Jump to content


Photo
- - - - -

Ping.exe and redirects


  • This topic is locked This topic is locked
14 replies to this topic

#1 TwoSnout

TwoSnout

    New Member

  • Members
  • Pip
  • 7 posts

Posted 31 March 2012 - 07:43 AM

Hello,

A few days ago I noticed Ping.exe was taking up a huge amount of CPU time and firefox would periodically redirect me to some random site. I downloaded malwarebytes and ran a scan. It detectect several trojans which I then quarantined and deleted. Upon reboot the ping.exe and redirects continued. Now, when I run a Malwarebytes scan, it does not detect anything. Thanks for any help you can provide. Below are DDS, Attach, and Mbam log:

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by TwoSnoutMBA at 7:45:18 on 2012-03-31
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2117 [GMT -4:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
C:\Windows\system32\lxducoms.exe
C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Windows\notepad.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [Google Update] "C:\Users\TwoSnoutMBA\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
StartupFolder: C:\Users\TWOSNO~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://access.wakemed.org/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{1291FAB0-CC32-4D1E-A337-1C844D73F044} : DhcpNameServer = 10.4.5.100 10.4.2.100
TCP: Interfaces\{704E985C-BA21-4EB2-B339-DFB961B7FC73} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{BB6EC35C-293A-4E70-B0FD-15E1DB8B7EAA} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{BB6EC35C-293A-4E70-B0FD-15E1DB8B7EAA}\16474777966696 : DhcpNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{BB6EC35C-293A-4E70-B0FD-15E1DB8B7EAA}\24C657560284F6573756 : DhcpNameServer = 207.69.188.186 207.69.188.187
TCP: Interfaces\{BB6EC35C-293A-4E70-B0FD-15E1DB8B7EAA}\34570714A4F65602143636563737022556175796275637020557273686163756 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BB6EC35C-293A-4E70-B0FD-15E1DB8B7EAA}\4425147414E414D27657563747 : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.33.1
TCP: Interfaces\{BB6EC35C-293A-4E70-B0FD-15E1DB8B7EAA}\541637476596C6C6167656 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BB6EC35C-293A-4E70-B0FD-15E1DB8B7EAA}\753405C475946494 : DhcpNameServer = 24.25.5.60 24.25.5.61
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\TwoSnoutMBA\AppData\Roaming\Mozilla\Firefox\Profiles\bnb1am0k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.drudgereport.com/
FF - prefs.js: network.proxy.type - 4
FF - component: C:\Users\TwoSnoutMBA\AppData\Roaming\Mozilla\Firefox\Profiles\bnb1am0k.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
FF - component: C:\Users\TwoSnoutMBA\AppData\Roaming\Mozilla\Firefox\Profiles\bnb1am0k.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\TwoSnoutMBA\AppData\Roaming\Mozilla\Firefox\Profiles\bnb1am0k.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\TwoSnoutMBA\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\TwoSnoutMBA\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [2010-5-31 89600]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-8-12 810144]
R2 lxdu_device;lxdu_device;C:\Windows\system32\lxducoms.exe -service --> C:\Windows\system32\lxducoms.exe -service [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-29 652360]
R2 RosettaStoneDaemon;RosettaStoneDaemon;C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2009-9-3 444224]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-7-5 705856]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
S2 lxduCATSCustConnectService;lxduCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxduserv.exe [2008-5-23 29184]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-28 253600]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
.
=============== Created Last 30 ================
.
2012-03-29 16:28:44 -------- d-----w- C:\Users\TwoSnoutMBA\AppData\Roaming\Malwarebytes
2012-03-29 16:28:28 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-29 16:28:27 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-29 16:28:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-29 14:24:58 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-28 15:58:19 8738464 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-03-28 15:38:24 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-03-28 15:38:02 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-03-28 15:36:55 -------- d-----we C:\Windows\system64
2012-03-27 15:59:16 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{14D8FC0A-F989-4566-A94A-F7B48B710E70}\mpengine.dll
2012-03-25 19:59:30 20569 ----a-w- C:\Windows\gsk7bui.exe
2012-03-25 19:59:26 306688 ----a-w- C:\Windows\IsUninst.exe
2012-03-25 19:57:41 -------- d-----w- C:\Program Files (x86)\IBM
2012-03-25 19:54:41 -------- d-----w- C:\ProgramData\IBM
2012-03-25 19:44:14 -------- d-----w- C:\Users\TwoSnoutMBA\AppData\Roaming\zubc
2012-03-25 19:44:10 -------- d-----w- C:\Program Files (x86)\ZUBC
2012-03-25 19:43:15 -------- d-----w- C:\Users\TwoSnoutMBA\AppData\Roaming\bytewdownload
2012-03-22 18:33:45 -------- d-----w- C:\Users\TwoSnoutMBA\AppData\Roaming\OpenOffice.org
2012-03-22 18:30:31 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2012-03-18 15:55:35 -------- d-----w- C:\Users\TwoSnoutMBA\AppData\Local\Google
2012-03-18 12:19:42 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-18 12:19:42 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-15 11:10:57 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-15 11:10:56 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-15 11:10:56 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 14:17:11 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 14:17:09 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 14:17:09 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 14:16:27 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 14:16:27 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 14:16:27 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 14:16:27 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-14 14:16:26 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 14:16:26 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 14:16:26 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
.
==================== Find3M ====================
.
2012-03-29 16:58:16 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 13:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
.
============= FINISH: 7:45:43.78 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/13/2010 1:07:13 PM
System Uptime: 3/30/2012 4:50:21 PM (15 hours ago)
.
Motherboard: Dell Inc. | | 0F642T
Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz | Microprocessor | 2300/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 218 GiB total, 13.344 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Juniper Network Connect Virtual Adapter
Device ID: ROOT\DSNCADPT\0000
Manufacturer: Juniper
Name: Juniper Network Connect Virtual Adapter
PNP Device ID: ROOT\DSNCADPT\0000
Service: dsNcAdpt
.
==== System Restore Points ===================
.
RP228: 3/20/2012 11:48:37 AM - Windows Update
RP229: 3/22/2012 2:25:10 PM - Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
RP230: 3/22/2012 2:26:16 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP231: 3/22/2012 2:29:30 PM - Installed Java™ 6 Update 22
RP232: 3/22/2012 2:30:05 PM - Installed OpenOffice.org 3.3
RP233: 3/27/2012 7:22:26 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe Reader 9.4.6
Advanced Audio FX Engine
Apple Application Support
Apple Software Update
Audacity 1.3.12 (Unicode)
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Click to Call with Skype
CRT-71
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Webcam Central
DPL 7
DPL 7 Demo
ECL Viewer
Express Zip File Compression Software
FFmpeg for Audacity on Windows
FlipShare
Frontline Excel Solvers V11.5
Google Calendar Sync
Google Chrome
GoToAssist 8.0.0.514
GoToMeeting 4.5.0.457
HamsterFreeVideoConverter
IBM Installation Manager
Internet TV for Windows Media Center
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 29
Juniper Networks Network Connect 6.5.0
Juniper Networks Setup Client
Junk Mail filter update
Lexmark Printable Web
Live! Cam Avatar Creator
LoJack Factory Installer
Malwarebytes Anti-Malware version 1.60.1.1000
Markstrat Team
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Click-to-Run 2010
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Starter 2010 - English
Microsoft Office Word MUI (English) 2007
Microsoft redistributable runtime DLLs VS2005 SP1(x86)
Microsoft redistributable runtime DLLs VS2008 SP1(x86)
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
microsoft.vs6
Mozilla Firefox 11.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
msxml4sys32
OnLive
OpenOffice.org 3.3
PowerDVD DX
QuickTime
Rosetta Stone Ltd Services
Roxio Burn
Safari
SAP Business Explorer
SAP GUI for Windows 7.20
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Skype™ 5.5
sqaote32
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VitalSource Bookshelf
VLC media player 1.1.9
WebEx
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.01 (32-bit)
Xtranormal State
Xtranormal State - Showpak-Beiges
Xtranormal State - Showpak-FM-Preview
Xtranormal State - SoundPack-Starter Kit
Xtranormal State - Voicepack-British-Graham22k
Xtranormal State - Voicepack-British-Lucy22k
Xtranormal State - Voicepack-English-UK-Daniel
Xtranormal State - Voicepack-English-UK-Serena
Xtranormal State - Voicepack-English-US-Samantha
Xtranormal State - Voicepack-English-US-Tom
Xtranormal State - Voicepack-USEnglish-Heather22k
Xtranormal State - Voicepack-USEnglish-Ryan22k
Zip Unzip By Click 1.0
.
==== Event Viewer Messages From Past Week ========
.
3/31/2012 7:24:19 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
3/31/2012 7:19:14 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
3/29/2012 8:20:52 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
3/29/2012 8:20:52 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxduCATSCustConnectService service to connect.
3/29/2012 8:20:52 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
3/29/2012 8:20:52 PM, Error: Service Control Manager [7000] - The lxduCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/29/2012 8:20:51 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
3/29/2012 8:20:50 PM, Error: Service Control Manager [7003] - The epfwwfpr service depends the following service: BFE. This service might not be installed.
3/29/2012 8:20:42 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa80036ddb60, 0xfffff80000b9c4d0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032912-25381-01.
3/29/2012 8:18:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
3/29/2012 8:17:44 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
3/29/2012 8:15:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
3/29/2012 8:14:44 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
3/29/2012 8:13:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UxSms service.
3/29/2012 8:10:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
3/29/2012 12:41:28 PM, Error: Service Control Manager [7023] - The SPService service terminated with the following error: The specified module could not be found.
3/27/2012 8:59:20 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer TURNIP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BB6EC35C-293A-4E70-B0FD-15E1DB8B7EAA}. The master browser is stopping or an election is being forced.
3/27/2012 8:55:22 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer MAURICIO-LAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BB6EC35C-293A-4E70-B0FD-15E1DB8B7EAA}. The master browser is stopping or an election is being forced.
3/27/2012 8:48:58 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer AVNI-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BB6EC35C-293A-4E70-B0FD-15E1DB8B7EAA}. The master browser is stopping or an election is being forced.
3/27/2012 8:41:47 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 152.14.217.146. The computer with the IP address 152.14.218.97 did not allow the name to be claimed by this computer.
3/27/2012 8:31:22 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 152.14.217.146. The computer with the IP address 152.14.218.203 did not allow the name to be claimed by this computer.
3/27/2012 7:59:29 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer MITCHIEE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BB6EC35C-293A-4E70-B0FD-15E1DB8B7EAA}. The master browser is stopping or an election is being forced.
3/27/2012 7:57:39 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer VAIO that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BB6EC35C-293A-4E70-B0FD-15E1DB8B7EAA}. The master browser is stopping or an election is being forced.
3/27/2012 7:36:24 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 152.14.217.146. The computer with the IP address 152.14.217.248 did not allow the name to be claimed by this computer.
3/27/2012 7:22:33 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 152.14.217.146. The computer with the IP address 152.14.223.206 did not allow the name to be claimed by this computer.
3/27/2012 7:11:10 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FlipShare Service service.
3/27/2012 6:39:04 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 152.14.217.146. The computer with the IP address 152.14.217.141 did not allow the name to be claimed by this computer.
3/27/2012 6:08:12 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer SAHAR-THINK that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BB6EC35C-293A-4E70-B0FD-15E1DB8B7EAA}. The master browser is stopping or an election is being forced.
3/26/2012 6:12:12 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 152.14.218.234. The computer with the IP address 152.14.218.221 did not allow the name to be claimed by this computer.
3/26/2012 4:12:17 PM, Error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
3/26/2012 4:11:49 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 152.14.217.101. The computer with the IP address 152.14.221.182 did not allow the name to be claimed by this computer.
3/26/2012 11:35:30 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
.
==== End Of File ===========================

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.29.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
TwoSnoutMBA :: TWOSNOUTMBA-PC [administrator]

Protection: Enabled

3/29/2012 12:31:41 PM
mbam-log-2012-03-29 (12-31-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219845
Time elapsed: 6 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\sp.DLL (TrojanProxy.Agent) -> Delete on reboot.

Registry Keys Detected: 4
HKCR\CLSID\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKCR\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKLM\System\CurrentControlSet\Services\SPService (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{96AFBE69-C3B0-4B00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Data: sp -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost|netsvc (TrojanProxy.Agent) -> Data: SPService^^ -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Adobe\sp.DLL (TrojanProxy.Agent) -> Delete on reboot.
C:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\sp.DLL (TrojanProxy.Agent) -> Delete on reboot.

(end)

#2 CatByte

CatByte

    Staff

  • Moderators
  • PipPipPipPipPip
  • 1,227 posts
  • Gender:Female
  • Location:Canada

Posted 31 March 2012 - 08:45 PM

Hi,

Please run the following:

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]
Product Support
staff.png

Follow us: Twitter, Become a fan: Facebook

#3 TwoSnout

TwoSnout

    New Member

  • Members
  • Pip
  • 7 posts

Posted 01 April 2012 - 10:20 PM

Per your instructions, here is the frst.txt log:

Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 01-04-2012 23:06:13
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1808680 2009-06-25] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-02-25] (IDT, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [165912 2010-02-21] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [387608 2010-02-21] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [365592 2010-02-21] (Intel Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [lxdumon.exe] "C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe" [676520 2008-09-10] ()
HKLM\...\Run: [lxduamon] "C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe" [16040 2008-09-10] ()
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [2916584 2010-08-12] (ESET)
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807680 2010-02-09] ()
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-12-29] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] ()
HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [103768 2009-09-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-09-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-08] (Apple Inc.)
HKLM-x32\...\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1059984 2012-03-16] (Carbonite, Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Pente\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [460872 2012-01-13] (Malwarebytes Corporation)
HKU\Mcx1-TWOSNOUTMBA-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)
HKU\TwoSnoutMBA\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2011-11-11] (Apple Inc.)
HKU\TwoSnoutMBA\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59240 2011-11-11] (Apple Inc.)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-13] (Dell)
HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165184 2011-01-13] (Softthinks)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

==================== Services (Whitelisted) ======

2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
2 CarboniteService; "C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe" [6684304 2012-03-16] (Carbonite, Inc. (www.carbonite.com))
3 EhttpSrv; "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" [42360 2010-08-12] (ESET)
2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [810144 2010-08-12] (ESET)
2 FlipShare Service; "C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe" [460144 2010-09-17] ()
2 lxduCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe [29184 2009-10-16] (Lexmark International, Inc.)
2 lxdu_device; C:\Windows\system32\lxducoms.exe -service [1039360 2009-10-16] ( )
2 lxdu_device; C:\Windows\SysWow64\lxducoms.exe -service [594600 2008-05-23] ( )
2 MailService; C:\Program Files (x86)\IBM\RationalSDLC\ClearQuest\mailservice.exe [81408 2010-07-30] (IBM Corporation)
2 MBAMService; "C:\Pente\Malwarebytes' Anti-Malware\mbamservice.exe" [652360 2012-01-13] (Malwarebytes Corporation)
3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [64856 2009-02-26] (Microsoft Corporation)
2 RosettaStoneDaemon; "C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe" [444224 2009-09-03] (Rosetta Stone Ltd.)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe [244736 2010-02-25] (IDT, Inc.)

========================== Drivers (Whitelisted) =============

1 ctxusbm; C:\Windows\System32\Drivers\ctxusbm.sys [87600 2009-09-08] (Citrix Systems, Inc.)
3 dsNcAdpt; C:\Windows\System32\Drivers\dsNcAdpt.sys [32768 2009-08-12] (Juniper Networks)
2 eamonm; C:\Windows\System32\Drivers\eamonm.sys [168544 2010-07-29] (ESET)
1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [141264 2010-07-29] (ESET)
2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [126320 2010-07-29] (ESET)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [23152 2011-12-10] (Malwarebytes Corporation)

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-04-01 20:31 - 2009-07-13 20:14 - 0020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-04-01 20:30 - 2012-04-01 20:30 - 0000000 ____A C:\Windows\SysWOW64\shoEEB2.tmp
2012-04-01 20:29 - 2012-04-01 21:04 - 0010934 ____A C:\Users\TwoSnoutMBA\Desktop\Case 2 Executive summary.docx
2012-04-01 20:12 - 2012-04-01 20:12 - 0044274 ____A C:\Users\TwoSnoutMBA\Downloads\xhan2_vnaraya2_Case_1_ExecSummary.docx
2012-04-01 11:41 - 2011-12-10 14:24 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-01 11:38 - 2012-04-01 11:39 - 9502424 ____A (Malwarebytes Corporation ) C:\Users\TwoSnoutMBA\Downloads\mbam--setup-1.60.1.1000.exe
2012-04-01 09:52 - 2012-04-01 09:52 - 0041984 ____A C:\Users\TwoSnoutMBA\Downloads\Case_2_Dataset(3).xls
2012-04-01 08:23 - 2012-04-01 08:23 - 0002134 ____A C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2012-04-01 08:23 - 2012-04-01 08:23 - 0002134 ____A C:\Users\All Users\Desktop\Carbonite InfoCenter.lnk
2012-04-01 08:23 - 2012-04-01 08:23 - 0000000 ____D C:\Users\All Users\Carbonite
2012-04-01 08:23 - 2012-04-01 08:23 - 0000000 ____D C:\Users\All Users\Application Data\Carbonite
2012-04-01 08:23 - 2012-04-01 08:23 - 0000000 ____D C:\ProgramData\Carbonite
2012-04-01 08:23 - 2012-04-01 08:23 - 0000000 ____D C:\Program Files\Carbonite
2012-04-01 08:23 - 2012-04-01 08:23 - 0000000 ____D C:\Program Files (x86)\Carbonite
2012-03-31 16:53 - 2012-03-31 17:46 - 0000000 ____D C:\Users\TwoSnoutMBA\Application Data\Remote
2012-03-31 16:53 - 2012-03-31 17:46 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Roaming\Remote
2012-03-31 06:36 - 2012-03-31 06:36 - 0024950 ____A C:\Users\TwoSnoutMBA\Desktop\DDS.txt
2012-03-29 17:08 - 2012-03-29 17:08 - 0739864 ____A (Google Inc.) C:\Users\TwoSnoutMBA\Downloads\ChromeSetup.exe
2012-03-29 11:39 - 2012-03-29 11:39 - 0004288 ____A C:\Users\TwoSnoutMBA\My Documents\mbam-log-2012-03-29 (12-31-41).txt
2012-03-29 11:39 - 2012-03-29 11:39 - 0004288 ____A C:\Users\TwoSnoutMBA\Documents\mbam-log-2012-03-29 (12-31-41).txt
2012-03-29 11:28 - 2012-04-01 09:06 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-29 11:28 - 2012-03-29 11:28 - 0000000 ____D C:\Users\TwoSnoutMBA\Application Data\Malwarebytes
2012-03-29 11:28 - 2012-03-29 11:28 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Roaming\Malwarebytes
2012-03-29 11:28 - 2012-03-29 11:28 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-03-29 11:28 - 2012-03-29 11:28 - 0000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-03-29 11:28 - 2012-03-29 11:28 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-03-29 11:06 - 2012-03-29 11:27 - 0127202 ____A C:\TDSSKiller.2.7.23.0_29.03.2012_12.06.54_log.txt
2012-03-29 09:24 - 2012-03-29 11:27 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-03-29 09:23 - 2012-03-29 09:25 - 0127400 ____A C:\TDSSKiller.2.7.23.0_29.03.2012_10.23.07_log.txt
2012-03-28 18:47 - 2012-03-29 06:08 - 0000000 ____D C:\Users\TwoSnoutMBA\Desktop\Lecture 9
2012-03-28 10:36 - 2012-03-28 10:36 - 0000000 ____D C:\Windows\system64
2012-03-27 18:25 - 2012-03-27 18:25 - 0739192 ____A C:\Users\TwoSnoutMBA\Downloads\Dealer_Aggregate_Demand.xlsx
2012-03-27 18:11 - 2012-03-27 18:12 - 0528914 ____A C:\Users\TwoSnoutMBA\Downloads\inventory_plots_update.xlsx
2012-03-27 17:05 - 2012-03-27 17:05 - 0011257 ____A C:\Users\TwoSnoutMBA\Downloads\Q-R_Spreadsheet_Student_Blank.xlsx
2012-03-27 17:05 - 2012-03-27 17:05 - 0011257 ____A C:\Users\TwoSnoutMBA\Downloads\Q-R_Spreadsheet_Student_Blank(1).xlsx
2012-03-26 19:40 - 2012-03-26 19:40 - 0011941 ____A C:\Users\TwoSnoutMBA\My Documents\James_Wall_Quiz_2 MBA553.xlsx
2012-03-26 19:40 - 2012-03-26 19:40 - 0011941 ____A C:\Users\TwoSnoutMBA\Documents\James_Wall_Quiz_2 MBA553.xlsx
2012-03-26 19:39 - 2012-03-26 19:39 - 0011940 ____A C:\Users\TwoSnoutMBA\My Documents\James_Wall_Quiz_2_MBA553.xlsm.xlsx
2012-03-26 19:39 - 2012-03-26 19:39 - 0011940 ____A C:\Users\TwoSnoutMBA\Documents\James_Wall_Quiz_2_MBA553.xlsm.xlsx
2012-03-26 19:02 - 2012-03-26 19:02 - 0311764 ____A C:\Users\TwoSnoutMBA\My Documents\James_Wall_Quiz_2_MBA553.xlsm
2012-03-26 19:02 - 2012-03-26 19:02 - 0311764 ____A C:\Users\TwoSnoutMBA\Documents\James_Wall_Quiz_2_MBA553.xlsm
2012-03-26 19:01 - 2012-03-26 19:01 - 0034816 ____A C:\Users\TwoSnoutMBA\My Documents\MBA_553_-_Quiz_2_-_Omni_HealthPlans.doc
2012-03-26 19:01 - 2012-03-26 19:01 - 0034816 ____A C:\Users\TwoSnoutMBA\Documents\MBA_553_-_Quiz_2_-_Omni_HealthPlans.doc
2012-03-26 17:26 - 2012-03-26 17:26 - 0061686 ____A C:\Users\TwoSnoutMBA\Downloads\Distance_Calculations(1).xlsx
2012-03-26 16:33 - 2012-03-26 16:33 - 0022110 ____A C:\Users\TwoSnoutMBA\Downloads\James_Wall_SimQuick_Case_1.xlsx
2012-03-26 16:30 - 2012-03-26 16:33 - 0022123 ____A C:\Users\TwoSnoutMBA\My Documents\James_Wall_SimQuick_Case_1.xlsx
2012-03-26 16:30 - 2012-03-26 16:33 - 0022123 ____A C:\Users\TwoSnoutMBA\Documents\James_Wall_SimQuick_Case_1.xlsx
2012-03-26 16:03 - 2012-03-26 17:19 - 0317315 ____A C:\Users\TwoSnoutMBA\My Documents\James_SimQuick_Problem_C.xlsm
2012-03-26 16:03 - 2012-03-26 17:19 - 0317315 ____A C:\Users\TwoSnoutMBA\Documents\James_SimQuick_Problem_C.xlsm
2012-03-26 15:59 - 2012-03-26 17:18 - 0317859 ____A C:\Users\TwoSnoutMBA\My Documents\James_SimQuick_Problem_B.xlsm
2012-03-26 15:59 - 2012-03-26 17:18 - 0317859 ____A C:\Users\TwoSnoutMBA\Documents\James_SimQuick_Problem_B.xlsm
2012-03-26 15:55 - 2012-03-26 17:18 - 0317299 ____A C:\Users\TwoSnoutMBA\My Documents\James_SimQuick_Problem_A.xlsm
2012-03-26 15:55 - 2012-03-26 17:18 - 0317299 ____A C:\Users\TwoSnoutMBA\Documents\James_SimQuick_Problem_A.xlsm
2012-03-26 15:18 - 2012-03-26 15:18 - 0040016 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_Syllabus_Spr_12_ver2(10).docx
2012-03-25 21:20 - 2012-03-25 21:20 - 0017715 ____A C:\Users\TwoSnoutMBA\Downloads\Case_study_2_The_Approval_Process_v2_(1).docx
2012-03-25 14:59 - 2007-05-20 19:05 - 0020569 ____A (IBM Corporation) C:\Windows\gsk7bui.exe
2012-03-25 14:59 - 1998-10-29 15:45 - 0306688 ____A (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2012-03-25 14:57 - 2012-03-25 15:01 - 0000000 ____D C:\Program Files (x86)\IBM
2012-03-25 14:54 - 2012-03-25 14:58 - 0000000 ____D C:\Users\All Users\IBM
2012-03-25 14:54 - 2012-03-25 14:58 - 0000000 ____D C:\Users\All Users\Application Data\IBM
2012-03-25 14:54 - 2012-03-25 14:58 - 0000000 ____D C:\ProgramData\IBM
2012-03-25 14:46 - 2012-03-25 14:46 - 0000000 ____D C:\Users\TwoSnoutMBA\Downloads\Ratl_ReqPro_7.1.2_EVAL_Win
2012-03-25 14:45 - 2012-03-25 14:45 - 0000000 ____D C:\Users\TwoSnoutMBA\Downloads\ratlRLKS_Server_8-1-1_EVAL_Windows
2012-03-25 14:44 - 2012-03-25 14:44 - 0000977 ____A C:\Users\Public\Desktop\Zip Unzip By Click.lnk
2012-03-25 14:44 - 2012-03-25 14:44 - 0000977 ____A C:\Users\All Users\Desktop\Zip Unzip By Click.lnk
2012-03-25 14:44 - 2012-03-25 14:44 - 0000000 ____D C:\Users\TwoSnoutMBA\Application Data\zubc
2012-03-25 14:44 - 2012-03-25 14:44 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Roaming\zubc
2012-03-25 14:44 - 2012-03-25 14:44 - 0000000 ____D C:\Program Files (x86)\ZUBC
2012-03-25 14:43 - 2012-03-25 14:43 - 0000000 ____D C:\Users\TwoSnoutMBA\Downloads\bytewdownload
2012-03-25 14:43 - 2012-03-25 14:43 - 0000000 ____D C:\Users\TwoSnoutMBA\Application Data\bytewdownload
2012-03-25 14:43 - 2012-03-25 14:43 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Roaming\bytewdownload
2012-03-25 14:42 - 2012-03-25 14:42 - 0323072 ____A (Bytewise Software) C:\Users\TwoSnoutMBA\Downloads\zip_unzip_by_click.exe
2012-03-25 12:58 - 2012-03-25 13:19 - 149059388 ____A C:\Users\TwoSnoutMBA\Downloads\ratlRLKS_Server_8-1-1_EVAL_Windows.zip
2012-03-25 12:57 - 2012-03-25 14:28 - 1340753072 ____A C:\Users\TwoSnoutMBA\Downloads\Ratl_ReqPro_7.1.2_EVAL_Win.zip
2012-03-25 12:22 - 2012-03-25 12:22 - 0059392 ____A C:\Users\TwoSnoutMBA\Downloads\Case_2_Dataset(2).xls
2012-03-25 12:22 - 2012-03-25 12:22 - 0059392 ____A C:\Users\TwoSnoutMBA\Downloads\Case_2_Dataset(1).xls
2012-03-24 14:21 - 2012-03-25 10:30 - 0073216 ____A C:\Users\TwoSnoutMBA\My Documents\James Wall Midterm Problem 2.xls
2012-03-24 14:21 - 2012-03-25 10:30 - 0073216 ____A C:\Users\TwoSnoutMBA\Documents\James Wall Midterm Problem 2.xls
2012-03-22 13:34 - 2012-03-22 13:34 - 0001237 ____A C:\Users\TwoSnoutMBA\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
2012-03-22 13:34 - 2012-03-22 13:34 - 0001237 ____A C:\Users\TwoSnoutMBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
2012-03-22 13:33 - 2012-03-22 13:33 - 0000000 ____D C:\Users\TwoSnoutMBA\Application Data\OpenOffice.org
2012-03-22 13:33 - 2012-03-22 13:33 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Roaming\OpenOffice.org
2012-03-22 13:31 - 2012-03-22 13:31 - 0001120 ____A C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
2012-03-22 13:31 - 2012-03-22 13:31 - 0001120 ____A C:\Users\All Users\Desktop\OpenOffice.org 3.3.lnk
2012-03-22 13:30 - 2012-03-22 13:30 - 0000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2012-03-22 13:24 - 2012-03-22 13:25 - 0000000 ____D C:\Users\TwoSnoutMBA\Desktop\OpenOffice.org 3.3 (en-US) Installation Files
2012-03-22 13:20 - 2012-03-22 13:24 - 158067944 ____A C:\Users\TwoSnoutMBA\Downloads\OOo_3.3.0_Win_x86_install-wJRE_en-US.exe
2012-03-21 18:20 - 2012-03-21 18:20 - 0000000 ____D C:\Users\TwoSnoutMBA\Desktop\Lecture 8
2012-03-21 16:06 - 2012-03-25 10:28 - 0011194 ____A C:\Users\TwoSnoutMBA\My Documents\James Wall Midterm Problem 1.xlsx
2012-03-21 16:06 - 2012-03-25 10:28 - 0011194 ____A C:\Users\TwoSnoutMBA\Documents\James Wall Midterm Problem 1.xlsx
2012-03-20 11:54 - 2012-03-20 11:54 - 0032603 ____A C:\Users\TwoSnoutMBA\Downloads\Input Sheet for Program demand Rev4(2).xlsx
2012-03-20 11:54 - 2012-03-20 11:54 - 0032154 ____A C:\Users\TwoSnoutMBA\Desktop\Input Sheet for Program demand Rev4.xlsx
2012-03-20 11:52 - 2012-03-28 18:57 - 0168960 ____A C:\Users\TwoSnoutMBA\Desktop\Biogen Model Template 032012.xls
2012-03-20 11:04 - 2012-03-20 11:04 - 0016718 ____A C:\Users\TwoSnoutMBA\Downloads\FT_2_Sign-up_Process(1).docx
2012-03-20 11:03 - 2012-03-20 11:03 - 0016718 ____A C:\Users\TwoSnoutMBA\Downloads\FT_2_Sign-up_Process.docx
2012-03-20 10:54 - 2012-03-20 10:54 - 0171008 ____A C:\Users\TwoSnoutMBA\Downloads\Biogen Model Template 031112(1).xls
2012-03-19 19:23 - 2012-03-20 11:53 - 0324820 ____A C:\Users\TwoSnoutMBA\My Documents\SimQuick_TemplateEx3.xlsm
2012-03-19 19:23 - 2012-03-20 11:53 - 0324820 ____A C:\Users\TwoSnoutMBA\Documents\SimQuick_TemplateEx3.xlsm
2012-03-19 18:59 - 2012-03-19 18:59 - 0017715 ____A C:\Users\TwoSnoutMBA\Downloads\Case_study_2_The_Approval_Process_v2_.docx
2012-03-19 18:06 - 2012-03-19 18:06 - 0589824 ____A C:\Users\TwoSnoutMBA\Downloads\SimQuick_Template.XLS
2012-03-19 11:33 - 2012-03-19 11:33 - 0104502 ____A C:\Users\TwoSnoutMBA\Downloads\1C2F2120-02E0-4B73-A5D8-743FEA4BC918.JPG
2012-03-19 10:53 - 2012-03-19 10:53 - 0051262 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_500_002_Spring_2012_Syllabus_1-10-12(4).docx
2012-03-18 11:18 - 2012-03-18 11:18 - 0040016 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_Syllabus_Spr_12_ver2(9).docx
2012-03-18 10:55 - 2012-03-29 17:09 - 0000000 ____D C:\Users\TwoSnoutMBA\Local Settings\Google
2012-03-18 10:55 - 2012-03-29 17:09 - 0000000 ____D C:\Users\TwoSnoutMBA\Local Settings\Application Data\Google
2012-03-18 10:55 - 2012-03-29 17:09 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Local\Google
2012-03-18 10:55 - 2012-03-18 10:55 - 0002212 ____A C:\Users\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk
2012-03-18 10:55 - 2012-03-18 10:55 - 0001248 ____A C:\Users\Public\Desktop\Google Calendar.lnk
2012-03-18 10:55 - 2012-03-18 10:55 - 0001248 ____A C:\Users\All Users\Desktop\Google Calendar.lnk
2012-03-18 10:55 - 2012-03-18 10:55 - 0000000 ____D C:\Program Files (x86)\Google
2012-03-18 10:54 - 2012-03-18 10:54 - 1165008 ____A C:\Users\TwoSnoutMBA\Downloads\GoogleCalendarSync_Installer.exe
2012-03-15 18:37 - 2012-03-23 13:50 - 0042496 ____A C:\Users\TwoSnoutMBA\Desktop\Resume_James_Wall_int.doc
2012-03-15 06:10 - 2011-11-19 10:20 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-15 06:10 - 2011-11-19 09:50 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-15 06:10 - 2011-11-19 09:50 - 3913584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-14 17:23 - 2012-03-27 18:08 - 0000000 ____D C:\Users\TwoSnoutMBA\Desktop\Term Project
2012-03-14 17:23 - 2012-03-26 15:22 - 0000000 ____D C:\Users\TwoSnoutMBA\Desktop\Lecture 7
2012-03-14 17:23 - 2012-03-25 10:33 - 0000000 ____D C:\Users\TwoSnoutMBA\Desktop\Midterm
2012-03-14 17:23 - 2012-03-14 17:23 - 0000000 ____D C:\Users\TwoSnoutMBA\Desktop\Lecture 6
2012-03-14 12:59 - 2012-03-14 12:59 - 0836477 ____A C:\Users\TwoSnoutMBA\Desktop\Biogen Idec Production Planning031412.pptx
2012-03-14 09:17 - 2012-02-10 01:36 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-14 09:17 - 2012-02-10 00:38 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-14 09:17 - 2012-02-02 23:34 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-14 09:16 - 2012-02-17 01:38 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-03-14 09:16 - 2012-02-17 00:34 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-03-14 09:16 - 2012-02-16 23:58 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-03-14 09:16 - 2012-02-16 23:57 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-03-14 09:16 - 2012-01-25 01:38 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-03-14 09:16 - 2012-01-25 01:38 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-03-14 09:16 - 2012-01-25 01:33 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-03-14 06:10 - 2012-03-14 06:10 - 0171008 ____A C:\Users\TwoSnoutMBA\Downloads\Biogen Model Template 031112.xls
2012-03-13 19:14 - 2012-03-13 19:14 - 0061686 ____A C:\Users\TwoSnoutMBA\Downloads\Distance_Calculations.xlsx
2012-03-13 19:13 - 2012-03-13 19:13 - 0041984 ____A C:\Users\TwoSnoutMBA\Downloads\Case_2_Dataset.xls
2012-03-12 16:29 - 2012-03-12 16:29 - 0290276 ____A C:\Users\TwoSnoutMBA\Desktop\James_Wall_Manzana_Case.pptx
2012-03-12 15:53 - 2012-03-12 15:53 - 0148480 ____A C:\Users\TwoSnoutMBA\Downloads\performance_spreadsheet_-_HW2.xls
2012-03-12 15:53 - 2012-03-12 15:53 - 0148480 ____A C:\Users\TwoSnoutMBA\Downloads\performance_spreadsheet_-_HW2(1).xls
2012-03-12 15:25 - 2012-03-12 15:25 - 0121384 ____A C:\Users\TwoSnoutMBA\Desktop\HW2.pdf
2012-03-12 14:18 - 2012-03-12 14:18 - 0010954 ____A C:\Users\TwoSnoutMBA\My Documents\Homework.xlsx
2012-03-12 14:18 - 2012-03-12 14:18 - 0010954 ____A C:\Users\TwoSnoutMBA\Documents\Homework.xlsx
2012-03-12 11:26 - 2012-03-12 11:26 - 0012802 ____A C:\Users\TwoSnoutMBA\Downloads\Homework_2_-_MBA553_v4a_(2).docx
2012-03-11 20:28 - 2012-03-11 20:28 - 0040016 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_Syllabus_Spr_12_ver2(8).docx
2012-03-10 20:30 - 2012-03-11 20:11 - 0010763 ____A C:\Users\TwoSnoutMBA\My Documents\Caroline words.xlsx
2012-03-10 20:30 - 2012-03-11 20:11 - 0010763 ____A C:\Users\TwoSnoutMBA\Documents\Caroline words.xlsx
2012-03-08 11:26 - 2012-03-08 11:26 - 0040016 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_Syllabus_Spr_12_ver2(7).docx
2012-03-08 11:25 - 2012-03-08 11:25 - 0012802 ____A C:\Users\TwoSnoutMBA\Downloads\Homework_2_-_MBA553_v4a_.docx
2012-03-08 11:25 - 2012-03-08 11:25 - 0012802 ____A C:\Users\TwoSnoutMBA\Downloads\Homework_2_-_MBA553_v4a_(1).docx
2012-03-06 22:53 - 2012-03-06 22:53 - 0001413 ____A C:\Users\TwoSnoutMBA\My Documents\LenovoCover.txt
2012-03-06 22:53 - 2012-03-06 22:53 - 0001413 ____A C:\Users\TwoSnoutMBA\Documents\LenovoCover.txt
2012-03-04 11:18 - 2012-03-04 11:18 - 0305382 ____A C:\Users\TwoSnoutMBA\My Documents\SIPOC diagram.pptx
2012-03-04 11:18 - 2012-03-04 11:18 - 0305382 ____A C:\Users\TwoSnoutMBA\Documents\SIPOC diagram.pptx
2012-03-02 15:38 - 2012-03-12 16:28 - 0290274 ____A C:\Users\TwoSnoutMBA\My Documents\manzana.pptx
2012-03-02 15:38 - 2012-03-12 16:28 - 0290274 ____A C:\Users\TwoSnoutMBA\Documents\manzana.pptx
2012-03-02 15:22 - 2012-03-04 17:50 - 0009353 ____A C:\Users\TwoSnoutMBA\My Documents\manzana.xlsx
2012-03-02 15:22 - 2012-03-04 17:50 - 0009353 ____A C:\Users\TwoSnoutMBA\Documents\manzana.xlsx


============ 3 Months Modified Files and Folders =============

2012-04-01 23:06 - 2012-04-01 21:44 - 0000000 ____D C:\FRST
2012-04-01 21:58 - 2009-07-14 00:10 - 1986066 ____A C:\Windows\WindowsUpdate.log
2012-04-01 21:43 - 2009-07-14 00:13 - 0731422 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-01 21:39 - 2010-07-05 10:47 - 0000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2012-04-01 21:35 - 2012-01-17 20:22 - 0000000 ____D C:\Users\TwoSnoutMBA\My Documents\Logistics
2012-04-01 21:35 - 2012-01-17 20:22 - 0000000 ____D C:\Users\TwoSnoutMBA\Documents\Logistics
2012-04-01 21:04 - 2012-04-01 20:29 - 0010934 ____A C:\Users\TwoSnoutMBA\Desktop\Case 2 Executive summary.docx
2012-04-01 20:39 - 2009-07-13 23:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-01 20:39 - 2009-07-13 23:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-01 20:31 - 2010-07-13 12:07 - 0000000 ____D C:\Users\TwoSnoutMBA\Local Settings\SoftThinks
2012-04-01 20:31 - 2010-07-13 12:07 - 0000000 ____D C:\Users\TwoSnoutMBA\Local Settings\Application Data\SoftThinks
2012-04-01 20:31 - 2010-07-13 12:07 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Local\SoftThinks
2012-04-01 20:30 - 2012-04-01 20:30 - 0000000 ____A C:\Windows\SysWOW64\shoEEB2.tmp
2012-04-01 20:30 - 2010-07-05 12:30 - 3190050816 __ASH C:\hiberfil.sys
2012-04-01 20:30 - 2009-07-14 00:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-01 20:30 - 2009-07-13 23:51 - 0074695 ____A C:\Windows\setupact.log
2012-04-01 20:12 - 2012-04-01 20:12 - 0044274 ____A C:\Users\TwoSnoutMBA\Downloads\xhan2_vnaraya2_Case_1_ExecSummary.docx
2012-04-01 11:41 - 2010-08-01 18:05 - 0000000 ____D C:\Pente
2012-04-01 11:39 - 2012-04-01 11:38 - 9502424 ____A (Malwarebytes Corporation ) C:\Users\TwoSnoutMBA\Downloads\mbam--setup-1.60.1.1000.exe
2012-04-01 11:23 - 2010-07-20 14:39 - 0744920 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-04-01 09:52 - 2012-04-01 09:52 - 0041984 ____A C:\Users\TwoSnoutMBA\Downloads\Case_2_Dataset(3).xls
2012-04-01 09:07 - 2012-02-08 17:53 - 0000000 ____D C:\users\Mcx1-TWOSNOUTMBA-PC
2012-04-01 09:06 - 2012-03-29 11:28 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-01 09:06 - 2011-11-27 01:28 - 0000000 ____D C:\Windows\System32\Macromed
2012-04-01 09:06 - 2011-08-27 19:29 - 0000000 ____D C:\Users\TwoSnoutMBA\Downloads\{ www.SceneTime.com } -Doctor_Who_2005.6x08.Lets_Kill_Hitler.HDTV_XviD-FoV
2012-04-01 09:06 - 2011-06-04 19:59 - 0000000 ____D C:\Users\TwoSnoutMBA\Downloads\Doctor Who S06E07 A Good Man Goes To War (1) HDTV XviD-2HD [eztv]
2012-04-01 09:06 - 2011-06-04 19:57 - 0000000 ____D C:\Users\TwoSnoutMBA\Downloads\Doctor.Who.2005.S06E07.PROPER.HDTV.XviD-BiA
2012-04-01 09:06 - 2011-05-28 18:20 - 0000000 ____D C:\Users\TwoSnoutMBA\Downloads\Doctor Who S06E06 The Almost People (2) HDTV XviD-FQM [eztv.AVI
2012-04-01 09:06 - 2011-05-08 19:33 - 0000000 ____D C:\Users\TwoSnoutMBA\Downloads\Doctor Who 2005.6x03.The Curse Of The Black Spot.720p HDTV x264-FoV
2012-04-01 09:06 - 2010-08-13 15:46 - 0000000 ____D C:\Program Files (x86)\BitTorrent
2012-04-01 09:06 - 2010-08-13 15:45 - 0000000 ____D C:\Users\TwoSnoutMBA\Application Data\BitTorrent
2012-04-01 09:06 - 2010-08-13 15:45 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Roaming\BitTorrent
2012-04-01 09:06 - 2010-07-26 11:06 - 0000000 ____D C:\Users\TwoSnoutMBA\Local Settings\Microsoft Help
2012-04-01 09:06 - 2010-07-26 11:06 - 0000000 ____D C:\Users\TwoSnoutMBA\Local Settings\Application Data\Microsoft Help
2012-04-01 09:06 - 2010-07-26 11:06 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Local\Microsoft Help
2012-04-01 09:06 - 2010-07-13 17:36 - 0000000 ____D C:\Users\TwoSnoutMBA\Local Settings\PowerDVD DX
2012-04-01 09:06 - 2010-07-13 17:36 - 0000000 ____D C:\Users\TwoSnoutMBA\Local Settings\Application Data\PowerDVD DX
2012-04-01 09:06 - 2010-07-13 17:36 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Local\PowerDVD DX
2012-04-01 09:06 - 2009-07-14 02:44 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-04-01 09:06 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-04-01 09:06 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\AppCompat
2012-04-01 09:05 - 2010-07-20 14:41 - 0000000 ____D C:\Users\TwoSnoutMBA\Application Data\SoftGrid Client
2012-04-01 09:05 - 2010-07-20 14:41 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Roaming\SoftGrid Client
2012-04-01 09:05 - 2010-07-05 10:40 - 0000000 ____D C:\Users\All Users\Application Data\Adobe
2012-04-01 09:05 - 2010-07-05 10:40 - 0000000 ____D C:\Users\All Users\Adobe
2012-04-01 09:05 - 2010-07-05 10:40 - 0000000 ____D C:\ProgramData\Adobe
2012-04-01 09:05 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\registration
2012-04-01 08:23 - 2012-04-01 08:23 - 0002134 ____A C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2012-04-01 08:23 - 2012-04-01 08:23 - 0002134 ____A C:\Users\All Users\Desktop\Carbonite InfoCenter.lnk
2012-04-01 08:23 - 2012-04-01 08:23 - 0000000 ____D C:\Users\All Users\Carbonite
2012-04-01 08:23 - 2012-04-01 08:23 - 0000000 ____D C:\Users\All Users\Application Data\Carbonite
2012-04-01 08:23 - 2012-04-01 08:23 - 0000000 ____D C:\ProgramData\Carbonite
2012-04-01 08:23 - 2012-04-01 08:23 - 0000000 ____D C:\Program Files\Carbonite
2012-04-01 08:23 - 2012-04-01 08:23 - 0000000 ____D C:\Program Files (x86)\Carbonite
2012-04-01 08:08 - 2010-07-13 12:07 - 0000000 ____D C:\users\TwoSnoutMBA
2012-04-01 08:08 - 2009-07-13 23:45 - 0452808 ____A C:\Windows\System32\FNTCACHE.DAT
2012-04-01 08:07 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-03-31 17:46 - 2012-03-31 16:53 - 0000000 ____D C:\Users\TwoSnoutMBA\Application Data\Remote
2012-03-31 17:46 - 2012-03-31 16:53 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Roaming\Remote
2012-03-31 06:36 - 2012-03-31 06:36 - 0024950 ____A C:\Users\TwoSnoutMBA\Desktop\DDS.txt
2012-03-29 17:09 - 2012-03-18 10:55 - 0000000 ____D C:\Users\TwoSnoutMBA\Local Settings\Google
2012-03-29 17:09 - 2012-03-18 10:55 - 0000000 ____D C:\Users\TwoSnoutMBA\Local Settings\Application Data\Google
2012-03-29 17:09 - 2012-03-18 10:55 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Local\Google
2012-03-29 17:08 - 2012-03-29 17:08 - 0739864 ____A (Google Inc.) C:\Users\TwoSnoutMBA\Downloads\ChromeSetup.exe
2012-03-29 11:39 - 2012-03-29 11:39 - 0004288 ____A C:\Users\TwoSnoutMBA\My Documents\mbam-log-2012-03-29 (12-31-41).txt
2012-03-29 11:39 - 2012-03-29 11:39 - 0004288 ____A C:\Users\TwoSnoutMBA\Documents\mbam-log-2012-03-29 (12-31-41).txt
2012-03-29 11:28 - 2012-03-29 11:28 - 0000000 ____D C:\Users\TwoSnoutMBA\Application Data\Malwarebytes
2012-03-29 11:28 - 2012-03-29 11:28 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Roaming\Malwarebytes
2012-03-29 11:28 - 2012-03-29 11:28 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-03-29 11:28 - 2012-03-29 11:28 - 0000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-03-29 11:28 - 2012-03-29 11:28 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-03-29 11:27 - 2012-03-29 11:06 - 0127202 ____A C:\TDSSKiller.2.7.23.0_29.03.2012_12.06.54_log.txt
2012-03-29 11:27 - 2012-03-29 09:24 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-03-29 09:25 - 2012-03-29 09:23 - 0127400 ____A C:\TDSSKiller.2.7.23.0_29.03.2012_10.23.07_log.txt
2012-03-29 06:14 - 2010-07-13 12:07 - 0117368 ____A C:\Users\TwoSnoutMBA\Local Settings\GDIPFONTCACHEV1.DAT
2012-03-29 06:14 - 2010-07-13 12:07 - 0117368 ____A C:\Users\TwoSnoutMBA\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-03-29 06:14 - 2010-07-13 12:07 - 0117368 ____A C:\Users\TwoSnoutMBA\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-29 06:08 - 2012-03-28 18:47 - 0000000 ____D C:\Users\TwoSnoutMBA\Desktop\Lecture 9
2012-03-28 18:57 - 2012-03-20 11:52 - 0168960 ____A C:\Users\TwoSnoutMBA\Desktop\Biogen Model Template 032012.xls
2012-03-28 10:36 - 2012-03-28 10:36 - 0000000 ____D C:\Windows\system64
2012-03-27 18:25 - 2012-03-27 18:25 - 0739192 ____A C:\Users\TwoSnoutMBA\Downloads\Dealer_Aggregate_Demand.xlsx
2012-03-27 18:12 - 2012-03-27 18:11 - 0528914 ____A C:\Users\TwoSnoutMBA\Downloads\inventory_plots_update.xlsx
2012-03-27 18:08 - 2012-03-14 17:23 - 0000000 ____D C:\Users\TwoSnoutMBA\Desktop\Term Project
2012-03-27 17:05 - 2012-03-27 17:05 - 0011257 ____A C:\Users\TwoSnoutMBA\Downloads\Q-R_Spreadsheet_Student_Blank.xlsx
2012-03-27 17:05 - 2012-03-27 17:05 - 0011257 ____A C:\Users\TwoSnoutMBA\Downloads\Q-R_Spreadsheet_Student_Blank(1).xlsx
2012-03-26 19:40 - 2012-03-26 19:40 - 0011941 ____A C:\Users\TwoSnoutMBA\My Documents\James_Wall_Quiz_2 MBA553.xlsx
2012-03-26 19:40 - 2012-03-26 19:40 - 0011941 ____A C:\Users\TwoSnoutMBA\Documents\James_Wall_Quiz_2 MBA553.xlsx
2012-03-26 19:39 - 2012-03-26 19:39 - 0011940 ____A C:\Users\TwoSnoutMBA\My Documents\James_Wall_Quiz_2_MBA553.xlsm.xlsx
2012-03-26 19:39 - 2012-03-26 19:39 - 0011940 ____A C:\Users\TwoSnoutMBA\Documents\James_Wall_Quiz_2_MBA553.xlsm.xlsx
2012-03-26 19:02 - 2012-03-26 19:02 - 0311764 ____A C:\Users\TwoSnoutMBA\My Documents\James_Wall_Quiz_2_MBA553.xlsm
2012-03-26 19:02 - 2012-03-26 19:02 - 0311764 ____A C:\Users\TwoSnoutMBA\Documents\James_Wall_Quiz_2_MBA553.xlsm
2012-03-26 19:01 - 2012-03-26 19:01 - 0034816 ____A C:\Users\TwoSnoutMBA\My Documents\MBA_553_-_Quiz_2_-_Omni_HealthPlans.doc
2012-03-26 19:01 - 2012-03-26 19:01 - 0034816 ____A C:\Users\TwoSnoutMBA\Documents\MBA_553_-_Quiz_2_-_Omni_HealthPlans.doc
2012-03-26 17:26 - 2012-03-26 17:26 - 0061686 ____A C:\Users\TwoSnoutMBA\Downloads\Distance_Calculations(1).xlsx
2012-03-26 17:19 - 2012-03-26 16:03 - 0317315 ____A C:\Users\TwoSnoutMBA\My Documents\James_SimQuick_Problem_C.xlsm
2012-03-26 17:19 - 2012-03-26 16:03 - 0317315 ____A C:\Users\TwoSnoutMBA\Documents\James_SimQuick_Problem_C.xlsm
2012-03-26 17:18 - 2012-03-26 15:59 - 0317859 ____A C:\Users\TwoSnoutMBA\My Documents\James_SimQuick_Problem_B.xlsm
2012-03-26 17:18 - 2012-03-26 15:59 - 0317859 ____A C:\Users\TwoSnoutMBA\Documents\James_SimQuick_Problem_B.xlsm
2012-03-26 17:18 - 2012-03-26 15:55 - 0317299 ____A C:\Users\TwoSnoutMBA\My Documents\James_SimQuick_Problem_A.xlsm
2012-03-26 17:18 - 2012-03-26 15:55 - 0317299 ____A C:\Users\TwoSnoutMBA\Documents\James_SimQuick_Problem_A.xlsm
2012-03-26 16:33 - 2012-03-26 16:33 - 0022110 ____A C:\Users\TwoSnoutMBA\Downloads\James_Wall_SimQuick_Case_1.xlsx
2012-03-26 16:33 - 2012-03-26 16:30 - 0022123 ____A C:\Users\TwoSnoutMBA\My Documents\James_Wall_SimQuick_Case_1.xlsx
2012-03-26 16:33 - 2012-03-26 16:30 - 0022123 ____A C:\Users\TwoSnoutMBA\Documents\James_Wall_SimQuick_Case_1.xlsx
2012-03-26 15:22 - 2012-03-14 17:23 - 0000000 ____D C:\Users\TwoSnoutMBA\Desktop\Lecture 7
2012-03-26 15:18 - 2012-03-26 15:18 - 0040016 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_Syllabus_Spr_12_ver2(10).docx
2012-03-25 21:20 - 2012-03-25 21:20 - 0017715 ____A C:\Users\TwoSnoutMBA\Downloads\Case_study_2_The_Approval_Process_v2_(1).docx
2012-03-25 15:01 - 2012-03-25 14:57 - 0000000 ____D C:\Program Files (x86)\IBM
2012-03-25 14:58 - 2012-03-25 14:54 - 0000000 ____D C:\Users\All Users\IBM
2012-03-25 14:58 - 2012-03-25 14:54 - 0000000 ____D C:\Users\All Users\Application Data\IBM
2012-03-25 14:58 - 2012-03-25 14:54 - 0000000 ____D C:\ProgramData\IBM
2012-03-25 14:46 - 2012-03-25 14:46 - 0000000 ____D C:\Users\TwoSnoutMBA\Downloads\Ratl_ReqPro_7.1.2_EVAL_Win
2012-03-25 14:45 - 2012-03-25 14:45 - 0000000 ____D C:\Users\TwoSnoutMBA\Downloads\ratlRLKS_Server_8-1-1_EVAL_Windows
2012-03-25 14:44 - 2012-03-25 14:44 - 0000977 ____A C:\Users\Public\Desktop\Zip Unzip By Click.lnk
2012-03-25 14:44 - 2012-03-25 14:44 - 0000977 ____A C:\Users\All Users\Desktop\Zip Unzip By Click.lnk
2012-03-25 14:44 - 2012-03-25 14:44 - 0000000 ____D C:\Users\TwoSnoutMBA\Application Data\zubc
2012-03-25 14:44 - 2012-03-25 14:44 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Roaming\zubc
2012-03-25 14:44 - 2012-03-25 14:44 - 0000000 ____D C:\Program Files (x86)\ZUBC
2012-03-25 14:43 - 2012-03-25 14:43 - 0000000 ____D C:\Users\TwoSnoutMBA\Downloads\bytewdownload
2012-03-25 14:43 - 2012-03-25 14:43 - 0000000 ____D C:\Users\TwoSnoutMBA\Application Data\bytewdownload
2012-03-25 14:43 - 2012-03-25 14:43 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Roaming\bytewdownload
2012-03-25 14:42 - 2012-03-25 14:42 - 0323072 ____A (Bytewise Software) C:\Users\TwoSnoutMBA\Downloads\zip_unzip_by_click.exe
2012-03-25 14:28 - 2012-03-25 12:57 - 1340753072 ____A C:\Users\TwoSnoutMBA\Downloads\Ratl_ReqPro_7.1.2_EVAL_Win.zip
2012-03-25 13:19 - 2012-03-25 12:58 - 149059388 ____A C:\Users\TwoSnoutMBA\Downloads\ratlRLKS_Server_8-1-1_EVAL_Windows.zip
2012-03-25 12:22 - 2012-03-25 12:22 - 0059392 ____A C:\Users\TwoSnoutMBA\Downloads\Case_2_Dataset(2).xls
2012-03-25 12:22 - 2012-03-25 12:22 - 0059392 ____A C:\Users\TwoSnoutMBA\Downloads\Case_2_Dataset(1).xls
2012-03-25 10:33 - 2012-03-14 17:23 - 0000000 ____D C:\Users\TwoSnoutMBA\Desktop\Midterm
2012-03-25 10:30 - 2012-03-24 14:21 - 0073216 ____A C:\Users\TwoSnoutMBA\My Documents\James Wall Midterm Problem 2.xls
2012-03-25 10:30 - 2012-03-24 14:21 - 0073216 ____A C:\Users\TwoSnoutMBA\Documents\James Wall Midterm Problem 2.xls
2012-03-25 10:28 - 2012-03-21 16:06 - 0011194 ____A C:\Users\TwoSnoutMBA\My Documents\James Wall Midterm Problem 1.xlsx
2012-03-25 10:28 - 2012-03-21 16:06 - 0011194 ____A C:\Users\TwoSnoutMBA\Documents\James Wall Midterm Problem 1.xlsx
2012-03-23 13:50 - 2012-03-15 18:37 - 0042496 ____A C:\Users\TwoSnoutMBA\Desktop\Resume_James_Wall_int.doc
2012-03-22 13:34 - 2012-03-22 13:34 - 0001237 ____A C:\Users\TwoSnoutMBA\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
2012-03-22 13:34 - 2012-03-22 13:34 - 0001237 ____A C:\Users\TwoSnoutMBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
2012-03-22 13:33 - 2012-03-22 13:33 - 0000000 ____D C:\Users\TwoSnoutMBA\Application Data\OpenOffice.org
2012-03-22 13:33 - 2012-03-22 13:33 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Roaming\OpenOffice.org
2012-03-22 13:31 - 2012-03-22 13:31 - 0001120 ____A C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
2012-03-22 13:31 - 2012-03-22 13:31 - 0001120 ____A C:\Users\All Users\Desktop\OpenOffice.org 3.3.lnk
2012-03-22 13:30 - 2012-03-22 13:30 - 0000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2012-03-22 13:29 - 2010-07-05 10:38 - 0000000 ____D C:\Program Files (x86)\Java
2012-03-22 13:25 - 2012-03-22 13:24 - 0000000 ____D C:\Users\TwoSnoutMBA\Desktop\OpenOffice.org 3.3 (en-US) Installation Files
2012-03-22 13:24 - 2012-03-22 13:20 - 158067944 ____A C:\Users\TwoSnoutMBA\Downloads\OOo_3.3.0_Win_x86_install-wJRE_en-US.exe
2012-03-21 18:20 - 2012-03-21 18:20 - 0000000 ____D C:\Users\TwoSnoutMBA\Desktop\Lecture 8
2012-03-20 11:54 - 2012-03-20 11:54 - 0032603 ____A C:\Users\TwoSnoutMBA\Downloads\Input Sheet for Program demand Rev4(2).xlsx
2012-03-20 11:54 - 2012-03-20 11:54 - 0032154 ____A C:\Users\TwoSnoutMBA\Desktop\Input Sheet for Program demand Rev4.xlsx
2012-03-20 11:53 - 2012-03-19 19:23 - 0324820 ____A C:\Users\TwoSnoutMBA\My Documents\SimQuick_TemplateEx3.xlsm
2012-03-20 11:53 - 2012-03-19 19:23 - 0324820 ____A C:\Users\TwoSnoutMBA\Documents\SimQuick_TemplateEx3.xlsm
2012-03-20 11:04 - 2012-03-20 11:04 - 0016718 ____A C:\Users\TwoSnoutMBA\Downloads\FT_2_Sign-up_Process(1).docx
2012-03-20 11:03 - 2012-03-20 11:03 - 0016718 ____A C:\Users\TwoSnoutMBA\Downloads\FT_2_Sign-up_Process.docx
2012-03-20 10:54 - 2012-03-20 10:54 - 0171008 ____A C:\Users\TwoSnoutMBA\Downloads\Biogen Model Template 031112(1).xls
2012-03-19 18:59 - 2012-03-19 18:59 - 0017715 ____A C:\Users\TwoSnoutMBA\Downloads\Case_study_2_The_Approval_Process_v2_.docx
2012-03-19 18:06 - 2012-03-19 18:06 - 0589824 ____A C:\Users\TwoSnoutMBA\Downloads\SimQuick_Template.XLS
2012-03-19 11:34 - 2010-09-14 20:04 - 0073216 __ASH C:\Users\TwoSnoutMBA\Downloads\Thumbs.db
2012-03-19 11:33 - 2012-03-19 11:33 - 0104502 ____A C:\Users\TwoSnoutMBA\Downloads\1C2F2120-02E0-4B73-A5D8-743FEA4BC918.JPG
2012-03-19 10:53 - 2012-03-19 10:53 - 0051262 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_500_002_Spring_2012_Syllabus_1-10-12(4).docx
2012-03-18 11:18 - 2012-03-18 11:18 - 0040016 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_Syllabus_Spr_12_ver2(9).docx
2012-03-18 10:55 - 2012-03-18 10:55 - 0002212 ____A C:\Users\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk
2012-03-18 10:55 - 2012-03-18 10:55 - 0001248 ____A C:\Users\Public\Desktop\Google Calendar.lnk
2012-03-18 10:55 - 2012-03-18 10:55 - 0001248 ____A C:\Users\All Users\Desktop\Google Calendar.lnk
2012-03-18 10:55 - 2012-03-18 10:55 - 0000000 ____D C:\Program Files (x86)\Google
2012-03-18 10:54 - 2012-03-18 10:54 - 1165008 ____A C:\Users\TwoSnoutMBA\Downloads\GoogleCalendarSync_Installer.exe
2012-03-18 07:19 - 2010-07-13 12:24 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-03-15 06:07 - 2010-08-09 18:47 - 56297240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-03-15 06:07 - 2010-07-26 11:06 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-03-15 06:07 - 2010-07-26 11:06 - 0000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2012-03-15 06:07 - 2010-07-26 11:06 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-03-14 17:23 - 2012-03-14 17:23 - 0000000 ____D C:\Users\TwoSnoutMBA\Desktop\Lecture 6
2012-03-14 12:59 - 2012-03-14 12:59 - 0836477 ____A C:\Users\TwoSnoutMBA\Desktop\Biogen Idec Production Planning031412.pptx
2012-03-14 12:59 - 2012-01-25 15:48 - 0000000 ____D C:\Users\TwoSnoutMBA\My Documents\Articles for Biogen
2012-03-14 12:59 - 2012-01-25 15:48 - 0000000 ____D C:\Users\TwoSnoutMBA\Documents\Articles for Biogen
2012-03-14 12:59 - 2011-01-23 09:51 - 0360960 __ASH C:\Users\TwoSnoutMBA\Desktop\Thumbs.db
2012-03-14 06:10 - 2012-03-14 06:10 - 0171008 ____A C:\Users\TwoSnoutMBA\Downloads\Biogen Model Template 031112.xls
2012-03-13 19:14 - 2012-03-13 19:14 - 0061686 ____A C:\Users\TwoSnoutMBA\Downloads\Distance_Calculations.xlsx
2012-03-13 19:13 - 2012-03-13 19:13 - 0041984 ____A C:\Users\TwoSnoutMBA\Downloads\Case_2_Dataset.xls
2012-03-12 16:29 - 2012-03-12 16:29 - 0290276 ____A C:\Users\TwoSnoutMBA\Desktop\James_Wall_Manzana_Case.pptx
2012-03-12 16:28 - 2012-03-02 15:38 - 0290274 ____A C:\Users\TwoSnoutMBA\My Documents\manzana.pptx
2012-03-12 16:28 - 2012-03-02 15:38 - 0290274 ____A C:\Users\TwoSnoutMBA\Documents\manzana.pptx
2012-03-12 15:53 - 2012-03-12 15:53 - 0148480 ____A C:\Users\TwoSnoutMBA\Downloads\performance_spreadsheet_-_HW2.xls
2012-03-12 15:53 - 2012-03-12 15:53 - 0148480 ____A C:\Users\TwoSnoutMBA\Downloads\performance_spreadsheet_-_HW2(1).xls
2012-03-12 15:25 - 2012-03-12 15:25 - 0121384 ____A C:\Users\TwoSnoutMBA\Desktop\HW2.pdf
2012-03-12 14:18 - 2012-03-12 14:18 - 0010954 ____A C:\Users\TwoSnoutMBA\My Documents\Homework.xlsx
2012-03-12 14:18 - 2012-03-12 14:18 - 0010954 ____A C:\Users\TwoSnoutMBA\Documents\Homework.xlsx
2012-03-12 11:26 - 2012-03-12 11:26 - 0012802 ____A C:\Users\TwoSnoutMBA\Downloads\Homework_2_-_MBA553_v4a_(2).docx
2012-03-11 20:28 - 2012-03-11 20:28 - 0040016 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_Syllabus_Spr_12_ver2(8).docx
2012-03-11 20:11 - 2012-03-10 20:30 - 0010763 ____A C:\Users\TwoSnoutMBA\My Documents\Caroline words.xlsx
2012-03-11 20:11 - 2012-03-10 20:30 - 0010763 ____A C:\Users\TwoSnoutMBA\Documents\Caroline words.xlsx
2012-03-09 21:45 - 2011-05-12 20:50 - 0000720 ____A C:\Users\TwoSnoutMBA\Desktop\caroline words.txt
2012-03-08 22:23 - 2011-09-03 08:41 - 0000000 ____D C:\Users\TwoSnoutMBA\My Documents\Lenovo
2012-03-08 22:23 - 2011-09-03 08:41 - 0000000 ____D C:\Users\TwoSnoutMBA\Documents\Lenovo
2012-03-08 11:26 - 2012-03-08 11:26 - 0040016 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_Syllabus_Spr_12_ver2(7).docx
2012-03-08 11:25 - 2012-03-08 11:25 - 0012802 ____A C:\Users\TwoSnoutMBA\Downloads\Homework_2_-_MBA553_v4a_.docx
2012-03-08 11:25 - 2012-03-08 11:25 - 0012802 ____A C:\Users\TwoSnoutMBA\Downloads\Homework_2_-_MBA553_v4a_(1).docx
2012-03-06 22:53 - 2012-03-06 22:53 - 0001413 ____A C:\Users\TwoSnoutMBA\My Documents\LenovoCover.txt
2012-03-06 22:53 - 2012-03-06 22:53 - 0001413 ____A C:\Users\TwoSnoutMBA\Documents\LenovoCover.txt
2012-03-06 21:41 - 2011-11-14 07:41 - 0037376 ____A C:\Users\TwoSnoutMBA\Desktop\MBA Resume_James_Wall.doc
2012-03-06 15:22 - 2010-11-23 00:21 - 0000000 ____D C:\Users\TwoSnoutMBA\My Documents\Mayer Project
2012-03-06 15:22 - 2010-11-23 00:21 - 0000000 ____D C:\Users\TwoSnoutMBA\Documents\Mayer Project
2012-03-06 15:21 - 2010-10-20 13:06 - 0000000 ____D C:\Users\TwoSnoutMBA\My Documents\Mayer Sources
2012-03-06 15:21 - 2010-10-20 13:06 - 0000000 ____D C:\Users\TwoSnoutMBA\Documents\Mayer Sources
2012-03-06 15:20 - 2011-11-20 10:11 - 0000000 ____D C:\Users\TwoSnoutMBA\My Documents\ERP
2012-03-06 15:20 - 2011-11-20 10:11 - 0000000 ____D C:\Users\TwoSnoutMBA\Documents\ERP
2012-03-06 15:20 - 2011-03-01 12:22 - 0000000 ____D C:\Users\TwoSnoutMBA\My Documents\My Books
2012-03-06 15:20 - 2011-03-01 12:22 - 0000000 ____D C:\Users\TwoSnoutMBA\Documents\My Books
2012-03-06 15:20 - 2010-11-24 11:39 - 0000000 ____D C:\Users\TwoSnoutMBA\My Documents\Mayer opening music_data
2012-03-06 15:20 - 2010-11-24 11:39 - 0000000 ____D C:\Users\TwoSnoutMBA\Documents\Mayer opening music_data
2012-03-06 15:20 - 2008-07-06 09:12 - 0000000 ____D C:\Users\TwoSnoutMBA\My Documents\My eBooks
2012-03-06 15:20 - 2008-07-06 09:12 - 0000000 ____D C:\Users\TwoSnoutMBA\Documents\My eBooks
2012-03-04 17:50 - 2012-03-02 15:22 - 0009353 ____A C:\Users\TwoSnoutMBA\My Documents\manzana.xlsx
2012-03-04 17:50 - 2012-03-02 15:22 - 0009353 ____A C:\Users\TwoSnoutMBA\Documents\manzana.xlsx
2012-03-04 11:18 - 2012-03-04 11:18 - 0305382 ____A C:\Users\TwoSnoutMBA\My Documents\SIPOC diagram.pptx
2012-03-04 11:18 - 2012-03-04 11:18 - 0305382 ____A C:\Users\TwoSnoutMBA\Documents\SIPOC diagram.pptx
2012-03-01 20:25 - 2012-03-01 20:25 - 0000017 ____A C:\Users\TwoSnoutMBA\Local Settings\resmon.resmoncfg
2012-03-01 20:25 - 2012-03-01 20:25 - 0000017 ____A C:\Users\TwoSnoutMBA\Local Settings\Application Data\resmon.resmoncfg
2012-03-01 20:25 - 2012-03-01 20:25 - 0000017 ____A C:\Users\TwoSnoutMBA\AppData\Local\resmon.resmoncfg
2012-03-01 16:01 - 2012-03-01 13:28 - 0199168 ____A C:\Users\TwoSnoutMBA\My Documents\Biogen Model Template 030112 v3.xls
2012-03-01 16:01 - 2012-03-01 13:28 - 0199168 ____A C:\Users\TwoSnoutMBA\Documents\Biogen Model Template 030112 v3.xls
2012-03-01 14:02 - 2012-03-01 14:02 - 0330680 ____A C:\Users\TwoSnoutMBA\My Documents\Biogen Idec Production Planning.pptx
2012-03-01 14:02 - 2012-03-01 14:02 - 0330680 ____A C:\Users\TwoSnoutMBA\Documents\Biogen Idec Production Planning.pptx
2012-03-01 13:17 - 2012-03-01 13:17 - 0205312 ____A C:\Users\TwoSnoutMBA\Downloads\Biogen Model Template 030112 robb(3).xls
2012-03-01 13:17 - 2012-03-01 13:17 - 0205312 ____A C:\Users\TwoSnoutMBA\Downloads\Biogen Model Template 030112 robb(2).xls
2012-03-01 13:17 - 2012-03-01 13:17 - 0205312 ____A C:\Users\TwoSnoutMBA\Downloads\Biogen Model Template 030112 robb(1).xls
2012-03-01 13:16 - 2012-03-01 13:16 - 0205312 ____A C:\Users\TwoSnoutMBA\Downloads\Biogen Model Template 030112 robb.xls
2012-03-01 01:31 - 2012-03-01 00:21 - 0198656 ____A C:\Users\TwoSnoutMBA\My Documents\Biogen Model Template 030112.xls
2012-03-01 01:31 - 2012-03-01 00:21 - 0198656 ____A C:\Users\TwoSnoutMBA\Documents\Biogen Model Template 030112.xls
2012-02-29 23:18 - 2012-02-29 08:43 - 0014857 ____A C:\Users\TwoSnoutMBA\My Documents\Biogen Model Template 022912.xlsx
2012-02-29 23:18 - 2012-02-29 08:43 - 0014857 ____A C:\Users\TwoSnoutMBA\Documents\Biogen Model Template 022912.xlsx
2012-02-29 22:13 - 2012-02-29 22:13 - 0011404 ____A C:\Users\TwoSnoutMBA\Downloads\Biogen template(2).xlsx
2012-02-29 22:11 - 2012-02-29 22:11 - 0108544 ____A C:\Users\TwoSnoutMBA\Downloads\biogen draft.xls
2012-02-29 21:58 - 2011-05-20 18:20 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-02-29 15:43 - 2012-02-29 15:43 - 0000162 ___AH C:\Users\TwoSnoutMBA\Desktop\~$tirement.docx
2012-02-28 21:54 - 2012-02-27 20:04 - 0019097 ____A C:\Users\TwoSnoutMBA\My Documents\Biogen Model James.xlsx
2012-02-28 21:54 - 2012-02-27 20:04 - 0019097 ____A C:\Users\TwoSnoutMBA\Documents\Biogen Model James.xlsx
2012-02-28 11:07 - 2012-02-28 11:07 - 0016937 ____A C:\Users\TwoSnoutMBA\Downloads\Questions-Responses(1).xlsx
2012-02-28 10:30 - 2010-07-13 14:36 - 0000000 ____D C:\Users\TwoSnoutMBA\Application Data\Skype
2012-02-28 10:30 - 2010-07-13 14:36 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Roaming\Skype
2012-02-27 18:11 - 2012-02-27 18:11 - 0011404 ____A C:\Users\TwoSnoutMBA\Downloads\Biogen template(1).xlsx
2012-02-27 17:13 - 2012-02-27 17:13 - 0040016 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_Syllabus_Spr_12_ver2(6).docx
2012-02-27 10:35 - 2011-10-11 16:26 - 0000000 ____D C:\Users\TwoSnoutMBA\My Documents\rock_knocker
2012-02-27 10:35 - 2011-10-11 16:26 - 0000000 ____D C:\Users\TwoSnoutMBA\Documents\rock_knocker
2012-02-27 10:08 - 2012-02-27 10:08 - 0016937 ____A C:\Users\TwoSnoutMBA\Downloads\Questions-Responses.xlsx
2012-02-27 10:08 - 2012-02-27 10:08 - 0000165 ___AH C:\Users\TwoSnoutMBA\Downloads\~$Questions-Responses.xlsx
2012-02-25 23:55 - 2012-02-25 23:55 - 0027317 ____A C:\Users\TwoSnoutMBA\My Documents\Logistics_Homework_022512_jwall.xlsx
2012-02-25 23:55 - 2012-02-25 23:55 - 0027317 ____A C:\Users\TwoSnoutMBA\Documents\Logistics_Homework_022512_jwall.xlsx
2012-02-25 23:55 - 2012-02-25 23:55 - 0000165 ___AH C:\Users\TwoSnoutMBA\My Documents\~$Logistics_Homework_022512_jwall.xlsx
2012-02-25 23:55 - 2012-02-25 23:55 - 0000165 ___AH C:\Users\TwoSnoutMBA\Documents\~$Logistics_Homework_022512_jwall.xlsx
2012-02-25 23:55 - 2012-02-24 18:48 - 0027317 ____A C:\Users\TwoSnoutMBA\My Documents\Logistics_Homework_022512.xlsx
2012-02-25 23:55 - 2012-02-24 18:48 - 0027317 ____A C:\Users\TwoSnoutMBA\Documents\Logistics_Homework_022512.xlsx
2012-02-25 23:21 - 2012-02-25 23:21 - 0015034 ____A C:\Users\TwoSnoutMBA\Downloads\SPC_Summary_Sheet_Blank(1).xlsx
2012-02-25 23:21 - 2012-02-25 23:21 - 0000165 ___AH C:\Users\TwoSnoutMBA\Downloads\~$SPC_Summary_Sheet_Blank(1).xlsx
2012-02-25 18:53 - 2012-02-25 18:53 - 0015034 ____A C:\Users\TwoSnoutMBA\Downloads\SPC_Summary_Sheet_Blank.xlsx
2012-02-25 18:53 - 2012-02-25 18:53 - 0000165 ___AH C:\Users\TwoSnoutMBA\Downloads\~$SPC_Summary_Sheet_Blank.xlsx
2012-02-24 19:03 - 2012-02-24 19:03 - 0050623 ____A C:\Users\TwoSnoutMBA\Downloads\Deere_Planning_Inclass_Solution(1).xlsx
2012-02-24 19:03 - 2012-02-24 19:03 - 0000165 ___AH C:\Users\TwoSnoutMBA\Downloads\~$Deere_Planning_Inclass_Solution(1).xlsx
2012-02-24 18:49 - 2012-02-24 18:49 - 0050623 ____A C:\Users\TwoSnoutMBA\Downloads\Deere_Planning_Inclass_Solution.xlsx
2012-02-24 18:48 - 2012-02-24 18:48 - 0000165 ___AH C:\Users\TwoSnoutMBA\My Documents\~$Logistics_Homework_022512.xlsx
2012-02-24 18:48 - 2012-02-24 18:48 - 0000165 ___AH C:\Users\TwoSnoutMBA\Documents\~$Logistics_Homework_022512.xlsx
2012-02-24 07:09 - 2012-02-24 07:09 - 0000165 ___AH C:\Users\TwoSnoutMBA\Downloads\~$Biogen template.xlsx
2012-02-23 12:12 - 2012-02-23 12:11 - 0020556 ____A C:\Users\TwoSnoutMBA\Downloads\James_Wall_Resume.docx
2012-02-23 11:43 - 2009-07-13 21:34 - 0000478 ____A C:\Windows\win.ini
2012-02-23 08:18 - 2010-08-06 15:18 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-22 15:44 - 2012-02-22 15:44 - 0011404 ____A C:\Users\TwoSnoutMBA\Downloads\Biogen template.xlsx
2012-02-21 18:23 - 2012-02-21 18:23 - 0024277 ____A C:\Users\TwoSnoutMBA\Downloads\Deere_Planning_Example.xlsx
2012-02-21 18:23 - 2012-02-21 18:23 - 0024277 ____A C:\Users\TwoSnoutMBA\Downloads\Deere_Planning_Example(1).xlsx
2012-02-21 07:18 - 2012-02-21 07:18 - 0032603 ____A C:\Users\TwoSnoutMBA\Downloads\Input Sheet for Program demand Rev4(1).xlsx
2012-02-20 17:04 - 2012-02-20 17:04 - 0040016 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_Syllabus_Spr_12_ver2(5).docx
2012-02-20 17:03 - 2012-02-20 17:03 - 1542165 ____A C:\Users\TwoSnoutMBA\My Documents\553 HW_1 James Wall.docx
2012-02-20 17:03 - 2012-02-20 17:03 - 1542165 ____A C:\Users\TwoSnoutMBA\Documents\553 HW_1 James Wall.docx
2012-02-20 12:13 - 2012-02-20 12:13 - 0029419 ____A C:\Users\TwoSnoutMBA\Downloads\20120210_imco_brokerage_tax_doc_1099orig_3884.pdf
2012-02-18 15:28 - 2012-02-18 15:28 - 0014144 ____A C:\Users\TwoSnoutMBA\Downloads\Homework_1_-_MBA553_v4a_(2).docx
2012-02-17 15:58 - 2012-02-17 15:58 - 0040016 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_Syllabus_Spr_12_ver2(4).docx
2012-02-17 12:47 - 2010-07-13 12:10 - 0000402 __ASH C:\Users\TwoSnoutMBA\My Documents\desktop.ini
2012-02-17 12:47 - 2010-07-13 12:10 - 0000174 ___SH C:\Users\TwoSnoutMBA\Start Menu\Programs\Startup\desktop.ini
2012-02-17 12:47 - 2010-07-13 12:10 - 0000174 ___SH C:\Users\TwoSnoutMBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-17 12:46 - 2010-07-05 12:30 - 0044364 ____A C:\Windows\PFRO.log
2012-02-17 12:46 - 2010-07-05 10:53 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-17 12:32 - 2010-07-20 14:39 - 0000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-02-17 01:38 - 2012-03-14 09:16 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-17 00:34 - 2012-03-14 09:16 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 23:58 - 2012-03-14 09:16 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 23:57 - 2012-03-14 09:16 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-16 12:56 - 2012-02-16 12:56 - 0032603 ____A C:\Users\TwoSnoutMBA\Downloads\Input Sheet for Program demand Rev4.xlsx
2012-02-15 15:22 - 2011-06-09 09:48 - 0000000 ____D C:\Users\All Users\WebEx
2012-02-15 15:22 - 2011-06-09 09:48 - 0000000 ____D C:\Users\All Users\Application Data\WebEx
2012-02-15 15:22 - 2011-06-09 09:48 - 0000000 ____D C:\ProgramData\WebEx
2012-02-15 15:08 - 2012-02-15 15:08 - 0121344 ____A C:\Users\TwoSnoutMBA\My Documents\North Carolina State University MCDA-Rob Sanner.doc
2012-02-15 15:08 - 2012-02-15 15:08 - 0121344 ____A C:\Users\TwoSnoutMBA\Documents\North Carolina State University MCDA-Rob Sanner.doc
2012-02-15 14:39 - 2012-02-15 14:33 - 0013539 ____A C:\Users\TwoSnoutMBA\Downloads\Biogen Meeting 3 Agenda.docx
2012-02-15 14:30 - 2012-02-14 20:14 - 0107302 ____A C:\Users\TwoSnoutMBA\My Documents\Logistics Forecasting Smoothing Methods.xlsm
2012-02-15 14:30 - 2012-02-14 20:14 - 0107302 ____A C:\Users\TwoSnoutMBA\Documents\Logistics Forecasting Smoothing Methods.xlsm
2012-02-14 17:48 - 2012-02-14 17:47 - 0051262 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_500_002_Spring_2012_Syllabus_1-10-12(3).docx
2012-02-14 06:45 - 2011-12-12 13:29 - 0000000 ____D C:\Users\TwoSnoutMBA\My Documents\Novozymes Fall 2011
2012-02-14 06:45 - 2011-12-12 13:29 - 0000000 ____D C:\Users\TwoSnoutMBA\Documents\Novozymes Fall 2011
2012-02-13 20:05 - 2012-02-13 20:05 - 0040016 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_Syllabus_Spr_12_ver2(3).docx
2012-02-13 16:26 - 2012-02-13 16:26 - 0014144 ____A C:\Users\TwoSnoutMBA\Downloads\Homework_1_-_MBA553_v4a_(1).docx
2012-02-12 23:44 - 2012-02-12 23:44 - 0012493 ____A C:\Users\TwoSnoutMBA\My Documents\James Wall Crucial Conversation.docx
2012-02-12 23:44 - 2012-02-12 23:44 - 0012493 ____A C:\Users\TwoSnoutMBA\Documents\James Wall Crucial Conversation.docx
2012-02-10 01:36 - 2012-03-14 09:17 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-10 00:38 - 2012-03-14 09:17 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-09 15:33 - 2010-08-04 14:10 - 0000000 ____D C:\Users\All Users\Lx_cats
2012-02-09 15:33 - 2010-08-04 14:10 - 0000000 ____D C:\Users\All Users\Application Data\Lx_cats
2012-02-09 15:33 - 2010-08-04 14:10 - 0000000 ____D C:\ProgramData\Lx_cats
2012-02-09 07:08 - 2012-02-09 07:08 - 0153331 ____A C:\Users\TwoSnoutMBA\My Documents\North Carolina State University MCDA.pdf
2012-02-09 07:08 - 2012-02-09 07:08 - 0153331 ____A C:\Users\TwoSnoutMBA\Documents\North Carolina State University MCDA.pdf
2012-02-08 18:11 - 2012-02-08 18:11 - 0000000 ____D C:\Users\Mcx1-TWOSNOUTMBA-PC\Local Settings\VirtualStore
2012-02-08 18:11 - 2012-02-08 18:11 - 0000000 ____D C:\Users\Mcx1-TWOSNOUTMBA-PC\Local Settings\Application Data\VirtualStore
2012-02-08 18:11 - 2012-02-08 18:11 - 0000000 ____D C:\Users\Mcx1-TWOSNOUTMBA-PC\AppData\Local\VirtualStore
2012-02-08 17:57 - 2012-02-08 17:53 - 0000000 ____D C:\Users\Mcx1-TWOSNOUTMBA-PC\AppData\LocalLow
2012-02-08 17:53 - 2012-02-08 17:53 - 0000020 __ASH C:\Users\Mcx1-TWOSNOUTMBA-PC\ntuser.ini
2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\Templates
2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\Start Menu
2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\PrintHood
2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\NetHood
2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\My Documents\My Videos
2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\My Documents\My Pictures
2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\My Documents\My Music
2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\My Documents
2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\Local Settings\Temporary Internet Files
2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\Local Settings\History
2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\Local Settings\Application Data\Temporary Internet Files
2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\Local Settings\Application Data\History
2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\Documents\My Videos
2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\Documents\My Pictures
2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\Documents\My Music
2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\AppData\Local\Temporary Internet Files
2012-02-08 17:53 - 2012-02-08 17:53 - 0000000 __SHD C:\Users\Mcx1-TWOSNOUTMBA-PC\AppData\Local\History
2012-02-08 16:29 - 2012-02-08 16:29 - 0014176 ____A C:\Users\TwoSnoutMBA\Downloads\Biogen Meeting 2 Summary(2).docx
2012-02-08 16:28 - 2012-02-08 16:28 - 0014176 ____A C:\Users\TwoSnoutMBA\Downloads\Biogen Meeting 2 Summary.docx
2012-02-08 16:28 - 2012-02-08 16:28 - 0014176 ____A C:\Users\TwoSnoutMBA\Downloads\Biogen Meeting 2 Summary(1).docx
2012-02-07 18:15 - 2010-10-17 09:27 - 0001258 ____A C:\Users\All Users\lxdu.log
2012-02-07 18:15 - 2010-10-17 09:27 - 0001258 ____A C:\Users\All Users\Application Data\lxdu.log
2012-02-07 18:15 - 2010-10-17 09:27 - 0001258 ____A C:\ProgramData\lxdu.log
2012-02-05 22:32 - 2012-02-05 22:32 - 0164675 ____A C:\Users\TwoSnoutMBA\Downloads\Multiobjective Long-Term Planning of Biopharmaceutical Manufacturing Facilities.pdf
2012-02-05 11:04 - 2012-02-05 11:04 - 0009264 ____A C:\Users\TwoSnoutMBA\Downloads\BioPharma_Data(2).xlsx
2012-02-03 16:16 - 2012-02-02 21:32 - 0015634 ____A C:\Users\TwoSnoutMBA\Downloads\BioPharma_Data(1).xlsx
2012-02-02 23:34 - 2012-03-14 09:17 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-01 14:06 - 2012-02-01 14:06 - 0015465 ____A C:\Users\TwoSnoutMBA\Downloads\Articles Excel- COmpiled for team.xlsx
2012-01-31 19:54 - 2012-01-31 19:54 - 0009264 ____A C:\Users\TwoSnoutMBA\Downloads\BioPharma_Data.xlsx
2012-01-31 19:30 - 2012-01-31 19:30 - 0107008 ____A C:\Users\TwoSnoutMBA\Downloads\Threads_-_Fixed_Cost_-_Binary_Variable.xls
2012-01-31 18:04 - 2012-01-31 18:04 - 0474740 ____A C:\Users\TwoSnoutMBA\Downloads\Gravity_Model_5-8_-_Student.xlsx
2012-01-31 18:04 - 2012-01-31 18:04 - 0474740 ____A C:\Users\TwoSnoutMBA\Downloads\Gravity_Model_5-8_-_Student(1).xlsx
2012-01-29 21:22 - 2010-07-13 12:07 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\LocalLow
2012-01-29 19:12 - 2012-01-29 19:12 - 0040016 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_Syllabus_Spr_12_ver2(2).docx
2012-01-29 19:11 - 2012-01-29 19:11 - 0014144 ____A C:\Users\TwoSnoutMBA\Downloads\Homework_1_-_MBA553_v4a_.docx
2012-01-29 19:08 - 2012-01-29 19:08 - 0051262 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_500_002_Spring_2012_Syllabus_1-10-12(2).docx
2012-01-29 09:10 - 2012-01-29 09:10 - 0009284 ____A C:\Users\TwoSnoutMBA\Downloads\Articles Excel-Biogen(2).xlsx
2012-01-25 16:16 - 2012-01-25 16:16 - 0009284 ____A C:\Users\TwoSnoutMBA\Downloads\Articles Excel-Biogen.xlsx
2012-01-25 16:16 - 2012-01-25 16:16 - 0009284 ____A C:\Users\TwoSnoutMBA\Downloads\Articles Excel-Biogen(1).xlsx
2012-01-25 16:11 - 2012-01-25 16:11 - 0902389 ____A C:\Users\TwoSnoutMBA\Downloads\Characterizing Markets for Biopharmaceutical Innovations Do Biologics Differ from Small Molecules.pdf
2012-01-25 16:11 - 2012-01-25 16:11 - 0511491 ____A C:\Users\TwoSnoutMBA\Downloads\The state of biopharmaceutical manufacturing.pdf
2012-01-25 15:49 - 2012-01-25 15:49 - 1146868 ____A C:\Users\TwoSnoutMBA\Downloads\A Stochastic Optimization Model to Improve Production Planning and R&D Resource Allocation in Biopharmaceutical Production Processes.pdf
2012-01-25 15:48 - 2012-01-25 15:48 - 1336123 ____A C:\Users\TwoSnoutMBA\Downloads\The dangerous quest for certainty in market forecasting(1).pdf
2012-01-25 15:47 - 2012-01-25 15:47 - 1336123 ____A C:\Users\TwoSnoutMBA\Downloads\The dangerous quest for certainty in market forecasting.pdf
2012-01-25 01:38 - 2012-03-14 09:16 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-25 01:38 - 2012-03-14 09:16 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-25 01:33 - 2012-03-14 09:16 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-01-24 20:09 - 2012-01-24 20:09 - 0020426 ____A C:\Users\TwoSnoutMBA\Downloads\CM_TelecomOptic_-_Rossetti.xlsx
2012-01-24 18:30 - 2012-01-24 18:30 - 0001188 ____A C:\Users\Public\Desktop\Express Zip File Compression Software.lnk
2012-01-24 18:30 - 2012-01-24 18:30 - 0001188 ____A C:\Users\All Users\Desktop\Express Zip File Compression Software.lnk
2012-01-24 18:30 - 2012-01-24 18:30 - 0000000 ____D C:\Users\All Users\NCH Software
2012-01-24 18:30 - 2012-01-24 18:30 - 0000000 ____D C:\Users\All Users\Application Data\NCH Software
2012-01-24 18:30 - 2012-01-24 18:30 - 0000000 ____D C:\ProgramData\NCH Software
2012-01-24 18:30 - 2012-01-24 18:30 - 0000000 ____D C:\Program Files (x86)\NCH Software
2012-01-24 18:29 - 2012-01-24 18:29 - 1074296 ____A (NCH Software) C:\Users\TwoSnoutMBA\Downloads\zipsetup.exe
2012-01-24 18:25 - 2012-01-24 18:25 - 0337934 ____A C:\Users\TwoSnoutMBA\Downloads\SolverTable_2007.zip
2012-01-24 14:12 - 2012-01-23 22:58 - 0043209 ____A C:\Users\TwoSnoutMBA\My Documents\jgwall_EX_1.xlsx
2012-01-24 14:12 - 2012-01-23 22:58 - 0043209 ____A C:\Users\TwoSnoutMBA\Documents\jgwall_EX_1.xlsx
2012-01-23 22:13 - 2012-01-23 22:13 - 0019521 ____A C:\Users\TwoSnoutMBA\Downloads\Problem_5-3_Student_Blank.xlsx
2012-01-23 22:13 - 2012-01-23 22:13 - 0019521 ____A C:\Users\TwoSnoutMBA\Downloads\Problem_5-3_Student_Blank(1).xlsx
2012-01-20 15:22 - 2012-01-20 15:22 - 0040016 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_Syllabus_Spr_12_ver2(1).docx
2012-01-18 15:56 - 2012-01-18 15:56 - 0596945 ____A C:\Users\TwoSnoutMBA\Downloads\Novozymes Scope Document Draft 090611 v3.docx
2012-01-17 19:47 - 2012-01-17 19:47 - 0025290 ____A C:\Users\TwoSnoutMBA\Downloads\5-1_WA_Midwest_-_Student.xlsx
2012-01-17 11:04 - 2012-01-17 11:04 - 0051262 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_500_002_Spring_2012_Syllabus_1-10-12(1).docx
2012-01-17 11:03 - 2012-01-17 11:03 - 0051262 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_500_002_Spring_2012_Syllabus_1-10-12.docx
2012-01-11 15:55 - 2012-01-11 15:55 - 0000000 ____D C:\Program Files (x86)\Frontline Systems
2012-01-11 15:54 - 2012-01-11 15:54 - 0000000 ____D C:\Users\All Users\Frontline Systems
2012-01-11 15:54 - 2012-01-11 15:54 - 0000000 ____D C:\Users\All Users\Application Data\Frontline Systems
2012-01-11 15:54 - 2012-01-11 15:54 - 0000000 ____D C:\ProgramData\Frontline Systems
2012-01-11 15:18 - 2012-01-11 15:14 - 50028136 ____A (Frontline Systems, Inc.) C:\Users\TwoSnoutMBA\Downloads\SolverSetup.exe
2012-01-09 17:58 - 2012-01-09 17:58 - 0050662 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_500_002_Spring_2012_Syllabus_1-9-12.docx
2012-01-09 17:58 - 2012-01-09 17:58 - 0050662 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_500_002_Spring_2012_Syllabus_1-9-12(2).docx
2012-01-09 17:58 - 2012-01-09 17:58 - 0050662 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_500_002_Spring_2012_Syllabus_1-9-12(1).docx
2012-01-09 14:04 - 2012-01-09 14:04 - 0014848 ____A C:\Users\TwoSnoutMBA\Downloads\ch6_examples_in_class.xls
2012-01-08 19:30 - 2012-01-08 19:30 - 0040016 ____A C:\Users\TwoSnoutMBA\Downloads\MBA_Syllabus_Spr_12_ver2.docx
2012-01-05 17:11 - 2012-01-05 17:11 - 0016801 ____A C:\Users\TwoSnoutMBA\Downloads\2012 NCSU Problem Statement - Final.docx
2012-01-05 17:11 - 2012-01-05 17:11 - 0016801 ____A C:\Users\TwoSnoutMBA\Downloads\2012 NCSU Problem Statement - Final(1).docx
2012-01-04 19:39 - 2012-01-04 19:39 - 0001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-01-04 19:39 - 2012-01-04 19:39 - 0001785 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-01-04 19:39 - 2012-01-04 19:38 - 0000000 ____D C:\Program Files\iTunes
2012-01-04 19:39 - 2012-01-04 19:38 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-01-04 19:38 - 2012-01-04 19:38 - 0000000 ____D C:\Program Files\iPod
2012-01-04 19:34 - 2010-07-13 12:55 - 0000000 ____D C:\Users\TwoSnoutMBA\Application Data\Apple Computer
2012-01-04 19:34 - 2010-07-13 12:55 - 0000000 ____D C:\Users\TwoSnoutMBA\AppData\Roaming\Apple Computer
2012-01-04 05:44 - 2012-02-15 11:59 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-01-04 05:44 - 2012-02-15 11:59 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-01-04 03:59 - 2012-02-15 11:59 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-01-04 03:58 - 2012-02-15 11:59 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 4056.36 MB
Available physical RAM: 3468.16 MB
Total Pagefile: 4054.51 MB
Available Pagefile: 3466.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:27.53 GB) NTFS
3 Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive g: (ATTACHE 2.0) (Removable) (Total:0.11 GB) (Free:0.11 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 117 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 218 GB 14 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 FAT Partition 39 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 E RECOVERY NTFS Partition 14 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 218 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 117 MB 1024 B

======================================================================================================

Disk: 2
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G ATTACHE 2.0 FAT Removable 117 MB Healthy

======================================================================================================
==========================================================
TDL4: custom:26000022


==========================================================

Last Boot: 2012-03-31 08:32

======================= End Of Log ==========================

#4 CatByte

CatByte

    Staff

  • Moderators
  • PipPipPipPipPip
  • 1,227 posts
  • Gender:Female
  • Location:Canada

Posted 01 April 2012 - 10:33 PM

Hi

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
2012-04-01 20:30 - 2012-04-01 20:30 - 0000000 ____A C:\Windows\SysWOW64\shoEEB2.tmp
SubSystems: [Windows] ==> ZeroAccess
cmd: bootrec /FixMbr
cmd: bootrec /fixboot
TDL4: custom:26000022
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.

Product Support
staff.png

Follow us: Twitter, Become a fan: Facebook

#5 TwoSnout

TwoSnout

    New Member

  • Members
  • Pip
  • 7 posts

Posted 02 April 2012 - 08:13 PM

Hello

I think we got it! I ran the frst64 fix (see log below). When I rebooted I still had a suspicious looking scvhost.exe using a lot of cycles so I ran malwarebytes scan again and cleared the trojan svchost. Since the reboot, my computer has showed no signs of infection (its been about 14 hours). Thank you so much for your help, CatByte!


Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 15-03-2012
Ran by SYSTEM at 2012-04-02 07:50:59 R:1
Running from F:\

==============================================

C:\Windows\SysWOW64\shoEEB2.tmp moved successfully.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.

========= bootrec /FixMbr =========

ÿþT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


========= bootrec /fixboot =========

ÿþT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


The operation completed successfully.
The operation completed successfully.

==== End of Fixlog ====

#6 CatByte

CatByte

    Staff

  • Moderators
  • PipPipPipPipPip
  • 1,227 posts
  • Gender:Female
  • Location:Canada

Posted 02 April 2012 - 08:26 PM

Hi,

there are still a couple of scans I would like to run to make certain we have all of the infection

(could you also post that Malwarebytes log, thanks)

Please do the following:


Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.


Product Support
staff.png

Follow us: Twitter, Become a fan: Facebook

#7 TwoSnout

TwoSnout

    New Member

  • Members
  • Pip
  • 7 posts

Posted 03 April 2012 - 08:59 PM

Hi,

Here is the Malwarebytes log and the Combofix log. Thanks again for all your help!

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.02.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
TwoSnoutMBA :: TWOSNOUTMBA-PC [administrator]

Protection: Enabled

4/2/2012 7:57:49 AM
mbam-log-2012-04-02 (07-57-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220341
Time elapsed: 6 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)
*********************************************************************************************************************************************************



ComboFix 12-04-03.02 - TwoSnoutMBA 04/03/2012 11:41:29.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2264 [GMT -4:00]
Running from: c:\users\TwoSnoutMBA\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\TwoSnoutMBA\AppData\Roaming\bytewdownload
c:\users\TwoSnoutMBA\AppData\Roaming\bytewdownload\installmanager.exe
c:\users\TwoSnoutMBA\AppData\Roaming\bytewdownload\zip_unzip_installer_file.exe
c:\users\TwoSnoutMBA\AppData\Roaming\Remote
c:\users\TwoSnoutMBA\AppData\Roaming\Remote\dllx4_shrd
c:\users\TwoSnoutMBA\AppData\Roaming\Remote\ffcd
c:\users\TwoSnoutMBA\AppData\Roaming\Remote\kkjt
c:\users\TwoSnoutMBA\AppData\Roaming\Remote\mxd1.txt
c:\users\TwoSnoutMBA\AppData\Roaming\Remote\n.dat
c:\users\TwoSnoutMBA\AppData\Roaming\Remote\r.dat
c:\users\TwoSnoutMBA\g2mdlhlpx.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-03 to 2012-04-03 )))))))))))))))))))))))))))))))
.
.
2012-04-03 15:01 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FBB7C0A-3135-4F01-981E-C8191426BD78}\mpengine.dll
2012-04-02 11:39 . 2012-04-02 11:39 0 ----a-w- c:\windows\SysWow64\shoB02C.tmp
2012-04-02 02:44 . 2012-04-02 04:07 -------- d-----w- C:\FRST
2012-04-01 16:41 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-01 13:23 . 2012-04-01 13:23 -------- d-----w- c:\program files\Carbonite
2012-04-01 13:23 . 2012-04-01 13:23 -------- d-----w- c:\programdata\Carbonite
2012-04-01 13:23 . 2012-04-01 13:23 -------- d-----w- c:\program files (x86)\Carbonite
2012-03-31 21:53 . 2012-03-31 21:53 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\BA2E.tmp
2012-03-31 21:53 . 2012-03-31 21:53 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\B9EF.tmp
2012-03-29 16:28 . 2012-03-29 16:28 -------- d-----w- c:\users\TwoSnoutMBA\AppData\Roaming\Malwarebytes
2012-03-29 16:28 . 2012-03-29 16:28 -------- d-----w- c:\programdata\Malwarebytes
2012-03-29 16:28 . 2012-04-01 14:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-29 14:24 . 2012-03-29 16:27 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-28 15:36 . 2012-03-28 15:36 -------- d-----we c:\windows\system64
2012-03-25 19:59 . 2007-05-21 00:05 20569 ----a-w- c:\windows\gsk7bui.exe
2012-03-25 19:59 . 1998-10-29 20:45 306688 ----a-w- c:\windows\IsUninst.exe
2012-03-25 19:57 . 2012-03-25 20:01 -------- d-----w- c:\program files (x86)\IBM
2012-03-25 19:54 . 2012-03-25 19:58 -------- d-----w- c:\programdata\IBM
2012-03-25 19:44 . 2012-03-25 19:44 -------- d-----w- c:\users\TwoSnoutMBA\AppData\Roaming\zubc
2012-03-25 19:44 . 2012-03-25 19:44 -------- d-----w- c:\program files (x86)\ZUBC
2012-03-22 18:33 . 2012-03-22 18:33 -------- d-----w- c:\users\TwoSnoutMBA\AppData\Roaming\OpenOffice.org
2012-03-22 18:30 . 2012-03-22 18:30 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2012-03-18 15:55 . 2012-03-29 22:09 -------- d-----w- c:\users\TwoSnoutMBA\AppData\Local\Google
2012-03-18 15:55 . 2012-03-18 15:55 -------- d-----w- c:\program files (x86)\Google
2012-03-18 12:19 . 2012-03-18 12:19 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-18 12:19 . 2012-03-18 12:19 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-15 11:10 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-15 11:10 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-15 11:10 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 14:17 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 14:17 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 14:17 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 14:16 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 14:16 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 14:16 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 14:16 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 14:16 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 14:16 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 14:16 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-01 13:20 . 2010-10-23 15:39 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-04-01 13:20 . 2010-07-13 22:38 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-04-01 13:19 . 2010-07-13 22:37 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-04-01 13:19 . 2010-07-13 22:37 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-03-01 02:58 . 2011-05-20 23:20 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 13:18 . 2010-08-06 20:18 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-03-17 01:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-03-17 01:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-03-17 01:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-11-11 59240]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2011-11-11 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-03-17 1059984]
"Malwarebytes' Anti-Malware"="c:\pente\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-13 559616]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2011-01-13 165184]
.
c:\users\TwoSnoutMBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe [2009-10-16 29184]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [2009-03-02 89600]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [2009-10-16 1039360]
S2 MBAMService;MBAMService;c:\pente\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2009-09-03 444224]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-03-17 00:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-03-17 00:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-03-17 00:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-02-25 487424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-21 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-21 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-21 365592]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"lxdumon.exe"="c:\program files (x86)\Lexmark 5600-6600 Series\lxdumon.exe" [2008-09-10 676520]
"lxduamon"="c:\program files (x86)\Lexmark 5600-6600 Series\lxduamon.exe" [2008-09-10 16040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\TwoSnoutMBA\AppData\Roaming\Mozilla\Firefox\Profiles\bnb1am0k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.drudgereport.com/
FF - prefs.js: network.proxy.type - 4
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Juniper Networks\Common Files\dsNcService.exe
c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe
.
**************************************************************************
.
Completion time: 2012-04-03 12:02:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-03 16:02
.
Pre-Run: 29,251,768,320 bytes free
Post-Run: 32,570,585,088 bytes free
.
- - End Of File - - 7A0A73964DD7ACA5B8A10B27C5302011

#8 CatByte

CatByte

    Staff

  • Moderators
  • PipPipPipPipPip
  • 1,227 posts
  • Gender:Female
  • Location:Canada

Posted 03 April 2012 - 09:12 PM

Hi,

This isn't a normal folder c:\windows\system64

please navigate to that folder and let me know if there is anything inside it

(If it is empty > right click and delete it)

NEXT

Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish


NEXT

Please advise how the computer is running now and if there are any outstanding issues


Product Support
staff.png

Follow us: Twitter, Become a fan: Facebook

#9 TwoSnout

TwoSnout

    New Member

  • Members
  • Pip
  • 7 posts

Posted 04 April 2012 - 10:31 AM

Hello,

Folder C:\windows\system64 has 2,705 files in it, most of which look like the contents of system32. Per your instructions, I ran ESET scanner. Log follows...

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\ProgramData\Microsoft\Windows\DRM\B9EF.tmp Win64/Olmarik.AH trojan
C:\ProgramData\Microsoft\Windows\DRM\BA2E.tmp Win64/Olmarik.AH trojan
C:\Users\All Users\Microsoft\Windows\DRM\B9EF.tmp Win64/Olmarik.AH trojan
C:\Users\All Users\Microsoft\Windows\DRM\BA2E.tmp Win64/Olmarik.AH trojan
C:\Users\TwoSnoutMBA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\6287589a-12612675 Java/Agent.DW trojan
C:\Users\TwoSnoutMBA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\5c989268-57e5f2fb Java/Exploit.CVE-2012-0507.E trojan
C:\Users\TwoSnoutMBA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\782518a8-10bb1f4f a variant of Java/Exploit.CVE-2011-3544.AV trojan
C:\Users\TwoSnoutMBA\Downloads\zip_unzip_by_click.exe a variant of Win32/InstallMonetizer.AA application
C:\Users\TwoSnoutMBA\Videos\Veoh\1_VeohWebPlayerSetup_eng.exe Win32/OpenCandy application
C:\Users\TwoSnoutMBA\Videos\Veoh\VeohWebPlayerSetup_eng.exe Win32/OpenCandy application

#10 CatByte

CatByte

    Staff

  • Moderators
  • PipPipPipPipPip
  • 1,227 posts
  • Gender:Female
  • Location:Canada

Posted 04 April 2012 - 05:07 PM

Hi,

Please run the following script:

(Allow ComboFix to update if it asks to do so)

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\ProgramData\Microsoft\Windows\DRM\B9EF.tmp 
C:\ProgramData\Microsoft\Windows\DRM\BA2E.tmp 
C:\Users\All Users\Microsoft\Windows\DRM\B9EF.tmp 
C:\Users\All Users\Microsoft\Windows\DRM\BA2E.tmp 
C:\Users\TwoSnoutMBA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\6287589a-12612675 
C:\Users\TwoSnoutMBA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\5c989268-57e5f2fb 
C:\Users\TwoSnoutMBA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\782518a8-10bb1f4f 
C:\Users\TwoSnoutMBA\Downloads\zip_unzip_by_click.exe 
C:\Users\TwoSnoutMBA\Videos\Veoh\1_VeohWebPlayerSetup_eng.exe 
C:\Users\TwoSnoutMBA\Videos\Veoh\VeohWebPlayerSetup_eng.exe 


Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT

Visit ADOBE and download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.

NEXT

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 and Save it to your Desktop.
  • Scroll down to where it says Java SE 6 Update 31
  • Click the Download button under JRE to the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u31-windows-i586.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.


NEXT

Please advise how your computer is running now and if there are any outstanding issues
Product Support
staff.png

Follow us: Twitter, Become a fan: Facebook

#11 TwoSnout

TwoSnout

    New Member

  • Members
  • Pip
  • 7 posts

Posted 04 April 2012 - 10:19 PM

Hi Catbyte,

ComboFix Script run, Log below. Adobe Reader X installed. Old Java deleted. New Java (JRE 6) installed. Temporary internet files deleted. Fawning gratitude sheepishly reiterated :)

ComboFix 12-04-03.02 - TwoSnoutMBA 04/04/2012 21:58:56.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2907 [GMT -4:00]
Running from: c:\users\TwoSnoutMBA\Desktop\ComboFix.exe
Command switches used :: c:\users\TwoSnoutMBA\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\Microsoft\Windows\DRM\B9EF.tmp"
"c:\programdata\Microsoft\Windows\DRM\BA2E.tmp"
"c:\users\All Users\Microsoft\Windows\DRM\B9EF.tmp"
"c:\users\All Users\Microsoft\Windows\DRM\BA2E.tmp"
"c:\users\TwoSnoutMBA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\6287589a-12612675"
"c:\users\TwoSnoutMBA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\5c989268-57e5f2fb"
"c:\users\TwoSnoutMBA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\782518a8-10bb1f4f"
"c:\users\TwoSnoutMBA\Downloads\zip_unzip_by_click.exe"
"c:\users\TwoSnoutMBA\Videos\Veoh\1_VeohWebPlayerSetup_eng.exe"
"c:\users\TwoSnoutMBA\Videos\Veoh\VeohWebPlayerSetup_eng.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\DRM\B9EF.tmp
c:\programdata\Microsoft\Windows\DRM\BA2E.tmp
c:\users\All Users\Microsoft\Windows\DRM\B9EF.tmp
c:\users\All Users\Microsoft\Windows\DRM\BA2E.tmp
c:\users\TwoSnoutMBA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\6287589a-12612675
c:\users\TwoSnoutMBA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\5c989268-57e5f2fb
c:\users\TwoSnoutMBA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\782518a8-10bb1f4f
c:\users\TwoSnoutMBA\Downloads\zip_unzip_by_click.exe
c:\users\TwoSnoutMBA\Videos\Veoh\1_VeohWebPlayerSetup_eng.exe
c:\users\TwoSnoutMBA\Videos\Veoh\VeohWebPlayerSetup_eng.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-05 to 2012-04-05 )))))))))))))))))))))))))))))))
.
.
2012-04-05 02:06 . 2012-04-05 02:06 -------- d-----w- c:\users\Mcx1-TWOSNOUTMBA-PC\AppData\Local\temp
2012-04-05 02:06 . 2012-04-05 02:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-04 11:30 . 2012-04-04 11:30 -------- d-----w- c:\program files (x86)\ESET
2012-04-03 15:01 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FBB7C0A-3135-4F01-981E-C8191426BD78}\mpengine.dll
2012-04-02 11:39 . 2012-04-02 11:39 0 ----a-w- c:\windows\SysWow64\shoB02C.tmp
2012-04-02 02:44 . 2012-04-02 04:07 -------- d-----w- C:\FRST
2012-04-01 16:41 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-01 13:23 . 2012-04-01 13:23 -------- d-----w- c:\program files\Carbonite
2012-04-01 13:23 . 2012-04-01 13:23 -------- d-----w- c:\programdata\Carbonite
2012-04-01 13:23 . 2012-04-01 13:23 -------- d-----w- c:\program files (x86)\Carbonite
2012-03-29 16:28 . 2012-03-29 16:28 -------- d-----w- c:\users\TwoSnoutMBA\AppData\Roaming\Malwarebytes
2012-03-29 16:28 . 2012-03-29 16:28 -------- d-----w- c:\programdata\Malwarebytes
2012-03-29 16:28 . 2012-04-01 14:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-29 14:24 . 2012-03-29 16:27 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-28 15:36 . 2012-03-28 15:36 -------- d-----we c:\windows\system64
2012-03-25 19:59 . 2007-05-21 00:05 20569 ----a-w- c:\windows\gsk7bui.exe
2012-03-25 19:59 . 1998-10-29 20:45 306688 ----a-w- c:\windows\IsUninst.exe
2012-03-25 19:57 . 2012-03-25 20:01 -------- d-----w- c:\program files (x86)\IBM
2012-03-25 19:54 . 2012-03-25 19:58 -------- d-----w- c:\programdata\IBM
2012-03-25 19:44 . 2012-03-25 19:44 -------- d-----w- c:\users\TwoSnoutMBA\AppData\Roaming\zubc
2012-03-25 19:44 . 2012-03-25 19:44 -------- d-----w- c:\program files (x86)\ZUBC
2012-03-22 18:33 . 2012-03-22 18:33 -------- d-----w- c:\users\TwoSnoutMBA\AppData\Roaming\OpenOffice.org
2012-03-22 18:30 . 2012-03-22 18:30 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2012-03-18 15:55 . 2012-03-29 22:09 -------- d-----w- c:\users\TwoSnoutMBA\AppData\Local\Google
2012-03-18 15:55 . 2012-03-18 15:55 -------- d-----w- c:\program files (x86)\Google
2012-03-18 12:19 . 2012-03-18 12:19 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-18 12:19 . 2012-03-18 12:19 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-15 11:10 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-15 11:10 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-15 11:10 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 14:17 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 14:17 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 14:17 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 14:16 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 14:16 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 14:16 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 14:16 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 14:16 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 14:16 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 14:16 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-01 13:20 . 2010-10-23 15:39 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-04-01 13:20 . 2010-07-13 22:38 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-04-01 13:19 . 2010-07-13 22:37 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-04-01 13:19 . 2010-07-13 22:37 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-03-01 02:58 . 2011-05-20 23:20 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 13:18 . 2010-08-06 20:18 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-03_15.58.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-03 16:27 . 2012-04-03 16:27 14211 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-04-03 15:52 . 2012-04-03 15:52 14211 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2010-07-05 15:58 . 2012-04-03 16:30 38882 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-05 02:10 39734 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-07-14 13:44 . 2012-04-05 02:10 15628 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-308426390-700880266-2043658470-1001_UserData.bin
+ 2010-07-13 17:03 . 2012-04-04 23:47 49152 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-13 17:03 . 2012-04-03 14:51 49152 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-13 17:03 . 2012-04-03 14:51 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-07-13 17:03 . 2012-04-04 23:47 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-03 14:51 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-04 23:47 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-05 15:58 . 2012-04-03 16:30 38882 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-05 02:10 39734 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-07-14 13:44 . 2012-04-05 02:10 15628 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-308426390-700880266-2043658470-1001_UserData.bin
+ 2010-07-13 17:03 . 2012-04-04 23:47 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-13 17:03 . 2012-04-03 14:51 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-13 17:03 . 2012-04-03 14:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-07-13 17:03 . 2012-04-04 23:47 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-04 23:47 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-03 14:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-04-04 11:39 94000 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-07-24 11:06 . 2012-04-05 02:07 6264 c:\windows\system64\wdi\ERCQueuedResolutions.dat
+ 2010-07-24 11:06 . 2012-04-05 02:07 6264 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-04-03 15:53 . 2012-04-03 15:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-03 16:28 . 2012-04-05 02:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-03 16:28 . 2012-04-05 02:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-03 15:53 . 2012-04-03 15:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-04-03 15:56 229376 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-03 16:31 229376 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-14 17:07 . 2012-04-05 01:41 302588 c:\windows\system64\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-07-14 17:07 . 2012-04-05 01:41 302588 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-07-14 05:01 . 2012-04-03 16:27 446116 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-02 12:05 446116 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-04-03 16:31 3522560 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-03 15:56 3522560 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-03 15:56 11075584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-03 16:31 11075584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-03-17 01:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-03-17 01:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-03-17 01:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-11-11 59240]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2011-11-11 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-03-17 1059984]
"Malwarebytes' Anti-Malware"="c:\pente\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-13 559616]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2011-01-13 165184]
.
c:\users\TwoSnoutMBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe [2009-10-16 29184]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [2009-03-02 89600]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [2009-10-16 1039360]
S2 MBAMService;MBAMService;c:\pente\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2009-09-03 444224]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-03-17 00:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-03-17 00:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-03-17 00:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-02-25 487424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-21 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-21 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-21 365592]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"lxdumon.exe"="c:\program files (x86)\Lexmark 5600-6600 Series\lxdumon.exe" [2008-09-10 676520]
"lxduamon"="c:\program files (x86)\Lexmark 5600-6600 Series\lxduamon.exe" [2008-09-10 16040]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\TwoSnoutMBA\AppData\Roaming\Mozilla\Firefox\Profiles\bnb1am0k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.drudgereport.com/
FF - prefs.js: network.proxy.type - 4
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Juniper Networks\Common Files\dsNcService.exe
c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2012-04-04 22:14:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-05 02:14
ComboFix2.txt 2012-04-03 16:03
.
Pre-Run: 31,426,105,344 bytes free
Post-Run: 31,349,108,736 bytes free
.
- - End Of File - - E872D6BE92ED0A6D0101C9E07E05DCBC

#12 CatByte

CatByte

    Staff

  • Moderators
  • PipPipPipPipPip
  • 1,227 posts
  • Gender:Female
  • Location:Canada

Posted 05 April 2012 - 04:06 PM

Hi,

We just have some housekeeping to do now,

You can delete the DDS and FRST logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
    PC Safety and Security--What Do I Need?.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Product Support
staff.png

Follow us: Twitter, Become a fan: Facebook

#13 TwoSnout

TwoSnout

    New Member

  • Members
  • Pip
  • 7 posts

Posted 06 April 2012 - 07:58 AM

Catbyte,

I have performed the procedures above. Your assistance and guidance have been invaluable. Thanks for your help.

#14 CatByte

CatByte

    Staff

  • Moderators
  • PipPipPipPipPip
  • 1,227 posts
  • Gender:Female
  • Location:Canada

Posted 07 April 2012 - 08:13 PM

you are welcome

stay safe

~CB
Product Support
staff.png

Follow us: Twitter, Become a fan: Facebook

#15 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 08 April 2012 - 07:28 AM

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users