I have no idea what I'm infected with

View previous topic View next topic Go down

I have no idea what I'm infected with

Post by Toad` on Tue May 01, 2012 3:51 pm

As the title of the thread states, I have no idea what I'm infected with.

When I attempt to run some (note, not all) *.exe files (in this example I'll use "install_reader10_en_mssd_aih.exe" - the executable to install Acrobat Reader), the "Open File - Security Warning" box pops up, and I select "Run".



Then, comes the expected UAC prompt, to which I click yes.

Immediately following that, the "install_reader10_en_mssd_aih.exe" file disappears from my desktop. I've check to see if it goes to the Recycling Bin, and it doesn't.

The install program doesn't run. No application starts in the Task Manager, however a process does run, for about 20 seconds.




I've checked Norton, it isn't flagging the file and quarantining it or anything else crazy.

I'm running Windows 7 Version 6.1 (Build 7601: Service Pack 1) and Norton Antivirus 19.7.0.9.
Hardware system specs (if at all pertinent) can be found in my profile.

I've already installed and scanned with Malwarebytes Anti-Malware before I even found myself here, as well as with Spybot S&D, and came up with no positive threats (false or otherwise).

The following posts will contain the log files requested by the "Read This Before Posting" thread (split into multiple posts thanks to the character limit).

Any help or insight anyone has to offer would be much appreciated.

Toad`
Novice
Novice

Posts Posts : 16
Joined Joined : 2012-05-01
Gender Gender : Male
OS OS : Windows 7 Version 6.1 (Build 7601: Service Pack 1)
Protection Protection : Norton Antivirus 19.7.0.9
Points Points : 17028
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I have no idea what I'm infected with

Post by Toad` on Tue May 01, 2012 3:54 pm

From OTL.scr:

OTL.txt
Spoiler:
OTL logfile created on: 5/1/2012 09:43:30 - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Buchkowski Lumber\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 65.40% Memory free
7.83 Gb Paging File | 6.39 Gb Available in Paging File | 81.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.31 Gb Total Space | 45.76 Gb Free Space | 61.59% Space Free | Partition Type: NTFS

Computer Name: NEWBACK | User Name: Buchkowski Lumber | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/01 09:41:00 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Buchkowski Lumber\Desktop\OTL.scr
PRC - [2012/03/27 18:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.0.9\ccsvchst.exe
PRC - [2012/03/14 11:14:52 | 001,175,912 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2012/03/14 10:19:46 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2012/03/12 23:39:04 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/08/19 21:30:02 | 000,679,936 | ---- | M] (Intuit, Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2012\QBDBMgrN.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/12 23:39:07 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/04/25 10:02:42 | 000,257,024 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\WTS Paradigm\BaseCamp\BaseCampService.exe -- (WTS Paradigm Base Camp)
SRV - [2012/03/27 18:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe -- (NAV)
SRV - [2012/03/19 23:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) Intel(R)
SRV - [2012/03/14 10:19:46 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/08/19 21:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2011/08/19 21:30:58 | 000,061,440 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2011/08/19 21:30:02 | 000,679,936 | ---- | M] (Intuit, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Intuit\QuickBooks 2012\QBDBMgrN.exe -- (QuickBooksDB22)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/27 11:26:36 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/03/29 01:28:38 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/03/29 01:28:30 | 001,092,728 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/03/29 01:06:25 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/29 01:03:27 | 000,737,912 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/03/29 01:03:27 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2012/03/19 23:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/29 17:44:29 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\ccsetx64.sys -- (ccSet_NAV)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/25 21:18:35 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\symds64.sys -- (SymDS)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/14 12:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/05/01 07:25:15 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120430.033\ex64.sys -- (NAVEX15)
DRV - [2012/05/01 07:25:15 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120430.033\eng64.sys -- (NAVENG)
DRV - [2012/04/30 07:23:57 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/04/28 00:46:16 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/04/27 19:18:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120428.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/04/13 01:34:56 | 001,160,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120413.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E8 12 BE B3 18 22 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {F7E3F14A-C3D0-4DB7-9A8C-A909F4144B35}
IE - HKCU\..\SearchScopes\{F7E3F14A-C3D0-4DB7-9A8C-A909F4144B35}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "[You must be registered and logged in to see this link.]
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\IPSFFPlgn\ [2012/04/27 11:26:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/24 08:04:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/04/24 08:05:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Buchkowski Lumber\AppData\Roaming\Mozilla\Extensions
[2012/04/27 08:59:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Buchkowski Lumber\AppData\Roaming\Mozilla\Firefox\Profiles\3v9l1h0d.default\extensions
[2012/04/24 08:04:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/27 11:26:54 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\IPSFFPLGN
() (No name found) -- C:\USERS\BUCHKOWSKI LUMBER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3V9L1H0D.DEFAULT\EXTENSIONS\{02450954-CDD9-410F-B1DA-DB804E18C671}.XPI
() (No name found) -- C:\USERS\BUCHKOWSKI LUMBER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3V9L1H0D.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\BUCHKOWSKI LUMBER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3V9L1H0D.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
() (No name found) -- C:\USERS\BUCHKOWSKI LUMBER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3V9L1H0D.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\USERS\BUCHKOWSKI LUMBER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3V9L1H0D.DEFAULT\EXTENSIONS\AUTOPAGER@MOZILLA.ORG.XPI
() (No name found) -- C:\USERS\BUCHKOWSKI LUMBER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3V9L1H0D.DEFAULT\EXTENSIONS\PBUPLOAD@PHOTOBUCKET.COM.XPI
() (No name found) -- C:\USERS\BUCHKOWSKI LUMBER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3V9L1H0D.DEFAULT\EXTENSIONS\TINEYE@IDEEINC.COM.XPI
[2012/03/12 23:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/12 23:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/12 23:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.0.9\ips\ipsbho.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.104.96.61
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DEBA4DD1-89FB-40DD-8FC3-87897BBF33A7}: DhcpNameServer = 75.104.96.61
O18:64bit: - Protocol\Handler\cdo - No CLSID value found
O18:64bit: - Protocol\Handler\intu-help-qb5 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)



SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/05/01 09:40:50 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Buchkowski Lumber\Desktop\OTL.exe
[2012/05/01 09:40:48 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Buchkowski Lumber\Desktop\OTL.scr
[2012/05/01 08:38:29 | 000,000,000 | ---D | C] -- C:\Users\Buchkowski Lumber\AppData\Roaming\Malwarebytes
[2012/05/01 08:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/01 08:38:24 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/01 08:38:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/01 08:34:01 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Buchkowski Lumber\Desktop\mbam-setup-1.61.0.1400.exe
[2012/04/30 10:23:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
[2012/04/27 12:38:16 | 001,092,728 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\symefa64.sys
[2012/04/27 12:38:16 | 000,737,912 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\srtsp64.sys
[2012/04/27 12:38:16 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\symds64.sys
[2012/04/27 12:38:16 | 000,405,624 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\symnets.sys
[2012/04/27 12:38:16 | 000,190,072 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\ironx64.sys
[2012/04/27 12:38:16 | 000,167,048 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\ccsetx64.sys
[2012/04/27 12:38:16 | 000,037,496 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\srtspx64.sys
[2012/04/27 12:38:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64\1307000.009
[2012/04/27 11:58:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012/04/27 11:30:43 | 000,000,000 | ---D | C] -- C:\Users\Buchkowski Lumber\AppData\Roaming\Macromedia
[2012/04/27 11:28:15 | 000,000,000 | ---D | C] -- C:\Users\Buchkowski Lumber\Documents\Symantec
[2012/04/27 11:26:37 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/04/27 11:26:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/04/27 11:26:36 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/04/27 11:25:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64
[2012/04/27 11:25:27 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
[2012/04/27 11:25:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton AntiVirus
[2012/04/27 11:14:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/04/27 10:39:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012/04/27 10:39:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2012/04/27 10:29:47 | 000,784,784 | ---- | C] (Solid State Networks) -- C:\Users\Buchkowski Lumber\Desktop\install_reader10_en_mssd_aih.exe
[2012/04/27 10:22:59 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/04/27 10:22:44 | 000,000,000 | ---D | C] -- C:\Users\Buchkowski Lumber\Documents\Simply Super Software
[2012/04/27 08:41:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/04/27 08:41:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/04/26 17:09:48 | 000,000,000 | ---D | C] -- C:\Users\Buchkowski Lumber\AppData\Roaming\PDF Writer
[2012/04/26 17:09:48 | 000,000,000 | ---D | C] -- C:\Users\Buchkowski Lumber\AppData\Local\PDF Writer
[2012/04/26 17:09:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PDF Writer
[2012/04/26 17:01:00 | 000,227,840 | ---- | C] (Bullzip) -- C:\Windows\SysWow64\bzFlRdr.dll
[2012/04/26 17:01:00 | 000,135,168 | ---- | C] (Bullzip) -- C:\Windows\SysWow64\bzpdfc.dll
[2012/04/26 17:01:00 | 000,103,424 | ---- | C] (Bullzip) -- C:\Windows\SysWow64\bzDCT.dll
[2012/04/26 17:01:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bullzip
[2012/04/26 17:00:58 | 000,215,040 | ---- | C] (Bullzip) -- C:\Windows\SysNative\bzpdf.dll
[2012/04/26 17:00:55 | 000,000,000 | ---D | C] -- C:\Program Files\Bullzip
[2012/04/26 15:09:23 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\shimgvw.dll
[2012/04/26 13:54:11 | 000,000,000 | -H-D | C] -- C:\Users\Buchkowski Lumber\Desktop\new folder
[2012/04/26 13:29:50 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2012/04/26 13:29:33 | 000,000,000 | ---D | C] -- C:\Users\Buchkowski Lumber\AppData\Local\Paint.NET
[2012/04/26 12:56:43 | 000,000,000 | ---D | C] -- C:\Users\Buchkowski Lumber\AppData\Roaming\Adobe
[2012/04/26 11:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2012/04/26 11:03:54 | 000,000,000 | ---D | C] -- C:\Users\Buchkowski Lumber\AppData\Local\Intuit
[2012/04/26 10:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks
[2012/04/26 10:51:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance
[2012/04/26 10:51:58 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Intuit
[2012/04/26 10:51:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2012/04/26 10:51:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intuit
[2012/04/26 10:51:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intuit
[2012/04/26 10:51:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SQL Anywhere 11
[2012/04/26 10:51:42 | 000,000,000 | ---D | C] -- C:\ProgramData\COMMON FILES
[2012/04/26 10:38:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012/04/26 10:38:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/04/26 10:29:46 | 000,000,000 | ---D | C] -- C:\Windows\Intuit
[2012/04/26 08:17:21 | 000,000,000 | ---D | C] -- C:\Users\Buchkowski Lumber\AppData\Local\Diagnostics
[2012/04/26 08:15:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/04/26 08:15:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/04/25 10:00:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WTS Paradigm
[2012/04/25 09:56:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kolbe
[2012/04/25 09:55:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kolbe
[2012/04/24 14:49:10 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/24 14:49:10 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/24 14:49:06 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/04/24 14:49:06 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/24 14:49:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/24 14:49:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/24 14:49:05 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/24 14:49:04 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/24 14:49:04 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/24 14:49:04 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/24 14:49:04 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/24 13:28:07 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2012/04/24 13:28:07 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2012/04/24 13:28:07 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2012/04/24 13:28:07 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2012/04/24 13:28:07 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2012/04/24 13:28:07 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2012/04/24 13:28:06 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2012/04/24 13:27:01 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2012/04/24 13:27:01 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2012/04/24 13:12:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/04/24 13:05:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
[2012/04/24 13:05:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2012/04/24 13:04:54 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/04/24 12:27:17 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/04/24 12:27:17 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/04/24 12:27:17 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/04/24 12:27:17 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/04/24 12:27:17 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/04/24 12:27:17 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/04/24 12:27:17 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/04/24 12:27:17 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/04/24 12:27:17 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/04/24 12:27:17 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/04/24 12:27:17 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/04/24 12:27:17 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/04/24 12:27:17 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/04/24 12:27:17 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/04/24 12:27:17 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/04/24 12:27:17 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/04/24 12:27:17 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/04/24 12:27:17 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/04/24 12:27:17 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/04/24 12:27:17 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/04/24 12:27:17 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/04/24 12:27:17 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/04/24 12:27:17 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/04/24 12:27:17 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/04/24 12:27:17 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/04/24 12:27:17 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/04/24 12:27:17 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/04/24 12:27:16 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/04/24 12:27:16 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/04/24 12:27:16 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/04/24 12:27:16 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/04/24 12:27:16 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/04/24 12:27:16 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/04/24 12:27:16 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/04/24 12:27:16 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/04/24 12:27:16 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/04/24 12:27:16 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/04/24 12:27:16 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/04/24 12:27:16 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/04/24 12:27:16 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/04/24 12:27:16 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/04/24 12:27:16 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/04/24 12:27:16 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/04/24 12:27:16 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/04/24 12:27:16 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/04/24 12:27:16 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/04/24 12:27:15 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/04/24 12:27:15 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/04/24 12:27:15 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/04/24 12:27:15 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/04/24 12:27:15 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/04/24 12:27:15 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/04/24 12:27:15 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/04/24 12:27:15 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/04/24 12:27:15 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/04/24 12:27:15 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/04/24 12:27:15 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/04/24 12:27:15 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/04/24 12:27:15 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/04/24 12:27:15 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/04/24 12:27:15 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/04/24 11:52:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/04/24 11:52:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/04/24 11:39:55 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/04/24 11:39:55 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/24 11:39:55 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/04/24 11:36:30 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/24 11:36:30 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/24 11:36:29 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/24 10:55:49 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2012/04/24 10:55:49 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2012/04/24 10:55:49 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2012/04/24 10:55:49 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2012/04/24 10:55:49 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2012/04/24 10:55:48 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2012/04/24 10:55:48 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2012/04/24 10:55:48 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2012/04/24 10:55:48 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2012/04/24 10:55:48 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2012/04/24 10:55:48 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2012/04/24 10:55:48 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2012/04/24 10:55:48 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2012/04/24 10:55:11 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/04/24 10:55:11 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/04/24 10:55:11 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/04/24 10:55:11 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/04/24 10:55:11 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/04/24 10:55:10 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/04/24 10:55:10 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/04/24 10:55:10 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/04/24 10:55:10 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/04/24 10:55:10 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/04/24 10:55:10 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/04/24 10:55:10 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/04/24 10:55:10 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/04/24 10:55:10 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/04/24 10:55:10 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/04/24 10:55:10 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/04/24 10:55:10 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/04/24 10:55:10 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/04/24 10:55:10 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/04/24 10:55:10 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/04/24 10:55:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/04/24 10:55:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/04/24 10:55:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/04/24 10:55:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/04/24 10:55:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/04/24 10:55:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/04/24 10:55:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/04/24 10:55:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/04/24 10:55:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

Toad`
Novice
Novice

Posts Posts : 16
Joined Joined : 2012-05-01
Gender Gender : Male
OS OS : Windows 7 Version 6.1 (Build 7601: Service Pack 1)
Protection Protection : Norton Antivirus 19.7.0.9
Points Points : 17028
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I have no idea what I'm infected with

Post by Toad` on Tue May 01, 2012 3:55 pm

From OTL.scr:

OTL.txt (cont)
Spoiler:
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/04/24 10:55:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/04/24 10:55:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/04/24 10:54:50 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/04/24 10:54:26 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2012/04/24 10:54:25 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2012/04/24 10:54:24 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2012/04/24 10:54:24 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2012/04/24 10:54:24 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2012/04/24 10:54:24 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2012/04/24 10:54:17 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2012/04/24 10:54:17 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2012/04/24 10:54:12 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2012/04/24 10:54:12 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2012/04/24 10:54:12 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2012/04/24 10:54:12 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2012/04/24 10:54:10 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012/04/24 10:54:10 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2012/04/24 10:54:06 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2012/04/24 10:54:06 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2012/04/24 10:54:06 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2012/04/24 10:54:06 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2012/04/24 10:54:06 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2012/04/24 10:54:06 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2012/04/24 10:54:06 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2012/04/24 10:54:05 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/04/24 10:54:05 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/04/24 10:54:02 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2012/04/24 10:54:02 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2012/04/24 10:54:02 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2012/04/24 10:54:02 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2012/04/24 10:54:02 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2012/04/24 10:54:02 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2012/04/24 10:54:02 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2012/04/24 10:54:02 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2012/04/24 10:54:02 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2012/04/24 10:53:58 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2012/04/24 10:53:58 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2012/04/24 10:53:51 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/04/24 10:53:30 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/04/24 10:53:29 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/04/24 10:53:29 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/04/24 10:53:29 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/04/24 10:53:29 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/04/24 10:53:29 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/04/24 10:53:25 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/04/24 10:53:25 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/04/24 10:53:25 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/04/24 10:53:25 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/04/24 10:53:22 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/04/24 10:53:19 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2012/04/24 10:53:19 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2012/04/24 10:53:19 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2012/04/24 10:53:19 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2012/04/24 10:53:17 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/04/24 10:53:17 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/04/24 10:53:17 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2012/04/24 10:53:17 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2012/04/24 10:53:17 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/04/24 10:53:17 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/04/24 10:53:03 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2012/04/24 10:53:03 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2012/04/24 10:53:03 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2012/04/24 10:53:01 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2012/04/24 10:52:24 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2012/04/24 10:52:24 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2012/04/24 10:52:23 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2012/04/24 10:52:23 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2012/04/24 10:52:22 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/04/24 10:52:22 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/04/24 10:51:27 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/04/24 10:51:27 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/04/24 10:51:27 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/04/24 10:51:12 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012/04/24 10:51:12 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012/04/24 10:51:11 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2012/04/24 10:51:08 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/04/24 10:51:06 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/04/24 10:51:05 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2012/04/24 10:51:05 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2012/04/24 10:50:57 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2012/04/24 10:50:56 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2012/04/24 10:48:06 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/04/24 10:46:26 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2012/04/24 10:46:26 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2012/04/24 10:46:19 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/04/24 10:46:19 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/04/24 10:17:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
[2012/04/24 10:17:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ActiveSync
[2012/04/24 10:17:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Designer
[2012/04/24 10:16:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2012/04/24 10:13:11 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/04/24 08:04:53 | 000,000,000 | ---D | C] -- C:\Users\Buchkowski Lumber\Documents\Cliff
[2012/04/24 08:04:40 | 000,000,000 | ---D | C] -- C:\Users\Buchkowski Lumber\AppData\Roaming\Mozilla
[2012/04/24 08:04:40 | 000,000,000 | ---D | C] -- C:\Users\Buchkowski Lumber\AppData\Local\Mozilla
[2012/04/24 08:04:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/04/24 07:47:56 | 000,000,000 | ---D | C] -- C:\Users\Buchkowski Lumber\AppData\Roaming\DAEMON Tools Pro
[2012/04/24 07:47:56 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2012/04/24 07:35:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2012/04/24 07:35:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2012/04/24 07:34:51 | 000,317,440 | ---- | C] (Intel(R) Corporation) -- C:\Windows\SysNative\drivers\IntcDAud.sys
[2012/04/24 07:34:51 | 000,014,848 | ---- | C] (Intel(R) Corporation) -- C:\Windows\SysNative\IntcDAuC.dll
[2012/04/24 07:33:50 | 000,063,488 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.dll
[2012/04/24 07:33:43 | 000,577,024 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igdumdx32.dll
[2012/04/24 07:33:43 | 000,110,592 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\hccutils.dll
[2012/04/24 07:33:41 | 000,090,112 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxCoIn_v2361.dll
[2012/04/24 07:18:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012/04/24 07:18:04 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012/04/24 07:17:25 | 002,580,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2012/04/24 07:17:25 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2012/04/24 07:17:24 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2012/04/24 07:17:24 | 000,220,496 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll
[2012/04/24 07:17:24 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2012/04/24 07:17:24 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2012/04/24 07:17:24 | 000,121,744 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll
[2012/04/24 07:17:24 | 000,081,232 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll
[2012/04/24 07:17:24 | 000,078,160 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll
[2012/04/24 07:17:24 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2012/04/24 07:17:23 | 000,332,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2012/04/24 07:17:22 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2012/04/24 07:17:21 | 002,813,544 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2012/04/24 07:17:21 | 000,626,792 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2012/04/24 07:17:20 | 002,186,344 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2012/04/24 07:17:20 | 001,247,848 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2012/04/24 07:17:19 | 001,146,984 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2012/04/24 07:17:18 | 000,544,768 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2012/04/24 07:17:18 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2012/04/24 07:17:18 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2012/04/24 07:17:18 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2012/04/24 07:17:18 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2012/04/24 07:17:18 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2012/04/24 07:17:18 | 000,083,048 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2012/04/24 07:17:18 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2012/04/24 07:17:14 | 001,718,616 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2012/04/24 07:17:14 | 000,421,720 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2012/04/24 07:17:14 | 000,127,832 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2012/04/24 07:17:14 | 000,108,888 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2012/04/24 07:17:14 | 000,074,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2012/04/24 07:17:13 | 001,870,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2012/04/24 07:17:13 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2012/04/24 07:17:12 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2012/04/24 07:17:12 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2012/04/24 07:17:12 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2012/04/24 07:17:06 | 001,937,312 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2012/04/24 07:17:05 | 001,327,208 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2012/04/24 07:17:05 | 001,179,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2012/04/24 07:17:05 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2012/04/24 07:17:05 | 000,475,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2012/04/24 07:17:05 | 000,317,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2012/04/24 07:17:05 | 000,269,928 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2012/04/24 07:17:04 | 001,111,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2012/04/24 07:17:04 | 000,504,936 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2012/04/24 07:17:04 | 000,266,856 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2012/04/24 07:17:04 | 000,126,056 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2012/04/24 07:17:04 | 000,125,544 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2012/04/24 07:17:04 | 000,125,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2012/04/24 07:17:03 | 000,200,800 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2012/04/24 07:17:03 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2012/04/24 07:17:01 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2012/04/24 07:17:00 | 001,251,944 | R--- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2012/04/24 07:16:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2012/04/24 07:05:31 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2012/04/24 07:05:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2012/04/24 07:05:16 | 000,000,000 | ---D | C] -- C:\Intel
[2012/04/24 07:03:06 | 000,107,552 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll
[2012/04/24 07:03:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012/04/24 07:03:00 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/04/23 19:43:07 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/04/23 18:47:12 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/04/23 18:44:56 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/04/23 18:43:48 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/04/23 16:55:34 | 000,000,000 | R--D | C] -- C:\Users\Buchkowski Lumber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/04/23 16:55:34 | 000,000,000 | R--D | C] -- C:\Users\Buchkowski Lumber\Searches
[2012/04/23 16:55:34 | 000,000,000 | R--D | C] -- C:\Users\Buchkowski Lumber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/04/23 16:55:34 | 000,000,000 | -H-D | C] -- C:\Users\Buchkowski Lumber\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/04/23 16:55:20 | 000,000,000 | ---D | C] -- C:\Users\Buchkowski Lumber\AppData\Roaming\Identities
[2012/04/23 16:55:09 | 000,000,000 | R--D | C] -- C:\Users\Buchkowski Lumber\Contacts
[2012/04/23 16:55:06 | 000,000,000 | ---D | C] -- C:\Users\Buchkowski Lumber\AppData\Local\VirtualStore
[2012/04/23 16:54:50 | 000,000,000 | --SD | C] -- C:\Users\Buchkowski Lumber\AppData\Roaming\Microsoft
[2012/04/23 16:54:50 | 000,000,000 | R--D | C] -- C:\Users\Buchkowski Lumber\Videos
[2012/04/23 16:54:50 | 000,000,000 | R--D | C] -- C:\Users\Buchkowski Lumber\Saved Games
[2012/04/23 16:54:50 | 000,000,000 | R--D | C] -- C:\Users\Buchkowski Lumber\Pictures
[2012/04/23 16:54:50 | 000,000,000 | R--D | C] -- C:\Users\Buchkowski Lumber\Music
[2012/04/23 16:54:50 | 000,000,000 | R--D | C] -- C:\Users\Buchkowski Lumber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/04/23 16:54:50 | 000,000,000 | R--D | C] -- C:\Users\Buchkowski Lumber\Links
[2012/04/23 16:54:50 | 000,000,000 | R--D | C] -- C:\Users\Buchkowski Lumber\Favorites
[2012/04/23 16:54:50 | 000,000,000 | R--D | C] -- C:\Users\Buchkowski Lumber\Downloads
[2012/04/23 16:54:50 | 000,000,000 | R--D | C] -- C:\Users\Buchkowski Lumber\Documents
[2012/04/23 16:54:50 | 000,000,000 | R--D | C] -- C:\Users\Buchkowski Lumber\Desktop
[2012/04/23 16:54:50 | 000,000,000 | R--D | C] -- C:\Users\Buchkowski Lumber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/04/23 16:54:50 | 000,000,000 | -HSD | C] -- C:\Users\Buchkowski Lumber\AppData\Local\Temporary Internet Files
[2012/04/23 16:54:50 | 000,000,000 | -HSD | C] -- C:\Users\Buchkowski Lumber\Templates
[2012/04/23 16:54:50 | 000,000,000 | -HSD | C] -- C:\Users\Buchkowski Lumber\Start Menu
[2012/04/23 16:54:50 | 000,000,000 | -HSD | C] -- C:\Users\Buchkowski Lumber\SendTo
[2012/04/23 16:54:50 | 000,000,000 | -HSD | C] -- C:\Users\Buchkowski Lumber\Recent
[2012/04/23 16:54:50 | 000,000,000 | -HSD | C] -- C:\Users\Buchkowski Lumber\PrintHood
[2012/04/23 16:54:50 | 000,000,000 | -HSD | C] -- C:\Users\Buchkowski Lumber\NetHood
[2012/04/23 16:54:50 | 000,000,000 | -HSD | C] -- C:\Users\Buchkowski Lumber\Documents\My Videos
[2012/04/23 16:54:50 | 000,000,000 | -HSD | C] -- C:\Users\Buchkowski Lumber\Documents\My Pictures
[2012/04/23 16:54:50 | 000,000,000 | -HSD | C] -- C:\Users\Buchkowski Lumber\Documents\My Music
[2012/04/23 16:54:50 | 000,000,000 | -HSD | C] -- C:\Users\Buchkowski Lumber\My Documents
[2012/04/23 16:54:50 | 000,000,000 | -HSD | C] -- C:\Users\Buchkowski Lumber\Local Settings
[2012/04/23 16:54:50 | 000,000,000 | -HSD | C] -- C:\Users\Buchkowski Lumber\AppData\Local\History
[2012/04/23 16:54:50 | 000,000,000 | -HSD | C] -- C:\Users\Buchkowski Lumber\Cookies
[2012/04/23 16:54:50 | 000,000,000 | -HSD | C] -- C:\Users\Buchkowski Lumber\Application Data
[2012/04/23 16:54:50 | 000,000,000 | -HSD | C] -- C:\Users\Buchkowski Lumber\AppData\Local\Application Data
[2012/04/23 16:54:50 | 000,000,000 | -H-D | C] -- C:\Users\Buchkowski Lumber\AppData
[2012/04/23 16:54:50 | 000,000,000 | ---D | C] -- C:\Users\Buchkowski Lumber\AppData\Local\Temp
[2012/04/23 16:54:50 | 000,000,000 | ---D | C] -- C:\Users\Buchkowski Lumber\AppData\Local\Microsoft
[2012/04/23 16:54:50 | 000,000,000 | ---D | C] -- C:\Users\Buchkowski Lumber\AppData\Roaming\Media Center Programs
[2012/04/23 16:54:37 | 000,000,000 | -HSD | C] -- C:\Recovery

========== Files - Modified Within 30 Days ==========

[2012/05/01 09:41:05 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Buchkowski Lumber\Desktop\OTL.exe
[2012/05/01 09:41:00 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Buchkowski Lumber\Desktop\OTL.scr
[2012/05/01 09:24:50 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/01 09:24:50 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/01 09:02:39 | 000,778,150 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/01 09:02:39 | 000,659,580 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/01 09:02:39 | 000,120,508 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/01 08:48:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/01 08:48:30 | 3152,265,216 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/01 08:38:26 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/01 08:37:26 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Buchkowski Lumber\Desktop\mbam-setup-1.61.0.1400.exe
[2012/04/28 07:04:56 | 000,002,388 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2012/04/28 07:04:27 | 001,497,729 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\Cat.DB
[2012/04/27 12:38:22 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\VT20120410.034
[2012/04/27 11:26:36 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/04/27 11:26:36 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/04/27 11:26:36 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/04/27 10:29:42 | 000,784,784 | ---- | M] (Solid State Networks) -- C:\Users\Buchkowski Lumber\Desktop\install_reader10_en_mssd_aih.exe
[2012/04/27 08:41:51 | 000,001,262 | ---- | M] () -- C:\Users\Buchkowski Lumber\Desktop\Spybot - Search & Destroy.lnk
[2012/04/27 07:23:48 | 236,371,968 | ---- | M] () -- C:\Edwin Buchkowski (Backup Apr 27,2012 07 18 AM).QBB
[2012/04/27 07:08:20 | 000,000,090 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini
[2012/04/27 06:58:47 | 000,419,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/04/26 11:14:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/04/26 11:12:06 | 047,579,136 | ---- | M] () -- C:\BUCHKOWSKI LUMBER COMPANY 2011 (Backup Apr 26,2012 11 10 AM).QBB
[2012/04/26 10:56:32 | 000,002,434 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2012/04/26 10:56:32 | 000,002,111 | ---- | M] () -- C:\Users\Public\Desktop\QuickBooks Pro 2012.lnk
[2012/04/26 10:50:54 | 000,771,962 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/25 14:55:09 | 000,000,239 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012/04/25 09:56:06 | 000,002,050 | ---- | M] () -- C:\Users\Public\Desktop\Kolbe ProQuote® 2010.lnk
[2012/04/25 09:29:54 | 000,000,170 | ---- | M] () -- C:\Users\Buchkowski Lumber\Desktop\Waudena Configurator.url
[2012/04/24 13:05:40 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2012/04/24 12:49:11 | 000,001,441 | ---- | M] () -- C:\Users\Buchkowski Lumber\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/24 12:27:17 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/04/24 12:27:17 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/04/24 12:27:17 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/04/24 12:27:17 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/04/24 12:27:17 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/04/24 12:27:17 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/04/24 12:27:17 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/04/24 12:27:17 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/04/24 12:27:17 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/04/24 12:27:17 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/04/24 12:27:17 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/04/24 12:27:17 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/04/24 12:27:17 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/04/24 12:27:17 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/04/24 12:27:17 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/04/24 12:27:17 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/04/24 12:27:17 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/04/24 12:27:17 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/04/24 12:27:17 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/04/24 12:27:17 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/04/24 12:27:17 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/04/24 12:27:17 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/04/24 12:27:17 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/04/24 12:27:17 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/04/24 12:27:17 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/04/24 12:27:17 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/04/24 12:27:17 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/04/24 12:27:17 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/04/24 12:27:16 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/04/24 12:27:16 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/04/24 12:27:16 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/04/24 12:27:16 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/04/24 12:27:16 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/04/24 12:27:16 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/04/24 12:27:16 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/04/24 12:27:16 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/04/24 12:27:16 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/04/24 12:27:16 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/04/24 12:27:16 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/04/24 12:27:16 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/04/24 12:27:16 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/04/24 12:27:16 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/04/24 12:27:16 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/04/24 12:27:16 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/04/24 12:27:16 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/04/24 12:27:16 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/04/24 12:27:16 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/04/24 12:27:15 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/04/24 12:27:15 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/04/24 12:27:15 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/04/24 12:27:15 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/04/24 12:27:15 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/04/24 12:27:15 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/04/24 12:27:15 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/04/24 12:27:15 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/04/24 12:27:15 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/04/24 12:27:15 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/04/24 12:27:15 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/04/24 12:27:15 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/04/24 12:27:15 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/04/24 12:27:15 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/04/24 12:27:15 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/04/24 12:27:15 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/04/24 10:35:10 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2012/04/24 10:35:03 | 000,001,999 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012/04/24 08:23:51 | 000,000,816 | ---- | M] () -- C:\Users\Buchkowski Lumber\Desktop\My Documents.lnk
[2012/04/24 07:38:59 | 000,028,373 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
[2012/04/24 07:38:43 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2012/04/23 18:48:59 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/04/23 18:48:59 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012/04/18 22:50:55 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\isolate.ini
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/03 20:43:49 | 000,007,462 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\srtspx64.cat
[2012/04/03 20:43:49 | 000,007,458 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\srtsp64.cat
[2012/04/03 20:43:49 | 000,001,437 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\srtsp64.inf
[2012/04/03 20:43:49 | 000,001,419 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\srtspx64.inf

========== Files Created - No Company Name ==========

[2012/05/01 08:38:25 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/28 07:04:08 | 001,497,729 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\Cat.DB
[2012/04/27 12:39:09 | 000,008,942 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\VT20120410.034
[2012/04/27 12:38:16 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\symds64.cat
[2012/04/27 12:38:16 | 000,007,468 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\ccsetx64.cat
[2012/04/27 12:38:16 | 000,007,462 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\srtspx64.cat
[2012/04/27 12:38:16 | 000,007,460 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\symefa64.cat
[2012/04/27 12:38:16 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\symnet64.cat
[2012/04/27 12:38:16 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\srtsp64.cat
[2012/04/27 12:38:16 | 000,007,450 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\iron.cat
[2012/04/27 12:38:16 | 000,003,434 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\symefa.inf
[2012/04/27 12:38:16 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\symds.inf
[2012/04/27 12:38:16 | 000,001,441 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\symnet.inf
[2012/04/27 12:38:16 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\srtsp64.inf
[2012/04/27 12:38:16 | 000,001,419 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\srtspx64.inf
[2012/04/27 12:38:16 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\ccsetx64.inf
[2012/04/27 12:38:16 | 000,000,772 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\iron.inf
[2012/04/27 12:38:11 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\isolate.ini
[2012/04/27 11:26:37 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/04/27 11:26:37 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/04/27 11:26:27 | 000,002,388 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2012/04/27 08:41:51 | 000,001,262 | ---- | C] () -- C:\Users\Buchkowski Lumber\Desktop\Spybot - Search & Destroy.lnk
[2012/04/27 07:31:03 | 236,371,968 | ---- | C] () -- C:\Edwin Buchkowski (Backup Apr 27,2012 07 18 AM).QBB
[2012/04/26 13:31:42 | 000,001,188 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2012/04/26 11:14:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/04/26 11:13:55 | 047,579,136 | ---- | C] () -- C:\BUCHKOWSKI LUMBER COMPANY 2011 (Backup Apr 26,2012 11 10 AM).QBB
[2012/04/26 10:56:32 | 000,002,434 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2012/04/26 10:56:32 | 000,002,111 | ---- | C] () -- C:\Users\Public\Desktop\QuickBooks Pro 2012.lnk
[2012/04/26 10:51:45 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2012/04/26 10:50:52 | 000,771,962 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/25 10:08:02 | 000,000,239 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012/04/25 09:56:06 | 000,002,050 | ---- | C] () -- C:\Users\Public\Desktop\Kolbe ProQuote® 2010.lnk
[2012/04/25 09:29:43 | 000,000,170 | ---- | C] () -- C:\Users\Buchkowski Lumber\Desktop\Waudena Configurator.url
[2012/04/24 13:05:40 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2012/04/24 12:27:17 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/04/24 12:27:15 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/04/24 10:35:03 | 000,002,591 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Publisher.lnk
[2012/04/24 10:18:20 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/04/24 10:17:55 | 000,002,655 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
[2012/04/24 10:17:55 | 000,002,625 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint.lnk
[2012/04/24 10:17:55 | 000,001,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012/04/24 10:17:54 | 000,002,657 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk
[2012/04/24 08:13:27 | 000,000,816 | ---- | C] () -- C:\Users\Buchkowski Lumber\Desktop\My Documents.lnk
[2012/04/24 07:49:16 | 000,001,441 | ---- | C] () -- C:\Users\Buchkowski Lumber\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/24 07:33:41 | 001,981,696 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa
[2012/04/24 07:33:41 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/04/24 07:33:41 | 000,145,804 | ---- | C] () -- C:\Windows\SysNative\igcompkrng600.bin
[2012/04/24 07:33:41 | 000,094,208 | ---- | C] () -- C:\Windows\SysNative\IccLibDll_x64.dll
[2012/04/24 07:00:55 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/04/24 07:00:47 | 000,028,373 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/04/23 18:48:42 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/04/23 18:48:37 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/04/23 18:43:52 | 3152,265,216 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/23 16:56:48 | 000,001,413 | ---- | C] () -- C:\Users\Buchkowski Lumber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/04/23 16:56:42 | 000,001,447 | ---- | C] () -- C:\Users\Buchkowski Lumber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/04/23 16:54:50 | 000,000,290 | ---- | C] () -- C:\Users\Buchkowski Lumber\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/04/23 16:54:50 | 000,000,272 | ---- | C] () -- C:\Users\Buchkowski Lumber\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/03/19 23:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/03/19 23:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/03/19 23:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/03/19 22:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

========== Custom Scans ==========

< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2012/04/27 10:29:42 | 000,784,784 | ---- | M] (Solid State Networks) -- C:\Users\Buchkowski Lumber\Desktop\install_reader10_en_mssd_aih.exe
[2012/05/01 08:37:26 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Buchkowski Lumber\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/01 09:41:05 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Buchkowski Lumber\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2012/03/12 23:39:04 | 000,125,880 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
[2012/03/12 23:39:04 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
[2012/03/12 23:39:09 | 000,016,824 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
[2012/03/12 23:39:09 | 000,269,240 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2012/04/27 11:58:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2012/04/24 07:17:02 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/04/24 07:34:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2012/04/24 15:07:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2012/04/26 10:51:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intuit
[2012/04/25 09:55:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Kolbe
[2012/05/01 08:38:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/04/24 10:17:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft ActiveSync
[2012/04/24 10:34:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2012/04/26 08:15:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/04/24 13:12:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2012/04/24 08:04:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2012/04/26 10:38:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2012/04/27 11:25:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Norton AntiVirus
[2012/04/28 07:04:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NortonInstaller
[2012/04/24 07:17:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2012/04/27 08:43:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/04/24 07:20:49 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2009/07/13 23:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2011/04/12 03:17:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2011/04/12 03:17:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2011/04/12 03:17:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2011/04/12 03:17:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2010/11/20 22:31:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2011/04/12 03:17:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2012/04/25 10:00:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WTS Paradigm

< MD5 for: AGP440.SYS >
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: DISK.SYS >
[2009/07/13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\drivers\disk.sys
[2009/07/13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

< MD5 for: NETLOGON.DLL >
[2010/11/20 22:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 22:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 22:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 22:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2011/03/11 01:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 22:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 22:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/12 23:39:39 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/12 23:39:39 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/12 23:39:39 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/03/12 23:39:04 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/03/12 23:39:04 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/12 23:39:04 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/04/24 12:27:17 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/04/24 12:27:17 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/04/24 12:27:17 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/04/24 12:27:17 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012/04/24 12:27:17 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/03/12 23:39:39 | 000,834,712 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/03/12 23:39:39 | 000,834,712 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/03/12 23:39:39 | 000,834,712 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/03/12 23:39:04 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/03/12 23:39:04 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/03/12 23:39:04 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012/04/24 12:27:15 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012/04/24 12:27:15 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012/04/24 12:27:15 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/04/24 12:27:17 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012/04/24 12:27:17 | 000,748,336 | ---- | M] (Microsoft Corporation)

< End of report >

Toad`
Novice
Novice

Posts Posts : 16
Joined Joined : 2012-05-01
Gender Gender : Male
OS OS : Windows 7 Version 6.1 (Build 7601: Service Pack 1)
Protection Protection : Norton Antivirus 19.7.0.9
Points Points : 17028
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I have no idea what I'm infected with

Post by Toad` on Tue May 01, 2012 3:56 pm

From OTL.scr:

Extras.txt
Spoiler:
OTL Extras logfile created on: 5/1/2012 09:43:30 - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Buchkowski Lumber\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 65.40% Memory free
7.83 Gb Paging File | 6.39 Gb Available in Paging File | 81.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.31 Gb Total Space | 45.76 Gb Free Space | 61.59% Space Free | Partition Type: NTFS

Computer Name: NEWBACK | User Name: Buchkowski Lumber | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06A5F9D7-F1E0-4A5F-92B7-233D82A36B70}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{07481286-156D-4B5F-8EA8-AC07BC9775B3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{07F39A0D-8CE7-468B-9B49-62F8AD1132A9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0C48454E-1491-413D-BC4F-061178E760CF}" = lport=445 | protocol=6 | dir=in | app=system |
"{16F8EE82-D521-4C12-A672-0A54822A87AC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1FE943EB-4BBF-4CAE-A023-01539F08978C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{253275ED-2604-4D65-A949-2E232C85B52A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2DE01D90-1449-42AF-8241-8B01A592C60E}" = rport=138 | protocol=17 | dir=out | app=system |
"{2F931F88-D81A-4954-8A34-0B3706DB1B15}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3F9801FA-C867-4DA9-A437-F942FB2853BD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4B822D41-E900-4452-BF56-A6DF0F438DED}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{66E02AC4-EBBC-4EC8-88F5-31B21F491A91}" = lport=138 | protocol=17 | dir=in | app=system |
"{7C73D106-E7BD-4496-83A7-FFB5AD561EDE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8F65764F-120F-4ABB-B27C-A38DED2BBC8F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{96C0C3B2-F52B-4972-94E6-22580D02336A}" = rport=139 | protocol=6 | dir=out | app=system |
"{98775208-1064-491F-A52E-8F88570B5D53}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9D962452-58A1-40D1-9484-4C06787562F4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9E8CD0C2-1190-4500-99FE-84662CCA27AA}" = rport=137 | protocol=17 | dir=out | app=system |
"{A07029ED-486E-45DE-959B-64CA34A198C5}" = rport=445 | protocol=6 | dir=out | app=system |
"{B11D52BA-942F-4C40-81F6-FC13C1693BBD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B6C461C7-33B3-4E84-A736-A65EFD11E099}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D32F361C-EE51-4053-BDAE-4349D95429BB}" = lport=137 | protocol=17 | dir=in | app=system |
"{DAB187D8-2B92-4C2B-9689-3CD1BCD63100}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DD43B0D9-FAF7-48C5-A0E7-948E26EF5D41}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E124E6DC-EFF0-4408-BBD0-CE3ECE8F797F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E4E29A4E-47EE-4424-9BF4-95278F7DE236}" = lport=139 | protocol=6 | dir=in | app=system |
"{F5C2F887-A24C-447D-8A86-88628C043DD0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FBF41995-977F-4D1F-AD9B-EF33489A54D4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FEC166BD-73E0-48F3-B5C1-4F197771D3D2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0810A50A-7888-4CBD-88C7-0E8F498309CE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2A3D4B9C-AC7D-4EBD-AF56-C18BEBD8B46E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2ABAB653-2A5F-49DE-89A9-70C66B9AA4B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2BC54B7C-DD99-467C-8118-33A9A0C86A53}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2C8A28E2-9605-4DA0-AC93-5889F06A9A53}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{394DEFBC-A4FC-4C5D-8228-326F2D75974A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5B1B00F5-72B1-4521-90D0-97514070318A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{783CEE05-7B96-47BB-9F1C-573D4AD946B5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7B1BFDA4-B526-4AB3-8978-6D5F0AA1F4A8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{846B5381-E1E6-41F2-A772-05A9154319A0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{87F527FE-9A00-4944-B404-B744CCBA6F9B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A63A554C-D008-4FEC-8AB6-F09D0E3A3F53}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B88221AF-721E-4DC0-818E-4C34DD3B9957}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BD1D89AE-B336-4841-82EC-DBD859B79F1A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D4F7EAC2-938D-40CC-98C5-1F3340E9E3BB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E357AC11-96C1-4815-ACDA-E18789B6BDCC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F31DD93A-A687-4CC5-9EF9-AAD0D67648F8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F5D2E99A-F495-4471-B9D3-8FC06F9B46AD}" = protocol=6 | dir=out | app=system |
"{F8116F8B-372A-4EB3-993A-825F354354FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FA118369-F108-4202-89EC-FE10334ED882}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 8.2.0.1394
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D323988-000D-4CB9-B08C-41891C41E4A2}" = Kolbe ProQuote® 2010
"{22057D8D-7CC8-46FF-AD8C-9BD24F9014F3}" = QuickBooks Pro 2012
"{25E202D1-D8E7-46AF-B4B0-157D9993A93E}" = QuickBooks
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{85F38E17-C6C2-4846-9CCB-37BF05A7EBB7}" = WTS Paradigm Base Camp
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"NAV" = Norton AntiVirus

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/1/2012 09:50:08 | Computer Name = NewBack | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 5/1/2012 09:50:08 | Computer Name = NewBack | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 5/1/2012 09:50:18 | Computer Name = NewBack | Source = WinMgmt | ID = 10
Description =

Error - 5/1/2012 09:51:20 | Computer Name = NewBack | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2012": Connection
Error:Invalid user ID or passwo

Error - 5/1/2012 09:51:20 | Computer Name = NewBack | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2012": Connection
String:CON=QBConnectionPool-Probe-QB_NEWBACK_22;;DBF=C:\Documents and Settings\All
Users\Documents\Intuit\QuickBooks\Company Files\BUCHKOWSKI LUMBER COMPANY 2011.QBW;CommLinks="ShMem,tcpip(IP=192.168.1.111;TO=5;DOBROADCAST=NONE;port=55348)";ServerName=QB_NEWBACK_22;DBN=57a3374c51cb4e94922a5d9e69aad1

Error - 5/1/2012 09:51:20 | Computer Name = NewBack | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2012": DBConnPool::~[Filtered JS Events]~
errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1038 from
function:'DBMgr::DBConnPool::ini

Error - 5/1/2012 09:51:35 | Computer Name = NewBack | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2012": Connection
Error:Invalid user ID or passwo

Error - 5/1/2012 09:51:35 | Computer Name = NewBack | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2012": Connection
String:CON=QBConnectionPool-Probe-QB_NEWBACK_22;;DBF=C:\Documents and Settings\All
Users\Documents\Intuit\QuickBooks\Company Files\BUCHKOWSKI LUMBER COMPANY 2011.QBW;CommLinks="ShMem,tcpip(IP=192.168.1.111;TO=5;DOBROADCAST=NONE;port=55348)";ServerName=QB_NEWBACK_22;DBN=bb9c0a6c3dcb4081ad01eaece8a1dd

Error - 5/1/2012 09:51:35 | Computer Name = NewBack | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2012": DBConnPool::~[Filtered JS Events]~
errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1038 from
function:'DBMgr::DBConnPool::ini

Error - 5/1/2012 09:51:35 | Computer Name = NewBack | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2012": DMError Information:-6069Additional
Info:An Invalid Id or password was specifie

[ System Events ]
Error - 4/30/2012 10:59:08 | Computer Name = NewBack | Source = BROWSER | ID = 8032
Description =

Error - 4/30/2012 11:30:35 | Computer Name = NewBack | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 4/30/2012 11:30:36 | Computer Name = NewBack | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 4/30/2012 11:30:37 | Computer Name = NewBack | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 4/30/2012 12:04:08 | Computer Name = NewBack | Source = BROWSER | ID = 8032
Description =

Error - 5/1/2012 09:17:32 | Computer Name = NewBack | Source = BROWSER | ID = 8032
Description =

Error - 5/1/2012 09:52:02 | Computer Name = NewBack | Source = BROWSER | ID = 8032
Description =

Error - 5/1/2012 10:01:32 | Computer Name = NewBack | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.

Error - 5/1/2012 10:01:33 | Computer Name = NewBack | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.

Error - 5/1/2012 10:01:34 | Computer Name = NewBack | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.


< End of report >

Toad`
Novice
Novice

Posts Posts : 16
Joined Joined : 2012-05-01
Gender Gender : Male
OS OS : Windows 7 Version 6.1 (Build 7601: Service Pack 1)
Protection Protection : Norton Antivirus 19.7.0.9
Points Points : 17028
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I have no idea what I'm infected with

Post by Toad` on Tue May 01, 2012 3:56 pm

From aswMBR.exe:

aswMBR
Spoiler:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-01 09:57:17
-----------------------------
09:57:17.663 OS Version: Windows x64 6.1.7601 Service Pack 1
09:57:17.663 Number of processors: 4 586 0x2A07
09:57:17.663 ComputerName: NEWBACK UserName:
09:57:19.473 Initialze error 1 Incorrect function.
10:12:49.109 AVAST engine defs: 12050100
10:17:08.771 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:17:08.771 Disk 0 Vendor: Hitachi_HDS721680PLA380 P21OABDA Size: 76319MB BusType: 3
10:17:08.803 Disk 0 MBR read successfully
10:17:08.803 Disk 0 MBR scan
10:17:08.803 Disk 0 unknown MBR code
10:17:08.803 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
10:17:08.818 Disk 0 scanning C:\Windows\system32\drivers
10:17:08.818 Service scanning
10:17:09.536 Modules scanning
10:17:09.536 Disk 0 trace - called modules:
10:17:09.583 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys
10:17:09.583 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d42060]
10:17:09.583 3 CLASSPNP.SYS[fffff88001b6543f] -> nt!IofCallDriver -> [0xfffffa8004ad5580]
10:17:09.583 5 ACPI.sys[fffff88000f0a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004adb060]
10:17:09.598 AVAST engine scan C:\Windows
10:17:09.598 AVAST engine scan C:\Windows\system32
10:17:09.598 AVAST engine scan C:\Windows\system32\drivers
10:17:09.614 AVAST engine scan C:\Users\Buchkowski Lumber
10:17:09.614 AVAST engine scan C:\ProgramData
10:17:09.614 Scan finished successfully
10:17:21.330 Disk 0 MBR has been saved successfully to "C:\Users\Buchkowski Lumber\Desktop\MBR.dat"
10:17:21.330 The log file has been saved successfully to "C:\Users\Buchkowski Lumber\Desktop\aswMBR.txt"

Toad`
Novice
Novice

Posts Posts : 16
Joined Joined : 2012-05-01
Gender Gender : Male
OS OS : Windows 7 Version 6.1 (Build 7601: Service Pack 1)
Protection Protection : Norton Antivirus 19.7.0.9
Points Points : 17028
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I have no idea what I'm infected with

Post by Toad` on Tue May 01, 2012 3:57 pm

From SecurityCheck.exe:

checkup.txt
Spoiler:
Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Norton AntiVirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
``````````End of Log````````````

Toad`
Novice
Novice

Posts Posts : 16
Joined Joined : 2012-05-01
Gender Gender : Male
OS OS : Windows 7 Version 6.1 (Build 7601: Service Pack 1)
Protection Protection : Norton Antivirus 19.7.0.9
Points Points : 17028
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I have no idea what I'm infected with

Post by Toad` on Tue May 01, 2012 4:31 pm

Here is something fairly alarming as well, here is a complete showing of all the processes currently running on this system:



And here is the performance tab:



1.7 GB of RAM being chewed up? Whoa!

By the time I finished drafting this post, it was up to 2.14 GB being used. I'll perform a system restart and report back the results.

Toad`
Novice
Novice

Posts Posts : 16
Joined Joined : 2012-05-01
Gender Gender : Male
OS OS : Windows 7 Version 6.1 (Build 7601: Service Pack 1)
Protection Protection : Norton Antivirus 19.7.0.9
Points Points : 17028
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I have no idea what I'm infected with

Post by Toad` on Tue May 01, 2012 4:53 pm

A system restart has seemed to help at least a little bit. With Quickbooks and Firefox both running the system is using 1.3 GB of RAM - still high for my liking but much more tolerable.

Toad`
Novice
Novice

Posts Posts : 16
Joined Joined : 2012-05-01
Gender Gender : Male
OS OS : Windows 7 Version 6.1 (Build 7601: Service Pack 1)
Protection Protection : Norton Antivirus 19.7.0.9
Points Points : 17028
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I have no idea what I'm infected with

Post by Dr Jay on Tue May 01, 2012 4:54 pm

Let's start with ComboFix:

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13719
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302143
# Likes # Likes : 10

View user profile

Back to top Go down

Re: I have no idea what I'm infected with

Post by Toad` on Tue May 01, 2012 7:06 pm

Done.

From ComboFix.exe:

log.txt
Spoiler:
ComboFix 12-05-01.02 - Buchkowski Lumber 05/01/2012 13:45:25.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4008.2742 [GMT -5]
Running from: c:\users\Buchkowski Lumber\Desktop\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-01 to 2012-05-01 )))))))))))))))))))))))))))))))
.
.
2012-05-01 18:48 . 2012-05-01 18:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-01 13:38 . 2012-05-01 13:38 -------- d-----w- c:\programdata\Malwarebytes
2012-04-27 16:58 . 2012-04-27 16:58 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-04-27 16:26 . 2012-04-27 16:26 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-04-27 16:26 . 2012-04-27 16:26 -------- d-----w- c:\program files\Symantec
2012-04-27 16:26 . 2012-04-27 16:26 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-04-27 16:25 . 2012-04-28 12:05 -------- d-----w- c:\windows\system32\drivers\NAVx64
2012-04-27 16:25 . 2012-04-27 16:25 -------- d-----w- c:\program files (x86)\Norton AntiVirus
2012-04-27 16:14 . 2012-04-27 16:25 -------- d-----w- c:\programdata\Norton
2012-04-27 15:39 . 2012-04-28 12:04 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-04-27 13:41 . 2012-04-27 13:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-27 13:41 . 2012-04-27 13:43 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-04-27 12:11 . 2012-04-27 12:11 -------- d-----w- c:\users\QBDataServiceUser22
2012-04-26 22:09 . 2012-04-26 22:09 -------- d-----w- c:\programdata\PDF Writer
2012-04-26 22:07 . 2009-07-14 01:41 101376 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPWN7.DLL
2012-04-26 22:01 . 2012-04-26 22:01 -------- d-----w- c:\program files\Common Files\Bullzip
2012-04-26 22:01 . 2010-09-27 00:00 135168 ----a-w- c:\windows\SysWow64\bzpdfc.dll
2012-04-26 22:01 . 2008-10-30 00:00 227840 ----a-w- c:\windows\SysWow64\bzFlRdr.dll
2012-04-26 22:01 . 2008-07-09 00:00 103424 ----a-w- c:\windows\SysWow64\bzDCT.dll
2012-04-26 22:00 . 2012-03-03 00:00 215040 ----a-w- c:\windows\system32\bzpdf.dll
2012-04-26 22:00 . 2012-04-26 22:00 -------- d-----w- c:\program files\Bullzip
2012-04-26 20:09 . 2004-08-04 05:56 438272 ----a-w- C:\shimgvw.dll
2012-04-26 18:29 . 2012-04-26 18:30 -------- d-----w- c:\program files\Paint.NET
2012-04-26 16:25 . 2012-04-26 16:25 -------- d-----w- c:\program files\Common Files\Intuit
2012-04-26 15:51 . 2012-04-27 11:59 -------- d-----w- c:\programdata\Intuit
2012-04-26 15:51 . 2012-04-26 15:53 -------- d-----w- c:\program files (x86)\Common Files\Intuit
2012-04-26 15:51 . 2012-04-26 15:51 -------- d-----w- c:\programdata\Nuance
2012-04-26 15:51 . 2012-04-26 15:51 -------- d-----w- c:\program files (x86)\Intuit
2012-04-26 15:51 . 2012-05-01 13:50 -------- d-----w- c:\programdata\SQL Anywhere 11
2012-04-26 15:51 . 2012-04-26 15:51 -------- d-----w- c:\programdata\COMMON FILES
2012-04-26 15:38 . 2012-04-26 15:38 -------- d-----w- c:\windows\SysWow64\Macromed
2012-04-26 15:38 . 2012-04-26 15:38 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-04-26 15:29 . 2012-04-26 15:29 -------- d-----w- c:\windows\Intuit
2012-04-26 13:15 . 2012-04-26 13:15 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-04-25 15:00 . 2012-04-25 15:00 -------- d-----w- c:\program files (x86)\WTS Paradigm
2012-04-25 14:55 . 2012-04-25 14:55 -------- d-----w- c:\program files (x86)\Kolbe
2012-04-24 18:28 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2012-04-24 18:28 . 2011-03-11 06:41 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-04-24 18:28 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2012-04-24 18:28 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2012-04-24 18:28 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2012-04-24 18:28 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2012-04-24 18:28 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2012-04-24 18:28 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2012-04-24 18:28 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2012-04-24 18:28 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2012-04-24 18:28 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2012-04-24 18:27 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-04-24 18:27 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-04-24 18:27 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2012-04-24 18:27 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-04-24 18:27 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2012-04-24 18:27 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2012-04-24 18:27 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-04-24 18:12 . 2012-04-24 18:12 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-04-24 18:05 . 2012-04-24 18:05 -------- d-----w- c:\program files\Microsoft IntelliPoint
2012-04-24 18:04 . 2012-04-24 18:04 -------- d-----w- c:\windows\PCHEALTH
2012-04-24 16:52 . 2012-04-24 16:52 -------- d-----w- c:\windows\SysWow64\Wat
2012-04-24 16:52 . 2012-04-24 16:52 -------- d-----w- c:\windows\system32\Wat
2012-04-24 16:39 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-24 16:39 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-24 16:39 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-24 16:37 . 2012-04-18 08:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E5205E0E-F6E5-4470-8158-4CA84831095B}\mpengine.dll
2012-04-24 16:36 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-24 16:36 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-24 16:36 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-24 16:36 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-24 16:36 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-24 16:36 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-24 16:36 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-24 15:53 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2012-04-24 15:52 . 2011-02-24 06:15 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-04-24 15:52 . 2011-02-24 05:38 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-04-24 15:52 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-04-24 15:52 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-04-24 15:52 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-04-24 15:52 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-04-24 15:52 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-04-24 15:51 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-24 15:51 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-24 15:51 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 15:51 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2012-04-24 15:51 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-04-24 15:51 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-04-24 15:51 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-04-24 15:51 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-04-24 15:51 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-04-24 15:51 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-04-24 15:51 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-04-24 15:51 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-04-24 15:50 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-04-24 15:50 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2012-04-24 15:48 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-04-24 15:48 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-04-24 15:48 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-04-24 15:48 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-04-24 15:46 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2012-04-24 15:46 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-04-24 15:46 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-04-24 15:46 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-04-24 15:46 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-04-24 15:46 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-04-24 15:46 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-04-24 15:17 . 2012-04-24 15:17 -------- d-----w- c:\program files (x86)\Microsoft ActiveSync
2012-04-24 15:13 . 2012-04-27 12:08 -------- d-sh--w- c:\windows\Installer
2012-04-24 12:47 . 2012-04-24 12:47 -------- d-----w- c:\programdata\DAEMON Tools Pro
2012-04-24 12:35 . 2012-04-24 12:35 -------- d-----w- c:\program files\Common Files\Intel
2012-04-24 12:35 . 2012-04-24 12:35 -------- d-----w- c:\program files (x86)\Common Files\Intel
2012-04-24 12:34 . 2010-10-14 17:28 317440 ----a-w- c:\windows\system32\drivers\IntcDAud.sys
2012-04-24 12:34 . 2010-10-14 17:27 14848 ----a-w- c:\windows\system32\IntcDAuC.dll
2012-04-24 12:33 . 2012-03-20 03:17 63488 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-04-24 12:33 . 2012-03-20 03:17 110592 ----a-w- c:\windows\system32\hccutils.dll
2012-04-24 12:33 . 2011-04-10 03:41 577024 ----a-w- c:\windows\SysWow64\igdumdx32.dll
2012-04-24 12:33 . 2011-04-10 03:56 90112 ----a-w- c:\windows\system32\igfxCoIn_v2361.dll
2012-04-24 12:33 . 2011-04-10 03:49 145804 ----a-w- c:\windows\SysWow64\igcompkrng600.bin
2012-04-24 12:33 . 2011-04-10 03:49 145804 ----a-w- c:\windows\system32\igcompkrng600.bin
2012-04-24 12:33 . 2011-04-10 02:40 94208 ----a-w- c:\windows\system32\IccLibDll_x64.dll
2012-04-24 12:18 . 2012-04-24 12:18 -------- d-----w- c:\windows\SysWow64\RTCOM
2012-04-24 12:18 . 2012-04-24 12:18 -------- d-----w- c:\program files\Realtek
2012-04-24 12:16 . 2012-04-24 12:16 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2012-04-24 12:05 . 2011-04-15 08:00 53248 ----a-r- c:\windows\SysWow64\CSVer.dll
2012-04-24 12:05 . 2012-04-24 12:34 -------- d-----w- c:\program files (x86)\Intel
2012-04-24 12:05 . 2012-04-24 12:33 -------- d-----w- C:\Intel
2012-04-24 12:03 . 2011-06-10 11:34 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2012-04-24 12:03 . 2012-04-24 12:17 -------- d-----w- c:\program files (x86)\Realtek
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-20 04:44 . 2012-03-20 04:44 5888792 ----a-w- c:\windows\system32\GfxUI.exe
2012-03-20 04:44 . 2012-03-20 04:44 509720 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-03-20 04:44 . 2012-03-20 04:44 439064 ----a-w- c:\windows\system32\igfxpers.exe
2012-03-20 04:44 . 2012-03-20 04:44 398616 ----a-w- c:\windows\system32\hkcmd.exe
2012-03-20 04:44 . 2012-03-20 04:44 276248 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-03-20 04:44 . 2012-03-20 04:44 250136 ----a-w- c:\windows\system32\igfxext.exe
2012-03-20 04:44 . 2012-03-20 04:44 184600 ----a-w- c:\windows\system32\difx64.exe
2012-03-20 04:44 . 2012-03-20 04:44 170264 ----a-w- c:\windows\system32\igfxtray.exe
2012-03-20 04:42 . 2012-03-20 04:42 90112 ----a-w- c:\windows\system32\igfxCoIn_v2696.dll
2012-03-20 04:32 . 2012-03-20 04:32 14745600 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-03-20 04:31 . 2012-03-20 04:31 8087040 ----a-w- c:\windows\system32\igdumd64.dll
2012-03-20 04:31 . 2012-03-20 04:31 963912 ----a-w- c:\windows\system32\igkrng600.bin
2012-03-20 04:31 . 2012-03-20 04:31 261208 ----a-w- c:\windows\system32\igfcg600m.bin
2012-03-20 04:31 . 2012-03-20 04:31 79360 ----a-w- c:\windows\system32\igdde64.dll
2012-03-20 04:26 . 2012-03-20 04:26 6120960 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-03-20 04:25 . 2012-03-20 04:25 58880 ----a-w- c:\windows\SysWow64\igdde32.dll
2012-03-20 04:22 . 2012-03-20 04:22 9605632 ----a-w- c:\windows\system32\igd10umd64.dll
2012-03-20 04:11 . 2012-03-20 04:11 7795200 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-03-20 03:31 . 2012-03-20 03:31 18137088 ----a-w- c:\windows\system32\ig4icd64.dll
2012-03-20 03:21 . 2012-03-20 03:21 13212672 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2012-03-20 03:18 . 2012-03-20 03:18 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-03-20 03:18 . 2012-03-20 03:18 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-03-20 03:18 . 2012-03-20 03:18 438272 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-03-20 03:18 . 2012-03-20 03:18 437760 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-03-20 03:18 . 2012-03-20 03:18 439808 ----a-w- c:\windows\system32\igfxresn.lrc
2012-03-20 03:18 . 2012-03-20 03:18 439296 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-03-20 03:18 . 2012-03-20 03:18 438784 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-03-20 03:18 . 2012-03-20 03:18 438784 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-03-20 03:18 . 2012-03-20 03:18 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-03-20 03:18 . 2012-03-20 03:18 437760 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-03-20 03:18 . 2012-03-20 03:18 437760 ----a-w- c:\windows\system32\igfxrptb.lrc
2012-03-20 03:18 . 2012-03-20 03:18 437248 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-03-20 03:18 . 2012-03-20 03:18 440320 ----a-w- c:\windows\system32\igfxrell.lrc
2012-03-20 03:18 . 2012-03-20 03:18 438784 ----a-w- c:\windows\system32\igfxrita.lrc
2012-03-20 03:18 . 2012-03-20 03:18 438272 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-03-20 03:18 . 2012-03-20 03:18 437760 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-03-20 03:18 . 2012-03-20 03:18 435712 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-03-20 03:18 . 2012-03-20 03:18 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-03-20 03:18 . 2012-03-20 03:18 430592 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-03-20 03:18 . 2012-03-20 03:18 439808 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-03-20 03:18 . 2012-03-20 03:18 438784 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-03-20 03:18 . 2012-03-20 03:18 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-03-20 03:18 . 2012-03-20 03:18 438272 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-03-20 03:18 . 2012-03-20 03:18 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-03-20 03:18 . 2012-03-20 03:18 437248 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-03-20 03:18 . 2012-03-20 03:18 429056 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-03-20 03:18 . 2012-03-20 03:18 435712 ----a-w- c:\windows\system32\igfxrara.lrc
2012-03-20 03:18 . 2012-03-20 03:18 428544 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-03-20 03:18 . 2012-03-20 03:18 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-03-20 03:18 . 2012-03-20 03:18 386560 ----a-w- c:\windows\system32\igfxpph.dll
2012-03-20 03:18 . 2012-03-20 03:18 410624 ----a-w- c:\windows\system32\igfxTMM.dll
2012-03-20 03:17 . 2012-03-20 03:17 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-03-20 03:17 . 2012-03-20 03:17 9216 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-03-20 03:17 . 2012-03-20 03:17 434688 ----a-w- c:\windows\system32\igfxdev.dll
2012-03-20 03:17 . 2012-03-20 03:17 172032 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-03-20 03:16 . 2012-03-20 03:16 286208 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-03-20 03:16 . 2012-03-20 03:16 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-03-20 03:16 . 2012-03-20 03:16 9007616 ----a-w- c:\windows\system32\igfxress.dll
2012-03-20 03:12 . 2012-03-20 03:12 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-03-20 03:11 . 2012-03-20 03:11 325120 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-03-20 03:09 . 2012-03-20 03:09 524800 ----a-w- c:\windows\system32\iglhsip64.dll
2012-03-20 03:09 . 2012-03-20 03:09 519680 ----a-w- c:\windows\SysWow64\iglhsip32.dll
2012-03-20 03:09 . 2012-03-20 03:09 2967040 ----a-w- c:\windows\system32\igfxcmjit64.dll
2012-03-20 03:09 . 2012-03-20 03:09 237056 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2012-03-20 03:09 . 2012-03-20 03:09 2321408 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2012-03-20 03:09 . 2012-03-20 03:09 213504 ----a-w- c:\windows\system32\iglhcp64.dll
2012-03-20 03:09 . 2012-03-20 03:09 193024 ----a-w- c:\windows\system32\igfxcmrt64.dll
2012-03-20 03:09 . 2012-03-20 03:09 177152 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2012-02-23 15:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-12-06 2215768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-3-14 1175912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2012-3-14 5961048]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2012\QBW32.EXE [2012-3-14 1178984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-20 276248]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-08-20 1248256]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R4 WTS Paradigm Base Camp;WTS Paradigm Base Camp;c:\program files (x86)\WTS Paradigm\BaseCamp\BaseCampService.exe [2012-04-25 257024]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1307000.009\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1307000.009\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120413.001\BHDrvx64.sys [2012-04-13 1160824]
S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1307000.009\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120428.001\IDSvia64.sys [2012-04-28 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1307000.009\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1307000.009\SYMNETS.SYS [x]
S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe [2012-03-27 138232]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-04-28 138360]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 QuickBooksDB22;QuickBooksDB22;c:\progra~2\Intuit\QUICKB~1\QBDBMgrN.exe [2011-08-20 679936]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-20 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-20 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-20 439064]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.104.96.61
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\users\Buchkowski Lumber\AppData\Roaming\Mozilla\Firefox\Profiles\3v9l1h0d.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\19.7.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
.
**************************************************************************
.
Completion time: 2012-05-01 13:55:15 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-01 18:55
.
Pre-Run: 48,235,671,552 bytes free
Post-Run: 48,312,918,016 bytes free
.
- - End Of File - - F61E933A465FF110AAE4A3ECC3BE8FE8

I've had to switch to a different system to write this post. When I try to open anything on the system we are working on I get the following error:

"Illegal operation attempted on a registry key that has been marked for deletion."

I can't even get into regedit, command prompt, explorer... nothing.

I hope you can walk me through the process of rolling back to that restore point that ComboFix created... Please (puppy eyes)

I'm afraid to restart the system or do anything until I get confirmation from someone on what I should do.

Toad`
Novice
Novice

Posts Posts : 16
Joined Joined : 2012-05-01
Gender Gender : Male
OS OS : Windows 7 Version 6.1 (Build 7601: Service Pack 1)
Protection Protection : Norton Antivirus 19.7.0.9
Points Points : 17028
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I have no idea what I'm infected with

Post by Toad` on Tue May 01, 2012 7:14 pm

I've managed to get into explorer on the other system, but nothing else has changed. I'm not able to open anything... Let me think

Toad`
Novice
Novice

Posts Posts : 16
Joined Joined : 2012-05-01
Gender Gender : Male
OS OS : Windows 7 Version 6.1 (Build 7601: Service Pack 1)
Protection Protection : Norton Antivirus 19.7.0.9
Points Points : 17028
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I have no idea what I'm infected with

Post by Toad` on Tue May 01, 2012 8:12 pm

[You must be registered and logged in to see this link.] wrote:I'm afraid to restart the system or do anything until I get confirmation from someone on what I should do.
Never mind that, there isn't much on that system that isn't backed up so I got impatient and went for a restart.

I am able to open/access files and such per normal.

Still having that mysterious disappearing files problem though.

Toad`
Novice
Novice

Posts Posts : 16
Joined Joined : 2012-05-01
Gender Gender : Male
OS OS : Windows 7 Version 6.1 (Build 7601: Service Pack 1)
Protection Protection : Norton Antivirus 19.7.0.9
Points Points : 17028
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I have no idea what I'm infected with

Post by Dr Jay on Wed May 02, 2012 8:43 am

What do you mean by restart?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13719
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302143
# Likes # Likes : 10

View user profile

Back to top Go down

Re: I have no idea what I'm infected with

Post by Toad` on Wed May 02, 2012 11:55 am

I restarted the computer.

Start>Shutdown>Restart.

Toad`
Novice
Novice

Posts Posts : 16
Joined Joined : 2012-05-01
Gender Gender : Male
OS OS : Windows 7 Version 6.1 (Build 7601: Service Pack 1)
Protection Protection : Norton Antivirus 19.7.0.9
Points Points : 17028
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I have no idea what I'm infected with

Post by Dr Jay on Thu May 03, 2012 8:31 am

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13719
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302143
# Likes # Likes : 10

View user profile

Back to top Go down

Re: I have no idea what I'm infected with

Post by Toad` on Thu May 03, 2012 12:23 pm

Ummm... I already did that. See Post 10 of this thread. Annoyed or Unimpress

Toad`
Novice
Novice

Posts Posts : 16
Joined Joined : 2012-05-01
Gender Gender : Male
OS OS : Windows 7 Version 6.1 (Build 7601: Service Pack 1)
Protection Protection : Norton Antivirus 19.7.0.9
Points Points : 17028
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I have no idea what I'm infected with

Post by Dr Jay on Thu May 03, 2012 2:21 pm

I know! I want you to download a new copy of ComboFix and run it again, please...


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13719
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302143
# Likes # Likes : 10

View user profile

Back to top Go down

Re: I have no idea what I'm infected with

Post by Toad` on Thu May 03, 2012 9:26 pm

Would you prefer that I not restart the system after running ComboFix this time?

Toad`
Novice
Novice

Posts Posts : 16
Joined Joined : 2012-05-01
Gender Gender : Male
OS OS : Windows 7 Version 6.1 (Build 7601: Service Pack 1)
Protection Protection : Norton Antivirus 19.7.0.9
Points Points : 17028
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I have no idea what I'm infected with

Post by Dr Jay on Fri May 04, 2012 8:13 am

ComboFix will decide if the system needs restarted. Therefore, depends on its choosing.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13719
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302143
# Likes # Likes : 10

View user profile

Back to top Go down

Re: I have no idea what I'm infected with

Post by Toad` on Fri May 04, 2012 6:08 pm

I won't be able to get to this until Monday morning at the earliest.

Thanks for your help thus far, I'll check back in after I get this taken care of.

Toad`
Novice
Novice

Posts Posts : 16
Joined Joined : 2012-05-01
Gender Gender : Male
OS OS : Windows 7 Version 6.1 (Build 7601: Service Pack 1)
Protection Protection : Norton Antivirus 19.7.0.9
Points Points : 17028
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I have no idea what I'm infected with

Post by Dr Jay on Sat May 05, 2012 8:02 pm

Okay...I'll see you here then.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13719
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302143
# Likes # Likes : 10

View user profile

Back to top Go down

Re: I have no idea what I'm infected with

Post by Toad` on Fri May 18, 2012 6:29 pm

You can mark this issue as resolved.

I got fed up and reinstalled Windows and still had the same issue. Another hour or two of research turned up that it was some sort of incompatibility with Windows 7 and the current version of Adobe.

I'd link to the places where I found the solution, but I'm not sure of the policies regarding that on this forum.

Thanks for your help anyway DMJ. Right On!

Toad`
Novice
Novice

Posts Posts : 16
Joined Joined : 2012-05-01
Gender Gender : Male
OS OS : Windows 7 Version 6.1 (Build 7601: Service Pack 1)
Protection Protection : Norton Antivirus 19.7.0.9
Points Points : 17028
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I have no idea what I'm infected with

Post by Dr Jay on Sat May 19, 2012 6:24 pm

Glad it worked.

We do our work for free. If you feel helped, please see my signature below for the donation link.

Thanks! Topic closed.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13719
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302143
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum