csb1965

Thanks for your help. I have Trend Micro installed and running as part of our office's network protection. I'm not sure if that gives me a lot of confidence considering this virus installed while Trend was running though! I believe that Avast can run as a "secondary" protection layer ... would you recommend that I install it as well? I already use Firefox but I will look into the anti spyware programs you suggested as well. Thanks again!

Okay .. the scan ran for nearly a whole day but the results are done. I forgot to uncheck the Remove found threats box .. however, it looks like I can restore any of these that I need/want to. C:\Qoobox\Quarantine\C\Users\cboyan\AppData\Local\{adac30f1-7b66-a21a-2c9f-9d124cc486fd}\n.vir Win64/Sirefef.W trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.EZ trojan deleted - quarantined C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.AD trojan deleted - quarantined C:\Qoobox\Quarantine\C\Windows\Installer\{adac30f1-7b66-a21a-2c9f-9d124cc486fd}\n.vir Win64/Sirefef.W trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Windows\Installer\{adac30f1-7b66-a21a-2c9f-9d124cc486fd}\U\00000008.@.vir Win64/Agent.BA trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Windows\Installer\{adac30f1-7b66-a21a-2c9f-9d124cc486fd}\U\80000000.@.vir Win64/Sirefef.AE trojan cleaned by deleting - quarantined C:\Users\cboyan\Downloads\winamp5623_full_emusic-7plus_all.exe Win32/OpenCandy application deleted - quarantined C:\Users\cboyan\Downloads\Software\FLVPlayers\cnet_FLVPlayerSetup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined C:\Users\cboyan\Downloads\Software\FLVPlayers\flvplayer-setup.exe Win32/DownloadAdmin.A.Gen application deleted - quarantined C:\Users\cboyan\Downloads\Software\MessengerDetect\FacebookChecker.exe a variant of Win32/AIMMonitorSniffer.A application deleted - quarantined C:\Users\cboyan\Downloads\Software\PCMaintenance\AdvancedSystemCareV5\asc-setup.exe a variant of Win32/Toolbar.Widgi application deleted - quarantined C:\Users\cboyan\Downloads\Software\PCMaintenance\AdvanceSystemCareV4\asc-setup.exe a variant of Win32/Toolbar.Widgi application deleted - quarantined C:\Users\cboyan\Downloads\Software\PCMaintenance\SmartDefrag\sd2-setup220.exe a variant of Win32/Toolbar.Widgi application deleted - quarantined C:\Users\cboyan\Downloads\Software\PDFGeneration\PrimoPDF\InternationalPrimoPDF.exe Win32/OpenCandy application deleted - quarantined C:\Users\cboyan\Downloads\Software\VideoCache\OrbitDownloaderSetup.exe Win32/OpenCandy application deleted - quarantined C:\Users\cboyan\Downloads\Software\Winamp\winamp5621_full_emusic-7plus_en-us.exe Win32/OpenCandy application deleted - quarantined Looks like there were still some trojans hiding around (??). What about the OpenCandy and Toolbar.Widgi application warnings. Are these okay to restore? Thanks again for your help. System seems to be working fine which is a massive relief!!

Thanks .. running the ESET scan now .. 34% through in 3 hours so it seems this will take a while. Will come back to you when it's done.

I have also just finished running Security Check. Here is the log file from that program: Security Check log ------------------------------------------------------------------------------ Results of screen317's Security Check version 0.99.38 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! Trend Micro Client/Server Security Agent Antivirus Antivirus up to date! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes Anti-Malware version 1.61.0.1400 JavaFX 2.1.0 Java 6 Update 20 Java 7 Update 4 Adobe Reader X (10.1.3) Mozilla Firefox (12.0) ```````````````````````````````` Process Check: objlist.exe by Laurent Trend Micro OfficeScan Client pccntmon.exe cboyan Downloads Software AntiMalware\securitycheck\SecurityCheck.exe Trend Micro Client Server Security Agent ntrtscan.exe Trend Micro Client Server Security Agent HostedAgent svcGenericHost.exe Trend Micro Client Server Security Agent tmlisten.exe Trend Micro Client Server Security Agent HostedAgent HostedAgent.exe Trend Micro BM TMBMSRV.exe Trend Micro Client Server Security Agent TmProxy.exe ``````````End of Log````````````

Thank you SO much ... I ran TDSKiller and it reported no threats. I have attached the log file here just in case ... I then ran combofix and rebooted the machine (again) after it completed. I had to repair my network adapter and then disable/enable it to get internet connectivity again. I have re-enabled the Trend Micro real time scanning and I am no longer receiving reports of unauthorised URLs. I can also successfully invoke nslookup. I can't see any other symptoms so it appears that the steps you have given me have done the job. I have posted the log from ComboFix below in case there is anything else that I should clean up but don't notice as a user. Thanks again for such fantastic support. This has been killing me for a few days and you've fixed in it minutes! ComboFix Log ------------------------------------------------------------------------------------------------- ComboFix 12-05-24.03 - cboyan 25/05/2012 5:38.1.8 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.6135.3794 [GMT 10:00] Running from: c:\users\cboyan\Downloads\Software\AntiMalware\combofix\ComboFix.exe AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92} FW: Trend Micro Personal Firewall *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79} SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\cboyan\AppData\Local\{adac30f1-7b66-a21a-2c9f-9d124cc486fd} c:\users\cboyan\AppData\Local\{adac30f1-7b66-a21a-2c9f-9d124cc486fd}\@ c:\users\cboyan\AppData\Local\{adac30f1-7b66-a21a-2c9f-9d124cc486fd}\n c:\users\cboyan\g2mdlhlpx.exe c:\windows\assembly\GAC_32\Desktop.ini c:\windows\assembly\GAC_64\Desktop.ini c:\windows\Installer\{adac30f1-7b66-a21a-2c9f-9d124cc486fd} c:\windows\Installer\{adac30f1-7b66-a21a-2c9f-9d124cc486fd}\@ c:\windows\Installer\{adac30f1-7b66-a21a-2c9f-9d124cc486fd}\L\00000004.@ c:\windows\Installer\{adac30f1-7b66-a21a-2c9f-9d124cc486fd}\L\1afb2d56 c:\windows\Installer\{adac30f1-7b66-a21a-2c9f-9d124cc486fd}\L\201d3dde c:\windows\Installer\{adac30f1-7b66-a21a-2c9f-9d124cc486fd}\n c:\windows\Installer\{adac30f1-7b66-a21a-2c9f-9d124cc486fd}\U\00000004.@ c:\windows\Installer\{adac30f1-7b66-a21a-2c9f-9d124cc486fd}\U\00000008.@ c:\windows\Installer\{adac30f1-7b66-a21a-2c9f-9d124cc486fd}\U\000000cb.@ c:\windows\Installer\{adac30f1-7b66-a21a-2c9f-9d124cc486fd}\U\80000000.@ c:\windows\Installer\{adac30f1-7b66-a21a-2c9f-9d124cc486fd}\U\80000032.@ c:\windows\Installer\{adac30f1-7b66-a21a-2c9f-9d124cc486fd}\U\80000064.@ . ----- File Replicators ----- . c:\program files (x86)\Git\libexec\git-core\git-add.exe c:\program files (x86)\Git\libexec\git-core\git-annotate.exe c:\program files (x86)\Git\libexec\git-core\git-apply.exe c:\program files (x86)\Git\libexec\git-core\git-archive.exe c:\program files (x86)\Git\libexec\git-core\git-bisect--helper.exe c:\program files (x86)\Git\libexec\git-core\git-blame.exe c:\program files (x86)\Git\libexec\git-core\git-branch.exe c:\program files (x86)\Git\libexec\git-core\git-bundle.exe c:\program files (x86)\Git\libexec\git-core\git-cat-file.exe c:\program files (x86)\Git\libexec\git-core\git-check-attr.exe c:\program files (x86)\Git\libexec\git-core\git-check-ref-format.exe c:\program files (x86)\Git\libexec\git-core\git-checkout-index.exe c:\program files (x86)\Git\libexec\git-core\git-checkout.exe c:\program files (x86)\Git\libexec\git-core\git-cherry-pick.exe c:\program files (x86)\Git\libexec\git-core\git-cherry.exe c:\program files (x86)\Git\libexec\git-core\git-clean.exe c:\program files (x86)\Git\libexec\git-core\git-clone.exe c:\program files (x86)\Git\libexec\git-core\git-commit-tree.exe c:\program files (x86)\Git\libexec\git-core\git-commit.exe c:\program files (x86)\Git\libexec\git-core\git-config.exe c:\program files (x86)\Git\libexec\git-core\git-count-objects.exe c:\program files (x86)\Git\libexec\git-core\git-describe.exe c:\program files (x86)\Git\libexec\git-core\git-diff-files.exe c:\program files (x86)\Git\libexec\git-core\git-diff-index.exe c:\program files (x86)\Git\libexec\git-core\git-diff-tree.exe c:\program files (x86)\Git\libexec\git-core\git-diff.exe c:\program files (x86)\Git\libexec\git-core\git-fast-export.exe c:\program files (x86)\Git\libexec\git-core\git-fetch-pack.exe c:\program files (x86)\Git\libexec\git-core\git-fetch.exe c:\program files (x86)\Git\libexec\git-core\git-fmt-merge-msg.exe c:\program files (x86)\Git\libexec\git-core\git-for-each-ref.exe c:\program files (x86)\Git\libexec\git-core\git-format-patch.exe c:\program files (x86)\Git\libexec\git-core\git-fsck-objects.exe c:\program files (x86)\Git\libexec\git-core\git-fsck.exe c:\program files (x86)\Git\libexec\git-core\git-gc.exe c:\program files (x86)\Git\libexec\git-core\git-get-tar-commit-id.exe c:\program files (x86)\Git\libexec\git-core\git-grep.exe c:\program files (x86)\Git\libexec\git-core\git-hash-object.exe c:\program files (x86)\Git\libexec\git-core\git-help.exe c:\program files (x86)\Git\libexec\git-core\git-index-pack.exe c:\program files (x86)\Git\libexec\git-core\git-init-db.exe c:\program files (x86)\Git\libexec\git-core\git-init.exe c:\program files (x86)\Git\libexec\git-core\git-log.exe c:\program files (x86)\Git\libexec\git-core\git-ls-files.exe c:\program files (x86)\Git\libexec\git-core\git-ls-remote.exe c:\program files (x86)\Git\libexec\git-core\git-ls-tree.exe c:\program files (x86)\Git\libexec\git-core\git-mailinfo.exe c:\program files (x86)\Git\libexec\git-core\git-mailsplit.exe c:\program files (x86)\Git\libexec\git-core\git-merge-base.exe c:\program files (x86)\Git\libexec\git-core\git-merge-file.exe c:\program files (x86)\Git\libexec\git-core\git-merge-index.exe c:\program files (x86)\Git\libexec\git-core\git-merge-ours.exe c:\program files (x86)\Git\libexec\git-core\git-merge-recursive.exe c:\program files (x86)\Git\libexec\git-core\git-merge-subtree.exe c:\program files (x86)\Git\libexec\git-core\git-merge-tree.exe c:\program files (x86)\Git\libexec\git-core\git-merge.exe c:\program files (x86)\Git\libexec\git-core\git-mktag.exe c:\program files (x86)\Git\libexec\git-core\git-mktree.exe c:\program files (x86)\Git\libexec\git-core\git-mv.exe c:\program files (x86)\Git\libexec\git-core\git-name-rev.exe c:\program files (x86)\Git\libexec\git-core\git-notes.exe c:\program files (x86)\Git\libexec\git-core\git-pack-objects.exe c:\program files (x86)\Git\libexec\git-core\git-pack-redundant.exe c:\program files (x86)\Git\libexec\git-core\git-pack-refs.exe c:\program files (x86)\Git\libexec\git-core\git-patch-id.exe c:\program files (x86)\Git\libexec\git-core\git-peek-remote.exe c:\program files (x86)\Git\libexec\git-core\git-prune-packed.exe c:\program files (x86)\Git\libexec\git-core\git-prune.exe c:\program files (x86)\Git\libexec\git-core\git-push.exe c:\program files (x86)\Git\libexec\git-core\git-read-tree.exe c:\program files (x86)\Git\libexec\git-core\git-receive-pack.exe c:\program files (x86)\Git\libexec\git-core\git-reflog.exe c:\program files (x86)\Git\libexec\git-core\git-remote-ext.exe c:\program files (x86)\Git\libexec\git-core\git-remote-fd.exe c:\program files (x86)\Git\libexec\git-core\git-remote.exe c:\program files (x86)\Git\libexec\git-core\git-replace.exe c:\program files (x86)\Git\libexec\git-core\git-repo-config.exe c:\program files (x86)\Git\libexec\git-core\git-rerere.exe c:\program files (x86)\Git\libexec\git-core\git-reset.exe c:\program files (x86)\Git\libexec\git-core\git-rev-list.exe c:\program files (x86)\Git\libexec\git-core\git-rev-parse.exe c:\program files (x86)\Git\libexec\git-core\git-revert.exe c:\program files (x86)\Git\libexec\git-core\git-rm.exe c:\program files (x86)\Git\libexec\git-core\git-send-pack.exe c:\program files (x86)\Git\libexec\git-core\git-shortlog.exe c:\program files (x86)\Git\libexec\git-core\git-show-branch.exe c:\program files (x86)\Git\libexec\git-core\git-show-ref.exe c:\program files (x86)\Git\libexec\git-core\git-show.exe c:\program files (x86)\Git\libexec\git-core\git-stage.exe c:\program files (x86)\Git\libexec\git-core\git-status.exe c:\program files (x86)\Git\libexec\git-core\git-stripspace.exe c:\program files (x86)\Git\libexec\git-core\git-symbolic-ref.exe c:\program files (x86)\Git\libexec\git-core\git-tag.exe c:\program files (x86)\Git\libexec\git-core\git-tar-tree.exe c:\program files (x86)\Git\libexec\git-core\git-unpack-file.exe c:\program files (x86)\Git\libexec\git-core\git-unpack-objects.exe c:\program files (x86)\Git\libexec\git-core\git-update-index.exe c:\program files (x86)\Git\libexec\git-core\git-update-ref.exe c:\program files (x86)\Git\libexec\git-core\git-update-server-info.exe c:\program files (x86)\Git\libexec\git-core\git-upload-archive.exe c:\program files (x86)\Git\libexec\git-core\git-var.exe c:\program files (x86)\Git\libexec\git-core\git-verify-pack.exe c:\program files (x86)\Git\libexec\git-core\git-verify-tag.exe c:\program files (x86)\Git\libexec\git-core\git-whatchanged.exe c:\program files (x86)\Git\libexec\git-core\git-write-tree.exe c:\program files (x86)\Git\libexec\git-core\git.exe . . ((((((((((((((((((((((((( Files Created from 2012-04-24 to 2012-05-24 ))))))))))))))))))))))))))))))) . . 2012-05-23 23:42 . 2012-05-23 23:42 -------- d-----w- c:\users\cboyan\AppData\Roaming\Malwarebytes 2012-05-23 23:42 . 2012-05-23 23:42 -------- d-----w- c:\programdata\Malwarebytes 2012-05-23 23:42 . 2012-05-23 23:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-05-23 23:42 . 2012-04-04 05:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-23 22:36 . 2012-05-23 22:36 249856 ------w- c:\windows\Setup1.exe 2012-05-23 22:36 . 2012-05-23 22:36 73216 ----a-w- c:\windows\ST6UNST.EXE 2012-05-23 15:06 . 2012-03-07 00:15 258520 ----a-w- c:\windows\system32\aswBoot.exe 2012-05-23 15:05 . 2012-05-23 23:24 -------- d-----w- c:\programdata\AVAST Software 2012-05-23 15:05 . 2012-05-23 15:05 -------- d-----w- c:\program files\AVAST Software 2012-05-23 05:21 . 2012-05-23 05:21 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-23 05:21 . 2012-05-23 05:21 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2012-05-23 05:21 . 2012-05-23 05:21 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2012-05-23 05:21 . 2012-05-23 05:21 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2012-05-23 05:21 . 2012-05-23 05:21 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-23 05:21 . 2012-05-23 05:21 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-23 05:21 . 2012-05-23 05:21 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-23 05:21 . 2012-05-23 05:21 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-23 05:21 . 2012-05-23 05:21 3146240 ----a-w- c:\windows\system32\win32k.sys 2012-05-23 05:12 . 2012-05-23 05:12 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-23 05:12 . 2012-05-23 05:12 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-23 05:07 . 2012-05-23 05:07 1544704 ----a-w- c:\windows\system32\DWrite.dll 2012-05-23 05:07 . 2012-05-23 05:07 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-05-23 05:06 . 2012-05-23 05:06 -------- d-----w- c:\program files (x86)\MSXML 4.0 2012-05-23 05:06 . 2012-05-23 05:06 902656 ----a-w- c:\windows\system32\d2d1.dll 2012-05-23 05:06 . 2012-05-23 05:06 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2012-05-23 05:06 . 2012-05-23 05:06 1139200 ----a-w- c:\windows\system32\FntCache.dll 2012-05-23 05:04 . 2012-02-23 04:24 24408 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe 2012-05-23 04:57 . 2012-05-23 04:57 -------- d-----w- c:\programdata\IObit 2012-05-23 04:57 . 2012-05-24 02:11 -------- d-----w- c:\users\cboyan\AppData\Roaming\IObit 2012-05-23 04:57 . 2012-05-23 04:57 -------- d-----w- c:\program files (x86)\IObit 2012-05-23 04:35 . 2012-05-23 04:35 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-05-22 16:16 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{798E5394-519C-4EE3-B5D0-25CE05F5B854}\mpengine.dll 2012-05-21 22:37 . 2012-05-21 22:37 -------- d-----r- c:\users\cboyan\AppData\Roaming\Brother 2012-05-21 05:35 . 2012-05-21 05:35 -------- d-----w- c:\users\cboyan\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1 2012-05-21 05:34 . 2012-05-21 05:34 -------- d-----w- c:\users\cboyan\AppData\Roaming\Wacom 2012-05-21 05:34 . 2012-05-21 05:35 -------- d-----w- c:\programdata\Wacom 2012-05-21 05:34 . 2012-05-23 05:31 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR 2012-05-21 05:33 . 2012-05-21 05:34 -------- d-----w- c:\program files (x86)\Bamboo Dock 2012-05-19 07:50 . 2012-05-19 07:50 -------- d-----w- c:\programdata\NCH Software 2012-05-19 07:49 . 2012-05-19 07:49 -------- d-----w- c:\users\cboyan\AppData\Roaming\NCH Software 2012-05-19 07:31 . 2012-05-19 07:45 -------- d-----w- c:\users\cboyan\AppData\Roaming\FileZilla 2012-05-18 05:47 . 2012-05-18 05:47 -------- d-----w- c:\program files (x86)\TortoiseHg 2012-05-18 05:46 . 2012-05-18 05:47 -------- d-----w- c:\program files\TortoiseHg 2012-05-18 05:23 . 2012-05-23 13:16 -------- d-----w- c:\windows\system32\appmgmt 2012-05-18 05:19 . 2012-05-18 05:47 -------- d-----w- c:\program files (x86)\Kiln Client 2012-05-18 05:19 . 2012-05-18 05:47 -------- d-----w- c:\users\cboyan\AppData\Local\KilnExtensions 2012-05-10 20:41 . 2012-05-19 21:49 -------- d-----w- c:\program files (x86)\PuTTY 2012-05-10 19:24 . 2012-05-23 14:17 -------- d-----w- c:\users\cboyan\AppData\Roaming\TortoiseHg 2012-05-10 06:08 . 2012-05-10 06:08 -------- d-----w- c:\program files (x86)\SQL Accessories 2012-05-10 06:06 . 2012-05-10 06:27 -------- d-----w- c:\users\cboyan\AppData\Roaming\TulaSoft 2012-05-10 04:10 . 2012-05-10 04:10 -------- d-----w- c:\windows\SysWow64\QuickTime 2012-05-10 04:10 . 2012-05-10 04:10 -------- d-----w- c:\program files (x86)\QuickTime 2012-05-10 04:10 . 2012-05-10 04:10 -------- d-----w- c:\program files (x86)\Common Files\TechSmith Shared 2012-05-09 20:48 . 2012-05-09 20:48 -------- d-----w- c:\users\cboyan\.swt 2012-05-09 20:45 . 2012-05-24 07:05 -------- d-----w- c:\program files (x86)\thinkorswim 2012-05-09 20:01 . 2012-05-09 20:01 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-05-09 20:01 . 2012-05-09 20:01 -------- d-----w- c:\program files (x86)\Oracle 2012-05-09 20:00 . 2012-05-09 20:00 772552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-05-08 12:13 . 2012-05-08 12:14 -------- d-----w- c:\program files (x86)\Git 2012-05-08 11:12 . 2012-05-08 11:12 -------- d-----w- c:\users\cboyan\AppData\Local\Windows Live Writer 2012-05-08 11:12 . 2012-05-08 11:12 -------- d-----w- c:\users\cboyan\AppData\Roaming\Windows Live Writer 2012-05-08 06:54 . 2012-05-08 06:54 -------- d-----w- c:\users\cboyan\AppData\Local\Apps 2012-05-08 06:54 . 2012-05-08 07:49 -------- d-----w- c:\users\cboyan\AppData\Local\Deployment 2012-05-08 00:45 . 2012-05-08 00:45 -------- d-----w- c:\program files (x86)\TeamViewer 2012-05-08 00:44 . 2012-05-08 00:52 -------- d-----w- c:\users\cboyan\AppData\Roaming\TeamViewer 2012-05-07 05:45 . 2012-05-07 05:46 -------- d-----w- c:\program files (x86)\Singorama 2012-05-07 01:33 . 2012-05-07 01:33 -------- d-----w- c:\program files (x86)\WinDirStat 2012-05-07 00:24 . 2012-05-07 00:25 -------- d-----w- c:\users\cboyan\AppData\Roaming\XMind 2012-05-07 00:24 . 2012-04-04 08:47 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-05-07 00:24 . 2012-05-09 20:00 -------- d-----w- c:\program files (x86)\Java 2012-05-07 00:23 . 2012-05-07 00:25 -------- d-----w- c:\program files (x86)\XMind 2012-05-04 21:18 . 2012-05-04 22:18 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-05-04 19:49 . 2012-05-04 19:49 -------- d-----r- c:\users\cboyan\Virtual Machines 2012-05-04 18:57 . 2012-05-04 18:57 -------- d-----w- c:\program files\Carbonite 2012-05-04 18:56 . 2012-05-04 18:56 -------- d-----w- c:\programdata\Carbonite 2012-05-04 18:56 . 2012-05-04 18:56 -------- d-----w- c:\program files (x86)\Carbonite 2012-05-02 21:42 . 2012-05-02 21:42 -------- d-----w- c:\program files (x86)\WinMerge 2012-05-02 21:42 . 2008-12-21 13:22 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll 2012-05-02 21:42 . 2008-12-21 13:22 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2012-05-02 21:42 . 2008-12-21 13:22 1047552 ----a-w- c:\windows\SysWow64\mfc71u.dll 2012-05-01 22:15 . 2012-05-01 22:15 -------- d-----w- c:\users\cboyan\AppData\Local\ActiveState 2012-05-01 22:15 . 2012-05-01 22:15 -------- d-----w- c:\program files (x86)\ActiveState Komodo Edit 7 2012-05-01 04:08 . 2012-05-23 14:18 -------- d-----r- c:\users\cboyan\Dropbox 2012-05-01 04:05 . 2012-05-23 14:18 -------- d-----w- c:\users\cboyan\AppData\Roaming\Dropbox 2012-05-01 00:27 . 2012-05-01 00:27 -------- d-----w- c:\program files\7-Zip 2012-04-30 21:35 . 2012-04-30 21:35 -------- d-----w- c:\windows\en 2012-04-30 21:11 . 2012-04-30 21:11 -------- dc----w- c:\windows\system32\DRVSTORE 2012-04-30 21:11 . 2012-03-08 08:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys 2012-04-30 21:11 . 2012-04-30 21:37 -------- d-----w- c:\program files (x86)\Windows Live 2012-04-30 21:09 . 2012-04-30 21:11 -------- d-----w- c:\program files\Windows Live 2012-04-30 21:08 . 2012-05-23 14:45 -------- d-----w- c:\program files (x86)\Microsoft 2012-04-30 21:07 . 2009-09-04 07:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll 2012-04-30 21:07 . 2009-09-04 07:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll 2012-04-30 21:07 . 2009-09-04 07:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll 2012-04-30 21:07 . 2009-09-04 07:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll 2012-04-30 21:07 . 2006-11-29 03:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll 2012-04-30 21:07 . 2006-11-29 03:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll 2012-04-30 21:05 . 2012-05-09 03:06 -------- d-----w- c:\users\cboyan\AppData\Local\Windows Live 2012-04-30 21:05 . 2012-04-30 21:05 -------- d-----w- c:\program files (x86)\Common Files\Windows Live 2012-04-30 20:51 . 2012-04-30 20:51 -------- d-----w- c:\program files (x86)\Toolheap 2012-04-30 06:25 . 2012-04-30 06:25 -------- d-----w- c:\windows\system32\log 2012-04-30 06:24 . 2012-05-16 22:26 -------- d-----w- c:\program files (x86)\Trend Micro 2012-04-28 04:57 . 2012-04-28 04:57 -------- d-----w- c:\users\cboyan\.thumbnails 2012-04-28 04:57 . 2012-05-23 00:42 -------- d-----w- c:\users\cboyan\AppData\Roaming\gtk-2.0 2012-04-28 04:56 . 2012-05-23 00:43 -------- d-----w- c:\users\cboyan\.gimp-2.6 2012-04-28 04:56 . 2012-04-28 04:56 -------- d-----w- c:\program files (x86)\GIMP-2.0 2012-04-27 20:22 . 2012-04-27 20:22 -------- d-----w- c:\users\cboyan\.astah 2012-04-27 19:47 . 2012-04-27 19:47 -------- d-----w- c:\program files\astah-community 2012-04-27 02:58 . 2012-04-27 02:58 -------- d-----w- c:\program files (x86)\Common Files\L&H 2012-04-27 02:58 . 2012-04-27 02:58 -------- d-----w- c:\program files (x86)\Microsoft ActiveSync 2012-04-26 20:28 . 2012-04-26 20:28 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2012-04-26 20:28 . 2012-04-26 20:28 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2012-04-26 20:28 . 2012-04-26 20:28 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe 2012-04-26 20:24 . 2012-04-30 06:30 -------- d-----w- C:\Temp 2012-04-26 03:09 . 2012-04-26 03:09 -------- d-----w- C:\ce63aace5aa4df012bfdc6d67e91dd 2012-04-26 02:25 . 2012-04-26 02:26 -------- d-----w- c:\windows\system32\%drive% 2012-04-26 02:25 . 2012-04-26 02:25 -------- d-----w- c:\programdata\LabTech 2012-04-26 02:25 . 2012-05-24 19:44 -------- d-----w- c:\windows\LTSvc 2012-04-24 21:46 . 2012-05-24 17:03 -------- d-----w- c:\users\cboyan\AppData\Roaming\PrimoPDF 2012-04-24 21:45 . 2011-02-28 22:37 95008 ----a-w- c:\windows\system32\Primomonnt.dll 2012-04-24 21:45 . 2012-04-24 21:45 -------- d-----w- c:\program files (x86)\Nitro PDF . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-24 19:44 . 2012-04-17 07:40 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin 2012-05-23 05:35 . 2012-04-14 05:47 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-23 05:35 . 2012-04-14 05:47 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-04-30 21:10 . 2011-03-28 08:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-04-16 17:10 . 2012-04-14 07:41 2377696 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll 2012-04-14 21:24 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2012-04-14 21:24 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2012-04-14 05:48 . 2012-04-14 05:48 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-04-14 05:48 . 2012-04-14 05:48 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-04-14 05:48 . 2012-04-14 05:48 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2012-04-14 05:48 . 2012-04-14 05:48 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2012-04-14 05:48 . 2012-04-14 05:48 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2012-04-14 05:48 . 2012-04-14 05:48 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2012-04-14 05:48 . 2012-04-14 05:48 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2012-04-14 05:48 . 2012-04-14 05:48 49664 ----a-w- c:\windows\system32\imgutil.dll 2012-04-14 05:48 . 2012-04-14 05:48 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2012-04-14 05:48 . 2012-04-14 05:48 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-04-14 05:48 . 2012-04-14 05:48 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-04-14 05:48 . 2012-04-14 05:48 367104 ----a-w- c:\windows\SysWow64\html.iec 2012-04-14 05:48 . 2012-04-14 05:48 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2012-04-14 05:48 . 2012-04-14 05:48 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2012-04-14 05:48 . 2012-04-14 05:48 222208 ----a-w- c:\windows\system32\msls31.dll 2012-04-14 05:48 . 2012-04-14 05:48 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-04-14 05:48 . 2012-04-14 05:48 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2012-04-14 05:48 . 2012-04-14 05:48 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2012-04-14 05:48 . 2012-04-14 05:48 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2012-04-14 05:48 . 2012-04-14 05:48 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-04-14 05:48 . 2012-04-14 05:48 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-04-14 05:48 . 2012-04-14 05:48 12288 ----a-w- c:\windows\system32\mshta.exe 2012-04-14 05:48 . 2012-04-14 05:48 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2012-04-14 05:48 . 2012-04-14 05:48 114176 ----a-w- c:\windows\system32\admparse.dll 2012-04-14 05:48 . 2012-04-14 05:48 111616 ----a-w- c:\windows\system32\iesysprep.dll 2012-04-14 05:48 . 2012-04-14 05:48 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2012-04-14 05:48 . 2012-04-14 05:48 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2012-04-14 05:48 . 2012-04-14 05:48 85504 ----a-w- c:\windows\system32\iesetup.dll 2012-04-14 05:48 . 2012-04-14 05:48 76800 ----a-w- c:\windows\system32\tdc.ocx 2012-04-14 05:48 . 2012-04-14 05:48 603648 ----a-w- c:\windows\system32\vbscript.dll 2012-04-14 05:48 . 2012-04-14 05:48 448512 ----a-w- c:\windows\system32\html.iec 2012-04-14 05:48 . 2012-04-14 05:48 30720 ----a-w- c:\windows\system32\licmgr10.dll 2012-04-14 05:48 . 2012-04-14 05:48 165888 ----a-w- c:\windows\system32\iexpress.exe 2012-04-14 05:48 . 2012-04-14 05:48 160256 ----a-w- c:\windows\system32\wextract.exe 2012-04-03 19:16 . 2012-04-03 08:03 1562 ----a-w- c:\users\cboyan\advanced_ip_scanner_MAC.bin 2012-03-08 08:50 . 2012-03-08 08:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll 2012-03-08 08:37 . 2012-03-08 08:37 302448 ----a-w- c:\windows\WLXPGSS.SCR 2012-03-01 06:46 . 2012-04-14 19:54 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-03-01 06:38 . 2012-04-14 19:54 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-03-01 06:33 . 2012-04-14 19:54 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-03-01 06:28 . 2012-04-14 19:54 5120 ----a-w- c:\windows\system32\wmi.dll 2012-03-01 05:37 . 2012-04-14 19:54 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-03-01 05:33 . 2012-04-14 19:54 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-03-01 05:29 . 2012-04-14 19:54 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-02-28 06:56 . 2012-04-14 21:05 2311168 ----a-w- c:\windows\system32\jscript9.dll 2012-02-28 06:49 . 2012-04-14 21:05 1390080 ----a-w- c:\windows\system32\wininet.dll 2012-02-28 06:48 . 2012-04-14 21:05 1493504 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-28 06:42 . 2012-04-14 21:05 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-02-28 01:18 . 2012-04-14 21:05 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-02-28 01:11 . 2012-04-14 21:05 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-02-28 01:11 . 2012-04-14 21:05 1127424 ----a-w- c:\windows\SysWow64\wininet.dll 2012-02-28 01:03 . 2012-04-14 21:05 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2010-04-23 08:50 66312 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2010-04-23 08:50 66312 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2010-04-23 08:50 66312 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2010-04-23 08:50 66312 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2010-04-23 08:50 66312 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2010-04-23 08:50 66312 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2010-04-23 08:50 66312 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2010-04-23 08:50 66312 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2010-04-23 08:50 66312 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2012-03-16 11:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2012-03-16 11:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2012-03-16 11:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\cboyan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\cboyan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\cboyan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" [2012-01-09 1712656] "tvncontrol"="c:\windows\LTsvc\tvnserver.exe" [2012-05-24 819200] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Network Monitoring Tray.lnk - c:\windows\LTSvc\LTTray.exe [2012-4-26 1282888] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HideSCAHealth"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux6"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [x] R3 glideusb;GlidePoint USB Touchpad Filter;c:\windows\system32\DRIVERS\glideusb.sys [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [x] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744] R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [x] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-04-23 428384] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752] S2 LTService;Netlink Monitoring Service;c:\windows\LTSvc\LTSVC.exe [2012-04-26 12542976] S2 LTSvcMon;Netlink Monitoring Service CheckUp Util;c:\windows\LTsvc\LTSvcMon.exe [2012-04-26 96768] S2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2012-04-30 50704] S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160] S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880] S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2011-07-12 342288] S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [2011-07-12 42768] S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-17 450848] S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [x] S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x] S3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x] S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2012-03-15 918032] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . Contents of the 'Scheduled Tasks' folder . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2010-04-23 08:50 76040 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2010-04-23 08:50 76040 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2010-04-23 08:50 76040 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2010-04-23 08:50 76040 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2010-04-23 08:50 76040 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2010-04-23 08:50 76040 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2010-04-23 08:50 76040 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2010-04-23 08:50 76040 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2010-04-23 08:50 76040 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2012-03-16 10:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2012-03-16 10:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2012-03-16 10:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\cboyan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\cboyan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\cboyan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\cboyan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html TCP: DhcpNameServer = 61.9.211.1 61.9.211.33 FF - ProfilePath - c:\users\cboyan\AppData\Roaming\Mozilla\Firefox\Profiles\bws4egot.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3201318&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3201318&SearchSource=13 FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3201318&SearchSource=2&q= . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-810749614-2223256550-641000648-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-810749614-2223256550-641000648-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe . ************************************************************************** . Completion time: 2012-05-25 05:49:42 - machine was rebooted ComboFix-quarantined-files.txt 2012-05-24 19:49 . Pre-Run: 618,253,783,040 bytes free Post-Run: 618,235,539,456 bytes free . - - End Of File - - B47F320AA62F48DF12CD10C6EAE76C69 TDSSKiller.2.7.37.0_25.05.2012_05.28.38_log.txt

Hi, I stupidly clicked on a prompt to update my flashplayer after a link was sent to my in a Skype chat. I seem to have some kind of malware installed on my system. Trend Micro keeps notifying me that it has blocked access to an unauthorised URL. I have run Malwarebytes full scan in safe mode and it finds and, presumably, removes some threats but the problem persists. I also get an error "Ordinal 1108 could not be located in dynamic link library WSOCK32.dll" if I try to do nslookup from a command window. The contents of DDS.txt are posted below and Attach.txt is attached to the post. Thanks in advance for any assistance you can give me ... DDS.txt ----------------------------------------------------------------------------------------------------------------------------------------------- DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1 Run by cboyan at 3:55:56 on 2012-05-25 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.6135.3291 [GMT 10:00] . AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92} SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Trend Micro Personal Firewall *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Tablet\Pen\Pen_TouchService.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Windows\system32\svchost.exe -k apphost C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\inetsrv\inetinfo.exe C:\Windows\LTSvc\LTSVC.exe C:\Windows\system32\mqsvc.exe c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe C:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Tablet\Pen\Pen_Tablet.exe C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe C:\Windows\system32\svchost.exe -k iissvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\mqtgsvc.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\WUDFHost.exe C:\Windows\LTsvc\LTSvcMon.exe C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe C:\Windows\system32\taskhost.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Tablet\Pen\Pen_TouchUser.exe C:\Windows\system32\Dwm.exe C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Windows\Explorer.EXE C:\Program Files\Tablet\Pen\Pen_TabletUser.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Program Files\Tablet\Pen\Pen_Tablet.exe C:\Windows\LTSvc\LTTray.exe C:\Program Files (x86)\Trend Micro\Client Server Security Agent\PccNtMon.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\splwow64.exe C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\SysWOW64\ping.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\ping.exe C:\Windows\system32\conhost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Windows\SysWOW64\ping.exe C:\Windows\system32\conhost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit=userinit.exe, BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1045\TmIEPlg32.dll BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll mRun: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow mRun: [tvncontrol] "C:\Windows\LTsvc\tvnserver.exe" -controlservice -slave StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETWOR~1.LNK - C:\Windows\LTSvc\LTTray.exe uPolicies-explorer: NoWindowsUpdate = 0 mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-explorer: HideSCAHealth = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: SoftwareSASGeneration = 1 (0x1) IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: Show RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab TCP: DhcpNameServer = 61.9.211.1 61.9.211.33 TCP: Interfaces\{E80238AC-93C5-4C13-BC8B-B98999697328} : DhcpNameServer = 61.9.211.1 61.9.211.33 Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1045\TmIEPlg32.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1045\TmIEPlg32.dll BHO-X64: Trend Micro NSC BHO - No File BHO-X64: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll BHO-X64: RoboForm BHO - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll TB-X64: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File mRun-x64: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow mRun-x64: [tvncontrol] "C:\Windows\LTsvc\tvnserver.exe" -controlservice -slave Hosts: 202.191.49.70 clone.cvcheck.biz Hosts: 202.191.49.70 migrate.cvcheck.biz Hosts: 192.168.1.2 cvsbs . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\cboyan\AppData\Roaming\Mozilla\Firefox\Profiles\bws4egot.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3201318&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3201318&SearchSource=13 FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3201318&SearchSource=2&q= FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll . ============= SERVICES / DRIVERS =============== . R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-5-23 913752] R2 LTService;Netlink Monitoring Service;C:\Windows\LTSvc\LTSVC.exe [2012-4-26 12542976] R2 LTSvcMon;Netlink Monitoring Service CheckUp Util;C:\Windows\LTSvc\LTSvcMon.exe [2012-4-26 96768] R2 svcGenericHost;Trend Micro Client/Server Security Agent;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2012-4-30 50704] R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2012-5-21 6583160] R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-5-8 2666880] R2 TmFilter;Trend Micro Filter;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2011-7-12 342288] R2 TmPreFilter;Trend Micro PreFilter;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmpreflt.sys [2011-7-12 42768] R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2012-5-21 528760] R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848] R3 CompFilter64;UVCCompositeFilter;C:\Windows\system32\DRIVERS\lvbflt64.sys --> C:\Windows\system32\DRIVERS\lvbflt64.sys [?] R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?] R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?] R3 LVUVC64;Logitech HD Pro Webcam C910(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?] R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2012-3-15 918032] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe --> C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [?] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840] S3 glideusb;GlidePoint USB Touchpad Filter;C:\Windows\system32\DRIVERS\glideusb.sys --> C:\Windows\system32\DRIVERS\glideusb.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-27 129976] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WMSVC;Web Management Service;C:\Windows\system32\inetsrv\wmsvc.exe --> C:\Windows\system32\inetsrv\wmsvc.exe [?] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744] S4 RsFx0150;RsFx0150 Driver;C:\Windows\system32\DRIVERS\RsFx0150.sys --> C:\Windows\system32\DRIVERS\RsFx0150.sys [?] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-4-24 428384] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-05-23 23:42:57 -------- d-----w- C:\Users\cboyan\AppData\Roaming\Malwarebytes 2012-05-23 23:42:28 -------- d-----w- C:\ProgramData\Malwarebytes 2012-05-23 23:42:26 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-05-23 23:42:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-05-23 22:36:46 249856 ------w- C:\Windows\Setup1.exe 2012-05-23 22:36:44 73216 ----a-w- C:\Windows\ST6UNST.EXE 2012-05-23 15:05:59 -------- d-----w- C:\ProgramData\AVAST Software 2012-05-23 15:05:59 -------- d-----w- C:\Program Files\AVAST Software 2012-05-23 14:52:04 -------- d-----w- C:\Windows\pss 2012-05-23 05:21:41 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-23 05:21:41 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL 2012-05-23 05:21:41 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll 2012-05-23 05:21:41 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll 2012-05-23 05:21:41 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-23 05:21:23 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-23 05:21:23 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-23 05:21:23 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-23 05:21:23 3146240 ----a-w- C:\Windows\System32\win32k.sys 2012-05-23 05:12:49 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-05-23 05:12:40 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2012-05-23 05:07:04 1544704 ----a-w- C:\Windows\System32\DWrite.dll 2012-05-23 05:07:04 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-05-23 05:06:26 -------- d-----w- C:\Program Files (x86)\MSXML 4.0 2012-05-23 05:06:15 902656 ----a-w- C:\Windows\System32\d2d1.dll 2012-05-23 05:06:15 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll 2012-05-23 05:06:15 1139200 ----a-w- C:\Windows\System32\FntCache.dll 2012-05-23 05:04:26 24408 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe 2012-05-23 04:57:57 -------- d-----w- C:\ProgramData\IObit 2012-05-23 04:57:46 -------- d-----w- C:\Users\cboyan\AppData\Roaming\IObit 2012-05-23 04:57:42 -------- d-----w- C:\Program Files (x86)\IObit 2012-05-23 04:35:37 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-05-22 16:16:32 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{798E5394-519C-4EE3-B5D0-25CE05F5B854}\mpengine.dll 2012-05-21 22:37:11 -------- d-----r- C:\Users\cboyan\AppData\Roaming\Brother 2012-05-21 05:35:49 -------- d-----w- C:\Users\cboyan\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1 2012-05-21 05:34:10 -------- d-----w- C:\Users\cboyan\AppData\Roaming\Wacom 2012-05-21 05:34:03 -------- d-----w- C:\ProgramData\Wacom 2012-05-21 05:33:47 -------- d-----w- C:\Program Files (x86)\Bamboo Dock 2012-05-21 05:32:07 1326456 ----a-w- C:\Windows\System32\Pen_Touch_Tablet.dll 2012-05-21 05:32:07 1107832 ----a-w- C:\Windows\SysWow64\Pen_Touch_Tablet.dll 2012-05-21 05:32:07 -------- d-----w- C:\Users\cboyan\AppData\Roaming\WTablet 2012-05-21 05:32:01 -------- d-----w- C:\Program Files (x86)\TabletPlugins 2012-05-21 05:31:55 12848 ----a-w- C:\Windows\System32\drivers\wacommousefilter.sys 2012-05-21 05:31:50 16168 ----a-w- C:\Windows\System32\drivers\wacomvhid.sys 2012-05-21 05:31:49 1152888 ----a-w- C:\Windows\SysWow64\WacomMT.dll 2012-05-21 05:31:48 1665400 ----a-w- C:\Windows\System32\Pen_Tablet.dll 2012-05-21 05:31:48 1401208 ----a-w- C:\Windows\System32\Wintab32.dll 2012-05-21 05:31:48 1392504 ----a-w- C:\Windows\System32\WacomMT.dll 2012-05-21 05:31:48 1369464 ----a-w- C:\Windows\SysWow64\Pen_Tablet.dll 2012-05-21 05:31:48 1156472 ----a-w- C:\Windows\SysWow64\Wintab32.dll 2012-05-21 05:31:46 -------- d-----w- C:\Program Files\Tablet 2012-05-19 07:49:46 -------- d-----w- C:\Users\cboyan\AppData\Roaming\NCH Software 2012-05-18 05:47:08 -------- d-----w- C:\Program Files (x86)\TortoiseHg 2012-05-18 05:46:50 -------- d-----w- C:\Program Files\TortoiseHg 2012-05-18 05:23:23 -------- d-----w- C:\Windows\System32\appmgmt 2012-05-18 05:19:51 -------- d-----w- C:\Program Files (x86)\Kiln Client 2012-05-18 05:19:49 -------- d-----w- C:\Users\cboyan\AppData\Local\KilnExtensions 2012-05-16 18:52:10 60304 ----a-w- C:\Users\cboyan\g2mdlhlpx.exe 2012-05-10 19:24:33 -------- d-----w- C:\Users\cboyan\AppData\Roaming\TortoiseHg 2012-05-10 06:08:37 -------- d-----w- C:\Program Files (x86)\SQL Accessories 2012-05-10 06:06:55 -------- d-----w- C:\Users\cboyan\AppData\Roaming\TulaSoft 2012-05-10 04:10:58 -------- d-----w- C:\Windows\SysWow64\QuickTime 2012-05-10 04:10:39 -------- d-----w- C:\Program Files (x86)\Common Files\TechSmith Shared 2012-05-09 20:48:30 -------- d-----w- C:\Users\cboyan\.swt 2012-05-09 20:45:24 -------- d-----w- C:\Program Files (x86)\thinkorswim 2012-05-09 20:01:01 -------- d-----w- C:\Program Files (x86)\Oracle 2012-05-09 20:00:23 772552 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-05-09 03:03:28 -------- d-----w- C:\Users\cboyan\AppData\Local\{E289215B-1F86-4400-BE44-DC5784E35EF6} 2012-05-09 03:02:40 -------- d-----w- C:\Users\cboyan\AppData\Local\{D33BAB55-974A-4B4B-B277-BC5F03DAD539} 2012-05-08 12:13:54 -------- d-----w- C:\Program Files (x86)\Git 2012-05-08 11:12:22 -------- d-----w- C:\Users\cboyan\AppData\Local\{48C39E50-5A33-4F67-B5E2-1403442B3927} 2012-05-08 11:12:09 -------- d-----w- C:\Users\cboyan\AppData\Roaming\Windows Live Writer 2012-05-08 11:12:09 -------- d-----w- C:\Users\cboyan\AppData\Local\Windows Live Writer 2012-05-08 06:54:11 -------- d-----w- C:\Users\cboyan\AppData\Local\Apps 2012-05-08 06:54:10 -------- d-----w- C:\Users\cboyan\AppData\Local\Deployment 2012-05-08 00:45:36 -------- d-----w- C:\Program Files (x86)\TeamViewer 2012-05-08 00:44:17 -------- d-----w- C:\Users\cboyan\AppData\Roaming\TeamViewer 2012-05-07 05:45:38 -------- d-----w- C:\Program Files (x86)\Singorama 2012-05-07 01:33:53 -------- d-----w- C:\Program Files (x86)\WinDirStat 2012-05-07 00:24:27 -------- d-----w- C:\Users\cboyan\AppData\Roaming\XMind 2012-05-07 00:24:15 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-05-07 00:23:40 -------- d-----w- C:\Program Files (x86)\XMind 2012-05-04 21:18:02 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-05-04 19:49:30 -------- d-----r- C:\Users\cboyan\Virtual Machines 2012-05-04 18:57:07 -------- d-----w- C:\Program Files\Carbonite 2012-05-04 18:56:41 -------- d-----w- C:\ProgramData\Carbonite 2012-05-04 18:56:41 -------- d-----w- C:\Program Files (x86)\Carbonite 2012-05-02 21:42:23 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2012-05-02 21:42:23 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2012-05-02 21:42:23 1047552 ----a-w- C:\Windows\SysWow64\mfc71u.dll 2012-05-02 21:42:23 -------- d-----w- C:\Program Files (x86)\WinMerge 2012-05-01 22:15:45 -------- d-----w- C:\Users\cboyan\AppData\Local\ActiveState 2012-05-01 22:15:05 -------- d-----w- C:\Program Files (x86)\ActiveState Komodo Edit 7 2012-05-01 04:08:06 -------- d-----r- C:\Users\cboyan\Dropbox 2012-05-01 04:05:33 -------- d-----w- C:\Users\cboyan\AppData\Roaming\Dropbox 2012-04-30 21:35:28 -------- d-----w- C:\Windows\en 2012-04-30 21:11:50 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys 2012-04-30 21:08:45 -------- d-----w- C:\Program Files (x86)\Microsoft 2012-04-30 21:08:40 7450888 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\69ce11441cd271505\bingbarsetup.exe 2012-04-30 21:08:01 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\53a1ee581cd271504\MeshBetaRemover.exe 2012-04-30 21:07:53 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll 2012-04-30 21:07:53 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll 2012-04-30 21:07:52 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll 2012-04-30 21:07:52 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll 2012-04-30 21:07:37 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\44b1b5091cd271503\DSETUP.dll 2012-04-30 21:07:37 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\44b1b5091cd271503\DXSETUP.exe 2012-04-30 21:07:37 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\44b1b5091cd271503\dsetup32.dll 2012-04-30 21:07:14 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll 2012-04-30 21:07:14 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll 2012-04-30 21:07:02 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2f8c30841cd271502\DSETUP.dll 2012-04-30 21:07:02 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2f8c30841cd271502\DXSETUP.exe 2012-04-30 21:07:02 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2f8c30841cd271502\dsetup32.dll 2012-04-30 21:05:14 -------- d-----w- C:\Users\cboyan\AppData\Local\Windows Live 2012-04-30 21:05:13 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live 2012-04-30 20:51:55 -------- d-----w- C:\Program Files (x86)\Toolheap 2012-04-30 06:25:32 -------- d-----w- C:\Windows\System32\log 2012-04-30 06:24:52 -------- d-----w- C:\Program Files (x86)\Trend Micro 2012-04-28 04:57:22 -------- d-----w- C:\Users\cboyan\.thumbnails 2012-04-28 04:56:24 -------- d-----w- C:\Users\cboyan\.gimp-2.6 2012-04-28 04:56:12 -------- d-----w- C:\Program Files (x86)\GIMP-2.0 2012-04-27 20:22:37 -------- d-----w- C:\Users\cboyan\.astah 2012-04-27 19:47:07 -------- d-----w- C:\Program Files\astah-community 2012-04-27 02:58:39 -------- d-----w- C:\Program Files (x86)\Common Files\L&H 2012-04-27 02:58:35 -------- d-----w- C:\Program Files (x86)\Microsoft ActiveSync 2012-04-26 20:28:47 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service 2012-04-26 20:28:46 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2012-04-26 20:28:46 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe 2012-04-26 20:24:57 -------- d-----w- C:\Temp 2012-04-26 03:09:09 -------- d-----w- C:\ce63aace5aa4df012bfdc6d67e91dd 2012-04-26 02:25:37 -------- d-----w- C:\Windows\System32\%drive% 2012-04-26 02:25:32 -------- d-----w- C:\ProgramData\LabTech 2012-04-26 02:25:24 -------- d-----w- C:\Windows\LTSvc 2012-04-24 21:46:28 -------- d-----w- C:\Users\cboyan\AppData\Roaming\PrimoPDF 2012-04-24 21:45:43 95008 ----a-w- C:\Windows\System32\Primomonnt.dll 2012-04-24 21:45:42 -------- d-----w- C:\Program Files (x86)\Nitro PDF . ==================== Find3M ==================== . 2012-05-23 05:35:52 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-23 05:35:52 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-04-14 21:24:06 175616 ----a-w- C:\Windows\System32\msclmd.dll 2012-04-14 21:24:06 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2012-04-03 19:16:02 1562 ----a-w- C:\Users\cboyan\advanced_ip_scanner_MAC.bin 2012-03-08 08:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll 2012-03-08 08:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR 2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll 2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll 2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll 2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll 2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb . ============= FINISH: 3:56:14.04 =============== Attach.txt