users\David Blankenship\Desktop\ADK-030113-A.pdf
[2013/05/02 10:19:49 | 000,818,676 | ---- | M] () -- C:\Users\David Blankenship\Desktop\Champion Warranty & Labor Rate Book_09.pdf
[2013/05/01 15:15:30 | 000,388,098 | ---- | M] () -- C:\Users\David Blankenship\Desktop\Updated Warranty & Service Manual.pdf
[2013/04/26 15:42:42 | 000,104,170 | ---- | M] () -- C:\Users\David Blankenship\Desktop\McIntire web 13.pdf
[2013/04/26 14:43:47 | 000,000,930 | ---- | M] () -- C:\Users\David Blankenship\Desktop\ES.lnk
[2013/04/26 09:11:53 | 000,433,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/26 09:07:41 | 000,002,147 | ---- | M] () -- C:\Users\Public\Desktop\Adobe FormsCentral.lnk
[2013/04/26 09:07:41 | 000,002,033 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
[2013/04/26 08:22:31 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/04/26 08:22:31 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/04/17 14:24:06 | 000,001,897 | ---- | M] () -- C:\Users\David Blankenship\Desktop\Price Lists.lnk
[2013/04/17 14:24:06 | 000,001,771 | ---- | M] () -- C:\Users\David Blankenship\Desktop\CLB Server Documents.lnk
[2013/04/12 14:42:03 | 000,000,016 | ---- | M] () -- C:\Windows\qbodbchelp.ini
[2013/04/11 15:38:53 | 001,026,868 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/11 15:38:53 | 000,836,594 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/11 15:38:53 | 000,186,410 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

========== Files Created - No Company Name ==========

[2013/05/06 13:37:18 | 005,158,628 | ---- | C] () -- C:\Users\David Blankenship\Desktop\VEHICLE INSURANCE CARDS EXPIRE 5-25-14.pdf
[2013/05/03 12:59:05 | 000,230,910 | ---- | C] () -- C:\Users\David Blankenship\Desktop\C.L. BLANKENSHIP INC._pdf
[2013/05/03 11:24:07 | 000,063,534 | ---- | C] () -- C:\Users\David Blankenship\Desktop\ADK-030113-A.pdf
[2013/05/02 10:19:49 | 000,818,676 | ---- | C] () -- C:\Users\David Blankenship\Desktop\Champion Warranty & Labor Rate Book_09.pdf
[2013/05/01 15:15:30 | 000,388,098 | ---- | C] () -- C:\Users\David Blankenship\Desktop\Updated Warranty & Service Manual.pdf
[2013/04/26 15:42:42 | 000,104,170 | ---- | C] () -- C:\Users\David Blankenship\Desktop\McIntire web 13.pdf
[2013/04/26 14:43:47 | 000,000,930 | ---- | C] () -- C:\Users\David Blankenship\Desktop\ES.lnk
[2013/04/26 09:07:41 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
[2013/04/26 09:07:41 | 000,002,217 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
[2013/04/26 09:07:41 | 000,002,147 | ---- | C] () -- C:\Users\Public\Desktop\Adobe FormsCentral.lnk
[2013/04/26 09:07:41 | 000,002,056 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
[2013/04/26 09:07:41 | 000,002,033 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
[2013/03/06 09:07:32 | 000,851,968 | ---- | C] () -- C:\Users\David Blankenship\DevelopmentStorageDb201210_log.ldf
[2013/03/06 09:07:30 | 003,211,264 | ---- | C] () -- C:\Users\David Blankenship\DevelopmentStorageDb201210.mdf
[2012/12/28 11:26:18 | 000,198,044 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/08/26 11:40:22 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\UNWISE32.EXE
[2012/07/19 15:14:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/19 15:14:07 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/19 15:14:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/19 15:14:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/19 15:14:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/20 06:19:32 | 000,000,002 | ---- | C] () -- C:\Windows\SysWow64\WSSEMAPHORES.dat
[2011/08/19 21:26:28 | 000,667,280 | ---- | C] () -- C:\Windows\SysWow64\tx12.dll
[2011/08/19 21:26:28 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\tx12_ic.ini
[2011/08/19 21:26:28 | 000,000,186 | ---- | C] () -- C:\Windows\SysWow64\Gsw32.exe.config
[2011/05/19 10:14:47 | 000,000,027 | ---- | C] () -- C:\Windows\IC-Ctrln.INI
[2010/12/02 11:43:35 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 08:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 08:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 08:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
  • 0

Advertisements

#2
Buddierdl
Posted 09 May 2013 - 09:35 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hello and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.

Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

I am currently reviewing your logs and will post some instructions soon.
  • 0

#3
Buddierdl
Posted 09 May 2013 - 09:40 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Please run the following scan for me. Also please copy your ComboFix log into the next post.


Download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#4
DAVID0205
Posted 09 May 2013 - 01:19 PM

DAVID0205

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hi, and thanks for your help. Here is my Combofix log. I am running the other scan and will send that log shortly.

ComboFix 13-05-08.02 - David Blankenship 05/08/2013 16:19:13.4.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8119.5545 [GMT -5:00]
Running from: c:\users\David Blankenship\Desktop\ComboFix.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\1116CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\1116CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\1116CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\1116CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\12292CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\12292CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\12292CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\12292CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\12752CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\12752CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\12752CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\12752CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\13720CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\13720CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\13720CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\13720CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\1488CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\1488CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\1488CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\1488CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\1504CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\1504CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\1504CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\1504CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\16396CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\16396CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\16396CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\16396CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\1828CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\1828CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\1828CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\1828CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\21848CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\21848CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\21848CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\21848CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\22384CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\22384CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\22384CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\22384CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\25348CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\25348CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\25348CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\25348CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\2812CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\2812CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\2812CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\2812CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\3284CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\3284CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\3284CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\3284CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\3500CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\3500CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\3500CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\3500CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\3796CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\3796CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\3796CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\3796CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4008CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4008CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4008CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4008CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4016CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4016CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4016CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4016CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4020CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4020CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4020CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4020CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4136CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4136CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4136CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4136CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4240CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4240CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4240CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4240CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4276CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4276CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4276CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4276CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4348CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4348CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4348CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4348CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4452CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4452CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4452CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4452CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4488CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4488CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4488CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4488CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4760CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4760CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4760CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4760CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\484CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\484CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\484CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\484CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4920CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4920CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4920CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4920CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4920CLBlankenshipIncviewChanges.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4956CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4956CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4956CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4956CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4980CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4980CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4980CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\4980CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\5104CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\5104CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\5104CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\5104CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\5116CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\5116CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\5116CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\5116CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\5160CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\5160CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\5160CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\5160CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\5184CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\5184CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\5184CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\5184CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\5688CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\5688CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\5688CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\5688CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\5784CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\5784CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\5784CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\5784CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\6560CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\6560CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\6560CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\6560CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\684CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\684CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\684CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\684CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\7220CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\7220CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\7220CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\7220CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\7452CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\7452CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\7452CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\7452CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\7496CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\7496CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\7496CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\7496CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\7600CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\7600CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\7600CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\7600CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\7748CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\7748CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\7748CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\7748CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\7888CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\7888CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\7888CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\7888CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\7896CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\7896CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\7896CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\7896CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\8124CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\8124CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\8124CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\8124CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\8452CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\8452CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\8452CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\8452CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\8696CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\8696CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\8696CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\8696CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\8884CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\8884CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\8884CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\8884CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\8912CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\8912CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\8912CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\8912CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\9644CLBlankenshipIncpffcenter.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\9644CLBlankenshipIncreviewDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\9644CLBlankenshipIncreviewNotesPopUp.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\9644CLBlankenshipInctaskNotesDialog.html
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\mootools.svn.js
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\pffCenter.css
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\pffCenter.js
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\print.css
c:\users\David Blankenship\AppData\Local\Microsoft\Windows\Temporary Internet Files\style.css
.
.
((((((((((((((((((((((((( Files Created from 2013-04-08 to 2013-05-08 )))))))))))))))))))))))))))))))
.
.
2013-05-08 21:28 . 2013-05-08 21:28 -------- d-----w- c:\users\rturner\AppData\Local\temp
2013-05-08 21:28 . 2013-05-08 21:28 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-05-08 21:28 . 2013-05-08 21:28 -------- d-----w- c:\users\Fonts\AppData\Local\temp
2013-05-08 21:28 . 2013-05-08 21:28 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-05-08 21:28 . 2013-05-08 21:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-08 21:28 . 2013-05-08 21:28 -------- d-----w- c:\users\DBlankenship old\AppData\Local\temp
2013-05-08 21:28 . 2013-05-08 21:28 -------- d-----w- c:\users\David Blankenship.DWB-PC old\AppData\Local\temp
2013-05-08 21:28 . 2013-05-08 21:28 -------- d-----w- c:\users\David Blankenship old\AppData\Local\temp
2013-05-08 21:28 . 2013-05-08 21:28 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2013-05-08 21:28 . 2013-05-08 21:28 -------- d-----w- c:\users\CBlankenshipSr\AppData\Local\temp
2013-05-08 21:28 . 2013-05-08 21:28 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-05-08 21:28 . 2013-05-08 21:28 -------- d-----w- c:\users\__sbs_netsetup__\AppData\Local\temp
2013-05-08 21:12 . 2013-05-08 21:12 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3E77B88-6175-46F3-986D-4D883711A503}\offreg.dll
2013-05-07 07:56 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3E77B88-6175-46F3-986D-4D883711A503}\mpengine.dll
2013-04-26 20:51 . 2013-04-26 20:51 -------- d-----w- c:\users\David Blankenship\AppData\Roaming\SolidDocuments
2013-04-24 08:51 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 08:00 . 2013-02-21 10:14 19230208 ----a-w- c:\windows\system32\mshtml.dll
2013-04-10 02:23 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 02:23 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-04-10 02:23 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-04-10 02:23 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-04-10 02:23 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-10 02:23 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-04-10 02:23 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 02:21 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 02:21 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 02:21 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 02:21 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 02:21 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 02:21 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-10 02:21 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-02 07:06 . 2010-10-08 14:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-26 13:22 . 2012-06-06 21:03 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-26 13:22 . 2012-06-06 21:03 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-10 08:03 . 2010-10-12 15:31 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-03-29 08:05 . 2013-03-29 08:05 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-29 08:05 . 2013-03-29 08:05 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-29 08:05 . 2013-03-29 08:05 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-29 08:05 . 2013-03-29 08:05 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-29 08:05 . 2013-03-29 08:05 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-29 08:05 . 2013-03-29 08:05 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-03-29 08:05 . 2013-03-29 08:05 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-03-29 08:05 . 2013-03-29 08:05 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-29 08:05 . 2013-03-29 08:05 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-29 08:05 . 2013-03-29 08:05 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-29 08:05 . 2013-03-29 08:05 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-29 08:05 . 2013-03-29 08:05 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-29 08:05 . 2013-03-29 08:05 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-29 08:05 . 2013-03-29 08:05 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-29 08:05 . 2013-03-29 08:05 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-03-29 08:05 . 2013-03-29 08:05 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-29 08:05 . 2013-03-29 08:05 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-29 08:05 . 2013-03-29 08:05 81408 ----a-w- c:\windows\system32\icardie.dll
2013-03-29 08:05 . 2013-03-29 08:05 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-03-29 08:05 . 2013-03-29 08:05 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-29 08:05 . 2013-03-29 08:05 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-29 08:05 . 2013-03-29 08:05 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-29 08:05 . 2013-03-29 08:05 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-03-29 08:05 . 2013-03-29 08:05 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-29 08:05 . 2013-03-29 08:05 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-03-29 08:05 . 2013-03-29 08:05 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-29 08:05 . 2013-03-29 08:05 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-29 08:05 . 2013-03-29 08:05 441856 ----a-w- c:\windows\system32\html.iec
2013-03-29 08:05 . 2013-03-29 08:05 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-03-29 08:05 . 2013-03-29 08:05 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-29 08:05 . 2013-03-29 08:05 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-29 08:05 . 2013-03-29 08:05 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-29 08:05 . 2013-03-29 08:05 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-03-29 08:05 . 2013-03-29 08:05 235008 ----a-w- c:\windows\system32\url.dll
2013-03-29 08:05 . 2013-03-29 08:05 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-29 08:05 . 2013-03-29 08:05 216064 ----a-w- c:\windows\system32\msls31.dll
2013-03-29 08:05 . 2013-03-29 08:05 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-29 08:05 . 2013-03-29 08:05 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-29 08:05 . 2013-03-29 08:05 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-03-29 08:05 . 2013-03-29 08:05 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-29 08:05 . 2013-03-29 08:05 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-29 08:05 . 2013-03-29 08:05 144896 ----a-w- c:\windows\system32\wextract.exe
2013-03-29 08:05 . 2013-03-29 08:05 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-29 08:05 . 2013-03-29 08:05 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-29 08:05 . 2013-03-29 08:05 13824 ----a-w- c:\windows\system32\mshta.exe
2013-03-29 08:05 . 2013-03-29 08:05 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-03-29 08:05 . 2013-03-29 08:05 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-29 08:05 . 2013-03-29 08:05 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-03-29 08:05 . 2013-03-29 08:05 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-29 08:04 . 2013-03-29 08:04 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-29 08:04 . 2013-03-29 08:04 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-29 08:04 . 2013-03-29 08:04 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-29 08:04 . 2013-03-29 08:04 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-03-29 08:04 . 2013-03-29 08:04 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-03-29 08:04 . 2013-03-29 08:04 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-29 08:04 . 2013-03-29 08:04 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-29 08:04 . 2013-03-29 08:04 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-29 08:04 . 2013-03-29 08:04 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-29 08:04 . 2013-03-29 08:04 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-03-29 08:04 . 2013-03-29 08:04 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-03-29 08:04 . 2013-03-29 08:04 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-03-29 08:04 . 2013-03-29 08:04 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-29 08:04 . 2013-03-29 08:04 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-03-29 08:04 . 2013-03-29 08:04 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-03-29 08:04 . 2013-03-29 08:04 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-03-29 08:04 . 2013-03-29 08:04 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-29 08:04 . 2013-03-29 08:04 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-29 08:04 . 2013-03-29 08:04 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-03-29 08:04 . 2013-03-29 08:04 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-03-29 08:04 . 2013-03-29 08:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-29 08:04 . 2013-03-29 08:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-29 08:04 . 2013-03-29 08:04 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-29 08:04 . 2013-03-29 08:04 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-29 08:04 . 2013-03-29 08:04 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-03-29 08:04 . 2013-03-29 08:04 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-03-29 08:04 . 2013-03-29 08:04 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-03-29 08:04 . 2013-03-29 08:04 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-03-29 08:04 . 2013-03-29 08:04 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-29 08:04 . 2013-03-29 08:04 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-29 08:04 . 2013-03-29 08:04 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-03-29 08:04 . 2013-03-29 08:04 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-03-29 08:04 . 2013-03-29 08:04 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-03-29 08:04 . 2013-03-29 08:04 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-03-29 08:04 . 2013-03-29 08:04 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-03-29 08:04 . 2013-03-29 08:04 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-03-29 08:04 . 2013-03-29 08:04 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-03-29 08:04 . 2013-03-29 08:04 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-03-29 08:04 . 2013-03-29 08:04 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-03-29 08:04 . 2013-03-29 08:04 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-03-29 08:04 . 2013-03-29 08:04 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-03-29 08:04 . 2013-03-29 08:04 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-03-29 08:04 . 2013-03-29 08:04 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-03-29 08:04 . 2013-03-29 08:04 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-03-29 08:04 . 2013-03-29 08:04 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-03-29 08:04 . 2013-03-29 08:04 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-03-29 08:04 . 2013-03-29 08:04 1238528 ----a-w- c:\windows\system32\d3d10.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-28 39408]
"Spotify Web Helper"="c:\program files (x86)\Spotify\Data\SpotifyWebHelper.exe" [2013-05-03 1105408]
"Spotify"="c:\program files (x86)\Spotify\Spotify.exe" [2013-05-03 4573184]
"Akamai NetSession Interface"="c:\users\David Blankenship\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Gateway Photo Frame"="c:\program files (x86)\Gateway Photo Frame\ButtonMonitor.exe" [2009-07-20 124416]
"Hotkey Utility"="c:\program files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe" [2010-05-06 609312]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]
"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"NA1Messenger"="c:\ups\WSTD\UPSNA1Msgr.exe" [2010-12-09 24576]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2012-12-21 2768248]
"QuickBooksDB22"="c:\progra~2\Intuit\QUICKB~2.0\QBDBMgrN.exe" [2011-08-20 679936]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-18 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2012-12-18 3478752]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2012-8-28 6255928]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-12-6 1176464]
QuickBooks Web Connector.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe [2011-8-26 2938736]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks Enterprise Solutions 12.0\QBW32.EXE [2012-12-6 1181584]
UPS WorldShip Messaging Utility.lnk - c:\ups\WSTD\WSTDMessaging.exe [2010-12-9 415232]
UPS WorldShip PLD Reminder Utility.lnk - c:\ups\WSTD\wstdPldReminder.exe [2010-12-9 34304]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-09 123856]
R2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Fishbowl\database\bin\fb_inet_server.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-10 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 QuickBooksDB22;QuickBooksDB22;c:\progra~2\Intuit\QUICKB~2.0\QBDBMgrN.exe [2011-08-20 679936]
R4 RsFx0153;RsFx0153 Driver;c:\windows\system32\DRIVERS\RsFx0153.sys [2012-06-29 321992]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2012-06-29 441288]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 141264]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 168544]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2010-08-12 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 50624]
S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2010-01-08 23584]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-11-07 375728]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928]
S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2012-09-06 80472]
S2 MSSQL$UPSWSDBSERVER;SQL Server (UPSWSDBSERVER);c:\ups\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-08-20 1248256]
S2 Retrospect Client;Retrospect Client;c:\program files (x86)\Retrospect\Retrospect Client\RemotSvc.exe [2008-12-01 61440]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-28 243232]
S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe [2009-12-09 76320]
S3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2010-04-29 32768]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-07-14 281088]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-06-10 15360]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 271872]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys [2011-09-16 14944]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 02:28 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 13:22]
.
2013-05-07 c:\windows\Tasks\C.L. Blankenship, Inc. 1338898788.job
- c:\program files (x86)\Intuit\QuickBooks Enterprise Solutions 12.0\AutoBackupEXE.exe [2012-12-06 23:59]
.
2013-05-08 c:\windows\Tasks\C.L. Blankenship, Inc. 1343746116.job
- c:\program files (x86)\Intuit\QuickBooks Enterprise Solutions 12.0\AutoBackupEXE.exe [2012-12-06 23:59]
.
2013-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-08 15:24]
.
2013-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-08 15:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seagull Drivers"="ssdal_nc.exe startup" [X]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 415256]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-08-12 2916584]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.50
TCP: Interfaces\{AA55A990-4430-48A6-B1FA-FF4BDC8A4468}: NameServer = 10.0.0.50
DPF: FirstViewer - hxxp://204.64.21.87/PlansOnline/Components/FirstVwr.CAB
DPF: {495DEA80-49C2-4891-94CD-C2016615D16F} - hxxp://www.catalogds.com/dtd/version63/pvcadview.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-HTPE3 - c:\windows\System32\Unwise32.exe
AddRemove-Printronix Printer Setup Wizard_is1 - c:\printronix\Utilities\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{182EC0BE-5110-49C8-A062-BEB1D02A220B}"=hex:51,66,7a,6c,4c,1d,38,12,d0,c3,3d,
1c,22,1f,a6,0c,df,74,fd,f1,d5,74,66,1f
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:eb,55,d1,9a,4d,7b,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a8,ad,86,84,aa,33,6b,49,8a,0b,a5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a8,ad,86,84,aa,33,6b,49,8a,0b,a5,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-08 16:31:48
ComboFix-quarantined-files.txt 2013-05-08 21:31
ComboFix2.txt 2012-12-14 21:07
ComboFix3.txt 2012-10-29 16:15
.
Pre-Run: 842,158,301,184 bytes free
Post-Run: 842,927,149,056 bytes free
.
- - End Of File - - 9F464A4C20FA19F3D24CB18D1B6ACD77
  • 0

#5
DAVID0205
Posted 09 May 2013 - 01:23 PM

DAVID0205

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Ok, here is the scan you asked me to run.

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-05-09 14:11:49
-----------------------------
14:11:49.252 OS Version: Windows x64 6.1.7601 Service Pack 1
14:11:49.252 Number of processors: 4 586 0x2505
14:11:49.252 ComputerName: DWB-PC UserName:
14:11:51.002 Initialize success
14:13:53.777 AVAST engine defs: 13050900
14:14:03.198 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:14:03.208 Disk 0 Vendor: WDC_WD10 80.0 Size: 953869MB BusType: 3
14:14:03.208 Device \Driver\iaStor -> MajorFunction fffffa800a3a95e8
14:14:03.208 Disk 0 MBR read successfully
14:14:03.208 Disk 0 MBR scan
14:14:03.208 Disk 0 Windows 7 default MBR code
14:14:03.218 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 20480 MB offset 2048
14:14:03.218 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 41945088
14:14:03.238 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 933287 MB offset 42149888
14:14:03.268 Disk 0 scanning C:\Windows\system32\drivers
14:14:12.409 Service scanning
14:14:34.322 Modules scanning
14:14:34.322 Disk 0 trace - called modules:
14:14:34.332
14:14:36.362 AVAST engine scan C:\Windows
14:14:39.992 AVAST engine scan C:\Windows\system32
14:18:48.744 AVAST engine scan C:\Windows\system32\drivers
14:19:00.036 AVAST engine scan C:\Users\David Blankenship
14:21:37.095 Disk 0 MBR has been saved successfully to "C:\Users\David Blankenship\Desktop\MBR.dat"
14:21:37.305 The log file has been saved successfully to "C:\Users\David Blankenship\Desktop\aswMBR.txt"
  • 0

#6
Buddierdl
Posted 09 May 2013 - 05:34 PM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Could you run one more scan for me?


For x64 bit systems please download Listparts64
Run the tool, click Scan and post the log (Result.txt) it makes.

Also, could you please take a screenshot of the disc management screen and post it for me. You can find instructions for accessing disc management here.
  • 0

#7
DAVID0205
Posted 10 May 2013 - 06:41 AM

DAVID0205

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Here is the scan from Listparts

ListParts by Farbar Version: 10-05-2013
Ran by David Blankenship (administrator) on 10-05-2013 at 07:40:03
Windows 7 (X64)
Running From: C:\Users\David Blankenship\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 53%
Total physical RAM: 8119.11 MB
Available physical RAM: 3807.7 MB
Total Pagefile: 16236.4 MB
Available Pagefile: 10677.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (Gateway) (Fixed) (Total:911.41 GB) (Free:777.54 GB) NTFS
8 Drive z: (Data) (Network) (Total:1861.71 GB) (Free:1204.36 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Disk ID: 6E7626FE

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 20 GB 1024 KB
Partition 2 Primary 100 MB 20 GB
Partition 3 Primary 911 GB 20 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 PQSERVICE NTFS Partition 20 GB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 SYSTEM RESE NTFS Partition 100 MB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Gateway NTFS Partition 911 GB Healthy Boot

======================================================================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 6E7626FE
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=911 GB) - (Type=07 NTFS)


****** End Of Log ******
  • 0

#8
DAVID0205
Posted 10 May 2013 - 06:52 AM

DAVID0205

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
the disk management screen shot is attached
  • 0

#9
DAVID0205
Posted 10 May 2013 - 07:02 AM

DAVID0205

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
did the you get the disk management screen shot?
  • 0

#10
Buddierdl
Posted 10 May 2013 - 10:19 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
I don't see it.
  • 0

Advertisements

#11
Buddierdl
Posted 10 May 2013 - 10:24 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Don't worry about the screen shot for now. Let's run this scan to find the infection.



Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    Posted Image
  • Put a checkmark beside loaded modules.
    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Posted Image
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#12
DAVID0205
Posted 10 May 2013 - 11:02 AM

DAVID0205

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
This is very long so I am to break it up in different post.

11:44:39.0318 6316 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:44:40.0270 6316 ============================================================
11:44:40.0270 6316 Current date / time: 2013/05/10 11:44:40.0270
11:44:40.0270 6316 SystemInfo:
11:44:40.0270 6316
11:44:40.0270 6316 OS Version: 6.1.7601 ServicePack: 1.0
11:44:40.0270 6316 Product type: Workstation
11:44:40.0270 6316 ComputerName: DWB-PC
11:44:40.0270 6316 UserName: David Blankenship
11:44:40.0270 6316 Windows directory: C:\Windows
11:44:40.0270 6316 System windows directory: C:\Windows
11:44:40.0270 6316 Running under WOW64
11:44:40.0270 6316 Processor architecture: Intel x64
11:44:40.0270 6316 Number of processors: 4
11:44:40.0270 6316 Page size: 0x1000
11:44:40.0270 6316 Boot type: Normal boot
11:44:40.0270 6316 ============================================================
11:44:41.0081 6316 BG loaded
11:44:41.0377 6316 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:44:41.0409 6316 ============================================================
11:44:41.0409 6316 \Device\Harddisk0\DR0:
11:44:41.0409 6316 MBR partitions:
11:44:41.0409 6316 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0x32000
11:44:41.0409 6316 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2832800, BlocksNum 0x71ED3800
11:44:41.0409 6316 ============================================================
11:44:41.0455 6316 C: <-> \Device\Harddisk0\DR0\Partition2
11:44:41.0455 6316 ============================================================
11:44:41.0455 6316 Initialize success
11:44:41.0455 6316 ============================================================
11:45:42.0046 6620 ============================================================
11:45:42.0046 6620 Scan started
11:45:42.0046 6620 Mode: Manual; SigCheck; TDLFS;
11:45:42.0046 6620 ============================================================
11:45:43.0965 6620 ================ Scan system memory ========================
11:45:43.0965 6620 System memory - ok
11:45:43.0965 6620 ================ Scan services =============================
11:45:44.0121 6620 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
11:45:44.0245 6620 1394ohci - ok
11:45:44.0277 6620 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:45:44.0277 6620 ACPI - ok
11:45:44.0308 6620 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:45:44.0386 6620 AcpiPmi - ok
11:45:44.0479 6620 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:45:44.0495 6620 AdobeARMservice - ok
11:45:44.0589 6620 [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:45:44.0589 6620 AdobeFlashPlayerUpdateSvc - ok
11:45:44.0620 6620 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
11:45:44.0667 6620 adp94xx - ok
11:45:44.0667 6620 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
11:45:44.0713 6620 adpahci - ok
11:45:44.0713 6620 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
11:45:44.0729 6620 adpu320 - ok
11:45:44.0745 6620 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:45:44.0869 6620 AeLookupSvc - ok
11:45:44.0916 6620 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
11:45:44.0979 6620 AFD - ok
11:45:45.0010 6620 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:45:45.0041 6620 agp440 - ok
11:45:45.0057 6620 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
11:45:45.0119 6620 ALG - ok
11:45:45.0135 6620 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
11:45:45.0166 6620 aliide - ok
11:45:45.0166 6620 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
11:45:45.0197 6620 amdide - ok
11:45:45.0197 6620 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
11:45:45.0259 6620 AmdK8 - ok
11:45:45.0275 6620 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
11:45:45.0322 6620 AmdPPM - ok
11:45:45.0353 6620 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:45:45.0384 6620 amdsata - ok
11:45:45.0400 6620 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
11:45:45.0431 6620 amdsbs - ok
11:45:45.0431 6620 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:45:45.0462 6620 amdxata - ok
11:45:45.0509 6620 [ 363571BC0C79E394E69300D1F2E3DDAE ] androidusb C:\Windows\system32\Drivers\androidusb.sys
11:45:45.0556 6620 androidusb - ok
11:45:45.0603 6620 [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
11:45:45.0649 6620 AppHostSvc - ok
11:45:45.0665 6620 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
11:45:45.0837 6620 AppID - ok
11:45:45.0852 6620 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:45:45.0899 6620 AppIDSvc - ok
11:45:45.0930 6620 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
11:45:45.0977 6620 Appinfo - ok
11:45:46.0055 6620 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:45:46.0071 6620 Apple Mobile Device - ok
11:45:46.0102 6620 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
11:45:46.0133 6620 AppMgmt - ok
11:45:46.0133 6620 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
11:45:46.0149 6620 arc - ok
11:45:46.0164 6620 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
11:45:46.0164 6620 arcsas - ok
11:45:46.0289 6620 [ 108FB6DDB69E537A2EA53F425363FAE5 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:45:46.0398 6620 aspnet_state - ok
11:45:46.0429 6620 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:45:46.0476 6620 AsyncMac - ok
11:45:46.0507 6620 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
11:45:46.0539 6620 atapi - ok
11:45:46.0554 6620 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:45:46.0617 6620 AudioEndpointBuilder - ok
11:45:46.0617 6620 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:45:46.0648 6620 AudioSrv - ok
11:45:46.0695 6620 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:45:46.0757 6620 AxInstSV - ok
11:45:46.0788 6620 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
11:45:46.0835 6620 b06bdrv - ok
11:45:46.0835 6620 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:45:46.0897 6620 b57nd60a - ok
11:45:46.0929 6620 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
11:45:46.0975 6620 BDESVC - ok
11:45:46.0975 6620 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
11:45:47.0038 6620 Beep - ok
11:45:47.0100 6620 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
11:45:47.0147 6620 BFE - ok
11:45:47.0209 6620 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
11:45:47.0256 6620 BITS - ok
11:45:47.0256 6620 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:45:47.0287 6620 blbdrive - ok
11:45:47.0350 6620 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:45:47.0365 6620 Bonjour Service - ok
11:45:47.0397 6620 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:45:47.0459 6620 bowser - ok
11:45:47.0475 6620 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:45:47.0537 6620 BrFiltLo - ok
11:45:47.0553 6620 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:45:47.0553 6620 BrFiltUp - ok
11:45:47.0599 6620 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
11:45:47.0662 6620 BridgeMP - ok
11:45:47.0709 6620 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
11:45:47.0724 6620 Browser - ok
11:45:47.0755 6620 [ E5E9B1625A767CEB6F319C12D33EAB78 ] BrSerIb C:\Windows\system32\DRIVERS\BrSerIb.sys
11:45:47.0833 6620 BrSerIb - ok
11:45:47.0849 6620 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:45:47.0896 6620 Brserid - ok
11:45:47.0927 6620 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:45:47.0958 6620 BrSerWdm - ok
11:45:47.0989 6620 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:45:48.0021 6620 BrUsbMdm - ok
11:45:48.0052 6620 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:45:48.0067 6620 BrUsbSer - ok
11:45:48.0114 6620 [ D9F6B30AD93CBD165EC71FADF51DF25E ] BrUsbSIb C:\Windows\system32\DRIVERS\BrUsbSIb.sys
11:45:48.0130 6620 BrUsbSIb - ok
11:45:48.0161 6620 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
11:45:48.0192 6620 BTHMODEM - ok
11:45:48.0208 6620 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
11:45:48.0255 6620 bthserv - ok
11:45:48.0286 6620 catchme - ok
11:45:48.0286 6620 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:45:48.0348 6620 cdfs - ok
11:45:48.0379 6620 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:45:48.0411 6620 cdrom - ok
11:45:48.0457 6620 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
11:45:48.0489 6620 CertPropSvc - ok
11:45:48.0520 6620 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
11:45:48.0535 6620 circlass - ok
11:45:48.0551 6620 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
11:45:48.0598 6620 CLFS - ok
11:45:48.0629 6620 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:45:48.0629 6620 clr_optimization_v2.0.50727_32 - ok
11:45:48.0676 6620 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:45:48.0676 6620 clr_optimization_v2.0.50727_64 - ok
11:45:48.0723 6620 [ 6D7C8A951AF6AD6835C029B3CB88D333 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:45:48.0879 6620 clr_optimization_v4.0.30319_32 - ok
11:45:48.0910 6620 [ 86329C35FF23CFEF0FB6C0023BA06BCE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:45:48.0957 6620 clr_optimization_v4.0.30319_64 - ok
11:45:48.0988 6620 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:45:49.0019 6620 CmBatt - ok
11:45:49.0050 6620 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:45:49.0081 6620 cmdide - ok
11:45:49.0097 6620 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
11:45:49.0128 6620 CNG - ok
11:45:49.0144 6620 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:45:49.0175 6620 Compbatt - ok
11:45:49.0191 6620 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
11:45:49.0206 6620 CompositeBus - ok
11:45:49.0222 6620 COMSysApp - ok
11:45:49.0222 6620 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
11:45:49.0237 6620 crcdisk - ok
11:45:49.0269 6620 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:45:49.0315 6620 CryptSvc - ok
11:45:49.0362 6620 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
11:45:49.0409 6620 CSC - ok
11:45:49.0471 6620 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
11:45:49.0503 6620 CscService - ok
11:45:49.0534 6620 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:45:49.0581 6620 DcomLaunch - ok
11:45:49.0612 6620 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
11:45:49.0674 6620 defragsvc - ok
11:45:49.0705 6620 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:45:49.0737 6620 DfsC - ok
11:45:49.0768 6620 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
11:45:49.0799 6620 Dhcp - ok
11:45:49.0799 6620 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
11:45:49.0830 6620 discache - ok
11:45:49.0861 6620 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
11:45:49.0877 6620 Disk - ok
11:45:49.0924 6620 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:45:49.0971 6620 Dnscache - ok
11:45:50.0002 6620 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
11:45:50.0049 6620 dot3svc - ok
11:45:50.0080 6620 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
11:45:50.0111 6620 DPS - ok
11:45:50.0142 6620 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:45:50.0173 6620 drmkaud - ok
11:45:50.0220 6620 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:45:50.0251 6620 DXGKrnl - ok
11:45:50.0283 6620 [ 398FDC5694F2BA9E51E321CA40D1706E ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys
11:45:50.0298 6620 eamonm - ok
11:45:50.0314 6620 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
11:45:50.0361 6620 EapHost - ok
11:45:50.0423 6620 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
11:45:50.0517 6620 ebdrv - ok
11:45:50.0532 6620 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
11:45:50.0579 6620 EFS - ok
11:45:50.0610 6620 [ E99457900012B53B2226F146ECAF9136 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
11:45:50.0626 6620 ehdrv - ok
11:45:50.0704 6620 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:45:50.0719 6620 ehRecvr - ok
11:45:50.0735 6620 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
11:45:50.0766 6620 ehSched - ok
11:45:50.0813 6620 [ 11C3AD68DCF80201C9F74EDEE6DA3804 ] EhttpSrv C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
11:45:50.0813 6620 EhttpSrv - ok
11:45:50.0860 6620 [ EFA198F8983D064A81052851F7BB80C2 ] ekrn C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
11:45:50.0875 6620 ekrn - ok
11:45:50.0891 6620 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
11:45:50.0922 6620 elxstor - ok
11:45:50.0938 6620 [ F9D0D6A7A6D48391BE1F314EF7669CE2 ] epfw C:\Windows\system32\DRIVERS\epfw.sys
11:45:50.0953 6620 epfw - ok
11:45:50.0969 6620 [ 96620AD728144D8E30A7BAEC9DDC811C ] Epfwndis C:\Windows\system32\DRIVERS\Epfwndis.sys
11:45:51.0000 6620 Epfwndis - ok
11:45:51.0000 6620 [ 16576F3A76F4D0DD83522D69B5EAFAA1 ] epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys
11:45:51.0016 6620 epfwwfp - ok
11:45:51.0047 6620 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:45:51.0078 6620 ErrDev - ok
11:45:51.0125 6620 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
11:45:51.0172 6620 EventSystem - ok
11:45:51.0203 6620 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
11:45:51.0281 6620 exfat - ok
11:45:51.0297 6620 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:45:51.0359 6620 fastfat - ok
11:45:51.0406 6620 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
11:45:51.0453 6620 Fax - ok
11:45:51.0468 6620 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
11:45:51.0515 6620 fdc - ok
11:45:51.0515 6620 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
11:45:51.0546 6620 fdPHost - ok
11:45:51.0562 6620 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
11:45:51.0609 6620 FDResPub - ok
11:45:51.0624 6620 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:45:51.0655 6620 FileInfo - ok
11:45:51.0671 6620 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:45:51.0733 6620 Filetrace - ok
11:45:51.0811 6620 FirebirdServerDefaultInstance - ok
11:45:51.0827 6620 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
11:45:51.0843 6620 flpydisk - ok
11:45:51.0874 6620 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:45:51.0905 6620 FltMgr - ok
11:45:51.0936 6620 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
11:45:51.0983 6620 FontCache - ok
11:45:52.0014 6620 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:45:52.0030 6620 FontCache3.0.0.0 - ok
11:45:52.0030 6620 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:45:52.0061 6620 FsDepends - ok
11:45:52.0077 6620 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:45:52.0092 6620 Fs_Rec - ok
11:45:52.0123 6620 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:45:52.0139 6620 fvevol - ok
11:45:52.0155 6620 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
11:45:52.0186 6620 gagp30kx - ok
11:45:52.0217 6620 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:45:52.0264 6620 GEARAspiWDM - ok
11:45:52.0311 6620 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
11:45:52.0342 6620 gpsvc - ok
11:45:52.0404 6620 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
11:45:52.0404 6620 GREGService - ok
11:45:52.0467 6620 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:45:52.0467 6620 gupdate - ok
11:45:52.0482 6620 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:45:52.0498 6620 gupdatem - ok
11:45:52.0513 6620 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:45:52.0529 6620 gusvc - ok
11:45:52.0545 6620 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:45:52.0576 6620 hcw85cir - ok
11:45:52.0623 6620 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:45:52.0654 6620 HdAudAddService - ok
11:45:52.0669 6620 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
11:45:52.0685 6620 HDAudBus - ok
11:45:52.0701 6620 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
11:45:52.0732 6620 HidBatt - ok
11:45:52.0747 6620 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
11:45:52.0779 6620 HidBth - ok
11:45:52.0779 6620 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
11:45:52.0825 6620 HidIr - ok
11:45:52.0857 6620 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
11:45:52.0919 6620 hidserv - ok
11:45:52.0935 6620 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
11:45:52.0966 6620 HidUsb - o
  • 0

#13
DAVID0205
Posted 10 May 2013 - 11:09 AM

DAVID0205

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
This was to large to send here it was telling me to shorten my reply. I tried to attach the text file but that doesn't seem to work either. Am I able to email the file or is there another way?
  • 0

#14
Buddierdl
Posted 10 May 2013 - 11:11 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Do you have a dropbox account, or similar cloud storage? If so, upload the file and send me a share link.
  • 0

#15
DAVID0205
Posted 10 May 2013 - 12:23 PM

DAVID0205

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Here are the drop box links

https://www.dropbox....log.txt?v=0mcns

https://www.dropbox....screen shot.bmp
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP